/** * Adding Middle Layer to authenticate every request * Checking if the request has valid api key in the 'Authorization' header */ function authenticate(\Slim\Route $route) { // Getting request headers $headers = apache_request_headers(); $response = array(); $app = \Slim\Slim::getInstance(); // Verifying Authorization Header if (isset($headers['Authorization'])) { $db = new DbHandler(); // get the api key $api_key = $headers['Authorization']; // validating api key if (!$db->isValidApiKey($api_key)) { // api key is not present in users table $response["error"] = true; $response["message"] = "Acesso negado."; echoResponse(401, $response); $app->stop(); } else { global $user_id; // get user primary key id $user = $db->getUserByApiId($api_key); if ($user != NULL) { $user_id = $user["id"]; } } } else { // api key is missing in header $response["error"] = true; $response["message"] = "Api key necessária"; echoResponse(400, $response); $app->stop(); } }