From f9f133d3a96f43a0e445f4b5247d39c9100bcad4 Mon Sep 17 00:00:00 2001
From: Juan Pablo Vial <jpvialb@incoviba.cl>
Date: Tue, 27 Aug 2024 14:46:03 -0400
Subject: [PATCH] Se extra getKey y configuraciones the paths

---
 app/src/Middleware/API.php | 29 ++++++++---------------------
 1 file changed, 8 insertions(+), 21 deletions(-)

diff --git a/app/src/Middleware/API.php b/app/src/Middleware/API.php
index cc93148..9eb0963 100644
--- a/app/src/Middleware/API.php
+++ b/app/src/Middleware/API.php
@@ -5,19 +5,24 @@ use Psr\Http\Message\ResponseFactoryInterface;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\RequestHandlerInterface;
+use Psr\Log\LoggerInterface;
 use Incoviba\Exception\MissingAuthorizationHeader;
 use Incoviba\Service;
 
 class API
 {
     public function __construct(protected ResponseFactoryInterface $responseFactory,
+                                protected LoggerInterface $logger,
+                                protected Service\API $apiService,
                                 protected Service\Login $loginService,
+                                protected array $permittedPaths,
+                                protected array $simplePaths,
                                 protected string $key) {}
 
     public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
         try {
-            $key = $this->getKey($request);
+            $key = $this->apiService->getKey($request);
         } catch (MissingAuthorizationHeader $exception) {
             return $this->responseFactory->createResponse(401);
         }
@@ -29,16 +34,6 @@ class API
         }
         return $this->responseFactory->createResponse(403);
     }
-    protected function getKey(ServerRequestInterface $request): string
-    {
-        $auth_headers = $request->getHeader('Authorization');
-        foreach ($auth_headers as $header) {
-            if (str_contains($header, 'Bearer')) {
-                return substr($header, strlen('Bearer '));
-            }
-        }
-        throw new MissingAuthorizationHeader();
-    }
     protected function validate(ServerRequestInterface $request, $incoming_key): bool
     {
         $selector = null;
@@ -61,19 +56,11 @@ class API
     protected function noComplexKeyNeeded(ServerRequestInterface $request): bool
     {
         $uri = $request->getUri();
-        $validPaths = [
-            '/api/login',
-            '/api/login/',
-        ];
-        return in_array($uri->getPath(), $validPaths);
+        return in_array($uri->getPath(), $this->simplePaths);
     }
     protected function validPermitted(ServerRequestInterface $request): bool
     {
         $uri = $request->getUri();
-        $validPaths = [
-            '/api',
-            '/api/',
-        ];
-        return in_array($uri->getPath(), $validPaths);
+        return in_array($uri->getPath(), $this->permittedPaths);
     }
 }