lthn.io/app/Http/Middleware/ApiTokenAuth.php

<?php

declare(strict_types=1);

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;

/**
 * Bearer token auth for write API endpoints.
 *
 * Set API_TOKEN in .env. Blesta module sends it in Authorization header.
 * Read-only endpoints are public.
 */
class ApiTokenAuth
{
    public function handle(Request $request, Closure $next): mixed
    {
        $token = config('chain.api_token', '');

        // Skip auth if no token configured (dev mode)
        if (empty($token)) {
            return $next($request);
        }

        $bearer = $request->bearerToken();

        if ($bearer !== $token) {
            return response()->json([
                'error' => 'Unauthorised. Bearer token required.',
            ], 401);
        }

        return $next($request);
    }
}
feat(names): API auth + rate limiting on write endpoints - Bearer token auth middleware on POST /register and /records - Throttle: 10 registrations/min, 20 DNS updates/min - Token configurable via API_TOKEN env var (disabled when empty) - Daemon alias validation: a-z 0-9 . - up to 255 chars Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-04-04 03:44:53 +01:00			`<?php`

			`declare(strict_types=1);`

			`namespace App\Http\Middleware;`

			`use Closure;`
			`use Illuminate\Http\Request;`

			`/**`
			`* Bearer token auth for write API endpoints.`
			`*`
			`* Set API_TOKEN in .env. Blesta module sends it in Authorization header.`
			`* Read-only endpoints are public.`
			`*/`
			`class ApiTokenAuth`
			`{`
			`public function handle(Request $request, Closure $next): mixed`
			`{`
			`$token = config('chain.api_token', '');`

			`// Skip auth if no token configured (dev mode)`
			`if (empty($token)) {`
			`return $next($request);`
			`}`

			`$bearer = $request->bearerToken();`

			`if ($bearer !== $token) {`
			`return response()->json([`
			`'error' => 'Unauthorised. Bearer token required.',`
			`], 401);`
			`}`

			`return $next($request);`
			`}`
			`}`