tonyair/silverstripe-webpack
1
1
Fork 0
mirror of https://github.com/a2nt/silverstripe-webpack.git synced 2024-10-22 17:05:31 +02:00
Code Issues Projects Releases Wiki Activity

FIX: GraphQL API Auth

Browse Source
This commit is contained in:
Tony Air 2021-03-29 15:23:15 +07:00
parent b2691a7112
commit f56ff9069e
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/src/GraphQL/APIKeyAuthenticator.php
View File

@ -17,10 +17,14 @@ class APIKeyAuthenticator implements AuthenticatorInterface
public function authenticate(HTTPRequest $request)
{
$member = Security::getCurrentUser();
if (($member && Permission::checkMember($member, 'CMS_ACCESS')) || (
Director::isLive()
if (Director::isLive()
&& $request->getHeader('apikey') !== WebpackTemplateProvider::config()['GRAPHQL_API_KEY']
)) {
) {
if ($member && Permission::checkMember($member, 'CMS_ACCESS')) {
return $member;
}
throw new ValidationException('Restricted resource', 401);
}