FIX: GraphQL API Auth

This commit is contained in:
Tony Air 2021-03-29 15:23:15 +07:00
parent b2691a7112
commit f56ff9069e

View File

@ -17,10 +17,14 @@ class APIKeyAuthenticator implements AuthenticatorInterface
public function authenticate(HTTPRequest $request) public function authenticate(HTTPRequest $request)
{ {
$member = Security::getCurrentUser(); $member = Security::getCurrentUser();
if (($member && Permission::checkMember($member, 'CMS_ACCESS')) || (
Director::isLive() if (Director::isLive()
&& $request->getHeader('apikey') !== WebpackTemplateProvider::config()['GRAPHQL_API_KEY'] && $request->getHeader('apikey') !== WebpackTemplateProvider::config()['GRAPHQL_API_KEY']
)) { ) {
if ($member && Permission::checkMember($member, 'CMS_ACCESS')) {
return $member;
}
throw new ValidationException('Restricted resource', 401); throw new ValidationException('Restricted resource', 401);
} }