FIX: API not added by git
This commit is contained in:
Juan Pablo Vial
@ -10,7 +10,8 @@ use Incoviba\Service;
|
|||||||
|
|
||||||
class API
|
class API
|
||||||
{
|
{
|
||||||
public function __construct(protected ResponseFactoryInterface $responseFactory, protected Service\Login $loginService,
|
public function __construct(protected ResponseFactoryInterface $responseFactory,
|
||||||
|
protected Service\Login $loginService,
|
||||||
protected string $key) {}
|
protected string $key) {}
|
||||||
|
|
||||||
public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
||||||
@ -20,6 +21,9 @@ class API
|
|||||||
} catch (MissingAuthorizationHeader $exception) {
|
} catch (MissingAuthorizationHeader $exception) {
|
||||||
return $this->responseFactory->createResponse(401);
|
return $this->responseFactory->createResponse(401);
|
||||||
}
|
}
|
||||||
|
if ($this->validateSimpleKey($request, $key)) {
|
||||||
|
return $handler->handle($request);
|
||||||
|
}
|
||||||
if ($this->validate($request, $key)) {
|
if ($this->validate($request, $key)) {
|
||||||
return $handler->handle($request);
|
return $handler->handle($request);
|
||||||
}
|
}
|
||||||
@ -37,23 +41,38 @@ class API
|
|||||||
}
|
}
|
||||||
protected function validate(ServerRequestInterface $request, $incoming_key): bool
|
protected function validate(ServerRequestInterface $request, $incoming_key): bool
|
||||||
{
|
{
|
||||||
|
$selector = null;
|
||||||
|
$token = null;
|
||||||
if (str_contains($incoming_key, $this->loginService->getSeparator())) {
|
if (str_contains($incoming_key, $this->loginService->getSeparator())) {
|
||||||
list($incoming_key, $selector, $token) = explode($this->loginService->getSeparator(), $incoming_key);
|
list($incoming_key, $selector, $token) = explode($this->loginService->getSeparator(), $incoming_key, 3);
|
||||||
if (!$this->loginService->isIn()) {
|
if (!$this->loginService->isIn($selector, $token)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!$this->loginService->isIn() and !$this->validPermitted($request)) {
|
if (!$this->loginService->isIn($selector, $token) and !$this->validPermitted($request)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return $incoming_key === md5($this->key);
|
return $incoming_key === md5($this->key);
|
||||||
}
|
}
|
||||||
|
protected function validateSimpleKey(ServerRequestInterface $request, $incoming_key): bool
|
||||||
|
{
|
||||||
|
return $incoming_key === md5($this->key) and $this->noComplexKeyNeeded($request);
|
||||||
|
}
|
||||||
|
protected function noComplexKeyNeeded(ServerRequestInterface $request): bool
|
||||||
|
{
|
||||||
|
$uri = $request->getUri();
|
||||||
|
$validPaths = [
|
||||||
|
'/api/login',
|
||||||
|
'/api/login/',
|
||||||
|
];
|
||||||
|
return in_array($uri->getPath(), $validPaths);
|
||||||
|
}
|
||||||
protected function validPermitted(ServerRequestInterface $request): bool
|
protected function validPermitted(ServerRequestInterface $request): bool
|
||||||
{
|
{
|
||||||
$uri = $request->getUri();
|
$uri = $request->getUri();
|
||||||
$validPaths = [
|
$validPaths = [
|
||||||
'/api',
|
'/api',
|
||||||
'/api/'
|
'/api/',
|
||||||
];
|
];
|
||||||
return in_array($uri->getPath(), $validPaths);
|
return in_array($uri->getPath(), $validPaths);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user