/** * This action is executed before execute any action in the application * * @param Event $event * @param Dispatcher $dispatcher */ public function beforeDispatch(Event $event, Dispatcher $dispatcher) { $auth = $this->session->get('auth'); if (!$auth) { $role = 'Guests'; } else { $role = 'Users'; } $controller = $dispatcher->getControllerName(); $action = $dispatcher->getActionName(); $acl = $this->getAcl(); $allowed = $acl->isAllowed($role, $controller, $action); if ($allowed != Acl::ALLOW) { $dispatcher->forward(array('controller' => 'errors', 'action' => 'show401')); $this->session->destroy(); return false; } }
/** * before routing event. * Handles authentication and authentication of user requests * In case of API calls, also prevalidates if request can be executed to return a more readable response * to the user. * @param Dispatcher $dispatcher * @return null|bool */ public function beforeExecuteRoute($dispatcher) { // handle authentication / authorization if (!empty($this->request->getHeader('Authorization'))) { // Authorization header send, handle API request $authHeader = explode(' ', $this->request->getHeader('Authorization')); if (count($authHeader) > 1) { $key_secret_hash = $authHeader[1]; $key_secret = explode(':', base64_decode($key_secret_hash)); if (count($key_secret) > 1) { $apiKey = $key_secret[0]; $apiSecret = $key_secret[1]; $authFactory = new AuthenticationFactory(); $authenticator = $authFactory->get("Local API"); if ($authenticator->authenticate($apiKey, $apiSecret)) { $authResult = $authenticator->getLastAuthProperties(); if (array_key_exists('username', $authResult)) { // check ACL if user is returned by the Authenticator object $acl = new ACL(); if (!$acl->isPageAccessible($authResult['username'], $_SERVER['REQUEST_URI'])) { $this->getLogger()->error("uri " . $_SERVER['REQUEST_URI'] . " not accessible for user " . $authResult['username'] . " using api key " . $apiKey); } else { // authentication + authorization successful. // pre validate request and communicate back to the user on errors $callMethodName = $dispatcher->getActionName() . 'Action'; $dispatchError = null; // check number of parameters using reflection $object_info = new \ReflectionObject($this); $req_c = $object_info->getMethod($callMethodName)->getNumberOfRequiredParameters(); if ($req_c > count($dispatcher->getParams())) { $dispatchError = 'action ' . $dispatcher->getActionName() . ' expects at least ' . $req_c . ' parameter(s)'; } else { // if body is send as json data, parse to $_POST first $dispatchError = $this->parseJsonBodyData(); } if ($dispatchError != null) { // send error to client $this->response->setStatusCode(400, "Bad Request"); $this->response->setContentType('application/json', 'UTF-8'); $this->response->setJsonContent(array('message' => $dispatchError, 'status' => 400)); $this->response->send(); return false; } return true; } } } } } // not authenticated $this->response->setStatusCode(401, "Unauthorized"); $this->response->setContentType('application/json', 'UTF-8'); $this->response->setJsonContent(array('status' => 401, 'message' => 'Authentication Failed')); $this->response->send(); return false; } else { // handle UI ajax requests // use session data and ACL to validate request. if (!$this->doAuth()) { return false; } // check for valid csrf on post requests $csrf_tokenkey = $this->request->getHeader('X_CSRFTOKENKEY'); $csrf_token = $this->request->getHeader('X_CSRFTOKEN'); $csrf_valid = $this->security->checkToken($csrf_tokenkey, $csrf_token, false); if (($this->request->isPost() || $this->request->isPut() || $this->request->isDelete()) && !$csrf_valid) { // missing csrf, exit. $this->getLogger()->error("no matching csrf found for request"); return false; } } }
private static function _exec() { define('CURRENT_MODULE', Dispatcher::getModuleName()); define('CURRENT_CONTROLLER', Dispatcher::getControllerName()); define('CURRENT_ACTION', Dispatcher::getActionName()); $controllerName = CURRENT_CONTROLLER; $moduleName = CURRENT_MODULE; if ($moduleName) { $className = sprintf('controller\\%s\\%s', $moduleName, $controllerName); } else { $className = sprintf("controller\\%s", $controllerName); } //-----请求日志------// $params = array(); $log = array('request_id' => REQUEST_ID, 'uri' => $_SERVER['REQUEST_URI'], 'class' => array('module' => CURRENT_MODULE, 'controller' => CURRENT_CONTROLLER, 'action' => CURRENT_ACTION), 'method' => Request::method(), 'params' => array_merge($params, Request::gets(), Request::posts()), 'stream' => Request::stream(), 'cookie' => Request::cookies(), 'ip' => Request::ip()); C::log($log); if (!class_exists($className)) { throw new \RuntimeException('类不存在'); } try { $obj = new \ReflectionClass($className); if ($obj->isAbstract()) { throw new \RuntimeException('抽象类不可被实例化'); } $class = $obj->newInstance(); //前置操作 if ($obj->hasMethod(CURRENT_ACTION . 'Before')) { $beforeMethod = $obj->getMethod(CURRENT_ACTION . 'Before'); if ($beforeMethod->isPublic() && !$beforeMethod->isStatic()) { $beforeMethod->invoke($class); } } $method = $obj->getMethod(CURRENT_ACTION . 'Action'); if ($method->isPublic() && !$method->isStatic()) { $method->invoke($class); } //后置操作 if ($obj->hasMethod(CURRENT_ACTION . 'After')) { $afterMethod = $obj->getMethod(CURRENT_ACTION . 'After'); if ($afterMethod->isPublic() && !$afterMethod->isStatic()) { $afterMethod->invoke($class); } } } catch (\Exception $e) { self::_halt($e); } }
/** * Add new elements in breadcrumbs corresponding to request dispatcher : controllerName, actionName, parameters * @param Dispatcher $dispatcher the request dispatcher * @return \Ajax\bootstrap\html\HtmlBreadcrumbs */ public function fromDispatcher($dispatcher, $startIndex = 0) { $this->startIndex = $startIndex; $params = $dispatcher->getParams(); $action = $dispatcher->getActionName(); $items = array($dispatcher->getControllerName()); if (\sizeof($params) > 0 || \strtolower($action) != "index") { $items[] = $action; foreach ($params as $p) { if (\is_object($p) === false) { $items[] = $p; } } } return $this->addItems($items); }
/** * set the active page corresponding to request dispatcher : controllerName, actionName, parameters and $urlMask * @param Dispatcher $dispatcher the request dispatcher * @return \Ajax\bootstrap\html\HtmlPagination */ public function fromDispatcher($dispatcher) { $items = array($dispatcher->getControllerName(), $dispatcher->getActionName()); $items = array_merge($items, $dispatcher->getParams()); $url = implode("/", $items); if ($this->urlMask === "%page%") { $this->urlMask = preg_replace("/[0-9]/", "%page%", $url); } for ($index = $this->from; $index <= $this->to; $index++) { if ($this->getUrl($index) == $url) { $this->setActive($index); break; } } return $this; }