Add authorization check via middleware for securing endpoint

parent b56b09cc
...@@ -24,9 +24,6 @@ $container = $app->getContainer(); ...@@ -24,9 +24,6 @@ $container = $app->getContainer();
// Set up dependencies // Set up dependencies
require __DIR__ . '/../src/dependencies.php'; require __DIR__ . '/../src/dependencies.php';
// Register middleware
require __DIR__ . '/../src/middleware.php';
// //
// setup the app // setup the app
// //
...@@ -47,5 +44,8 @@ $container['errorHandler'] = function ($c) { ...@@ -47,5 +44,8 @@ $container['errorHandler'] = function ($c) {
// Register routes // Register routes
require __DIR__ . '/../src/routes.php'; require __DIR__ . '/../src/routes.php';
// Register middleware
require __DIR__ . '/../src/middleware.php';
// Run app // Run app
$app->run(); $app->run();
<?php <?php
// Application middleware $settings = $app->getContainer()->get('settings');
$username = isset($settings['amka']['secure_endpoint_username']) ? $settings['amka']['secure_endpoint_username'] : '';
$password = isset($settings['amka']['secure_endpoint_password']) ? $settings['amka']['secure_endpoint_password'] : '';
// Application middleware
// e.g: $app->add(new \Slim\Csrf\Guard); // e.g: $app->add(new \Slim\Csrf\Guard);
$app->getContainer()->get('router')
->getNamedRoute('amka')
->add(new Gr\Gov\Minedu\Osteam\Slim\AuthorizationGuard($username, $password));
<?php
namespace Gr\Gov\Minedu\Osteam\Slim;
use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;
if (!function_exists('getallheaders'))
{
function getallheaders()
{
$headers = '';
foreach ($_SERVER as $name => $value)
{
if (substr($name, 0, 5) == 'HTTP_')
{
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
}
}
return $headers;
}
}
class AuthorizationGuard
{
private $_username;
private $_password;
public function __construct($username, $password)
{
$this->_username = $username;
$this->_password = $password;
}
/**
* Check for authorization basic token
*
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @param \Psr\Http\Message\ResponseInterface $response PSR7 response
* @param callable $next Next middleware
*
* @return \Psr\Http\Message\ResponseInterface
*/
public function __invoke(RequestInterface $request, ResponseInterface $response, callable $next)
{
$auth = true;
$headers = getallheaders();
if (array_key_exists('Authorization', $headers)) {
$header = $headers['Authorization'];
$auth_parts = [];
if (preg_match('/^Basic (.+)$/', $header, $auth_parts) === 1) {
if ($auth_parts[1] !== md5("{$this->_username}:{$this->_password}")) {
$auth = [
"message" => "Error: Invalid Credentials"
];
}
} else {
$auth = [
"message" => "Error: Mallformed Authorization Header"
];
}
} else {
$auth = [
"message" => "Error: Missing Authorization Header"
];
}
if ($auth !== true) {
return $response->withJson($auth, 401);
} else {
return $next($request, $response);
}
}
}
<?php <?php
$app->get('/amka/{amka}/{surname}/[{extended}]', '\Gr\Gov\Minedu\Osteam\Slim\App:validateAmka'); $app->get('/amka/{amka}/{surname}/[{extended}]', '\Gr\Gov\Minedu\Osteam\Slim\App:validateAmka')
->setName('amka');
$app->any('/[{anythingelse}]', function ($request, $response, $args) { $app->any('/[{anythingelse}]', function ($request, $response, $args) {
$this->logger->info("Void response, no action route was enabled"); $this->logger->info("Void response, no action route was enabled");
......
...@@ -22,7 +22,9 @@ return [ ...@@ -22,7 +22,9 @@ return [
'extra_headers' => [ 'extra_headers' => [
// any custom headers as 'key' => 'value' // any custom headers as 'key' => 'value'
], ],
'verify_ssl' => false // only if ssl is not tuned correctly! 'verify_ssl' => false, // only if ssl is not tuned correctly!
'secure_endpoint_username' => 'username-for-this-wrapper',
'secure_endpoint_password' => 'password-for-this-wrapper'
] ]
], ],
]; ];
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment