$app->before(function () use($app, $di) { // Browser requests, user was stored in session on login, replace into DI if ($di->getShared('session')->get('user') != false) { $di->setShared('user', function () use($di) { return $di->getShared('session')->get('user'); }); return true; } // Basic auth, for programmatic responses if ($app->request->getServer('PHP_AUTH_USER')) { $user = new \PhalconRest\Controllers\UsersController(); $user->login($app->request->getServer('PHP_AUTH_USER'), $app->request->getServer('PHP_AUTH_PW')); return true; } // All options requests get a 200, then die if ($app->__get('request')->getMethod() == 'OPTIONS') { $app->response->setStatusCode(200, 'OK')->sendHeaders(); exit; } // Exempted routes, such as login, or public info. Let the route handler // pick it up. switch ($app->getRouter()->getRewriteUri()) { case '/v1/user/login': return true; break; case '/example/route': return true; break; } // If we made it this far, we have no valid auth method, throw a 401. throw new \PhalconRest\Exceptions\HTTPException('Must login or provide credentials.', 401, array('dev' => 'Please provide credentials by either passing in a session token via cookie, or providing password and username via BASIC authentication.', 'internalCode' => 'Unauth:1'));