$container->set('crypt', function () {
$crypt = new \Phalcon\Crypt();
$crypt->setMode(MCRYPT_MODE_CFB);
$crypt->setKey('%31.1e$i86e$f!8j');
return $crypt;
});
$container->set('security', function () {
$security = new \Phalcon\Security();
$security->setWorkFactor(12);
return $security;
}, true);
$container->set('db', function () {
return new \Phalcon\Db\Adapter\Pdo\Mysql(array("host" => 'localhost', "username" => 'root', "password" => 'root', "dbname" => 'dez-auth'));
});
$app = new \Phalcon\Mvc\Micro();
$app->setDI($container);
$app->session->start();
$app->get('/', function () use($container, $app) {
/** @var \PhalconDez\Auth\Auth $auth */
$auth = $container->get('auth');
$email = '*****@*****.**';
$password = '******';
try {
$auth->authenticate($email, $password);
} catch (\Exception $e) {
$auth->create($email, $password);
$container->get('response')->redirect('auth-page');
}
if ($app->request->get('auth') > 0) {
$auth->authenticate('*****@*****.**', '123qwe');
}
$di->setShared('requestBody', function () {
$in = file_get_contents('php://input');
$in = json_decode($in, FALSE);
// JSON body could not be parsed, throw exception
if ($in === null) {
throw new HTTPException('There was a problem understanding the data sent to the server by the application.', 409, array('dev' => 'The JSON body sent to the server was unable to be parsed.', 'internalCode' => 'REQ1000', 'more' => ''));
}
return $in;
});
/**
* Out application is a Micro application, so we mush explicitly define all the routes.
* For APIs, this is ideal. This is as opposed to the more robust MVC Application
* @var $app
*/
$app = new Phalcon\Mvc\Micro();
$app->setDI($di);
/**
* Before every request, make sure user is authenticated.
* Returning true in this function resumes normal routing.
* Returning false stops any route from executing.
*/
/*
This will require changes to fit your application structure.
It supports Basic Auth, Session auth, and Exempted routes.
It also allows all Options requests, as those tend to not come with
cookies or basic auth credentials and Preflight is not implemented the
same in every browser.
*/
$app->before(function () use($app, $di) {
// Browser requests, user was stored in session on login, replace into DI
/**
* Handles the request.
*/
public function main()
{
/**
* Our application is a Micro application, so we must explicitly define all the routes.
* For APIs, this is ideal. This is as opposed to the more robust MVC Application
* @var $app
*/
$app = new \Phalcon\Mvc\Micro();
$app->setDI($this->di);
/**
* This will require changes to fit your application structure.
* It supports Auth, Session auth, and Exempted routes.
* It also allows all Options requests, as those tend to not come with
* cookies or basic auth credentials and Preflight is not implemented the
* same in every browser.
*/
$app->before(function () use($app) {
// Oauth, for programmatic responses
if ($app->request->getHeader('X_COMPARE_REST_API_KEY') && $app->request->get('language') && $app->request->get('countryCode')) {
$session = new SessionsController();
$result = $session->resource($app->request->getHeader('X_COMPARE_REST_API_KEY'));
if ($result) {
return true;
} else {
throw new HTTPException('Invalid access token.', 401, ['dev' => 'Please provide credentials by passing your access token.', 'internalCode' => 'Unauth:1']);
}
}
// If we made it this far, we have no valid auth method, throw a 401.
throw new HTTPException('Must provide credentials.', 401, ['dev' => 'Please provide credentials by passing your access token, language and country code.', 'internalCode' => 'Unauth:1']);
return false;
});
/**
* Mount all of the collections, which makes the routes active.
*/
foreach ($this->di->getShared('collections') as $collection) {
$app->mount($collection);
}
/**
* The base route return the list of defined routes for the application.
* This is not strictly REST compliant, but it helps to base API documentation off of.
* By calling this, you can quickly see a list of all routes and their methods.
*/
$app->get('/', function () use($app) {
$routes = $app->getRouter()->getRoutes();
$routeDefinitions = array('GET' => array(), 'POST' => array(), 'PUT' => array(), 'PATCH' => array(), 'DELETE' => array(), 'HEAD' => array(), 'OPTIONS' => array());
foreach ($routes as $route) {
$method = $route->getHttpMethods();
$routeDefinitions[$method][] = $route->getPattern();
}
return $routeDefinitions;
});
/**
* After a route is run, usually when its Controller returns a final value,
* the application runs the following function which actually sends the response to the client.
*
* The default behavior is to send the Controller's returned value to the client as JSON.
* However, by parsing the request querystring's 'type' paramter, it is easy to install
* different response type handlers. Below is an alternate csv handler.
*/
$app->after(function () use($app) {
// OPTIONS have no body, send the headers, exit
if ($app->request->getMethod() == 'OPTIONS') {
$app->response->setStatusCode('200', 'OK');
$app->response->send();
return;
}
// Respond by default as JSON
if (!$app->request->get('type') || 'json' == $app->request->get('type') || 'option' == $app->request->get('type')) {
// Results returned from the route's controller. All Controllers should return an array
$records = $app->getReturnedValue();
$response = new JSONResponse();
$response->useEnvelope(true)->convertSnakeCase(true)->send($records);
return;
} else {
if ('xml' == $app->request->get('type')) {
$records = $app->getReturnedValue();
$response = new XMLResponse();
$response->send($records);
return;
} else {
if ('csv' == $app->request->get('type')) {
$records = $app->getReturnedValue();
$response = new CSVResponse();
$response->useHeaderRow(true)->send($records);
return;
} else {
throw new HTTPException('Could not return results in specified format', 403, array('dev' => 'Could not understand type specified by type paramter in query string.', 'internalCode' => 'NF1000', 'more' => 'Type may not be implemented. Choose either "json", "xml" or "csv"'));
}
}
}
});
/**
* The notFound service is the default handler function that runs when no route was matched.
* We set a 404 here unless there's a suppress error codes.
*/
$app->notFound(function () use($app) {
throw new HTTPException('Not Found.', 404, array('dev' => 'That route was not found on the server.', 'internalCode' => 'NF1000', 'more' => 'Check route for mispellings.'));
});
/**
* If the application throws an HTTPException, send it on to the client as json.
* Elsewise, just log it.
*/
set_exception_handler(function ($exception) use($app) {
//HTTPException's send method provides the correct response headers and body
if (is_a($exception, 'App\\Common\\Lib\\Application\\Exceptions\\HTTPException')) {
$exception->send();
}
error_log($exception);
error_log($exception->getTraceAsString());
});
$app->handle();
}
