public function call()
{
$app = \Slim\Slim::getInstance();
$request = $app->request();
$response = $app->response();
$route = $request->getResourceUri();
//echo "\r\ncurrent route: " . $route;
if ($this->whitelisted($route) || $request->isOptions()) {
//Current route is an exception to this Middleware
//echo "skipping auth";
$this->next->call();
} else {
//echo "processing auth";
//Handle the middleware layer
//Verify that the Authorization header was used
$authorization_header = $request->headers->get('AUTHORIZATION');
if ($authorization_header) {
$authArray = explode(' ', $authorization_header);
//Verify that the Authorization header specifies 'Bearer'
if ($authArray[0] == 'Bearer') {
$jwt = $authArray[1];
//Validate the JWT
if ($this->validate($jwt)) {
if (AuthService::authenticate($jwt)) {
$this->next->call();
} else {
$result['success'] = false;
$result['message'] = "Error with your token: " . "Token is not registered on the server";
$this->app->response->setStatus(400);
//send 400 instead of 401 because GoDaddy will send back a WWW-Authenticate: Basic header otherwise
$this->app->response->setBody(json_encode($result));
}
}
} else {
$result['success'] = false;
$result['message'] = "No token provided";
$this->app->response->setStatus(400);
//send 400 instead of 401 because GoDaddy will send back a WWW-Authenticate: Basic header otherwise
$this->app->response->setBody(json_encode($result));
}
} else {
//echo 'No json provided';
$result['success'] = false;
$result['message'] = "Authorization header is required for this route: " . $route;
$response->setStatus(400);
//send 400 instead of 401 because GoDaddy will send back a WWW-Authenticate: Basic header otherwise
$this->app->response->setBody(json_encode($result));
}
}
}
echo "successfully authenticated.";
});
$app->options('/register', function () use($app) {
echo "{ 'success': 'true' }";
$app->response->headers->set("Allow", "GET,HEAD,POST,OPTIONS,TRACE");
$app->response->headers->set("Content-type", "application/json");
});
$app->post('/register', function () {
$request = \Slim\Slim::getInstance()->request();
$response = \Slim\Slim::getInstance()->response();
if ($payload = json_decode($request->getBody())) {
//Successfully decoded JSON object.
if ($payload->email && $payload->name) {
$row = \FormAPI\AuthService::fetchRequester($payload->email, $payload->name);
$jwt = \FormAPI\AuthService::generate($row['requester_id'], $row['email_address']);
if (\FormAPI\AuthService::save($row['requester_id'], $jwt)) {
$result['success'] = true;
$result['jwt'] = $jwt;
echo json_encode($result);
} else {
$result['success'] = false;
$result['message'] = "Unable to save token to server cache";
$response->setStatus(500);
$response->setBody(json_encode($result));
}
} else {
$result['success'] = false;
$result['message'] = "Invalid Data, no email or name provided";
$response->setStatus(400);
$response->setbody(json_encode($result));
}
