public function testMicroBeforeHandlers()
{
$trace = array();
$app = new Phalcon\Mvc\Micro();
$app->before(function () use(&$trace) {
$trace[] = 1;
return false;
});
$app->before(function () use(&$trace) {
$trace[] = 1;
return false;
});
$app->map('/blog', function () use(&$trace) {
$trace[] = 1;
});
$app->handle('/blog');
$this->assertEquals(count($trace), 1);
}
* Read the configuration
*/
$config = (include APP_PATH . "/app/config/config.php");
/**
* Read auto-loader
*/
include APP_PATH . "/app/config/loader.php";
/**
* Read services
*/
include APP_PATH . "/app/config/services.php";
/**
* Handle the request
*/
$app = new \Phalcon\Mvc\Micro($di);
$app->getRouter()->setUriSource(\Phalcon\Mvc\Router::URI_SOURCE_SERVER_REQUEST_URI);
$app->before(new App\Middleware\OAuthMiddleware());
/**
* Mount routes collections
*/
$collections = (include APP_PATH . '/app/collections/collections.php');
foreach ($collections as $collection) {
$app->mount($collection);
}
$app->handle();
} catch (\Exception $e) {
if ($app->config->debug) {
echo $e->getMessage() . '<br>';
echo '<pre>' . $e->getTraceAsString() . '</pre>';
}
}
$app->before(function () use($app, $di) {
// Browser requests, user was stored in session on login, replace into DI
if ($di->getShared('session')->get('user') != false) {
$di->setShared('user', function () use($di) {
return $di->getShared('session')->get('user');
});
return true;
}
// Basic auth, for programmatic responses
if ($app->request->getServer('PHP_AUTH_USER')) {
$user = new \PhalconRest\Controllers\UsersController();
$user->login($app->request->getServer('PHP_AUTH_USER'), $app->request->getServer('PHP_AUTH_PW'));
return true;
}
// All options requests get a 200, then die
if ($app->__get('request')->getMethod() == 'OPTIONS') {
$app->response->setStatusCode(200, 'OK')->sendHeaders();
exit;
}
// Exempted routes, such as login, or public info. Let the route handler
// pick it up.
switch ($app->getRouter()->getRewriteUri()) {
case '/v1/user/login':
return true;
break;
case '/example/route':
return true;
break;
}
// If we made it this far, we have no valid auth method, throw a 401.
throw new \PhalconRest\Exceptions\HTTPException('Must login or provide credentials.', 401, array('dev' => 'Please provide credentials by either passing in a session token via cookie, or providing password and username via BASIC authentication.', 'internalCode' => 'Unauth:1'));
return false;
});
$app->before(function () use($app, $di) {
$config = $app->config;
// getting access token is permitted ;)
if (strpos($app->request->getURI(), '/access_token') !== FALSE || strpos($app->request->getURI(), '/authorize') !== FALSE || $app->request->isOptions()) {
return $di->getShared('rateLimits', ['access_token', $app->request->getClientAddress(), $app]);
}
$accessTokenRepository = new \Phalcon2Rest\Components\Oauth2\Repositories\AccessTokenRepository();
// instance of AccessTokenRepositoryInterface
$publicKeyPath = 'file://' . __DIR__ . '/../' . $config->oauth['public'];
try {
$server = new \League\OAuth2\Server\ResourceServer($accessTokenRepository, $publicKeyPath);
$auth = new \League\OAuth2\Server\Middleware\ResourceServerMiddleware($server);
$auth(new \Phalcon2Rest\Components\Oauth2\Request($app->request), new \Phalcon2Rest\Components\Oauth2\Response($app->response), function () {
});
if (isset($_SERVER['oauth_access_token_id']) && isset($_SERVER['oauth_client_id']) && isset($_SERVER['oauth_user_id']) && isset($_SERVER['oauth_scopes'])) {
// TODO: save somewhere the user_id and scopes for future validations, e.g. /users/1/edit
// TODO: should be accessible only if the user_id is 1 or the scope is giving permissions, e.g. admin
if (strlen($_SERVER['oauth_client_id']) > 0) {
return $di->getShared('rateLimits', ['api_common', 'client' . $_SERVER['oauth_client_id'], $app]);
} else {
return $di->getShared('rateLimits', ['api_common', 'user' . $_SERVER['oauth_user_id'], $app]);
}
}
} catch (\League\OAuth2\Server\Exception\OAuthServerException $e) {
}
$rateLimit = $di->getShared('rateLimits', ['api_unauthorized', $app->request->getClientAddress(), $app]);
if ($rateLimit === false) {
return false;
}
throw new \Phalcon2Rest\Exceptions\HttpException('Unauthorized', 401, false, ['dev' => 'The bearer token is missing or is invalid', 'internalCode' => 'P1008', 'more' => '']);
});
/**
* Our application is a Micro application, so we mush explicitly define all the routes.
* For APIs, this is ideal. This is as opposed to the more robust MVC Application
*
* @var $app
*/
$app = new Phalcon\Mvc\Micro();
$app->setDI($di);
/**
* Before every request:
* Returning true in this function resumes normal routing.
* Returning false stops any route from executing.
*/
$app->before(function () use($app, $di) {
// set standard CORS headers before routing just incase no valid route is found
$config = $di->get('config');
$app->response->setHeader('Access-Control-Allow-Origin', $config['application']['corsOrigin']);
return true;
});
/**
* Mount all of the collections, which makes the routes active.
*/
foreach ($di->get('collections') as $collection) {
$app->mount($collection);
}
/**
* The base route return the list of defined routes for the application.
* This is not strictly REST compliant, but it helps to base API documentation off of.
* By calling this, you can quickly see a list of all routes and their methods.
*/
$app->get('/', function () use($app) {
$routes = $app->getRouter()->getRoutes();
<?php
$app = new Phalcon\Mvc\Micro();
//Executed before every route executed
//Return false cancels the route execution
$app->before(function () use($app) {
if ($app['session']->get('auth') == false) {
return false;
}
return true;
});
$app->map('/api/robots', function () {
return array('status' => 'OK');
});
$app->after(function () use($app) {
//This is executed after the route is executed
echo json_encode($app->getReturnedValue());
});
$app->finish(function () use($app) {
//This is executed when the request has been served
});
$app->before(function () use($app, $di) {
if ($app->request->getMethod() == 'OPTIONS') {
return true;
}
switch ($app->getRouter()->getRewriteUri()) {
case '/v1/users/login/':
case '/v1/users/login_jwt/':
case '/v1/users/register/':
case '/v1/reports/summary':
case '/v1/reports/staff':
case '/v1/reports/details':
case '/example/route':
return true;
break;
}
// Basic auth, for programmatic responses
$headers = apache_request_headers();
if (isset($headers['X_API_KEY'])) {
$user = new \PhalconRest\Controllers\UserController();
if (!$user->loginWithPrivateKey($headers['X_API_KEY'])) {
throw new \PhalconRest\Exceptions\HTTPException("Invalid/Expired API Key", 403);
} else {
return true;
}
}
if (isset($headers['Authorization']) && !empty($headers['Authorization'])) {
$arr = explode(" ", $headers['Authorization']);
if (count($arr) > 1) {
$value = $arr[1];
$jws = SimpleJWS::load($value, true);
return true;
// if (!$jws->isExpired()) {
// return true;
// } else
// throw new \PhalconRest\Exceptions\HTTPException("Invalid/Expired Token Key", 403);
} else {
throw new \PhalconRest\Exceptions\HTTPException("No Key Set", 403);
}
}
// If we made it this far, we have no valid auth method, throw a 401.
throw new \PhalconRest\Exceptions\HTTPException('Must login or provide credentials.', 401, array('dev' => 'Please provide credentials by either passing in a session token via cookie, or providing password and username via BASIC authentication.', 'internalCode' => 'Unauth:1'));
});
* Returning false stops any route from executing.
*/
$app->before(function () use($app, $di) {
$matchedRoute = $app->getRouter()->getMatchedRoute()->getName();
// All options requests get a 200, then die
if ($app->__get('request')->getMethod() == 'OPTIONS') {
$app->response->setStatusCode(200, 'OK')->sendHeaders();
exit;
}
if (preg_match("/-allow/", $matchedRoute)) {
return true;
}
// @todo adicionar uma tabela com chaves de acesso basico
if ($app->request->getHeader('BasicAuthorization') === 'uHealth1235486tcc') {
//validar acesso a recursos basicos
if (preg_match("/-authbasic/", $matchedRoute)) {
return true;
}
if (strlen($app->request->getHeader('Token'))) {
if ($app->getDi()->get('entityManager')->getRepository('Domain\\User\\Entity\\Login')->findOneBy(['token' => $app->request->getHeader('Token'), 'status' => 'active'])) {
return true;
}
}
}
$app->response->setStatusCode(401, 'OK')->sendHeaders();
$app->response = new \Api\Responses\JSONResponse();
$app->response->useEnvelope(true)->convertSnakeCase(false)->send(['messages' => ['Você não tem permissão para acessar esse recurso']]);
return false;
});
/**
* Mount all of the collections, which makes the routes active.
});
/**
* Default routes
*/
$app->get("/", function () use($app, $mongo) {
$mdb = $mongo->selectDB(MDB_DB_NAME);
$books = $mdb->selectCollection(MDB_COLLECTION);
$json = array("version" => VERSION, "mongodb" => 'ok', "collection" => $books->getName(), "db" => "ok", "routes" => array());
foreach ($app->router->getRoutes() as $route) {
$json["routes"][] = $route->getPattern();
}
echo "<pre>";
echo json_encode($json, JSON_PRETTY_PRINT + JSON_UNESCAPED_SLASHES);
echo "</pre>";
});
$app->notFound(function () use($app) {
$app->response->setStatusCode(404, "Not Found")->sendHeaders();
echo 'La url solicitada no existe!';
});
//Before middleware
$app->before(function () use($app, $logger) {
$logger->log("{$app->request->getScheme()} {$app->request->getHttpHost()} {$app->request->getMethod()} {$app->request->get("_url")}");
});
/**
* Route handlers
*/
require "handlers/import.php";
require "handlers/books.php";
include "handlers/library_service.php";
//Handle request
$app->handle();
public function testMicroStopMiddlewareClasses()
{
Phalcon\DI::reset();
$app = new Phalcon\Mvc\Micro();
$app->map('/api/site', function () {
return true;
});
$middleware = new MyMiddlewareStop();
$app->before($middleware);
$app->before($middleware);
$app->after($middleware);
$app->after($middleware);
$app->finish($middleware);
$app->finish($middleware);
$app->handle('/api/site');
$this->assertEquals($middleware->getNumber(), 3);
}
<?php
ini_set('display_errors', 1);
require __DIR__ . '/../vendor/autoload.php';
require __DIR__ . '/../config/services.php';
$app = new \Phalcon\Mvc\Micro($di);
require __DIR__ . '/../config/routes.php';
$app->before(new \CaioFRAlmeida\SoccerCompanyEvent\Middleware\IsAutenticado());
$app->handle();
*
* @var $app
*/
$app = new Phalcon\Mvc\Micro();
$app->setDI($di);
/**
* Before every request:
* Returning true in this function resumes normal routing.
* Returning false stops any route from executing.
*/
/**
* set standard CORS headers before routing just incase no valid route is found
*/
$app->before(function () use($app, $di) {
$config = $di->get('config');
$app->response->setHeader('Access-Control-Allow-Origin', $config['application']['corsOrigin']);
return true;
});
/**
* Mount all of the collections, which makes the routes active.
*/
foreach ($di->get('collections') as $collection) {
$app->mount($collection);
}
/**
* The base route return the list of defined routes for the application.
* This is not strictly REST compliant, but it helps to base API documentation off of.
* By calling this, you can quickly see a list of all routes and their methods.
*/
$app->get('/', function () use($app) {
$routes = $app->getRouter()->getRoutes();
/**
* Handles the request.
*/
public function main()
{
/**
* Our application is a Micro application, so we must explicitly define all the routes.
* For APIs, this is ideal. This is as opposed to the more robust MVC Application
* @var $app
*/
$app = new \Phalcon\Mvc\Micro();
$app->setDI($this->di);
/**
* This will require changes to fit your application structure.
* It supports Auth, Session auth, and Exempted routes.
* It also allows all Options requests, as those tend to not come with
* cookies or basic auth credentials and Preflight is not implemented the
* same in every browser.
*/
$app->before(function () use($app) {
// Oauth, for programmatic responses
if ($app->request->getHeader('X_COMPARE_REST_API_KEY') && $app->request->get('language') && $app->request->get('countryCode')) {
$session = new SessionsController();
$result = $session->resource($app->request->getHeader('X_COMPARE_REST_API_KEY'));
if ($result) {
return true;
} else {
throw new HTTPException('Invalid access token.', 401, ['dev' => 'Please provide credentials by passing your access token.', 'internalCode' => 'Unauth:1']);
}
}
// If we made it this far, we have no valid auth method, throw a 401.
throw new HTTPException('Must provide credentials.', 401, ['dev' => 'Please provide credentials by passing your access token, language and country code.', 'internalCode' => 'Unauth:1']);
return false;
});
/**
* Mount all of the collections, which makes the routes active.
*/
foreach ($this->di->getShared('collections') as $collection) {
$app->mount($collection);
}
/**
* The base route return the list of defined routes for the application.
* This is not strictly REST compliant, but it helps to base API documentation off of.
* By calling this, you can quickly see a list of all routes and their methods.
*/
$app->get('/', function () use($app) {
$routes = $app->getRouter()->getRoutes();
$routeDefinitions = array('GET' => array(), 'POST' => array(), 'PUT' => array(), 'PATCH' => array(), 'DELETE' => array(), 'HEAD' => array(), 'OPTIONS' => array());
foreach ($routes as $route) {
$method = $route->getHttpMethods();
$routeDefinitions[$method][] = $route->getPattern();
}
return $routeDefinitions;
});
/**
* After a route is run, usually when its Controller returns a final value,
* the application runs the following function which actually sends the response to the client.
*
* The default behavior is to send the Controller's returned value to the client as JSON.
* However, by parsing the request querystring's 'type' paramter, it is easy to install
* different response type handlers. Below is an alternate csv handler.
*/
$app->after(function () use($app) {
// OPTIONS have no body, send the headers, exit
if ($app->request->getMethod() == 'OPTIONS') {
$app->response->setStatusCode('200', 'OK');
$app->response->send();
return;
}
// Respond by default as JSON
if (!$app->request->get('type') || 'json' == $app->request->get('type') || 'option' == $app->request->get('type')) {
// Results returned from the route's controller. All Controllers should return an array
$records = $app->getReturnedValue();
$response = new JSONResponse();
$response->useEnvelope(true)->convertSnakeCase(true)->send($records);
return;
} else {
if ('xml' == $app->request->get('type')) {
$records = $app->getReturnedValue();
$response = new XMLResponse();
$response->send($records);
return;
} else {
if ('csv' == $app->request->get('type')) {
$records = $app->getReturnedValue();
$response = new CSVResponse();
$response->useHeaderRow(true)->send($records);
return;
} else {
throw new HTTPException('Could not return results in specified format', 403, array('dev' => 'Could not understand type specified by type paramter in query string.', 'internalCode' => 'NF1000', 'more' => 'Type may not be implemented. Choose either "json", "xml" or "csv"'));
}
}
}
});
/**
* The notFound service is the default handler function that runs when no route was matched.
* We set a 404 here unless there's a suppress error codes.
*/
$app->notFound(function () use($app) {
throw new HTTPException('Not Found.', 404, array('dev' => 'That route was not found on the server.', 'internalCode' => 'NF1000', 'more' => 'Check route for mispellings.'));
});
/**
* If the application throws an HTTPException, send it on to the client as json.
* Elsewise, just log it.
*/
set_exception_handler(function ($exception) use($app) {
//HTTPException's send method provides the correct response headers and body
if (is_a($exception, 'App\\Common\\Lib\\Application\\Exceptions\\HTTPException')) {
$exception->send();
}
error_log($exception);
error_log($exception->getTraceAsString());
});
$app->handle();
}
define('RECAPTCHA_PUBLIC', $config->captcha->pub);
define('RECAPTCHA_PRIVATE', $config->captcha->priv);
$loader = new \Phalcon\Loader();
$loader->registerDirs(array(ROOTDIR . '/app/models/', ROOTDIR . '/app/vendor/'))->register();
require_once ROOTDIR . '/app/vendor/recaptcha-php/recaptchalib.php';
require_once ROOTDIR . '/app/config/di.php';
$app = new Phalcon\Mvc\Micro($di);
$app->url->setBaseUri($app->config->app->base_uri);
$app->before(function () use($app) {
$route = $app->router->getMatchedRoute()->getName();
$not_restricted = array('login', 'error');
if ($app->session->has("logged_in") !== true && !in_array($route, $not_restricted)) {
$app->response->redirect("login")->sendHeaders();
return false;
} elseif ($route == 'login' && $app->session->has("logged_in")) {
$app->response->redirect()->sendHeaders();
return false;
}
if ($app->request->isSecureRequest() !== true) {
$app->response->redirect('https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'], true)->sendHeaders();
return false;
}
});
require_once ROOTDIR . '/app/config/routes.php';
try {
$app->handle();
} catch (Exception $e) {
if ($app->config->app->debug == 0) {
$app->response->redirect("error")->sendHeaders();
} else {
$s = get_class($e) . ": " . $e->getMessage() . "<br>" . " File=" . $e->getFile() . "<br>" . " Line=" . $e->getLine() . "<br>" . $e->getTraceAsString();
