/** * Adding Middle Layer to authenticate every request * Checking if the request has valid api key in the 'Authorization' header */ function authenticate(\Slim\Route $route) { // Getting request headers $headers = apache_request_headers(); $response = array(); $app = \Slim\Slim::getInstance(); // Verifying Authorization Header if (isset($headers['Authorization'])) { $db = new DBHandler(); // get the api key $apikey = $headers['Authorization']; // validating api key if (!$db->isValidApiKey($apikey)) { // api key is not present in users table $response["error"] = true; $response["message"] = "Zugriff verweigert! Falscher API-Key!"; echoRespnse(401, $response); $app->stop(); } else { global $userid; // get user primary key id $user = $db->getUserId($apikey); if ($user != NULL) { $userid = $user; } } } else { // api key is missing in header $response["error"] = true; $response["message"] = "Zugriff verweigert! API-Key fehlt!"; echoRespnse(400, $response); $app->stop(); } }