<?php # middleware $app->add(new \api\Middleware\CsrfGuard()); $app->group('/api/v1/auth', function () use($app) { $app->get('/', function () use($app) { $auth = new \services\Authentication(); if ($user = $auth->authenticate()) { $app->render(200, array('user' => $user)); } else { $app->render(401, array('error' => 'no valid login')); } }); $app->post('/login', function () use($app) { $param = (array) json_decode($app->request()->getBody()); $auth = new \services\Authentication($param['email'], $param['password'], (bool) $param['remember']); try { $user = $auth->login(); $app->render(200, array('user' => $user)); } catch (\services\AuthenticationException $e) { $app->render(401, array('error' => $e->getMessage())); } }); $app->post('/logout', function () use($app) { $auth = new \services\Authentication(); $auth->logout(); $app->redirect($app->request->getRootUri()); }); $app->post('/recover', function () use($app) { $param = (array) json_decode($app->request()->getBody()); $auth = new \services\Authentication($param['email']);
$controllerFactory = function (\Slim\Route $route) use($app) { $type = $route->getParams(); $type = array_shift($type); $controller = 'api\\Controller\\' . ucfirst($type) . 'Controller'; if (class_exists($controller)) { $app->controller = new $controller(); } else { throw new Exception("Invalid data type given, " . $controller); } }; $authenticateForRole = function ($role = 'editor') use($app) { return function () use($role, $app) { $iscms = (bool) preg_match('|/cms/.*$|', $_SERVER['REQUEST_URI']); $isapi = (bool) preg_match('|/api/v.*$|', $_SERVER['REQUEST_URI']); $auth = new \services\Authentication(); if (!$auth->authenticate() || !$app->controller->allowed($auth->user, $role)) { throw new Exception("user is not allowed"); } }; }; // GET page/1/meta/8 $app->get('/:model(/:id(/:function(/:fid)?)?)?', $controllerFactory, function ($model, $id = false, $function = false, $fid = false) use($app) { $param = $app->request()->get(); if (!$function) { $app->controller->get($id, $model, $param); } else { if (is_callable(array($app->controller, $function))) { call_user_func_array(array($app->controller, $function), array($id, $fid, $param)); } else { throw new Exception("Method does not exist, " . $app->controller); }