From 971653ec7debb4afc0061cd5c21f0ab440652d24 Mon Sep 17 00:00:00 2001 From: David Bomba Date: Wed, 11 Jan 2017 19:13:22 +1100 Subject: [PATCH] Api error handling (#1277) * fix env variable * update routes * Improve error handling for API_SECRET when testing API endpoint credentials * exclude /api/v1/ping from API check --- app/Http/Middleware/ApiCheck.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/app/Http/Middleware/ApiCheck.php b/app/Http/Middleware/ApiCheck.php index 2db5aefc3c77..93de1b0c433c 100644 --- a/app/Http/Middleware/ApiCheck.php +++ b/app/Http/Middleware/ApiCheck.php @@ -25,7 +25,9 @@ class ApiCheck { { $loggingIn = $request->is('api/v1/login') || $request->is('api/v1/register') - || $request->is('api/v1/oauth_login'); + || $request->is('api/v1/oauth_login') + || $request->is('api/v1/ping'); + $headers = Utils::getApiHeaders(); $hasApiSecret = false; @@ -38,7 +40,8 @@ class ApiCheck { // check API secret if ( ! $hasApiSecret) { sleep(ERROR_DELAY); - return Response::json(['message'=>'Invalid value for API_SECRET'], 403, $headers); + $error['error'] = ['message'=>'Invalid value for API_SECRET']; + return Response::json($error, 403, $headers); } } else { // check for a valid token @@ -50,7 +53,8 @@ class ApiCheck { Session::set('token_id', $token->id); } else { sleep(ERROR_DELAY); - return Response::json(['message'=>'Invalid token'], 403, $headers); + $error['error'] = ['message'=>'Invalid token']; + return Response::json($error, 403, $headers); } } @@ -59,7 +63,8 @@ class ApiCheck { } if (!Utils::hasFeature(FEATURE_API) && !$hasApiSecret) { - return Response::json(['message'=>'API requires pro plan'], 403, $headers); + $error['error'] = ['message'=>'API requires pro plan']; + return Response::json($error, 403, $headers); } else { $key = Auth::check() ? Auth::user()->account->id : $request->getClientIp();