protected function getValidTokenPayload(Request $request) { // try to get a token first from the Authorization header, then from the GET and POST vars $headers = $request->Headers; $getToken = $request->Get('AuthToken'); $postToken = $request->Post('AuthToken'); if (isset($headers['Authorization']) && substr($headers['Authorization'], 0, 7) === 'Bearer ') { $tokenString = substr($headers['Authorization'], 7); } elseif (isset($getToken)) { $tokenString = $getToken; } elseif (isset($postToken)) { $tokenString = $postToken; } else { $tokenString = null; } if (isset($tokenString)) { try { return \Firebase\JWT\JWT::decode($tokenString, $this->secretKey, ['HS256']); } catch (ExpiredException $e) { return 'expired'; } catch (\Exception $e) { return null; } } else { return null; } }
private function getValidToken(Request $request) { $tokenString = $this->cookies->Get('AuthToken'); if (!isset($tokenString)) { // See if the token is present in the URL $tokenString = $request->Get('AuthToken'); if (!isset($tokenString)) { return false; } } list($authToken, $checksum) = explode('|', base64_decode($tokenString)); if (hash('md5', $authToken) === $checksum) { $checkToken = new Token(null, null, null, $authToken); if (!$this->tokenMapper->CheckAuthToken($checkToken)) { return false; } else { return $checkToken; } } else { return false; } }
/** * @param Request $request * @param array $params * @return Reply */ public function Get(Request $request, $params = []) { /** * GET /{item} <- retrieve a set * GET /{item}?page={page} <- retrieve page {page} of results * GET /{item}/{id} <- retrieve {item} with id {id} * GET /{item}/{id}/{children} <- retrieve the children of {item} with id {id} * ** the above only works on Mappers which have a Get{children} method accepting {id} as an argument */ $get = $request->Get(); $page = isset($get['page']) && is_numeric($get['page']) ? $get['page'] : 1; $pageSize = 0; if (isset($config['pageSize']) && is_numeric($config['pageSize'])) { $pageSize = $config['pageSize']; } if (isset($get['pageSize']) && is_numeric($get['pageSize'])) { $pageSize = $get['pageSize']; } unset($get['page']); unset($get['pageSize']); unset($get['callback']); if ($this->authUserFilter && !isset($this->authUser)) { return new Reply(403, ['error' => 'Must be logged in to access this resource.']); } $reply = null; switch (count($params)) { case 0: if ($this->authUserFilter && isset($this->authUser)) { $get[$this->authUserIDProperty] = $this->authUser->GetID(); } // if the params array was empty, return a set $filterKeys = []; $filterValues = []; foreach ($get as $key => $value) { $filterKeys[] = '{' . $key . '} = :' . $key; $filterValues[":{$key}"] = $value; } $whereClause = implode(' AND ', $filterKeys); $set = $this->mapper->GetSetWhere($whereClause, $filterValues, $page, $pageSize); $reply = new Reply(200, $set); break; case 1: $item = $this->mapper->GetOneById($params[0]); if (!isset($item)) { $reply = new Reply(404, ['error' => 'The requested item could not be found.']); } else { $reply = new Reply(200, $item); if ($this->authUserFilter && $item->{$this->authUserIDProperty} !== $this->authUser->GetID()) { $reply = new Reply(404, ['error' => 'The requested item could not be found.']); } } break; case 2: $id = $params[0]; $subsetName = $params[1]; $method = 'Get' . ucwords($subsetName); if (!method_exists($this->mapper, $method)) { $reply = new Reply(404, ['error' => sprintf('"%s" not found.', $subsetName)]); } else { if ($this->authUserFilter) { $parent = $this->mapper->GetOneById($id); if (!isset($parent) || $parent->{$this->authUserIDProperty} !== $this->authUser->GetID()) { $reply = new Reply(404, ['error' => 'The requested item could not be found.']); } else { $subset = $this->mapper->{$method}($parent->GetID(), $page, $pageSize); $reply = new Reply(200, $subset); } } else { $subset = $this->mapper->{$method}($id, $page, $pageSize); if (isset($subset)) { $reply = new Reply(200, $subset); } else { $reply = new Reply(404, ['error' => 'The subset returned a null result.']); } } } break; default: $reply = new Reply(400, ['error' => 'Too many parameters in URL.']); break; } return $reply; }