public function Render(Response $response, array $data)
{
$jsonString = $this->jsonEncode($data);
if ($this->callback) {
$response->AddHeader('Content-type', 'text/javascript;charset=utf-8');
$response->Body = $this->callback . '(' . $jsonString . ');';
} else {
$response->AddHeader('Content-type', 'application/json;charset=utf-8');
$response->Body = $jsonString;
}
$response->Send();
}
public function Render(Response $response, array $data)
{
$response->AddHeader('Content-type', 'text/plain');
$response->Body .= "*** The page's data set: ***\n\n";
$response->Body .= $this->renderData($data);
$response->Body .= "\n****************************\n";
$response->Send();
}
public function Authorize($method)
{
$allowedMethods = array_map('strtoupper', $this->allowedMethods);
// always allow OPTIONS requests
if (!in_array('OPTIONS', $allowedMethods)) {
array_push($allowedMethods, 'OPTIONS');
}
// set CORS headers if configured
if ($this->crossOriginEnabled) {
$headers = $this->request->Headers;
if (isset($headers['Origin'])) {
$allowedHeaders = isset($headers['Access-Control-Request-Headers']) ? $headers['Access-Control-Request-Headers'] : '';
$origin = $headers['Origin'];
if (in_array($origin, $this->crossOriginDomainsAllowed)) {
$this->response->AddHeader('Access-Control-Allow-Origin', $origin);
$this->response->AddHeader('Access-Control-Allow-Credentials', 'true');
$this->response->AddHeader('Access-Control-Allow-Methods', implode(',', $allowedMethods));
$this->response->AddHeader('Access-Control-Allow-Headers', $allowedHeaders);
} else {
throw new CrossOriginException(sprintf('The origin "%s" is not permitted.', $origin));
}
}
}
if (!in_array($this->request->Method, $allowedMethods)) {
throw new MethodNotAllowedException(sprintf('The %s method is not permitted here (118).', $this->request->Method));
}
/*
* Issue #30: Authorize any OPTIONS request.
*/
if (strtoupper($this->request->Method) === 'OPTIONS') {
return true;
}
$authorized = true;
if (isset($this->auth)) {
if (!(in_array($method, $this->skipAuthentication) || in_array('*', $this->skipAuthentication))) {
$requireAuth = false;
// If requireAuthentication is empty, prevent access by default.
if (empty($this->requireAuthentication)) {
$requireAuth = true;
} else {
if (in_array($method, $this->requireAuthentication) || in_array('*', $this->requireAuthentication)) {
$requireAuth = true;
}
}
if ($requireAuth) {
/** @var \Fluxoft\Rebar\Auth\Reply $authReply */
$authReply = $this->auth->GetAuthenticatedUser($this->request);
if (!$authReply->Auth) {
// method is limited and user is not authenticated
throw new AccessDeniedException(sprintf('Access denied for %s', $method));
}
}
}
}
return $authorized;
}