public static function POST($params, $method, $headers)
{
$validationModel = new \Phramework\Validate\ObjectValidator(['title' => new \Phramework\Validate\StringValidator(3, 32), 'content' => new \Phramework\Validate\StringValidator(3, 1024), 'category' => (new \Phramework\Validate\EnumValidator(['blog', 'release', 'test']))->setDefault('blog')], ['title', 'content']);
$data = $validationModel->parse($params);
//Do something with parsed data
//$data->title
//$data-content
//$data->category
//Return 202 Accepted HTTP status code, since we din't store the data
\Phramework\Models\Response::accepted();
/*
//Uncomment to view the data object when debugging
self::view([
'data' => $data
]);
*/
}
/**
* Authenticate a user using JWT authentication method
* @param array $params Request parameters
* @param string $method Request method
* @param array $headers Request headers
* @return false|array Returns false on failure
*/
public function authenticate($params, $method, $headers)
{
//Require email and password set in params
$validationModel = new \Phramework\Validate\ObjectValidator(['email' => new \Phramework\Validate\EmailValidator(3, 100), 'password' => new \Phramework\Validate\StringValidator(3, 128, null, true)], ['email', 'password']);
$parsed = $validationModel->parse($params);
$email = $parsed->email;
$password = $parsed->password;
//Get user object
$user = call_user_func(Manager::getUserGetByEmailMethod(), $email);
if (!$user) {
return false;
}
// Verify user's password (password is stored as hash)
if (!password_verify($password, $user['password'])) {
return false;
}
$secret = Phramework::getSetting('jwt', 'secret');
$algorithm = Phramework::getSetting('jwt', 'algorithm');
$serverName = Phramework::getSetting('jwt', 'server');
$tokenId = base64_encode(\mcrypt_create_iv(32));
$issuedAt = time();
$notBefore = $issuedAt + Phramework::getSetting('jwt', 'nbf', 0);
$expire = $notBefore + Phramework::getSetting('jwt', 'exp', 3600);
/*
* Create the token as an array
*/
$data = ['iat' => $issuedAt, 'jti' => $tokenId, 'iss' => $serverName, 'nbf' => $notBefore, 'exp' => $expire, 'data' => ['id' => $user['id']]];
//copy user attributes to jwt's data
foreach (Manager::getAttributes() as $attribute) {
if (!isset($user[$attribute])) {
throw new \Phramework\Exceptions\ServerException(sprintf('Attribute "%s" is not set in user object', $attribute));
}
$data['data'][$attribute] = $user[$attribute];
}
$jwt = \Firebase\JWT\JWT::encode($data, $secret, $algorithm);
//Call onAuthenticate callback if set
if (($callback = Manager::getOnAuthenticateCallback()) !== null) {
call_user_func($callback, (object) $data['data'], $jwt);
}
return [(object) $data['data'], $jwt];
}
