/**
* This is the authenticate method where we check the X-Hash header from the client against
* a hash that we will recreate here on the server. If the 2 match, it's a pass.
*
* @param String $public_key
* @return boolean If success or not
*/
public function authenticate($public_key)
{
//get request and X-Hash HTTP header
$request = $this->app->request();
$contentHash = $request->headers('X-Hash');
$oUser = new User();
$user = $oUser->getUserByPublicKey($public_key);
//get private key for hashing
$private_key = $oUser->getPrivateKey($user['LoginID']);
//get HTTP request body for hashing
$requestBody = $request->getBody();
//hash the body and clientside timestamp and our private key from the user
$hash = hash_hmac('sha256', $requestBody, $private_key);
//if they match, the request is valid.
if (md5($contentHash) === md5($hash)) {
Log::write("authenticated for " . strtoupper($request->getMethod()) . "/" . $request->getPath(), $user['username']);
return TRUE;
} else {
Log::write("Hashes do not match.", $user['username']);
Log::write("Clienthash: " . $contentHash, $user['username']);
Log::write("Serverhash: " . $hash, $user['username']);
return FALSE;
}
}
use lib\RequestHelper as R;
use lib\LogHelper as Log;
// API Versioning
$app->group('/v1', function () use($app) {
/**
* GET route to export whole database to JSON
*
*/
$app->get('/database/export', function () use($app) {
//create empty user
$oUser = new User();
//request header
$request = $app->request();
$public_key = $request->headers('X-PublicKey');
//get User array from sent public key
$user = $oUser->getUserByPublicKey($public_key);
$userdb = $oUser->setDefaultDatabase($user['LoginID']);
//get access level string of user
$access_level = $oUser->getAccessLevel($user['LoginID']);
//create new instance with the user specific database
$tempTool = new DbExport($userdb);
//read relevant table names with the user specific access level
$export = $tempTool->readRelevantTables($access_level);
$app->contentType('application/json;charset=utf-8');
echo json_encode($export);
});
/**
* GET route to export database meta information to JSON
*
*/
$app->get('/database/scheme', function () use($app) {
/**
* Read the user belonging to the incoming request and get his/her defaultDB.
*
* @return String $userdb
*/
public static function readUsernameFromRequest()
{
$app = \Slim\Slim::getInstance();
$oUser = new User();
$request = $app->request();
$public_key = $request->headers('X-PublicKey');
//get User array from sent public key
$user = $oUser->getUserByPublicKey($public_key);
$username = $user['username'];
if ($username != NULL) {
return $username;
} else {
return false;
}
}
