protected function __construct(\Slim\Http\Request $request) { $key = $request->headers('apikey'); if ($key == '') { $key = $request->post('apikey'); } if ($key == '') { $key = $request->get('apikey'); } if ($key == '') { return; } $this->apiKey = $key; $this->role = $this->getRoleFromKey($this->apiKey); }
/** * Set ETag HTTP Response Header * * Set the etag header and stop if the conditional GET request matches. * The `value` argument is a unique identifier for the current resource. * The `type` argument indicates whether the etag should be used as a strong or * weak cache validator. * * When the current request includes an 'If-None-Match' header with * a matching etag, execution is immediately stopped. If the request * method is GET or HEAD, a '304 Not Modified' response is sent. * * @param string $value The etag value * @param string $type The type of etag to create; either "strong" or "weak" * @throws \InvalidArgumentException If provided type is invalid */ public function etag($value, $type = 'strong') { //Ensure type is correct if (!in_array($type, array('strong', 'weak'))) { throw new \InvalidArgumentException('Invalid Slim::etag type. Expected "strong" or "weak".'); } //Set etag value $value = '"' . $value . '"'; if ($type === 'weak') { $value = 'W/' . $value; } $this->response['ETag'] = $value; //Check conditional GET if ($etagsHeader = $this->request->headers('IF_NONE_MATCH')) { $etags = preg_split('@\\s*,\\s*@', $etagsHeader); if (in_array($value, $etags) || in_array('*', $etags)) { $this->halt(304); } } }
public function extractToken(Request $request) { $tokenHeader = $request->headers('Authorization', false); $rawTokenHeader = $request->rawHeaders('Authorization', false); if ($tokenHeader && preg_match('/Bearer\\s*([^\\s]+)/', $tokenHeader, $matches)) { $tokenHeader = $matches[1]; } elseif ($rawTokenHeader && preg_match('/Bearer\\s*([^\\s]+)/', $rawTokenHeader, $matches)) { $tokenHeader = $matches[1]; } else { $tokenHeader = false; } $tokenRequest = $request->post('access_token', false); $tokenQuery = $request->get('access_token', false); // At least one (and only one) of client credentials method required. if (!$tokenHeader && !$tokenRequest && !$tokenQuery) { throw new Exception('The request is missing a required parameter.', Resource::STATUS_BAD_REQUEST); } elseif ($tokenHeader && $tokenRequest || $tokenRequest && $tokenQuery || $tokenQuery && $tokenHeader) { throw new Exception('The request includes multiple credentials.', Resource::STATUS_BAD_REQUEST); } $accessToken = $tokenHeader ?: $tokenRequest ?: $tokenQuery; try { $tokenDocument = $this->fetchToken($accessToken); } catch (\Exception $e) { throw new Exception('Access token invalid.'); } return $tokenDocument; }
public function extractToken(Request $request) { $headers = $request->headers(); $rawHeaders = $request->rawHeaders(); if (isset($rawHeaders['Authorization'])) { $header = $rawHeaders['Authorization']; } elseif (isset($headers['Authorization'])) { $header = $headers['Authorization']; } else { throw new Exception('Authorization header required.'); } if (preg_match('/Basic\\s+(.*)$/i', $header, $matches)) { list($authUser, $authPass) = explode(':', base64_decode($matches[1])); } else { throw new Exception('Authorization header invalid.'); } if (isset($authUser) && isset($authPass)) { try { $token = $this->fetchToken($authUser, $authPass); } catch (\Exception $e) { throw new Exception('Authorization header invalid.'); } } return $token; }