/** * This function authenticates users before they can be granted access to protected endpoints. * @param Slim $app */ public static function authenticate(Slim $app) { $app->response->headers->set('Content-Type', 'application/json'); $token = $app->request->headers->get('Authorization'); if (is_null($token)) { OutputFormatter::formatOutput($app, 401, "You're not authorized to perform this action. Please login."); } try { Configuration::load(); $secretKey = getenv('JWT_KEY'); $jwt = JWT::decode($token, $secretKey, ['HS256']); return json_encode($jwt->data); } catch (ExpiredException $e) { OutputFormatter::formatOutput($app, 400, "Your token has expired. Please login again."); } catch (Exception $e) { OutputFormatter::formatOutput($app, 400, 'Exception: ' . $e->getMessage()); } }
/** * This function logs in users by checking their login credentials against the database * and generates a json web token (JWT) for valid users * @param Slim $app [description] */ public static function login(Slim $app) { $app->response->headers->set('Content-Type', 'application/json'); $username = $app->request->params('username'); $password = $app->request->params('password'); $conn = User::getConnection(); $sql = "SELECT * FROM users WHERE username='******'"; $stmt = $conn->query($sql); $result = $stmt->fetch(PDO::FETCH_ASSOC); if (password_verify($password, $result['password'])) { $token = ['iat' => time(), 'exp' => time() + 3600, 'data' => ['userID' => $result['user_id'], 'username' => $username]]; Configuration::load(); $secretKey = getenv('JWT_KEY'); $jwt = JWT::encode($token, $secretKey); $responseMessage = ['Status' => '200', 'Message' => 'Login successful', 'Token' => $jwt]; return json_encode($responseMessage); } else { OutputFormatter::formatOutput($app, 401, 'Login failed. Username or password is invalid.'); } }