From e93149456a64ff7cc817f3d4a36a9757ee17f0c5 Mon Sep 17 00:00:00 2001
From: Juan Pablo Vial <jpvialb@incoviba.cl>
Date: Fri, 26 Jul 2024 23:57:04 -0400
Subject: [PATCH] FIX: API not added by git

---
 app/src/Middleware/API.php | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/app/src/Middleware/API.php b/app/src/Middleware/API.php
index df1d566..cc93148 100644
--- a/app/src/Middleware/API.php
+++ b/app/src/Middleware/API.php
@@ -10,7 +10,8 @@ use Incoviba\Service;
 
 class API
 {
-    public function __construct(protected ResponseFactoryInterface $responseFactory, protected Service\Login $loginService,
+    public function __construct(protected ResponseFactoryInterface $responseFactory,
+                                protected Service\Login $loginService,
                                 protected string $key) {}
 
     public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
@@ -20,6 +21,9 @@ class API
         } catch (MissingAuthorizationHeader $exception) {
             return $this->responseFactory->createResponse(401);
         }
+        if ($this->validateSimpleKey($request, $key)) {
+            return $handler->handle($request);
+        }
         if ($this->validate($request, $key)) {
             return $handler->handle($request);
         }
@@ -37,23 +41,38 @@ class API
     }
     protected function validate(ServerRequestInterface $request, $incoming_key): bool
     {
+        $selector = null;
+        $token = null;
         if (str_contains($incoming_key, $this->loginService->getSeparator())) {
-            list($incoming_key, $selector, $token) = explode($this->loginService->getSeparator(), $incoming_key);
-            if (!$this->loginService->isIn()) {
+            list($incoming_key, $selector, $token) = explode($this->loginService->getSeparator(), $incoming_key, 3);
+            if (!$this->loginService->isIn($selector, $token)) {
                 return false;
             }
         }
-        if (!$this->loginService->isIn() and !$this->validPermitted($request)) {
+        if (!$this->loginService->isIn($selector, $token) and !$this->validPermitted($request)) {
             return false;
         }
         return $incoming_key === md5($this->key);
     }
+    protected function validateSimpleKey(ServerRequestInterface $request, $incoming_key): bool
+    {
+        return $incoming_key === md5($this->key) and $this->noComplexKeyNeeded($request);
+    }
+    protected function noComplexKeyNeeded(ServerRequestInterface $request): bool
+    {
+        $uri = $request->getUri();
+        $validPaths = [
+            '/api/login',
+            '/api/login/',
+        ];
+        return in_array($uri->getPath(), $validPaths);
+    }
     protected function validPermitted(ServerRequestInterface $request): bool
     {
         $uri = $request->getUri();
         $validPaths = [
             '/api',
-            '/api/'
+            '/api/',
         ];
         return in_array($uri->getPath(), $validPaths);
     }