Add api and door guards

src/web/backend/app/Guards/ApiGuard.php

+<?php
+
+
+namespace App\Guards;
+
+
+use App\User;
+use Illuminate\Http\Request;
+use Illuminate\Auth\GuardHelpers;
+use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Contracts\Auth\Authenticatable;
+
+class ApiGuard implements Guard {
+    use GuardHelpers;
+
+    /**
+     * The request instance.
+     *
+     * @var Request
+     */
+    protected $request;
+
+    /**
+     * The name of the query string item from the request containing the API token.
+     *
+     * @var string
+     */
+    protected $inputKey;
+
+    /**
+     * The name of the token "column" in persistent storage.
+     *
+     * @var string
+     */
+    protected $storageKey;
+
+    /**
+     * Indicates if the API token is hashed in storage.
+     *
+     * @var bool
+     */
+    protected $hash = false;
+
+    /**
+     * Create a new authentication guard.
+     *
+     * @param Request $request
+     * @param string  $inputKey
+     * @param string  $storageKey
+     * @return void
+     */
+    public function __construct(
+        Request $request,
+        $inputKey = 'api_token',
+        $storageKey = 'api_token') {
+        $this->request = $request;
+        $this->inputKey = $inputKey;
+        $this->storageKey = $storageKey;
+    }
+
+    /**
+     * Get the currently authenticated user.
+     *
+     * @return Authenticatable|null
+     */
+    public function user() {
+        // If we've already retrieved the user for the current request we can just
+        // return it back immediately. We do not want to fetch the user data on
+        // every call to this method because that would be tremendously slow.
+        if ($this->user !== null) {
+            return $this->user;
+        }
+
+        $user = null;
+
+        $token = $this->getTokenForRequest();
+
+        if (!empty($token)) {
+            $user = $this->retrieveByToken($token);
+        }
+
+        return $this->user = $user;
+    }
+
+    /**
+     * Get the token for the current request.
+     *
+     * @return string
+     */
+    public function getTokenForRequest(): string {
+        $token = $this->request->query($this->inputKey);
+
+        if (empty($token)) {
+            $token = $this->request->input($this->inputKey);
+        }
+
+        if (empty($token)) {
+            $token = $this->request->bearerToken();
+        }
+
+        if (empty($token)) {
+            $token = $this->request->getPassword();
+        }
+
+        return $token;
+    }
+
+    /**
+     * Validate a user's credentials.
+     *
+     * @param array $credentials
+     * @return bool
+     */
+    public function validate(array $credentials = []) {
+        if (empty($credentials[$this->inputKey])) {
+            return false;
+        }
+
+        if ($this->retrieveByToken($credentials[$this->inputKey])) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Set the current request instance.
+     *
+     * @param Request $request
+     * @return $this
+     */
+    public function setRequest(Request $request): self {
+        $this->request = $request;
+
+        return $this;
+    }
+
+    /**
+     * @param string $token
+     *
+     * @return Authenticatable|null
+     */
+    public function retrieveByToken(string $token): ?Authenticatable {
+        return User::tokens()->where($this->storageKey, $token)->first();
+    }
+}

src/web/backend/app/Providers/AuthServiceProvider.php

@@ -2,11 +2,11 @@
 
 namespace App\Providers;
 
+use App\Guards\ApiGuard;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
-use Illuminate\Support\Facades\Gate;
 
-class AuthServiceProvider extends ServiceProvider
-{
+class AuthServiceProvider extends ServiceProvider {
     /**
      * The policy mappings for the application.
      *
@@ -21,10 +21,15 @@ class AuthServiceProvider extends ServiceProvider
      *
      * @return void
      */
-    public function boot()
-    {
+    public function boot() {
         $this->registerPolicies();
 
-        //
+        // Define guard for the api
+        Auth::extend(
+            'api',
+            static function ($app, $name, array $config) {
+                return new ApiGuard($app['request']);
+            }
+        );
     }
 }

src/web/backend/app/Token.php

+<?php
+
+namespace App;
+
+use Illuminate\Database\Eloquent\Model;
+
+class Token extends Model
+{
+    //
+}

src/web/backend/app/User.php

@@ -3,6 +3,7 @@
 namespace App;
 
 use Illuminate\Notifications\Notifiable;
+use Illuminate\Database\Eloquent\Relations\HasMany;
 use Illuminate\Foundation\Auth\User as Authenticatable;
 
 class User extends Authenticatable {
@@ -38,4 +39,11 @@ class User extends Authenticatable {
     protected $casts = [
         'email_verified_at' => 'datetime',
     ];
+
+    /**
+     * @return HasMany
+     */
+    public function tokens(): HasMany {
+        return $this->hasMany(Token::class);
+    }
 }

src/web/backend/config/auth.php

@@ -42,9 +42,8 @@ return [
         ],
 
         'api' => [
-            'driver' => 'token',
+            'driver' => 'api',
             'provider' => 'users',
-            'hash' => true,
         ],
 
         'door' => [

src/web/backend/database/migrations/2020_02_18_071123_create_user_tokens_table.php

@@ -15,8 +15,8 @@ class CreateUserTokensTable extends Migration
     {
         Schema::create('user_tokens', static function (Blueprint $table) {
             $table->bigIncrements('id');
+            $table->string('name')->nullable()->default(null);
             $table->string('api_token');
-            $table->boolean('web_token')->default(true);
             $table->unsignedBigInteger('user_id');
             $table->timestamp('expires_at')->nullable();
             $table->foreign('user_id')->references('id')->on('users');