From 9bf23a687e915b774af09405e118382a51c8be6e Mon Sep 17 00:00:00 2001
From: Yuto Moriyasu <y.moriyasu@icloud.com>
Date: Wed, 9 Aug 2023 18:37:01 +0900
Subject: [PATCH] set Referer header in middleware

---
 src/Api/Client.php              | 6 +++++-
 src/Api/GuzzleMiddleware.php    | 7 ++++++-
 src/Laravel/Middleware/Auth.php | 7 ++++++-
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/Api/Client.php b/src/Api/Client.php
index 257aec4..2525e7e 100644
--- a/src/Api/Client.php
+++ b/src/Api/Client.php
@@ -27,8 +27,9 @@ class Client
     protected string $saasid;
     protected string $apikey;
     protected string $apibase;
+    protected string $referer;
 
-    function __construct()
+    function __construct($referer = "")
     {
         $this->secret = getenv('SAASUS_SECRET_KEY');
         $this->saasid = getenv('SAASUS_SAAS_ID');
@@ -43,11 +44,14 @@ function __construct()
             $this->apibase = "https://api.saasus.io";
         }
 
+        $this->referer = $referer;
+
         $handlers = HandlerStack::create();
         $handlers->push(new GuzzleMiddleware(
             $this->secret,
             $this->saasid,
             $this->apikey,
+            $this->referer
         ));
 
         $this->guzzleClient = new GuzzleClient(
diff --git a/src/Api/GuzzleMiddleware.php b/src/Api/GuzzleMiddleware.php
index 4d28e15..414761e 100644
--- a/src/Api/GuzzleMiddleware.php
+++ b/src/Api/GuzzleMiddleware.php
@@ -9,12 +9,14 @@ class GuzzleMiddleware
     protected string $secret;
     protected string $saasid;
     protected string $apikey;
+    protected string $referer;
 
-    function __construct($secret = "", $saasid = "", $apikey = "")
+    function __construct($secret = "", $saasid = "", $apikey = "", $referer = "")
     {
         $this->secret = $secret;
         $this->saasid = $saasid;
         $this->apikey = $apikey;
+        $this->referer = $referer;
     }
 
     public function __invoke(callable $next)
@@ -36,6 +38,9 @@ public function execute(\Psr\Http\Message\RequestInterface $req, array $options)
             $req->getBody()
         );
         $req = $req->withHeader('Authorization', $header);
+        if (!empty($this->referer)) {
+            $req = $req->withHeader('Referer', $this->referer);
+        }
 
         return call_user_func($this->next, $req, $options);
     }
diff --git a/src/Laravel/Middleware/Auth.php b/src/Laravel/Middleware/Auth.php
index ae4ec3e..688a7db 100644
--- a/src/Laravel/Middleware/Auth.php
+++ b/src/Laravel/Middleware/Auth.php
@@ -36,8 +36,13 @@ public function handle(Request $request, Closure $next)
             }
         }
 
+        $referer = $request->headers->get('referer');
+        if (empty($referer)) {
+            $referer = "";
+        }
+
         // リクエスト送信
-        $client = new ApiClient();
+        $client = new ApiClient($referer);
         $authApiClient = $client->getAuthClient();
         try {
             $response = $authApiClient->getUserInfo(['token' => $token], $authApiClient::FETCH_RESPONSE);