first version

kirby/config/api/authentication.php

@@ -0,0 +1,25 @@
+<?php
+
+use Kirby\Cms\Auth;
+use Kirby\Exception\PermissionException;
+use Kirby\Toolkit\Str;
+
+return function () {
+    $auth = $this->kirby()->auth();
+
+    // csrf token check
+    if ($auth->type() === 'session' && $auth->csrf() === false) {
+        throw new PermissionException('Unauthenticated', 403);
+    }
+
+    // get user from session or basic auth
+    if ($user = $auth->user()) {
+        if ($user->role()->permissions()->for('access', 'panel') === false) {
+            throw new PermissionException(['key' => 'access.panel']);
+        }
+
+        return $user;
+    }
+
+    throw new PermissionException('Unauthenticated', 403);
+};