public function call() { $app = \Slim\Slim::getInstance(); $request = $app->request(); $response = $app->response(); $route = $request->getResourceUri(); //echo "\r\ncurrent route: " . $route; if ($this->whitelisted($route) || $request->isOptions()) { //Current route is an exception to this Middleware //echo "skipping auth"; $this->next->call(); } else { //echo "processing auth"; //Handle the middleware layer //Verify that the Authorization header was used $authorization_header = $request->headers->get('AUTHORIZATION'); if ($authorization_header) { $authArray = explode(' ', $authorization_header); //Verify that the Authorization header specifies 'Bearer' if ($authArray[0] == 'Bearer') { $jwt = $authArray[1]; //Validate the JWT if ($this->validate($jwt)) { if (AuthService::authenticate($jwt)) { $this->next->call(); } else { $result['success'] = false; $result['message'] = "Error with your token: " . "Token is not registered on the server"; $this->app->response->setStatus(400); //send 400 instead of 401 because GoDaddy will send back a WWW-Authenticate: Basic header otherwise $this->app->response->setBody(json_encode($result)); } } } else { $result['success'] = false; $result['message'] = "No token provided"; $this->app->response->setStatus(400); //send 400 instead of 401 because GoDaddy will send back a WWW-Authenticate: Basic header otherwise $this->app->response->setBody(json_encode($result)); } } else { //echo 'No json provided'; $result['success'] = false; $result['message'] = "Authorization header is required for this route: " . $route; $response->setStatus(400); //send 400 instead of 401 because GoDaddy will send back a WWW-Authenticate: Basic header otherwise $this->app->response->setBody(json_encode($result)); } } }
echo "successfully authenticated."; }); $app->options('/register', function () use($app) { echo "{ 'success': 'true' }"; $app->response->headers->set("Allow", "GET,HEAD,POST,OPTIONS,TRACE"); $app->response->headers->set("Content-type", "application/json"); }); $app->post('/register', function () { $request = \Slim\Slim::getInstance()->request(); $response = \Slim\Slim::getInstance()->response(); if ($payload = json_decode($request->getBody())) { //Successfully decoded JSON object. if ($payload->email && $payload->name) { $row = \FormAPI\AuthService::fetchRequester($payload->email, $payload->name); $jwt = \FormAPI\AuthService::generate($row['requester_id'], $row['email_address']); if (\FormAPI\AuthService::save($row['requester_id'], $jwt)) { $result['success'] = true; $result['jwt'] = $jwt; echo json_encode($result); } else { $result['success'] = false; $result['message'] = "Unable to save token to server cache"; $response->setStatus(500); $response->setBody(json_encode($result)); } } else { $result['success'] = false; $result['message'] = "Invalid Data, no email or name provided"; $response->setStatus(400); $response->setbody(json_encode($result)); }