Merge pull request #11 from TomHAnderson/feature/request-attribute

Authorized ApiKey is assigned to request attribute 'apikey'

README.md

@@ -88,6 +88,16 @@ Route::name('api.resource::fetch')
 ```
 
 
+## Access to ApiKey through request attributes
+
+The ApiKey entity which authenticates a request is assigned to the request attributes as
+'apikey'.
+
+```php
+$apiKey = request()->attributes->get('apikey');
+```
+
+
 ## Leveraging the ApiKey name as a foreign key
 
 It stands to reason that in many cases one API key will be issued for exactly one user.

composer.json

@@ -26,6 +26,7 @@
     "require-dev": {
         "doctrine/coding-standard": "^9.0",
         "doctrine/dbal": "^3.1.1",
+        "doctrine/annotations": "^1.13.2",
         "orchestra/testbench": "^6.23",
         "phpunit/phpunit": "^9.5",
         "vimeo/psalm": "^4.15"

src/Http/Middleware/AuthorizeApiKey.php

@@ -41,13 +41,15 @@ public function handle(Request $request, Closure $next, ?string $scope = null):
         if ($apiKey) {
             if (! $scope) {
                 $this->apiKeyService->logAccessEvent($request, $apiKey);
+                $request->attributes->set('apikey', $apiKey);
 
                 return $next($request);
             }
 
             // If a scope is passed then verify it exists for the key
             if ($this->apiKeyService->hasScope($key, $scope)) {
                 $this->apiKeyService->logAccessEvent($request, $apiKey);
+                $request->attributes->set('apikey', $apiKey);
 
                 return $next($request);
             }

test/Feature/Http/Middleware/AuthorizeApiKeyTest.php

@@ -26,6 +26,7 @@ public function testApiKeyAuthorizesRequest(): void
 
         $response = $middleware->handle($request, function() {});
         $this->assertNull($response);
+        $this->assertEquals($apiKey, $request->attributes->get('apikey'));
     }
 
     public function testApiKeyDoesNotAuthorizeRequest(): void