Skip to content
RightCapital Knowledge Base

Response Headers

Middleware that adds user identification and calculation tracking headers to API responses for debugging and access logging.

Components

Section titled “Components”
ComponentLocationPurpose
AddXRightCapitalUserInfoHeaderapp/Http/Middleware/Add encrypted user ID and impersonator info
AddXRightCapitalCalculationIdapp/Http/Middleware/Add calculation tracking IDs

AddXRightCapitalUserInfoHeader

Section titled “AddXRightCapitalUserInfoHeader”

File: app/Http/Middleware/AddXRightCapitalUserInfoHeader.php

Adds encrypted user identification to response headers for access logging.

Headers

Section titled “Headers”
X-RightCapital-UserID: <encrypted_id>
X-RightCapital-Employee-Email: employee@rightcapital.com  # Only if impersonating

Implementation

Section titled “Implementation”
public function handle(Request $request, Closure $next): SymfonyResponse
{
    $response = $next($request);


    $login_user_id = Auth::id();


    if ($login_user_id !== null && ($response instanceof Response || $response instanceof JsonResponse)) {
        $response->withHeaders([
            self::HEADER_X_RIGHTCAPITAL_USERID => Crypt::encryptId($login_user_id),
        ]);


        $employee = Session::get(SessionEntity::KEY_IMPERSONATOR_EMPLOYEE);


        if ($employee !== null) {
            $response->withHeaders([
                self::HEADER_X_RIGHTCAPITAL_EMPLOYEE_EMAIL => $employee['email'],
            ]);
        }
    }


    return $response;
}

Key Points

Section titled “Key Points”
  • User ID is encrypted via Crypt::encryptId(), not plain ID
  • Impersonator info retrieved from session key SessionEntity::KEY_IMPERSONATOR_EMPLOYEE
  • Only adds headers to Response or JsonResponse instances

AddXRightCapitalCalculationId

Section titled “AddXRightCapitalCalculationId”

File: app/Http/Middleware/AddXRightCapitalCalculationId.php

Adds calculation tracking IDs to response headers for debugging and log correlation.

Headers

Section titled “Headers”
X-RightCapital-Calculation-IDs: calc_123,calc_456
Access-Control-Expose-Headers: X-RightCapital-Calculation-IDs,...

Implementation

Section titled “Implementation”
public function handle(Request $request, Closure $next): SymfonyResponse
{
    $response = $next($request);


    $calculation_ids = Context::getCalculationIds();


    if (count($calculation_ids) > 0 && $response instanceof Response) {
        $response->header(self::HEADER_CALCULATION_IDS, implode(',', $calculation_ids));


        // Merge CORS expose headers
        $expose_headers = $response->headers->get('Access-Control-Expose-Headers', '');
        $expose_list = array_filter(explode(',', $expose_headers));
        $expose_list[] = self::HEADER_CALCULATION_IDS;
        $response->header('Access-Control-Expose-Headers', implode(',', array_unique($expose_list)));
    }


    return $response;
}

Key Points

Section titled “Key Points”
  • Uses Context::getCalculationIds() to retrieve calculation IDs
  • Supports multiple calculation IDs (comma-separated)
  • Automatically updates CORS headers to expose the header to browser JavaScript