protected function getValidTokenPayload(Request $request)
{
// try to get a token first from the Authorization header, then from the GET and POST vars
$headers = $request->Headers;
$getToken = $request->Get('AuthToken');
$postToken = $request->Post('AuthToken');
if (isset($headers['Authorization']) && substr($headers['Authorization'], 0, 7) === 'Bearer ') {
$tokenString = substr($headers['Authorization'], 7);
} elseif (isset($getToken)) {
$tokenString = $getToken;
} elseif (isset($postToken)) {
$tokenString = $postToken;
} else {
$tokenString = null;
}
if (isset($tokenString)) {
try {
return \Firebase\JWT\JWT::decode($tokenString, $this->secretKey, ['HS256']);
} catch (ExpiredException $e) {
return 'expired';
} catch (\Exception $e) {
return null;
}
} else {
return null;
}
}
private function getValidToken(Request $request)
{
$tokenString = $this->cookies->Get('AuthToken');
if (!isset($tokenString)) {
// See if the token is present in the URL
$tokenString = $request->Get('AuthToken');
if (!isset($tokenString)) {
return false;
}
}
list($authToken, $checksum) = explode('|', base64_decode($tokenString));
if (hash('md5', $authToken) === $checksum) {
$checkToken = new Token(null, null, null, $authToken);
if (!$this->tokenMapper->CheckAuthToken($checkToken)) {
return false;
} else {
return $checkToken;
}
} else {
return false;
}
}
/**
* @param Request $request
* @param array $params
* @return Reply
*/
public function Get(Request $request, $params = [])
{
/**
* GET /{item} <- retrieve a set
* GET /{item}?page={page} <- retrieve page {page} of results
* GET /{item}/{id} <- retrieve {item} with id {id}
* GET /{item}/{id}/{children} <- retrieve the children of {item} with id {id}
* ** the above only works on Mappers which have a Get{children} method accepting {id} as an argument
*/
$get = $request->Get();
$page = isset($get['page']) && is_numeric($get['page']) ? $get['page'] : 1;
$pageSize = 0;
if (isset($config['pageSize']) && is_numeric($config['pageSize'])) {
$pageSize = $config['pageSize'];
}
if (isset($get['pageSize']) && is_numeric($get['pageSize'])) {
$pageSize = $get['pageSize'];
}
unset($get['page']);
unset($get['pageSize']);
unset($get['callback']);
if ($this->authUserFilter && !isset($this->authUser)) {
return new Reply(403, ['error' => 'Must be logged in to access this resource.']);
}
$reply = null;
switch (count($params)) {
case 0:
if ($this->authUserFilter && isset($this->authUser)) {
$get[$this->authUserIDProperty] = $this->authUser->GetID();
}
// if the params array was empty, return a set
$filterKeys = [];
$filterValues = [];
foreach ($get as $key => $value) {
$filterKeys[] = '{' . $key . '} = :' . $key;
$filterValues[":{$key}"] = $value;
}
$whereClause = implode(' AND ', $filterKeys);
$set = $this->mapper->GetSetWhere($whereClause, $filterValues, $page, $pageSize);
$reply = new Reply(200, $set);
break;
case 1:
$item = $this->mapper->GetOneById($params[0]);
if (!isset($item)) {
$reply = new Reply(404, ['error' => 'The requested item could not be found.']);
} else {
$reply = new Reply(200, $item);
if ($this->authUserFilter && $item->{$this->authUserIDProperty} !== $this->authUser->GetID()) {
$reply = new Reply(404, ['error' => 'The requested item could not be found.']);
}
}
break;
case 2:
$id = $params[0];
$subsetName = $params[1];
$method = 'Get' . ucwords($subsetName);
if (!method_exists($this->mapper, $method)) {
$reply = new Reply(404, ['error' => sprintf('"%s" not found.', $subsetName)]);
} else {
if ($this->authUserFilter) {
$parent = $this->mapper->GetOneById($id);
if (!isset($parent) || $parent->{$this->authUserIDProperty} !== $this->authUser->GetID()) {
$reply = new Reply(404, ['error' => 'The requested item could not be found.']);
} else {
$subset = $this->mapper->{$method}($parent->GetID(), $page, $pageSize);
$reply = new Reply(200, $subset);
}
} else {
$subset = $this->mapper->{$method}($id, $page, $pageSize);
if (isset($subset)) {
$reply = new Reply(200, $subset);
} else {
$reply = new Reply(404, ['error' => 'The subset returned a null result.']);
}
}
}
break;
default:
$reply = new Reply(400, ['error' => 'Too many parameters in URL.']);
break;
}
return $reply;
}