public function call()
{
// The Slim application
$app = $this->app;
self::decode_query_string();
$origin = $app->request->headers->get('ORIGIN', '*');
// Always keep connection open
$app->response->headers->set('Connection', 'Keep-Alive');
// Allow Cross-Origin Resource Sharing
$app->response->headers->set('Access-Control-Allow-Credentials', 'true');
$app->response->headers->set('Access-Control-Allow-Methods', 'GET, PUT, POST, DELETE');
$app->response->headers->set('Access-Control-Allow-Headers', 'x-app-id, x-app-key, x-auth-token, x-http-method-override, content-type, user-agent, accept');
if ($app->request->isOptions()) {
// Always allow OPTIONS requests.
$app->response->headers->set('Access-Control-Allow-Origin', $origin);
} else {
// Get application key
$app_key = Context::validateKey($app->request->headers->get('X-App-Id') ?: $app->request->get('X-App-Id'), $app->request->headers->get('X-App-Key') ?: $app->request->get('X-App-Key'));
if ($app_key) {
// Check the application key allowed origins, and block if necessary.
if ($app_key->isBrowser()) {
$app->response->headers->set('Access-Control-Allow-Origin', $origin);
$request_origin = preg_replace("/https?:\\/\\//", "", $origin);
$allowed_origins = Config::get('security.allowed_origins', array($request_origin));
$is_origin_allowed = array_filter($allowed_origins, function ($allowed_origin) use(&$request_origin) {
return fnmatch($allowed_origin, $request_origin);
});
if (count($is_origin_allowed) == 0) {
// throw new NotAllowedException("origin_not_allowed");
$app->response->setStatus(403);
// forbidden
$app->response->headers->set('Content-type', 'application/json');
$app->response->setBody(json_encode(array('error' => "origin_not_allowed")));
return;
}
}
// Require custom app packages
Package\Manager::autoload();
// // Register session handler
// Session\Handler::register(Config::get('session.handler', 'database'));
// Query and compile route module if found
$route_module_name = strtolower($app->request->getMethod()) . '_' . substr($app->request->getPathInfo(), 1) . '.php';
$alternate_route_module_name = 'any_' . substr($app->request->getPathInfo(), 1) . '.php';
$custom_route = Module::where('type', Module::TYPE_ROUTE)->where('name', $route_module_name)->orWhere('name', $alternate_route_module_name)->first();
if ($custom_route) {
// Flag request as "trusted".
Context::setTrusted(true);
// "Compile" the route to be available for the router
$custom_route->compile();
}
} else {
if (!\Hook\Controllers\ApplicationController::isRootOperation()) {
$app->response->setStatus(403);
$app->response->setBody(json_encode(array('error' => "Your IP Address is not allowed to perform this operation.")));
return;
}
}
//
// Parse incoming JSON data
if ($app->request->isPost() || $app->request->isPut() || $app->request->isDelete()) {
$input_data = $app->environment->offsetGet('slim.input');
$app->environment->offsetSet('slim.request.form_hash', json_decode($input_data, true));
}
return $this->next->call();
}
}
