/**
* @param Request $request
* @param Response $response
* @param callable|null $out
* @return null|Response
*/
public function dispatch(Request $request, Response $response, callable $out = null)
{
$authData = $request->getParsedBody();
if (!isset($authData['apiKey'])) {
return new JsonResponse(['error' => RestUtils::INVALID_ARGUMENT_ERROR, 'message' => $this->translator->translate('You have to provide a valid API key under the "apiKey" param name.')], 400);
}
// Authenticate using provided API key
$apiKey = $this->apiKeyService->getByKey($authData['apiKey']);
if (!isset($apiKey) || !$apiKey->isValid()) {
return new JsonResponse(['error' => RestUtils::INVALID_API_KEY_ERROR, 'message' => $this->translator->translate('Provided API key does not exist or is invalid.')], 401);
}
// Generate a JSON Web Token that will be used for authorization in next requests
$token = $this->jwtService->create($apiKey);
return new JsonResponse(['token' => $token]);
}
/**
* Process an incoming request and/or response.
*
* Accepts a server-side request and a response instance, and does
* something with them.
*
* If the response is not complete and/or further processing would not
* interfere with the work done in the middleware, or if the middleware
* wants to delegate to another process, it can use the `$out` callable
* if present.
*
* If the middleware does not return a value, execution of the current
* request is considered complete, and the response instance provided will
* be considered the response to return.
*
* Alternately, the middleware may return a response instance.
*
* Often, middleware will `return $out();`, with the assumption that a
* later middleware will return a response.
*
* @param Request $request
* @param Response $response
* @param null|callable $out
* @return null|Response
*/
public function __invoke(Request $request, Response $response, callable $out = null)
{
// If current route is the authenticate route or an OPTIONS request, continue to the next middleware
/** @var RouteResult $routeResult */
$routeResult = $request->getAttribute(RouteResult::class);
if (!isset($routeResult) || $routeResult->isFailure() || $routeResult->getMatchedRouteName() === 'rest-authenticate' || $request->getMethod() === 'OPTIONS') {
return $out($request, $response);
}
// Check that the auth header was provided, and that it belongs to a non-expired token
if (!$request->hasHeader(self::AUTHORIZATION_HEADER)) {
return $this->createTokenErrorResponse();
}
// Get token making sure the an authorization type is provided
$authToken = $request->getHeaderLine(self::AUTHORIZATION_HEADER);
$authTokenParts = explode(' ', $authToken);
if (count($authTokenParts) === 1) {
return new JsonResponse(['error' => RestUtils::INVALID_AUTHORIZATION_ERROR, 'message' => sprintf($this->translator->translate('You need to provide the Bearer type in the %s header.'), self::AUTHORIZATION_HEADER)], 401);
}
// Make sure the authorization type is Bearer
list($authType, $jwt) = $authTokenParts;
if (strtolower($authType) !== 'bearer') {
return new JsonResponse(['error' => RestUtils::INVALID_AUTHORIZATION_ERROR, 'message' => sprintf($this->translator->translate('Provided authorization type %s is not supported. Use Bearer instead.'), $authType)], 401);
}
try {
ErrorHandler::start();
if (!$this->jwtService->verify($jwt)) {
return $this->createTokenErrorResponse();
}
ErrorHandler::stop(true);
// Update the token expiration and continue to next middleware
$jwt = $this->jwtService->refresh($jwt);
/** @var Response $response */
$response = $out($request, $response);
// Return the response with the updated token on it
return $response->withHeader(self::AUTHORIZATION_HEADER, 'Bearer ' . $jwt);
} catch (AuthenticationException $e) {
$this->logger->warning('Tried to access API with an invalid JWT.' . PHP_EOL . $e);
return $this->createTokenErrorResponse();
} catch (\Exception $e) {
$this->logger->warning('Unexpected error occurred.' . PHP_EOL . $e);
return $this->createTokenErrorResponse();
} catch (\Throwable $e) {
$this->logger->warning('Unexpected error occurred.' . PHP_EOL . $e);
return $this->createTokenErrorResponse();
} finally {
ErrorHandler::clean();
}
}
