Base API, and more solid key and check
This commit is contained in:
Juan Pablo Vial
20
app/src/Controller/API/Base.php
Normal file
20
app/src/Controller/API/Base.php
Normal file
@ -0,0 +1,20 @@
|
||||
<?php
|
||||
namespace Incoviba\Controller\API;
|
||||
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Incoviba\Common\Ideal\Controller;
|
||||
|
||||
class Base extends Controller
|
||||
{
|
||||
use withJson;
|
||||
|
||||
public function __invoke(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface
|
||||
{
|
||||
$output = [
|
||||
'version' => '2.0.0',
|
||||
'organization' => 'Ingenieria y Construccion Vial Balmaceda Sociedad Anonima'
|
||||
];
|
||||
return $this->withJson($response, $output);
|
||||
}
|
||||
}
|
||||
@ -6,10 +6,12 @@ use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Psr\Http\Server\RequestHandlerInterface;
|
||||
use Incoviba\Exception\MissingAuthorizationHeader;
|
||||
use Incoviba\Service;
|
||||
|
||||
class API
|
||||
{
|
||||
public function __construct(protected ResponseFactoryInterface $responseFactory, protected string $key) {}
|
||||
public function __construct(protected ResponseFactoryInterface $responseFactory, protected Service\Login $loginService,
|
||||
protected string $key) {}
|
||||
|
||||
public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
||||
{
|
||||
@ -18,7 +20,7 @@ class API
|
||||
} catch (MissingAuthorizationHeader $exception) {
|
||||
return $this->responseFactory->createResponse(401);
|
||||
}
|
||||
if ($this->validate($key)) {
|
||||
if ($this->validate($request, $key)) {
|
||||
return $handler->handle($request);
|
||||
}
|
||||
return $this->responseFactory->createResponse(403);
|
||||
@ -33,8 +35,26 @@ class API
|
||||
}
|
||||
throw new MissingAuthorizationHeader();
|
||||
}
|
||||
protected function validate($incoming_key): bool
|
||||
protected function validate(ServerRequestInterface $request, $incoming_key): bool
|
||||
{
|
||||
if (str_contains($incoming_key, $this->loginService->getSeparator())) {
|
||||
list($incoming_key, $selector, $token) = explode($this->loginService->getSeparator(), $incoming_key);
|
||||
if (!$this->loginService->isIn()) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
if (!$this->loginService->isIn() and !$this->validPermitted($request)) {
|
||||
return false;
|
||||
}
|
||||
return $incoming_key === md5($this->key);
|
||||
}
|
||||
protected function validPermitted(ServerRequestInterface $request): bool
|
||||
{
|
||||
$uri = $request->getUri();
|
||||
$validPaths = [
|
||||
'/api',
|
||||
'/api/'
|
||||
];
|
||||
return in_array($uri->getPath(), $validPaths);
|
||||
}
|
||||
}
|
||||
|
||||
@ -51,7 +51,7 @@ class Authentication
|
||||
return true;
|
||||
}
|
||||
$valid_subpaths = [
|
||||
'/api'
|
||||
'/api/'
|
||||
];
|
||||
foreach ($valid_subpaths as $path) {
|
||||
if (str_starts_with($current_path, $path)) {
|
||||
@ -60,6 +60,7 @@ class Authentication
|
||||
}
|
||||
$valid_uris = [
|
||||
$this->login_url,
|
||||
"{$this->login_url}/",
|
||||
];
|
||||
if (in_array($current_url, $valid_uris, true)) {
|
||||
return true;
|
||||
|
||||
@ -47,6 +47,14 @@ class Login
|
||||
}
|
||||
return $login->user;
|
||||
}
|
||||
public function getToken(): string
|
||||
{
|
||||
return implode($this->cookie_separator, [$this->selector, $this->token]);
|
||||
}
|
||||
public function getSeparator(): string
|
||||
{
|
||||
return $this->cookie_separator;
|
||||
}
|
||||
public function validateUser(Model\User $user, string $encryptedPassword): bool
|
||||
{
|
||||
list($passphrase, $encrypted) = $this->splitPassword($encryptedPassword);
|
||||
|
||||
Reference in New Issue
Block a user