refactor: DRY bearer token validation and middleware usage

johannschopplich · johannschopplich · commit 814b8c603171 · 2025-05-28T08:28:25.000+02:00
diff --git a/src/classes/Api/Middlewares.php b/src/classes/Api/Middlewares.php
@@ -95,15 +95,31 @@ public static function tryResolvePage(array $context, array $args)
     }
 
     /**
-     * Validates the bearer token sent with the request
+     * Validates the bearer token sent with the request (without Panel redirect)
+     */
+    public static function hasBearerTokenWithoutRedirect()
+    {
+        return fn (array $context, array $args) => static::validateBearerToken(false);
+    }
+
+    /**
+     * Validates the bearer token sent with the request (with Panel redirect)
      */
     public static function hasBearerToken()
+    {
+        return fn (array $context, array $args) => static::validateBearerToken(true);
+    }
+
+    /**
+     * Validates the bearer token sent with the request
+     */
+    public static function validateBearerToken(bool $panelRedirect = false)
     {
         $kirby = App::instance();
         $token = $kirby->option('headless.token');
         $authorization = $kirby->request()->header('Authorization');
 
-        if ($kirby->option('headless.panel.redirect', false) && empty($authorization)) {
+        if ($panelRedirect && $kirby->option('headless.panel.redirect', false) && empty($authorization)) {
             go(Panel::url('site'));
         }
 
diff --git a/src/extensions/api.php b/src/extensions/api.php
@@ -1,27 +1,15 @@
 <?php
 
 use JohannSchopplich\Headless\Api\Api;
+use JohannSchopplich\Headless\Api\Middlewares;
 use Kirby\Cms\App;
 use Kirby\Data\Json;
 use Kirby\Exception\NotFoundException;
 use Kirby\Http\Url;
 use Kirby\Toolkit\Str;
 
-$validateOptionalBearerToken = function (array $context, array $args) {
-    $kirby = App::instance();
-    $token = $kirby->option('headless.token');
-    $authorization = $kirby->request()->header('Authorization');
-
-    if (
-        !empty($token) &&
-        (empty($authorization) || $authorization !== 'Bearer ' . $token)
-    ) {
-        return Api::createResponse(401);
-    }
-};
-
 return [
-    'routes' => function (App $kirby) use ($validateOptionalBearerToken) {
+    'routes' => function (App $kirby) {
         $kqlAuthMethod = $kirby->option('kql.auth', true);
 
         return [
@@ -44,17 +32,12 @@
                 'auth' => !in_array($kqlAuthMethod, [false, 'bearer'], true),
                 'action' => Api::createHandler(
                     // Middleware to validate the bearer token
-                    function (array $context, array $args) use ($kirby, $kqlAuthMethod) {
+                    function (array $context, array $args) use ($kqlAuthMethod) {
                         if ($kqlAuthMethod !== 'bearer') {
                             return;
                         }
 
-                        $token = $kirby->option('headless.token');
-                        $authorization = $kirby->request()->header('Authorization');
-
-                        if ($authorization !== 'Bearer ' . $token) {
-                            return Api::createResponse(401);
-                        }
+                        return Middlewares::validateBearerToken();
                     },
                     // Middleware to run queries and cache their results
                     function (array $context, array $args) use ($kirby) {
@@ -96,7 +79,7 @@ function (array $context, array $args) use ($kirby) {
                 'method' => 'GET',
                 'auth' => false,
                 'action' => Api::createHandler(
-                    $validateOptionalBearerToken,
+                    Middlewares::hasBearerTokenWithoutRedirect(...),
                     function (array $context, array $args) use ($kirby) {
                         $data = $kirby->cache('pages')->getOrSet(
                             'sitemap.headless.json',
@@ -173,7 +156,7 @@ function () use ($kirby) {
                 'method' => 'GET|POST',
                 'auth' => false,
                 'action' => Api::createHandler(
-                    $validateOptionalBearerToken,
+                    Middlewares::hasBearerTokenWithoutRedirect(...),
                     function (array $context, array $args) use ($kirby) {
                         $templateName = $args[0] ?? null;
 
diff --git a/src/extensions/routes.php b/src/extensions/routes.php
@@ -21,9 +21,9 @@
         'pattern' => '(:all)',
         'language' => '*',
         'action' => Api::createHandler(
-            [Middlewares::class, 'tryResolveFiles'],
-            [Middlewares::class, 'hasBearerToken'],
-            [Middlewares::class, 'tryResolvePage']
+            Middlewares::tryResolveFiles(...),
+            Middlewares::hasBearerToken(...),
+            Middlewares::tryResolvePage(...)
         )
     ]
 ];

Original file line number	Diff line number	Diff line change
`@@ -21,9 +21,9 @@`
`21`	`21`	`'pattern' => '(:all)',`
`22`	`22`	`'language' => '*',`
`23`	`23`	`'action' => Api::createHandler(`
`24`		`- [Middlewares::class, 'tryResolveFiles'],`
`25`		`- [Middlewares::class, 'hasBearerToken'],`
`26`		`- [Middlewares::class, 'tryResolvePage']`
	`24`	`+ Middlewares::tryResolveFiles(...),`
	`25`	`+ Middlewares::hasBearerToken(...),`
	`26`	`+ Middlewares::tryResolvePage(...)`
`27`	`27`	`)`
`28`	`28`	`]`
`29`	`29`	`];`