/**
* This action is executed before execute any action in the application
*
* @param Event $event
* @param Dispatcher $dispatcher
*/
public function beforeDispatch(Event $event, Dispatcher $dispatcher)
{
$auth = $this->session->get('auth');
if (!$auth) {
$role = 'Guests';
} else {
$role = 'Users';
}
$controller = $dispatcher->getControllerName();
$action = $dispatcher->getActionName();
$acl = $this->getAcl();
$allowed = $acl->isAllowed($role, $controller, $action);
if ($allowed != Acl::ALLOW) {
$dispatcher->forward(array('controller' => 'errors', 'action' => 'show401'));
$this->session->destroy();
return false;
}
}
/**
* before routing event.
* Handles authentication and authentication of user requests
* In case of API calls, also prevalidates if request can be executed to return a more readable response
* to the user.
* @param Dispatcher $dispatcher
* @return null|bool
*/
public function beforeExecuteRoute($dispatcher)
{
// handle authentication / authorization
if (!empty($this->request->getHeader('Authorization'))) {
// Authorization header send, handle API request
$authHeader = explode(' ', $this->request->getHeader('Authorization'));
if (count($authHeader) > 1) {
$key_secret_hash = $authHeader[1];
$key_secret = explode(':', base64_decode($key_secret_hash));
if (count($key_secret) > 1) {
$apiKey = $key_secret[0];
$apiSecret = $key_secret[1];
$authFactory = new AuthenticationFactory();
$authenticator = $authFactory->get("Local API");
if ($authenticator->authenticate($apiKey, $apiSecret)) {
$authResult = $authenticator->getLastAuthProperties();
if (array_key_exists('username', $authResult)) {
// check ACL if user is returned by the Authenticator object
$acl = new ACL();
if (!$acl->isPageAccessible($authResult['username'], $_SERVER['REQUEST_URI'])) {
$this->getLogger()->error("uri " . $_SERVER['REQUEST_URI'] . " not accessible for user " . $authResult['username'] . " using api key " . $apiKey);
} else {
// authentication + authorization successful.
// pre validate request and communicate back to the user on errors
$callMethodName = $dispatcher->getActionName() . 'Action';
$dispatchError = null;
// check number of parameters using reflection
$object_info = new \ReflectionObject($this);
$req_c = $object_info->getMethod($callMethodName)->getNumberOfRequiredParameters();
if ($req_c > count($dispatcher->getParams())) {
$dispatchError = 'action ' . $dispatcher->getActionName() . ' expects at least ' . $req_c . ' parameter(s)';
} else {
// if body is send as json data, parse to $_POST first
$dispatchError = $this->parseJsonBodyData();
}
if ($dispatchError != null) {
// send error to client
$this->response->setStatusCode(400, "Bad Request");
$this->response->setContentType('application/json', 'UTF-8');
$this->response->setJsonContent(array('message' => $dispatchError, 'status' => 400));
$this->response->send();
return false;
}
return true;
}
}
}
}
}
// not authenticated
$this->response->setStatusCode(401, "Unauthorized");
$this->response->setContentType('application/json', 'UTF-8');
$this->response->setJsonContent(array('status' => 401, 'message' => 'Authentication Failed'));
$this->response->send();
return false;
} else {
// handle UI ajax requests
// use session data and ACL to validate request.
if (!$this->doAuth()) {
return false;
}
// check for valid csrf on post requests
$csrf_tokenkey = $this->request->getHeader('X_CSRFTOKENKEY');
$csrf_token = $this->request->getHeader('X_CSRFTOKEN');
$csrf_valid = $this->security->checkToken($csrf_tokenkey, $csrf_token, false);
if (($this->request->isPost() || $this->request->isPut() || $this->request->isDelete()) && !$csrf_valid) {
// missing csrf, exit.
$this->getLogger()->error("no matching csrf found for request");
return false;
}
}
}
private static function _exec()
{
define('CURRENT_MODULE', Dispatcher::getModuleName());
define('CURRENT_CONTROLLER', Dispatcher::getControllerName());
define('CURRENT_ACTION', Dispatcher::getActionName());
$controllerName = CURRENT_CONTROLLER;
$moduleName = CURRENT_MODULE;
if ($moduleName) {
$className = sprintf('controller\\%s\\%s', $moduleName, $controllerName);
} else {
$className = sprintf("controller\\%s", $controllerName);
}
//-----请求日志------//
$params = array();
$log = array('request_id' => REQUEST_ID, 'uri' => $_SERVER['REQUEST_URI'], 'class' => array('module' => CURRENT_MODULE, 'controller' => CURRENT_CONTROLLER, 'action' => CURRENT_ACTION), 'method' => Request::method(), 'params' => array_merge($params, Request::gets(), Request::posts()), 'stream' => Request::stream(), 'cookie' => Request::cookies(), 'ip' => Request::ip());
C::log($log);
if (!class_exists($className)) {
throw new \RuntimeException('类不存在');
}
try {
$obj = new \ReflectionClass($className);
if ($obj->isAbstract()) {
throw new \RuntimeException('抽象类不可被实例化');
}
$class = $obj->newInstance();
//前置操作
if ($obj->hasMethod(CURRENT_ACTION . 'Before')) {
$beforeMethod = $obj->getMethod(CURRENT_ACTION . 'Before');
if ($beforeMethod->isPublic() && !$beforeMethod->isStatic()) {
$beforeMethod->invoke($class);
}
}
$method = $obj->getMethod(CURRENT_ACTION . 'Action');
if ($method->isPublic() && !$method->isStatic()) {
$method->invoke($class);
}
//后置操作
if ($obj->hasMethod(CURRENT_ACTION . 'After')) {
$afterMethod = $obj->getMethod(CURRENT_ACTION . 'After');
if ($afterMethod->isPublic() && !$afterMethod->isStatic()) {
$afterMethod->invoke($class);
}
}
} catch (\Exception $e) {
self::_halt($e);
}
}
/**
* Add new elements in breadcrumbs corresponding to request dispatcher : controllerName, actionName, parameters
* @param Dispatcher $dispatcher the request dispatcher
* @return \Ajax\bootstrap\html\HtmlBreadcrumbs
*/
public function fromDispatcher($dispatcher, $startIndex = 0)
{
$this->startIndex = $startIndex;
$params = $dispatcher->getParams();
$action = $dispatcher->getActionName();
$items = array($dispatcher->getControllerName());
if (\sizeof($params) > 0 || \strtolower($action) != "index") {
$items[] = $action;
foreach ($params as $p) {
if (\is_object($p) === false) {
$items[] = $p;
}
}
}
return $this->addItems($items);
}
/**
* set the active page corresponding to request dispatcher : controllerName, actionName, parameters and $urlMask
* @param Dispatcher $dispatcher the request dispatcher
* @return \Ajax\bootstrap\html\HtmlPagination
*/
public function fromDispatcher($dispatcher)
{
$items = array($dispatcher->getControllerName(), $dispatcher->getActionName());
$items = array_merge($items, $dispatcher->getParams());
$url = implode("/", $items);
if ($this->urlMask === "%page%") {
$this->urlMask = preg_replace("/[0-9]/", "%page%", $url);
}
for ($index = $this->from; $index <= $this->to; $index++) {
if ($this->getUrl($index) == $url) {
$this->setActive($index);
break;
}
}
return $this;
}
