protected function __construct(\Slim\Http\Request $request)
{
$key = $request->headers('apikey');
if ($key == '') {
$key = $request->post('apikey');
}
if ($key == '') {
$key = $request->get('apikey');
}
if ($key == '') {
return;
}
$this->apiKey = $key;
$this->role = $this->getRoleFromKey($this->apiKey);
}
/**
* Set ETag HTTP Response Header
*
* Set the etag header and stop if the conditional GET request matches.
* The `value` argument is a unique identifier for the current resource.
* The `type` argument indicates whether the etag should be used as a strong or
* weak cache validator.
*
* When the current request includes an 'If-None-Match' header with
* a matching etag, execution is immediately stopped. If the request
* method is GET or HEAD, a '304 Not Modified' response is sent.
*
* @param string $value The etag value
* @param string $type The type of etag to create; either "strong" or "weak"
* @throws \InvalidArgumentException If provided type is invalid
*/
public function etag($value, $type = 'strong')
{
//Ensure type is correct
if (!in_array($type, array('strong', 'weak'))) {
throw new \InvalidArgumentException('Invalid Slim::etag type. Expected "strong" or "weak".');
}
//Set etag value
$value = '"' . $value . '"';
if ($type === 'weak') {
$value = 'W/' . $value;
}
$this->response['ETag'] = $value;
//Check conditional GET
if ($etagsHeader = $this->request->headers('IF_NONE_MATCH')) {
$etags = preg_split('@\\s*,\\s*@', $etagsHeader);
if (in_array($value, $etags) || in_array('*', $etags)) {
$this->halt(304);
}
}
}
public function extractToken(Request $request)
{
$tokenHeader = $request->headers('Authorization', false);
$rawTokenHeader = $request->rawHeaders('Authorization', false);
if ($tokenHeader && preg_match('/Bearer\\s*([^\\s]+)/', $tokenHeader, $matches)) {
$tokenHeader = $matches[1];
} elseif ($rawTokenHeader && preg_match('/Bearer\\s*([^\\s]+)/', $rawTokenHeader, $matches)) {
$tokenHeader = $matches[1];
} else {
$tokenHeader = false;
}
$tokenRequest = $request->post('access_token', false);
$tokenQuery = $request->get('access_token', false);
// At least one (and only one) of client credentials method required.
if (!$tokenHeader && !$tokenRequest && !$tokenQuery) {
throw new Exception('The request is missing a required parameter.', Resource::STATUS_BAD_REQUEST);
} elseif ($tokenHeader && $tokenRequest || $tokenRequest && $tokenQuery || $tokenQuery && $tokenHeader) {
throw new Exception('The request includes multiple credentials.', Resource::STATUS_BAD_REQUEST);
}
$accessToken = $tokenHeader ?: $tokenRequest ?: $tokenQuery;
try {
$tokenDocument = $this->fetchToken($accessToken);
} catch (\Exception $e) {
throw new Exception('Access token invalid.');
}
return $tokenDocument;
}
public function extractToken(Request $request)
{
$headers = $request->headers();
$rawHeaders = $request->rawHeaders();
if (isset($rawHeaders['Authorization'])) {
$header = $rawHeaders['Authorization'];
} elseif (isset($headers['Authorization'])) {
$header = $headers['Authorization'];
} else {
throw new Exception('Authorization header required.');
}
if (preg_match('/Basic\\s+(.*)$/i', $header, $matches)) {
list($authUser, $authPass) = explode(':', base64_decode($matches[1]));
} else {
throw new Exception('Authorization header invalid.');
}
if (isset($authUser) && isset($authPass)) {
try {
$token = $this->fetchToken($authUser, $authPass);
} catch (\Exception $e) {
throw new Exception('Authorization header invalid.');
}
}
return $token;
}
