3

Trying to build and API based on laravel that aims to grow to intense usage by lots of clients. My question is whether there are serious drawbacks of using Auth class in my code ? I have implemented the OAuth2 authorization, and to get info about the user that is making the request I have a filter : 

Route::filter('hasAccess', function($request)
{
        //get the cleaned token string
        $auth_code = Request::header('Authorization');
        $auth_code = trim(preg_replace('/Bearer/sui', "", $auth_code));
        //get the stored session and put the query in cache for 10 minutes
        $ts = DB::table('sessions as s')
                ->leftJoin('oauth_session_access_tokens as osat', 's.token', '=', 'osat.id')
                ->select('s.*')
                ->where('osat.access_token', '=', $auth_code)
                ->remember(10, $auth_code)
                ->first();
        //Auth user cross-app
        Auth::onceUsingId($ts->user);
        //Extract the requested action
        $request = $request->getAction();
        $request = $request['controller'];
        $parts = explode('@', $request);
        $required = strtolower($parts[0]).'.'.$parts[1];
        $required = preg_replace('/controller/sui', "", $required);
        //Get the permissions
        $permissions = json_decode($ts->permissions, true);
        $permissions = array_fetch($permissions,'name');
        if (!in_array($required,$permissions))
        {
            return Response::json([
                    'error' => true,
                    'dataset' => 'You don\'t have rights to access this url'
            ]);
        }



});

It validates the user access rights to the controller action, but the most interesting in it is the row with Auth::onceUsingId($ts->user);. This rows authorizez the user for only 1 request. Also if any other ways to get info about user exist, please mention them. Thanks

Improve this question
2
  • What are you asking? If you have to authenticate your user every request? Commented May 14, 2014 at 9:11
  • Not quite. I want to know if there is a serious perfomance or any other drawback, when the service will be consumed by lots of client.. for example 10k,20k.. etc.. So I want to be aware of the possible issues I can have. Also I want to know if it is a good way to get the user that makes request anywhere in my app. Commented May 14, 2014 at 9:20

1 Answer 1

Reset to default
3

You talk about 'serious drawbacks' of using Auth class code - but you dont really explain drawbacks compared to what? Just manually looking in the database yourself for the user?

All the Auth::onceUsingId() is doing is logging your user into the application without a session or cookie. This is perfect for an API - as you dont normally have persistence between requests.

You can then do Auth::user() to get data about the user, such as Auth::user()->name.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I meant performance issues and any other not related to the beauty of the code. But, your answer seems to ecourage me that this approuch is ok. Thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.