luticate
/
api-auth
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
Browse Source

route middleware

tags/0.1.0
Robin Thoni 8 years ago
parent
9a7c95259a
commit
77f581bb48
2 changed files with 71 additions and 55 deletions
Split View Show Diff Stats
  1. 2
    55
      src/Auth/Business/LuticateBusiness.php
  2. 69
    0
      src/Auth/Business/LuticateMiddleware.php

+ 2
- 55
src/Auth/Business/LuticateBusiness.php View File 

@@ -16,8 +16,6 @@ use Luticate\Utils\LuRoute;
16 16
17 17 
 class LuticateBusiness
18 18 
 {
19 
-    const TOKEN_HEADER = "X-Authorization";
20 
-
21 19 
     /**
22 20 
      * @var LuticateUsersDbo
23 21 
      */
 
@@ -28,52 +26,9 @@ class LuticateBusiness
28 26 
         return self::$_currentUser;
29 27 
     }
30 28
31 
-    /**
32 
-     * @param $permissions string[]
33 
-     * @param $request Request
34 
-     * @return bool
35 
-     */
36 
-    public static function authFilter($permissions, $request)
29 
+    public static function setCurrentUser($user)
37 30 
     {
38 
-        /**
39 
-         * @var $user LuticateUsersDbo
40 
-         */
41 
-        $user = null;
42 
-        $token = $request->header(self::TOKEN_HEADER);
43 
-        if ($token != null && $token != "") {
44 
-            $data = JwtHelper::decode($token);
45 
-            if ($data != null) {
46 
-                $user_id = $data[LuticateUsersBusiness::KEY_USER_ID];
47 
-                $salt = $data[LuticateUsersBusiness::KEY_SALT];
48 
-                $user = LuticateUsersBusiness::getById($user_id);
49 
-                if ($user->getSalt() != $salt) {
50 
-                    $user = null;
51 
-                }
52 
-            }
53 
-        }
54 
-        if (is_null($user)) {
55 
-            if ($token != null && $token != "") {
56 
-                return "Invalid token";
57 
-            }
58 
-            $user = LuticateUsersBusiness::getById(0);
59 
-        }
60 
-
61 31 
         self::$_currentUser = $user;
62 
-        LuController::$parameters["user"] = $user;
63 
-
64 
-        $permissions[] = LuticatePermissions::USER_LOGIN;
65 
-        foreach ($permissions as $permission) {
66 
-            try {
67 
-                $perm = LuticatePermissionsBusiness::getEffectivePermission(self::$_currentUser->getId(), $permission);
68 
-                if (!$perm->getValue()) {
69 
-                    return "Permission denied";
70 
-                }
71 
-            }catch (\Exception $e)
72 
-            {
73 
-                return "Permission denied";
74 
-            }
75 
-        }
76 
-        return null;
77 32 
     }
78 33
79 34 
     /**
 
@@ -81,15 +36,7 @@ class LuticateBusiness
81 36 
      */
82 37 
     public static function setupAuth($route)
83 38 
     {
84 
-        $route->setMiddleware(function($permissions, $request)
85 
-        {
86 
-            $auth = self::authFilter($permissions, $request);
87 
-            if (is_null($auth)) {
88 
-                return true;
89 
-            }
90 
-            abort(401, $auth);
91 
-            return false;
92 
-        });
39 
+        $route->addMiddleware('Luticate\Auth\Business\LuticateMiddleware');
93 40 
     }
94 41
95 42 
     /**

+ 69
- 0
src/Auth/Business/LuticateMiddleware.php View File 

@@ -0,0 +1,69 @@
1 
+<?php
2 
+/**
3 
+ * Created by PhpStorm.
4 
+ * User: robin
5 
+ * Date: 10/19/15
6 
+ * Time: 9:14 PM
7 
+ */
8 
+
9 
+namespace Luticate\Auth\Business;
10 
+
11 
+use Closure;
12 
+use Illuminate\Http\Request;
13 
+use Luticate\Auth\DBO\LuticatePermissions;
14 
+use Luticate\Auth\DBO\LuticateUsersDbo;
15 
+use Luticate\Utils\LuController;
16 
+
17 
+class LuticateMiddleware
18 
+{
19 
+    const TOKEN_HEADER = "X-Authorization";
20 
+
21 
+    /**
22 
+     * @param $request Request
23 
+     * @param Closure $next
24 
+     * @param ...$permissions
25 
+     * @return null|string
26 
+     */
27 
+    public function handle($request, Closure $next, ...$permissions)
28 
+    {
29 
+        /**
30 
+         * @var $user LuticateUsersDbo
31 
+         */
32 
+        $user = null;
33 
+        $token = $request->header(self::TOKEN_HEADER);
34 
+        if ($token != null && $token != "") {
35 
+            $data = JwtHelper::decode($token);
36 
+            if ($data != null) {
37 
+                $user_id = $data[LuticateUsersBusiness::KEY_USER_ID];
38 
+                $salt = $data[LuticateUsersBusiness::KEY_SALT];
39 
+                $user = LuticateUsersBusiness::getById($user_id);
40 
+                if ($user->getSalt() != $salt) {
41 
+                    $user = null;
42 
+                }
43 
+            }
44 
+        }
45 
+        if (is_null($user)) {
46 
+            if ($token != null && $token != "") {
47 
+                abort(401, "Invalid token");
48 
+            }
49 
+            $user = LuticateUsersBusiness::getById(0);
50 
+        }
51 
+
52 
+        LuticateBusiness::setCurrentUser($user);
53 
+        LuController::$parameters["user"] = $user;
54 
+
55 
+        $permissions[] = LuticatePermissions::USER_LOGIN;
56 
+        foreach ($permissions as $permission) {
57 
+            try {
58 
+                $perm = LuticatePermissionsBusiness::getEffectivePermission(LuticateBusiness::getCurrentUser()->getId(), $permission);
59 
+                if (!$perm->getValue()) {
60 
+                    abort(401, "Permission denied");
61 
+                }
62 
+            }catch (\Exception $e)
63 
+            {
64 
+                abort(401, "Permission denied");
65 
+            }
66 
+        }
67 
+        return $next($request);
68 
+    }
69 
+}

Write Preview
Loading…
Cancel
Save