fix: cache 400 and 404, and refactor token auth (#4388)

* fix(cache): also cache 400 and 404 responses * refactor(token_auth)
2025-08-02 17:14:38 +02:00 · 2025-01-03 06:19:24 +01:00 · 2025-01-03 06:19:24 +01:00 · 3fc38c15a3
commit 3fc38c15a3
parent be51ba17df
6 changed files with 22 additions and 13 deletions
--- a/middlewares/TokenAuthenticationMiddleware.php
+++ b/middlewares/TokenAuthenticationMiddleware.php
@ -10,20 +10,24 @@ class TokenAuthenticationMiddleware implements Middleware
            return $next($request);
        }

-        // Always add token to request attribute
-        $request = $request->withAttribute('token', $request->get('token'));
+        $token = $request->get('token');

-        if (! $request->attribute('token')) {
+        if (! $token) {
            return new Response(render(__DIR__ . '/../templates/token.html.php', [
-                'message' => 'Missing token',
+                'message'   => 'Missing token',
+                'token'     => '',
            ]), 401);
        }
-        if (! hash_equals(Configuration::getConfig('authentication', 'token'), $request->attribute('token'))) {
+
+        if (! hash_equals(Configuration::getConfig('authentication', 'token'), $token)) {
            return new Response(render(__DIR__ . '/../templates/token.html.php', [
-                'message' => 'Invalid token',
+                'message'   => 'Invalid token',
+                'token'     => $token,
            ]), 401);
        }

+        $request = $request->withAttribute('token', $token);
+
        return $next($request);
    }
 }