/** * Setup Middleware ApiKey * request is available if api-key exists * header must be contains * WWW-Authorization : base64(username/password) * API-Token : Token */ public function call() { $unprotectedURIs = ['login', 'create-api-token', 'register']; $request = $this->app->request(); $headers = $request->headers; $response = $this->app->response(); $apiKey = $headers->get('API-Token'); $authorization = $headers->get('WWW-Authorization'); $currentRoute = $this->app->request()->getPathInfo(); foreach ($unprotectedURIs as $value) { if (strpos($currentRoute, $value) !== false) { $this->next->call(); return; } } $session = new APITokenAuth($this->app); // go ahead if the sessionid is valid if ($session->isApiKeyUserPassValid($apiKey, $authorization)) { $this->next->call(); return; } $response['Content-type'] = 'application/json'; $response->setBody(json_encode(['errmsg' => 'Authentication invalid'])); $response->status(401); return; }
/** * Setup Middleware ApiKey * request is available if api-key exists * header must be contains * WWW-Authorization : base64(username/password) * API-Token : Token */ public function call() { $request = $this->app->request(); $headers = $request->headers; $response = $this->app->response(); $apiKey = $headers->get('API-Token'); $authorization = $headers->get('WWW-Authorization'); $session = new APITokenAuth($this->app); if ($this->unprotectedURIs) { $this->next->call(); return; } // go ahead if the sessionid is valid if ($session->isApiKeyUserPassValid($apiKey, $authorization)) { $this->next->call(); return; } $response['Content-type'] = 'application/json'; $response->setBody(json_encode(['errmsg' => 'Authentication invalid'])); $response->status(401); return; }