5

I have a web application, where I am authenticating based on my custom token sent in headers as API_TOKEN. I am not sure about what is happening, after all the code digging I did in source (laravel)

Here is my middleware

protected $AUTH_HEADER = 'API_TOKEN';
protected $_RESPONSE = array('status' => false, 'message' => '', 'data' => array());

public function handle($request, Closure $next, $guard = null)
{
  $response = $this->_RESPONSE;
  if($request->hasHeader($this->AUTH_HEADER)){
    $api_token = $request->header($this->AUTH_HEADER);
    try{
      $request->user = \App\User::where(['api_token' => $api_token])->firstOrFail();
      Auth::login($request->user);
      $response = $next($request);
    }catch(\Exception $exception){
      $response['status'] = false;
      $response['message'] = 'Invalid Token.';
    }
  }else{
    $response['status'] = false;
    $response['message'] = 'Unauthorized Request.';
  }

  // Lines ONLY I used for cross verification of availability of my header
  // $response['data'] = getallheaders();
  // $response['data'] = $_SERVER;
  return $response;
}

Here is a screenshot of my POST request, api.easyinventory.com is a custom virtual host which maps to my app

enter image description here

My routes are placed right as follow in api.php which by default will placed below route group under api prefix

Route::group(['prefix' => 'product'], function(){
    Route::get('read', 'API\ProductController@read');
}

Coming to the problem, if I call getallheaders(), I can see my custom header as shown below

enter image description here

But in $request, I am not able to get it. I will be grateful for any lead on this issue.

My effort includes tracking down where these headers are actually SET in $request object, I checked ServerBag.php in Symfony source code

Symfony ServerBag Class Method - getHeaders.

If you look at this function getHeaders. It only adds selective headers in headers array, either with Content as starting string or starting with HTTP_. I tried passing my own header like HTTP_API_TOKEN but success :-(

Improve this question
4
  • Are you just trying to authenticate the user using api_token? Commented Mar 16, 2017 at 14:13
  • Actually yes, BUT my question is regarding accessing a custom header value in $request object. Commented Mar 16, 2017 at 14:15
  • Oh ok. You are just trying to access custom headers. I thought you were trying to authenticate. Because laravel has an authentication out of the box for api_token. If that's what you want... Commented Mar 16, 2017 at 14:16
  • Yes, I am aware of that but scenario here is bit different Commented Mar 16, 2017 at 14:16

1 Answer 1

Reset to default
8

Can you try with the global helper request()

request()->header('API_TOKEN'); //<-- manually passing the string first, for test purposes

EDIT------------ As OP mentioned in comment below :

We should access our header as Camel cased So sending it as API-TOKEN and accessing it as request()->header('Api-Token');

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

So silly of me, turned out to be a trivial issue. We should access our header as Camel cased So sending it as API-TOKEN and accessing it as Api-Token in middleware works. o__0
this comment should be the right answer "So sending it as API-TOKEN and accessing it as Api-Token in middleware works."
@FaroqKhan I added your comment as an edit to this Answer to help others that won't read all comments.
weird.. this worked for me.. i still dont understand how.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.