Created the JWT authentication for the editor so that it's more secure and can potentially be used to create a desktop app in the future. Used Tuupola's JWT auth middleware implementation to help with the auth part. Used Firebase's JWT method to create the token

Signed-off-by: rodude123 <rodude123@gmail.com>
2022-10-09 02:40:06 +01:00
parent c22e7f41b1
commit 98c026b946
13 changed files with 728 additions and 64 deletions
@@ -0,0 +1,91 @@
+<?php
+// middleware
+namespace api;
+
+use Slim\App;
+use Selective\SameSiteCookie\SameSiteCookieConfiguration;
+use Selective\SameSiteCookie\SameSiteCookieMiddleware;
+use Tuupola\Middleware\JwtAuthentication;
+use Tuupola\Middleware\JwtAuthentication\RequestMethodRule;
+use Tuupola\Middleware\JwtAuthentication\RequestPathRule;
+
+/**
+ * Middleware
+ * Define all middleware functions
+ */
+class middleware
+{
+    /**
+     * Constructor for middleware
+     * @param App $app - Slim App
+     */
+    function __construct(App $app)
+    {
+        $this->baseMiddleware($app);
+        $this->sameSiteConfig($app);
+        $this->jwtAuth($app);
+        $this->returnAsJSON($app);
+    }
+
+    /**
+     * Base middleware
+     * @param App $app - Slim App
+     */
+    function baseMiddleware(App $app): void
+    {
+        $app->addRoutingMiddleware();
+    }
+    
+    /**
+     * SameSite Cookie Configuration
+     * @param App $app - Slim App
+     */
+    function sameSiteConfig(App $app): void
+    {
+        $ssConfig = new SameSiteCookieConfiguration(["same_site" => "strict"]);
+        $app->add(new SameSiteCookieMiddleware($ssConfig));
+    }
+
+    /**
+     * Return all responses as JSON
+     * @param App $app - Slim App
+     */
+    function returnAsJSON(App $app): void
+    {
+        $app->add(function ($request, $handler)
+        {
+            $response = $handler->handle($request);
+            return $response->withHeader("Content-Type", "application/json");
+        });
+    }
+    
+    /**
+     * JWT Authentication
+     * @param App $app - Slim App
+     */
+    function jwtAuth(App $app): void
+    {
+        $jwtSecret = getSecretKey();
+        $app->add(new JwtAuthentication([
+            "rules" => [
+                new RequestPathRule([
+                    "path" => ["/api/projectData", "/api/timeline/[a-z]*", "/api/user/testMethod"],
+                    "ignore" => ["/api/contact", "/api/user/login", "/api/user/changePassword"]
+                ]),
+                new RequestMethodRule([
+                    "ignore" => ["OPTIONS", "GET"]
+                ])
+            ],
+            "secret" => $jwtSecret,
+            "error" => function ($response)
+            {
+                session_destroy();
+                $response->getBody()->write(json_encode(array("status" => "401", "message" => 
+                                                              "Unauthorized, please provide a valid token")));
+                return $response->withStatus(401);
+            }
+        ]));
+        $app->addErrorMiddleware(true, true, true);
+    }
+    
+}