/**
* Setup Middleware ApiKey
* request is available if api-key exists
* header must be contains
* WWW-Authorization : base64(username/password)
* API-Token : Token
*/
public function call()
{
$unprotectedURIs = ['login', 'create-api-token', 'register'];
$request = $this->app->request();
$headers = $request->headers;
$response = $this->app->response();
$apiKey = $headers->get('API-Token');
$authorization = $headers->get('WWW-Authorization');
$currentRoute = $this->app->request()->getPathInfo();
foreach ($unprotectedURIs as $value) {
if (strpos($currentRoute, $value) !== false) {
$this->next->call();
return;
}
}
$session = new APITokenAuth($this->app);
// go ahead if the sessionid is valid
if ($session->isApiKeyUserPassValid($apiKey, $authorization)) {
$this->next->call();
return;
}
$response['Content-type'] = 'application/json';
$response->setBody(json_encode(['errmsg' => 'Authentication invalid']));
$response->status(401);
return;
}
/**
* Setup Middleware ApiKey
* request is available if api-key exists
* header must be contains
* WWW-Authorization : base64(username/password)
* API-Token : Token
*/
public function call()
{
$request = $this->app->request();
$headers = $request->headers;
$response = $this->app->response();
$apiKey = $headers->get('API-Token');
$authorization = $headers->get('WWW-Authorization');
$session = new APITokenAuth($this->app);
if ($this->unprotectedURIs) {
$this->next->call();
return;
}
// go ahead if the sessionid is valid
if ($session->isApiKeyUserPassValid($apiKey, $authorization)) {
$this->next->call();
return;
}
$response['Content-type'] = 'application/json';
$response->setBody(json_encode(['errmsg' => 'Authentication invalid']));
$response->status(401);
return;
}
