/**
* Adding Middle Layer to authenticate every request
* Checking if the request has valid api key in the 'Authorization' header
*/
function authenticate(\Slim\Route $route)
{
// Getting request headers
$headers = apache_request_headers();
$response = array();
$app = \Slim\Slim::getInstance();
// Verifying Authorization Header
if (isset($headers['Authorization'])) {
$db = new DbHandler();
// get the api key
$api_key = $headers['Authorization'];
// validating api key
if (!$db->isValidApiKey($api_key)) {
// api key is not present in users table
$response["error"] = true;
$response["message"] = "Acesso negado.";
echoResponse(401, $response);
$app->stop();
} else {
global $user_id;
// get user primary key id
$user = $db->getUserByApiId($api_key);
if ($user != NULL) {
$user_id = $user["id"];
}
}
} else {
// api key is missing in header
$response["error"] = true;
$response["message"] = "Api key necessária";
echoResponse(400, $response);
$app->stop();
}
}
