$app->before(function () use($app, $di) {
// Browser requests, user was stored in session on login, replace into DI
if ($di->getShared('session')->get('user') != false) {
$di->setShared('user', function () use($di) {
return $di->getShared('session')->get('user');
});
return true;
}
// Basic auth, for programmatic responses
if ($app->request->getServer('PHP_AUTH_USER')) {
$user = new \PhalconRest\Controllers\UsersController();
$user->login($app->request->getServer('PHP_AUTH_USER'), $app->request->getServer('PHP_AUTH_PW'));
return true;
}
// All options requests get a 200, then die
if ($app->__get('request')->getMethod() == 'OPTIONS') {
$app->response->setStatusCode(200, 'OK')->sendHeaders();
exit;
}
// Exempted routes, such as login, or public info. Let the route handler
// pick it up.
switch ($app->getRouter()->getRewriteUri()) {
case '/v1/user/login':
return true;
break;
case '/example/route':
return true;
break;
}
// If we made it this far, we have no valid auth method, throw a 401.
throw new \PhalconRest\Exceptions\HTTPException('Must login or provide credentials.', 401, array('dev' => 'Please provide credentials by either passing in a session token via cookie, or providing password and username via BASIC authentication.', 'internalCode' => 'Unauth:1'));
