Skip to content

GitLab

S
samples
Commit 5ba298e9 authored by Σταύρος Παπαδάκης's avatar Σταύρος Παπαδάκης
Browse files
Options

Add authorization check via middleware for securing endpoint

parent b56b09cc
Hide whitespace changes
Inline Side-by-side
Showing with 91 additions and 6 deletions
amka/slim-app/public/index.php
View file @ 5ba298e9
......@@ -24,9 +24,6 @@ $container = $app->getContainer();
// Set up dependencies
require __DIR__ . '/../src/dependencies.php';
// Register middleware
require __DIR__ . '/../src/middleware.php';
//
// setup the app
//
......@@ -47,5 +44,8 @@ $container['errorHandler'] = function ($c) {
// Register routes
require __DIR__ . '/../src/routes.php';
// Register middleware
require __DIR__ . '/../src/middleware.php';
// Run app
$app->run();
amka/slim-app/src/middleware.php
View file @ 5ba298e9
<?php
// Application middleware
$settings = $app->getContainer()->get('settings');
$username = isset($settings['amka']['secure_endpoint_username']) ? $settings['amka']['secure_endpoint_username'] : '';
$password = isset($settings['amka']['secure_endpoint_password']) ? $settings['amka']['secure_endpoint_password'] : '';
// Application middleware
// e.g: $app->add(new \Slim\Csrf\Guard);
$app->getContainer()->get('router')
->getNamedRoute('amka')
->add(new Gr\Gov\Minedu\Osteam\Slim\AuthorizationGuard($username, $password));
amka/slim-app/src/osteam/AuthorizationGuard.php 0 → 100644
View file @ 5ba298e9
<?php
namespace Gr\Gov\Minedu\Osteam\Slim;
use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;
if (!function_exists('getallheaders'))
{
function getallheaders()
{
$headers = '';
foreach ($_SERVER as $name => $value)
{
if (substr($name, 0, 5) == 'HTTP_')
{
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
}
}
return $headers;
}
}
class AuthorizationGuard
{
private $_username;
private $_password;
public function __construct($username, $password)
{
$this->_username = $username;
$this->_password = $password;
}
/**
* Check for authorization basic token
*
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @param \Psr\Http\Message\ResponseInterface $response PSR7 response
* @param callable $next Next middleware
*
* @return \Psr\Http\Message\ResponseInterface
*/
public function __invoke(RequestInterface $request, ResponseInterface $response, callable $next)
{
$auth = true;
$headers = getallheaders();
if (array_key_exists('Authorization', $headers)) {
$header = $headers['Authorization'];
$auth_parts = [];
if (preg_match('/^Basic (.+)$/', $header, $auth_parts) === 1) {
if ($auth_parts[1] !== md5("{$this->_username}:{$this->_password}")) {
$auth = [
"message" => "Error: Invalid Credentials"
];
}
} else {
$auth = [
"message" => "Error: Mallformed Authorization Header"
];
}
} else {
$auth = [
"message" => "Error: Missing Authorization Header"
];
}
if ($auth !== true) {
return $response->withJson($auth, 401);
} else {
return $next($request, $response);
}
}
}
amka/slim-app/src/routes.php
View file @ 5ba298e9
<?php
$app->get('/amka/{amka}/{surname}/[{extended}]', '\Gr\Gov\Minedu\Osteam\Slim\App:validateAmka');
$app->get('/amka/{amka}/{surname}/[{extended}]', '\Gr\Gov\Minedu\Osteam\Slim\App:validateAmka')
->setName('amka');
$app->any('/[{anythingelse}]', function ($request, $response, $args) {
$this->logger->info("Void response, no action route was enabled");
......
amka/slim-app/src/settings.php.dist
View file @ 5ba298e9
......@@ -22,7 +22,9 @@ return [
'extra_headers' => [
// any custom headers as 'key' => 'value'
],
'verify_ssl' => false // only if ssl is not tuned correctly!
'verify_ssl' => false, // only if ssl is not tuned correctly!
'secure_endpoint_username' => 'username-for-this-wrapper',
'secure_endpoint_password' => 'password-for-this-wrapper'
]
],
];
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment