Add authorization header (basic) support for securing endpoint

parent 8ffc8433
......@@ -14,7 +14,9 @@ $params = [
'testServiceStatus',
'queryIDnoCD', 'queryID',
'echo',
])) ? $operation : 'queryID'
])) ? $operation : 'queryID',
'secure_endpoint_username' => isset($settings['secure_endpoint_username']) ? $settings['secure_endpoint_username'] : 'n/a',
'secure_endpoint_password' => isset($settings['secure_endpoint_password']) ? $settings['secure_endpoint_password'] : 'n/a',
];
/**
......@@ -51,12 +53,72 @@ function wscall($params)
curl_close($ch);
return $result;
}
/**
* Get http request header
*/
if (!function_exists('getallheaders'))
{
function getallheaders()
{
$headers = '';
foreach ($_SERVER as $name => $value)
{
if (substr($name, 0, 5) == 'HTTP_')
{
$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
}
}
return $headers;
}
}
/**
* Check the authentication header
*
* @return true|mixed True in case of valid auth header, or response and exit
*/
function check_authentication_header($username, $password)
{
$auth = true;
$headers = getallheaders();
if (array_key_exists('Authorization', $headers)) {
$header = $headers['Authorization'];
$auth_parts = [];
if (preg_match('/^Basic (.+)$/', $header, $auth_parts) === 1) {
if ($auth_parts[1] !== md5("{$username}:{$password}")) {
$auth = [
"message" => "Error: Invalid Credentials"
];
}
} else {
$auth = [
"message" => "Error: Mallformed Authorization Header"
];
}
} else {
$auth = [
"message" => "Error: Missing Authorization Header"
];
}
if ($auth !== true) {
http_response_code(401);
header("Content-Type: application/json");
echo json_encode($auth);
exit(0);
}
return true;
}
/**
*
*/
switch ($params['operation']) {
case 'queryID':
header("Content-Type: application/json");
check_authentication_header($params['secure_endpoint_username'], $params['secure_endpoint_password']);
$result = wscall($params);
break;
case 'queryIDnoCD':
......
<?php
return [
'username' => 'user-here',
'password' => 'pass-here'
'username' => 'username-for-endpoint',
'password' => 'password-for-endpoint',
'secure_endpoint_username' => 'username-for-this-wrapper',
'secure_endpoint_password' => 'password-for-this-wrapper',
];
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment