fix(backend): unauthorised response body contains html (#622)

cayacdev · Apr 8, 2023 · e92962b · e92962b
1 parent e1b2da0
commit e92962b
Show file tree

Hide file tree

Showing 15 changed files with 342 additions and 41 deletions.
diff --git a/backend/.gitignore b/backend/.gitignore
@@ -4,8 +4,8 @@ Homestead.json
 Homestead.yaml
 .env
 .phpunit.result.cache
-.phpunit.cache
 _ide_helper.php
 .phpstorm.meta.php
 coverage/
 coverage.xml
+/http-client.private.env.json
diff --git a/backend/app/Exceptions/Handler.php b/backend/app/Exceptions/Handler.php
@@ -7,6 +7,7 @@
 use Illuminate\Validation\ValidationException;
 use Laravel\Lumen\Exceptions\Handler as ExceptionHandler;
 use Symfony\Component\HttpKernel\Exception\HttpException;
+use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
 use Throwable;
 
 class Handler extends ExceptionHandler
@@ -42,13 +43,17 @@ public function report(Throwable $exception)
      * Render an exception into an HTTP response.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @param  \Throwable  $exception
+     * @param  \Throwable  $e
      * @return \Illuminate\Http\Response|\Illuminate\Http\JsonResponse
      *
      * @throws \Throwable
      */
-    public function render($request, Throwable $exception)
+    public function render($request, Throwable $e)
     {
-        return parent::render($request, $exception);
+        if ($e instanceof UnauthorizedHttpException) {
+            return response()->json(['error' => 'Unauthorized'], 401);
+        }
+
+        return parent::render($request, $e);
     }
 }
diff --git a/backend/app/Http/Middleware/ExampleMiddleware.php b/backend/app/Http/Middleware/ExampleMiddleware.php
diff --git a/backend/app/Providers/AuthServiceProvider.php b/backend/app/Providers/AuthServiceProvider.php
@@ -29,17 +29,6 @@ public function register()
      */
     public function boot()
     {
-        // Here you may define how you wish users to be authenticated for your Lumen
-        // application. The callback which receives the incoming request instance
-        // should return either a User instance or null. You're free to obtain
-        // the User instance via an API token or any other method necessary.
-
-        $this->app['auth']->viaRequest('api', function ($request) {
-            if ($request->input('api_token')) {
-                return User::where('api_token', $request->input('api_token'))->first();
-            }
-        });
-
         Gate::define('cashBoxMember', function ($user, $cashBox) {
             /* @var $cashBox CashBox */
             return $cashBox->users->contains('id', $user->id);

diff --git a/backend/bootstrap/app.php b/backend/bootstrap/app.php
@@ -60,6 +60,7 @@
 
 $app->configure('app');
 $app->configure('cors');
+$app->configure('jwt');
 
 /*
 |--------------------------------------------------------------------------
@@ -72,10 +73,6 @@
 |
 */
 
-// $app->middleware([
-//     App\Http\Middleware\ExampleMiddleware::class
-// ]);
-
 $app->routeMiddleware([
     'auth' => App\Http\Middleware\Authenticate::class,
 ]);
@@ -98,7 +95,6 @@
 $app->register(App\Providers\AppServiceProvider::class);
 $app->register(App\Providers\AuthServiceProvider::class);
 $app->register(Tymon\JWTAuth\Providers\LumenServiceProvider::class);
-// $app->register(App\Providers\EventServiceProvider::class);
 
 if ($app->environment() !== 'production') {
     $app->register(Barryvdh\LaravelIdeHelper\IdeHelperServiceProvider::class);