references/coolify
1
0
Fork 0
mirror of https://github.com/coollabsio/coolify.git synced 2026-06-14 03:19:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c7c8107dcd75ed985b2de635eb080d3fbfffe551
coolify/app/Http/Middleware/EnsureTokenBelongsToCurrentTeamMember.php
T
Andras Bacsai a511bd9b67 fix(api): validate token team context
2026-06-01 15:17:55 +02:00

38 lines
1.0 KiB
PHP
Raw Blame History

<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class EnsureTokenBelongsToCurrentTeamMember
{
public function handle(Request $request, Closure $next): Response
{
$user = $request->user();
$token = $user?->currentAccessToken();
$teamId = $token?->team_id;
if (! $user || ! $token || is_null($teamId)) {
return response()->json(['message' => 'Invalid token.'], 401);
}
$team = $user->teams()
->where('teams.id', $teamId)
->first();
if (! $team) {
return response()->json(['message' => 'Invalid token.'], 401);
}
$role = $team->pivot?->role;
if (($token->can('root') || $token->can('write') || $token->can('write:sensitive'))
&& ! in_array($role, ['admin', 'owner'], true)) {
return response()->json(['message' => 'Missing required team role.'], 403);
}
return $next($request);
}
}
Reference in New Issue View Git Blame Copy Permalink