tonyair/silverstripe-webpack
1
1
Fork 0
mirror of https://github.com/a2nt/silverstripe-webpack.git synced 2024-10-22 17:05:31 +02:00
Code Issues Projects Releases Wiki Activity

FIX: GraphQL API Auth

Browse Source
This commit is contained in:
Tony Air 2021-03-29 15:23:15 +07:00
parent b2691a7112
commit f56ff9069e
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/src/GraphQL/APIKeyAuthenticator.php
View File

@ -17,10 +17,14 @@ class APIKeyAuthenticator implements AuthenticatorInterface
public function authenticate(HTTPRequest $request) public function authenticate(HTTPRequest $request)
{ {
$member = Security::getCurrentUser(); $member = Security::getCurrentUser();
if (($member && Permission::checkMember($member, 'CMS_ACCESS')) || (
Director::isLive() if (Director::isLive()
&& $request->getHeader('apikey') !== WebpackTemplateProvider::config()['GRAPHQL_API_KEY'] && $request->getHeader('apikey') !== WebpackTemplateProvider::config()['GRAPHQL_API_KEY']
)) { ) {
if ($member && Permission::checkMember($member, 'CMS_ACCESS')) {
return $member;
}
throw new ValidationException('Restricted resource', 401); throw new ValidationException('Restricted resource', 401);
} }
@ -29,7 +33,7 @@ class APIKeyAuthenticator implements AuthenticatorInterface
public function isApplicable(HTTPRequest $request) public function isApplicable(HTTPRequest $request)
{ {
if($request->param('Controller') === '%$SilverStripe\GraphQL\Controller.admin'){ if ($request->param('Controller') === '%$SilverStripe\GraphQL\Controller.admin') {
return false; return false;
} }