More granular control of external validation configuration

2025-05-29 19:22:55 -04:00
parent 25710d616a
commit 2a792a947d
2 changed files with 11 additions and 1 deletions
--- a/app/setup/settings/urls.php
+++ b/app/setup/settings/urls.php
@ -29,7 +29,10 @@ return [
    ],
    'externalPaths' => [
        '/api/external' => [
-            '/toku/success' => $_ENV['TOKU_TOKEN']
+            '/toku/success' => [
+                'header' => 'x-api-key',
+                'token' => $_ENV['TOKU_TOKEN']
+            ]
        ],
    ]
 ];
--- a/app/src/Middleware/API.php
+++ b/app/src/Middleware/API.php
@ -85,6 +85,13 @@ class API
    }
    protected function validateExternalKey(ServerRequestInterface $request, $basePath, $subPath): bool
    {
+        $data = $this->externalPaths[$basePath][$subPath];
+        if (isset($data['header']) and $request->hasHeader($data['header'])) {
+            $token = $request->getHeaderLine($data['header']);
+            if ($token === $this->externalPaths[$basePath][$subPath]['token']) {
+                return true;
+            }
+        }
        if ($request->hasHeader('x-api-key')) {
            $key = $request->getHeaderLine('x-api-key');
            if ($key === $this->externalPaths[$basePath][$subPath]) {