/**
* Adding Middle Layer to authenticate every request
* Checking if the request has valid api key in the 'Authorization' header
*/
function authenticate(\Slim\Route $route)
{
// Getting request headers
$headers = apache_request_headers();
$response = array();
$app = \Slim\Slim::getInstance();
// Verifying Authorization Header
if (isset($headers['Authorization'])) {
$db = new DBHandler();
// get the api key
$apikey = $headers['Authorization'];
// validating api key
if (!$db->isValidApiKey($apikey)) {
// api key is not present in users table
$response["error"] = true;
$response["message"] = "Zugriff verweigert! Falscher API-Key!";
echoRespnse(401, $response);
$app->stop();
} else {
global $userid;
// get user primary key id
$user = $db->getUserId($apikey);
if ($user != NULL) {
$userid = $user;
}
}
} else {
// api key is missing in header
$response["error"] = true;
$response["message"] = "Zugriff verweigert! API-Key fehlt!";
echoRespnse(400, $response);
$app->stop();
}
}
