function __invoke($req, $res, $next)
{
$apip = apip::getInstance();
$userId = utils::getRequestHeader($req, 'AliceSPA-UserID');
$webToken = utils::getRequestHeader($req, 'AliceSPA-WebToken');
$userId = empty($userId) ? null : $userId[0];
$webToken = empty($webToken) ? null : $webToken[0];
if ($userId === null || $webToken === null) {
$apip->pushError(3);
return $res;
}
$r = utils::disposeAPIException(function () use($userId, $webToken) {
return authService::getInstance()->authenticateByWebToken($userId, $webToken);
}, [1 => ['dispel' => 3, 'dispelPushError' => false]]);
if ($r === false) {
$apip->pushError(3);
return $res;
}
$roles = $req->getAttribute('route')->getArgument('AliceSPA_Roles');
$r = authService::getInstance()->checkRoles($roles);
if ($r === false) {
$apip->pushError(5);
return $res;
}
return $next($req, $res);
}
$roles = null;
if ($this->isLoggedIn()) {
$db = db::getInstance();
$roles = $db->select('aspa_role', 'role_names', ['user_id' => $this->userInfo['id']]);
if (!empty($roles)) {
$roles = $roles[0];
$roles = json_decode($roles, true);
if (!in_array('visitor', $roles)) {
$roles[] = 'visitor';
}
if (!in_array('user', $roles)) {
$roles[] = 'user';
}
} else {
$roles = ['visitor', 'user'];
}
} else {
$roles = ['visitor'];
}
if (in_array('admin', $roles)) {
//Admin can access every where.
return true;
}
$r = count(array_intersect($routeRoles, $roles)) >= 1;
//If user has any one of roles required;
return $r;
}
}
$container['auth'] = function () {
return \AliceSPA\Service\Authentication::getInstance();
};