/** * Authenticates that the user is allowed to make call to the route. * * @param ServerRequestInterface ServerRequestInterface $request PSR-7 standard for receiving client request * @param ResponseInterface ResponseInterface $response PSR-& standard for sending server response * @param function $next callback function for calling next method * * @return ResponseInterface HTTP response of client request */ public function authorize(ServerRequestInterface $request, $response, $next) { if (empty($request->getHeader('Authorization'))) { $response = $response->withStatus(400); $response->getBody()->write(json_encode(['message' => 'Token not found'])); return $response; } //Get token for accessing this route $token = $request->getHeader('Authorization')[0]; try { //Decode token to get object of data $decodedToken = Auth::decodeToken($token); //Extract the user id from decoded token $uid = $decodedToken->data->uid; $user = User::find($uid); //Check if user exist with the user id if ($user != null) { if ($user->isTokenValid($decodedToken)) { $response = $next($request, $response); } } else { $response = $response->withStatus(401); $response->getBody()->write(json_encode(['message' => 'User does not exist'])); } } catch (TokenExpirationException $ex) { $response = $response->withStatus(401); $response->getBody()->write(json_encode(['message' => $ex->getMessage()])); } catch (\Exception $ex) { $response = $response->withStatus(400); $response->getBody()->write(json_encode(['message' => $ex->getMessage()])); } return $response; }
public static function getRealUri(ServerRequestInterface $request) { $uri = $request->getUri(); if ($request->hasHeader(self::PROTO_HEADER_HEROKU)) { $uri = $uri->withScheme($request->getHeader(self::PROTO_HEADER_HEROKU)[0]); } if ($request->hasHeader(self::PORT_HEADER_HEROKU)) { $uri = $uri->withPort(intval($request->getHeader(self::PORT_HEADER_HEROKU)[0])); } return $uri; }
/** * @inheritDoc */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { $userId = $request->getHeader('id')[0]; $resource = $this->getDomainByRoute($request); $this->checkAcl($userId, $resource); return $next($request, $response); }
/** * {@inheritdoc} */ public function findClient(ServerRequestInterface $request, &$client_credentials = null) { $header = $request->getHeader($this->header_name); if (is_array($header) && 1 === count($header)) { return $header[0]; } }
public function __invoke(Request $request) { /** Check for token on header */ if (isset($this->options['header'])) { if ($request->hasHeader($this->options['header'])) { $header = $request->getHeader($this->options['header'])[0]; if (preg_match($this->options['regex'], $header, $matches)) { return $matches[1]; } } } /** If nothing on header, try query parameters */ if (isset($this->options['parameter'])) { if (!empty($request->getQueryParams()[$this->options['parameter']])) { return $request->getQueryParams()[$this->options['parameter']]; } } /** If nothing on parameters, try cookies */ if (isset($this->options['cookie'])) { $cookie_params = $request->getCookieParams(); if (!empty($cookie_params[$this->options["cookie"]])) { return $cookie_params[$this->options["cookie"]]; } } /** If nothing until now, check argument as last try */ if (isset($this->options['argument'])) { if ($route = $request->getAttribute('route')) { $argument = $route->getArgument($this->options['argument']); if (!empty($argument)) { return $argument; } } } throw new TokenNotFoundException('Token not found'); }
/** * Example middleware invokable class * * @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request * @param \Psr\Http\Message\ResponseInterface $response PSR7 response * @param callable $next Next middleware * * @return \Psr\Http\Message\ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { $auth = $request->getHeader('Authenticate'); if ($request->getMethod() === 'GET') { // Get is allowed without authentication // Rate-Limit is handlede by another Middleware return $next($request, $response); } if (!$auth) { $response = $response->withHeader('WWW-Authenticate', 'Bearer realm="callingallpapers", error="no token", error_desciption="No Access-Token provided"'); $response = $response->withStatus(401); return $response; } $bearer = explode(' ', $auth[0]); if (!isset($bearer[1])) { $response = $response->withHeader('WWW-Authenticate', 'Bearer realm="callingallpapers", error="no token", error_desciption="No Access-Token provided"'); $response = $response->withStatus(401); return $response; } $bearer = $bearer[1]; $upl = new UserPersistenceLayer($this->app->getContainer()['pdo']); try { $user = $upl->getUserForToken($bearer); } catch (\Exception $e) { $response = $response->withHeader('WWW-Authenticate', 'Bearer realm="callingallpapers", error="invalid token", error_desciption="Invalid Access-Token provided"'); $response = $response->withStatus(401); return $response; } $request = $request->withAttribute('user', $user['user']); return $next($request, $response); }
/** * @param \Psr\Http\Message\ServerRequestInterface $request * @return \Psr\Http\Message\ResponseInterface * @throws \Wandu\Http\Exception\BadRequestException */ function back(ServerRequestInterface $request) { if ($request->hasHeader('referer')) { return redirect($request->getHeader('referer')); } throw new BadRequestException(); }
/** * @param PayloadInterface $payload */ public function __construct(PayloadInterface $payload, ServerRequestInterface $request, ShiftMapper $shiftMapper) { $this->payload = $payload; $this->shiftMapper = $shiftMapper; //userId has already been verified by the AuthAdapter by this point $this->userId = (int) $request->getHeader('id')[0]; }
/** * @param Request $request * @return JsonResponse|EmptyResponse */ public function handle(Request $request) { $actor = $request->getAttribute('actor'); $Referer = $request->getHeader('Referer'); $params = array_only($request->getParsedBody(), ['identification', 'password']); $response = $this->apiClient->send(TokenController::class, $actor, [], $params); if ($response->getStatusCode() === 200) { $data = json_decode($response->getBody()); $session = $request->getAttribute('session'); $this->authenticator->logIn($session, $data->userId); $token = AccessToken::find($data->token); event(new UserLoggedIn($this->users->findOrFail($data->userId), $token)); $response = FigResponseCookies::set($response, SetCookie::create("lastLoginName")->withValue($request->getParsedBody()['identification'])->withPath('/')); $response = $this->rememberer->remember($response, $token); } elseif ($response->getStatusCode() === 401) { $responseNew = $this->apiClient->send(PingxxTokenController::class, $actor, [], $params); if ($responseNew->getStatusCode() === 200) { $data = json_decode($responseNew->getBody()); $session = $request->getAttribute('session'); $this->authenticator->logIn($session, $data->userId); $token = AccessToken::find($data->token); event(new UserLoggedIn($this->users->findOrFail($data->userId), $token)); $responseNew = FigResponseCookies::set($responseNew, SetCookie::create("lastLoginName")->withValue($request->getParsedBody()['identification'])->withPath('/')->withDomain('dashboard.pingxx.com')); $responseNew = $this->rememberer->remember($responseNew, $token); return $responseNew; } else { return $response; } } return $response; }
/** * {@inheritdoc} */ public function validateAuthorization(ServerRequestInterface $request) { if ($request->hasHeader('authorization') === false) { throw OAuthServerException::accessDenied('Missing "Authorization" header'); } $header = $request->getHeader('authorization'); $jwt = trim(preg_replace('/^(?:\\s+)?Bearer\\s/', '', $header[0])); try { // Attempt to parse and validate the JWT $token = (new Parser())->parse($jwt); if ($token->verify(new Sha256(), $this->publicKey->getKeyPath()) === false) { throw OAuthServerException::accessDenied('Access token could not be verified'); } // Ensure access token hasn't expired $data = new ValidationData(); $data->setCurrentTime(time()); if ($token->validate($data) === false) { throw OAuthServerException::accessDenied('Access token is invalid'); } // Check if token has been revoked if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) { throw OAuthServerException::accessDenied('Access token has been revoked'); } // Return the request with additional attributes return $request->withAttribute('oauth_access_token_id', $token->getClaim('jti'))->withAttribute('oauth_client_id', $token->getClaim('aud'))->withAttribute('oauth_user_id', $token->getClaim('sub'))->withAttribute('oauth_scopes', $token->getClaim('scopes')); } catch (\InvalidArgumentException $exception) { // JWT couldn't be parsed so return the request as is throw OAuthServerException::accessDenied($exception->getMessage()); } catch (\RuntimeException $exception) { //JWR couldn't be parsed so return the request as is throw OAuthServerException::accessDenied('Error while decoding to JSON'); } }
public function validateToken(ServerRequestInterface $request, ResponseInterface $response) { $authHeader = $request->getHeader('HTTP_AUTHORIZATION'); if (empty($authHeader)) { $authHeader = apache_request_headers(); if (empty($authHeader['Authorization'])) { throw (new OAuth2Exception('Authorization header is missing'))->displayMessage(OAuth2Exception::FORBIDDEN)->response($response->withStatus(403)); } $authHeader = $authHeader['Authorization']; } else { $authHeader = $authHeader[0]; } list($token) = sscanf($authHeader, 'Bearer %s'); if (!$token) { throw (new OAuth2Exception('Token is missing in the request'))->displayMessage(OAuth2Exception::FORBIDDEN)->response($response->withStatus(403)); } try { $token = (new Parser())->parse($token); } catch (\Exception $e) { throw (new OAuth2Exception('Token was tampered'))->displayMessage(OAuth2Exception::FORBIDDEN)->response($response->withStatus(403)); } if ($token->getClaim('exp') <= time()) { throw (new OAuth2Exception('Token expired'))->displayMessage(OAuth2Exception::FORBIDDEN)->response($response->withStatus(403)); } $this->info['id'] = $token->getClaim('sub'); foreach (explode(',', $token->getClaim('cc')) as $customClaim) { $this->info[$customClaim] = $token->getClaim($customClaim); } if (!$token->verify(new Sha256(), $this->config['public-key'])) { throw (new OAuth2Exception('Token was tampered'))->displayMessage(OAuth2Exception::FORBIDDEN)->response($response->withStatus(403)); } return $response; }
/** * Returns true if a JSON-RCP request has been received * @return boolean */ public function isJsonRpc() { // https://github.com/oscarotero/psr7-middlewares/blob/c16c64fe5ddbfa2a62fb1169847a526c0e7a5401/src/Utils/Helpers.php $method = $this->request->getMethod(); $type = $this->request->getHeader('content-type'); //$type = strtolower($request->getHeaderLine('X-Requested-With')) === 'xmlhttprequest'; $result = $method == 'POST' && !empty($type[0]) && strpos($type[0], 'application/json') !== false; return $result; }
/** * @return bool */ private function isValidHubSignature() { $headers = $this->request->getHeader('X-Hub-Signature'); if (empty($headers)) { return false; } $signature = XHubSignature::parseHeader($headers[0]); return XHubSignature::validate($this->getBody(), $this->secret, $signature); }
public function isUpload(ServerRequestInterface $request) { $contentTypes = $request->getHeader('Content-Type'); foreach ($contentTypes as $contentType) { if (false !== strpos($contentType, 'multipart/form-data')) { return count($request->getUploadedFiles()) > 0; } } return false; }
public function __invoke(Request $request, Response $response, callable $next) { $type = $request->getHeader('Content-Type'); $method = $request->getMethod(); if ('GET' != $method && !empty($type) && 'application/json' == strtolower($type[0])) { $body = (string) $request->getBody(); $request = $request->withParsedBody(json_decode($body)); } return $next($request, $response); }
protected function getValues(ServerRequestInterface $request) { $contentType = $request->getHeader('Content-type'); if (count($contentType) > 0 && strpos($contentType[0], 'application/json') !== false) { $value = json_decode($request->getBody()->getContents(), true); } else { $value = $request->getParsedBody(); } return $value; }
/** * @param ServerRequestInterface $request * @param string $name * * @return string */ private function getHeader(ServerRequestInterface $request, $name) { $value = $request->getHeader($name); if (empty($value) === false) { $value = $value[0]; if (empty($value) === false) { return $value; } } return MediaTypeInterface::JSON_API_MEDIA_TYPE; }
/** * @param \Psr\Http\Message\ServerRequestInterface $request * @param \Slim\Http\Response $response * * @return \Slim\Http\Response * @throws \livetyping\hermitage\app\exceptions\BadRequestException */ public function __invoke(Request $request, Response $response) : Response { $mime = (string) current($request->getHeader('Content-Type')); $binary = (string) $request->getBody(); if (empty($mime) || empty($binary) || !in_array($mime, Util::supportedMimeTypes())) { throw new BadRequestException('Invalid mime-type or body.'); } $command = new StoreImageCommand($mime, $binary); $this->bus->handle($command); return $response->withStatus(201)->withJson(['filename' => $command->getPath()]); }
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null) { $tokenHeader = $request->getHeader('X-Auth-Token'); if (count($tokenHeader) > 0) { $tokenHeaderValue = $tokenHeader[0]; } else { $tokenHeaderValue = null; } $data = array('requestMethod' => $request->getMethod(), 'requestUri' => $request->getRequestTarget(), 'queryParams' => $request->getQueryParams(), 'formParams' => $request->getParsedBody(), 'rawBody' => (string) $request->getBody(), 'headers' => $request->getHeaders(), 'X-Auth-Token' => $tokenHeaderValue); return new JsonResponse($data); }
/** * Get the token from the authorization header. * * @param \Psr\Http\Message\ServerRequestInterface $request * * @return string|null */ protected function getTokenFromHeaders(ServerRequestInterface $request) { $header = $request->getHeader('AUTHORIZATION'); if (0 === count($header)) { return; } if (!preg_match('/' . preg_quote('Bearer', '/') . '\\s([a-zA-Z0-9\\-_\\+~\\/\\.]+)/', $header[0], $matches)) { return; } $token = $matches[1]; return $token; }
public function __invoke(Request $request, Response $response, callable $out = null) { $content = explode(',', $response->getBody()); $accept = $request->getHeader('accept'); switch ($accept[0]) { case 'text/json': return new JsonResponse($content, $response->getStatusCode()); break; default: return new HtmlResponse($this->formatHtml($content)); break; } }
/** * @inheritDoc */ public function parse(ServerRequestInterface $request) : ServerRequestInterface { $headerValues = $request->getHeader('Cookie'); $cookies = []; foreach ($headerValues as $headerValue) { $parts = explode(';', str_replace('; ', ';', $headerValue)); foreach ($parts as $part) { list($key, $value) = explode('=', $part); $cookies[$key] = $value; } } return $request->withCookieParams($cookies); }
/** * Example middleware invokable class * * @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request * @param \Psr\Http\Message\ResponseInterface $response PSR7 response * @param callable $next Next middleware * * @return \Psr\Http\Message\ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { $response->getBody()->write($request->getUri()->getPath()); $response->getBody()->write($this->serect); $authToken = $this->getToken($request->getHeader('Authorization')); if (!$authToken) { $response = $response->withStatus(401); } else { $response->getBody()->write($authToken); } $response = $next($request, $response); return $response; }
/** Location: http://www.example.com/users/4/ * * @todo positionHeaders = 'beforeId' 'Put-Default-Position' 'Put-Default-Position' * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable|null $next * @return ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null) { // @see https://github.com/SitePen/dstore/blob/21129125823a29c6c18533e7b5a31432cf6e5c56/src/Rest.js $overwriteModeHeader = $request->getHeader('If-Match'); $overwriteMode = isset($overwriteModeHeader[0]) && $overwriteModeHeader[0] === '*' ? true : false; $request = $request->withAttribute('Overwrite-Mode', $overwriteMode); $putDefaultPosition = $request->getHeader('Put-Default-Position'); //'start' : 'end' if (isset($putDefaultPosition)) { $request = $request->withAttribute('Put-Default-Position', $putDefaultPosition); } // @see https://github.com/SitePen/dstore/issues/42 $putBeforeHeader = $request->getHeader('Put-Before'); $putBefore = !empty($putBeforeHeader); $request = $request->withAttribute('Put-Before', $putBefore); $rqlQueryStringWithXdebug = $request->getUri()->getQuery(); $rqlQueryString = rtrim($rqlQueryStringWithXdebug, '&XDEBUG_SESSION_START=netbeans-xdebug'); $rqlQueryObject = RqlParser::rqlDecode($rqlQueryString); $request = $request->withAttribute('Rql-Query-Object', $rqlQueryObject); $headerLimit = $request->getHeader('Range'); if (isset($headerLimit) && is_array($headerLimit) && count($headerLimit) > 0) { $match = []; preg_match("/^items=([0-9]+)\\-?([0-9]+)?/", $headerLimit[0], $match); if (count($match) > 0) { $limit = []; if (isset($match[2])) { $limit['offset'] = $match[1]; $limit['limit'] = $match[2]; } else { $limit['limit'] = $match[1]; } $request = $request->withAttribute("Limit", $limit); } } $contenttypeArray = $request->getHeader('Content-Type'); $contenttype = isset($contenttypeArray[0]) ? $contenttypeArray[0] : 'text/html'; if (false !== strpos($contenttype, 'json')) { $body = !empty($request->getBody()->__toString()) ? $this->jsonDecode($request->getBody()->__toString()) : null; $request = $request->withParsedBody($body); } elseif ($contenttype === 'text/plain' or $contenttype === 'text/html' or $contenttype === 'application/x-www-form-urlencoded') { $body = !empty($request->getBody()->__toString()) ? $request->getBody()->__toString() : null; $request = $request->withParsedBody($body); } else { //todo XML? throw new RestException('Unknown Content-Type header - ' . $contenttype); } if ($next) { return $next($request, $response); } return $response; }
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, $next) { $keyArray = $request->getHeader($this->options['api_header']); if (!empty($keyArray)) { $key = $keyArray[0]; $maxRequests = $this->options['max_requests']; $resetTime = $this->options['reset_time']; } else { $key = $this->getClientIp($request); $maxRequests = $this->options['ip_max_requests']; $resetTime = $this->options['ip_reset_time']; } if (empty($key)) { throw new MissingParameterException("Missing client IP and {$this->options['api_header']} header"); } $data = $this->storage->get($key); if (empty($data) || !is_array($data)) { $data = ['remaining' => $maxRequests, 'created' => 0]; } $remaining = array_key_exists('remaining', $data) ? (int) $data['remaining'] : $maxRequests; $created = array_key_exists('created', $data) ? (int) $data['created'] : 0; if ($created == 0) { $created = time(); } else { --$remaining; } if ($remaining < 0) { $remaining = 0; } $resetIn = $created + $resetTime - time(); // @codeCoverageIgnoreStart if ($resetIn <= 0) { $remaining = $maxRequests - 1; $created = time(); $resetIn = $resetTime; } // @codeCoverageIgnoreEnd $data['remaining'] = $remaining; $data['created'] = $created; $this->storage->set($key, $data); if ($remaining <= 0) { $response = $response->withHeader(self::HEADER_RESET, (string) $resetIn); return $response->withStatus(429); } $response = $next($request, $response); $response = $response->withHeader(self::HEADER_REMAINING, (string) $remaining); $response = $response->withAddedHeader(self::HEADER_LIMIT, (string) $maxRequests); $response = $response->withAddedHeader(self::HEADER_RESET, (string) $resetIn); return $next($request, $response); }
/** * Invoke middleware. * * @param ServerRequestInterface $request request object * @param ResponseInterface $response response object * @param callable $next next middleware * * @return ResponseInterface response object */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { $isValid = $request->getAttribute(self::$isValidAttribute, false); $violations = $request->getAttribute(self::$violationsAttribute, []); foreach ($request->getHeader($this->headerName) as $token) { $tokenViolations = call_user_func($this->tokenValidator, $token); if (count($tokenViolations) === 0) { $isValid = true; continue; } $violations = array_merge($violations, $tokenViolations); } return $next($request->withAttribute(self::$isValidAttribute, $isValid)->withAttribute(self::$violationsAttribute, $violations), $response); }
/** * Build CorsRequest from PSR-7 ServerRequest object * * @param Psr\Http\Message\ServerRequestInterface $request * @return PhpNexus\Cors\CorsRequest */ protected function buildCorsRequest(ServerRequestInterface $request) { // Create CorsRequest and set method $corsRequest = (new CorsRequest())->setMethod($request->getMethod()); // Set Origin if header exists if ($request->hasHeader('Origin')) { $corsRequest->setOrigin($request->getHeader('Origin')[0]); } // Set access control request method if header exists if ($request->hasHeader('Access-Control-Request-Method')) { $corsRequest->setAccessControlRequestMethod($request->getHeader('Access-Control-Request-Method')[0]); } // Set access control request headers if header exists if ($request->hasHeader('Access-Control-Request-Headers')) { /** Not sure if this is a bug in the Slim implementation of PSR-7, but it doesn't seem to separate headers properly */ $accessControlRequestHeaders = $request->getHeader('Access-Control-Request-Headers'); // If only one array element; explode by comma and space if (count($accessControlRequestHeaders) === 1) { $accessControlRequestHeaders = explode(', ', $accessControlRequestHeaders[0]); } $corsRequest->setAccessControlRequestHeaders($accessControlRequestHeaders); } return $corsRequest; }
/** * @param \Psr\Http\Message\ServerRequestInterface $request * * @return null|\HttpDigest\DigestDataInterface */ public function findAuthorizationHeader(ServerRequestInterface $request) { $server_params = $request->getServerParams(); if (array_key_exists('PHP_AUTH_DIGEST', $server_params)) { $data = new DigestData($server_params['PHP_AUTH_DIGEST']); $this->validateData($data); return $data; } $header = $request->getHeader('Authorization'); if (0 < count($header) && strtolower(substr($header[0], 0, 7)) === 'digest ') { $data = new DigestData(substr($header[0], 7, strlen($header[0]) - 7)); $this->validateData($data); return $data; } }
/** * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable $next * @return ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null) { $contentType = $request->getHeader('Content-Type'); if (!empty($contentType)) { $contentType = array_shift($contentType); $types = explode($this->config['separator'], $contentType); foreach ($types as $type) { $type = trim($type); if (in_array($type, $this->config['content-types'])) { $jsonDecoded = json_decode($request->getBody()->getContents(), true); $request = $request->withParsedBody($jsonDecoded); break; } } } return $next($request, $response); }
public function execute(Request $req, Response $res, callable $next = null) { try { $name = urldecode($req->getAttribute('name')); $collection = $this->boot()->get('store')->getCollection($name); $contenttype = $req->getHeader('Content-Type'); if (false !== strpos($contenttype[0], 'json')) { $body = json_decode($req->getBody(), true); } else { $body = $req->getParsedBody(); } if (!$body) { throw new \RuntimeException('no request body'); } $data = $collection->save($collection->item()->setData($body))->getData(); if (isset($body['@labels'])) { foreach ($body['@labels'] as $label) { $this->boot()->get('store')->setLabel($data['id'], $label['_label_name'], $label['_label_group'], true); } } if (isset($body['@properties'])) { foreach ($body['@properties'] as $property) { $this->boot()->get('store')->setProperty($data['id'], $property['_property_name'], $property['_property_value'], $property['_property_idx'], $property['_property_type'], $property['_property_sys_type_id'], true); } } $data['@labels'] = $this->boot()->get('store')->getLabels($data['id']); $data['@properties'] = $this->boot()->get('store')->getProperties($data['id']); return $next($req, new JsonResponse(['status' => 'ok', 'data' => $data])); } catch (\Exception $ex) { return new JsonResponse(['status' => 'error', 'error' => $ex->getMessage()], 500); } }