122 lines
3.7 KiB
PHP
122 lines
3.7 KiB
PHP
<?php
|
|
// middleware
|
|
namespace api;
|
|
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
use Psr\Http\Server\RequestHandlerInterface;
|
|
use Slim\App;
|
|
use Selective\SameSiteCookie\SameSiteCookieConfiguration;
|
|
use Selective\SameSiteCookie\SameSiteCookieMiddleware;
|
|
use Slim\Exception\HttpMethodNotAllowedException;
|
|
use Slim\Exception\HttpNotFoundException;
|
|
use Slim\Psr7\Response;
|
|
use Tuupola\Middleware\JwtAuthentication;
|
|
use Tuupola\Middleware\JwtAuthentication\RequestMethodRule;
|
|
use Tuupola\Middleware\JwtAuthentication\RequestPathRule;
|
|
|
|
/**
|
|
* Middleware
|
|
* Define all middleware functions
|
|
*/
|
|
class middleware
|
|
{
|
|
/**
|
|
* Constructor for middleware
|
|
* @param App $app - Slim App
|
|
*/
|
|
function __construct(App $app)
|
|
{
|
|
$this->baseMiddleware($app);
|
|
$this->sameSiteConfig($app);
|
|
$this->jwtAuth($app);
|
|
$this->errorHandling($app);
|
|
$this->returnAsJSON($app);
|
|
}
|
|
|
|
/**
|
|
* Base middleware
|
|
* @param App $app - Slim App
|
|
*/
|
|
function baseMiddleware(App $app): void
|
|
{
|
|
$app->addBodyParsingMiddleware();
|
|
$app->addRoutingMiddleware();
|
|
}
|
|
|
|
/**
|
|
* SameSite Cookie Configuration
|
|
* @param App $app - Slim App
|
|
*/
|
|
function sameSiteConfig(App $app): void
|
|
{
|
|
$ssConfig = new SameSiteCookieConfiguration(["same_site" => "strict"]);
|
|
$app->add(new SameSiteCookieMiddleware($ssConfig));
|
|
}
|
|
|
|
/**
|
|
* Return all responses as JSON
|
|
* @param App $app - Slim App
|
|
*/
|
|
function returnAsJSON(App $app): void
|
|
{
|
|
$app->add(function ($request, $handler)
|
|
{
|
|
$response = $handler->handle($request);
|
|
return $response->withHeader("Content-Type", "application/json");
|
|
});
|
|
}
|
|
|
|
/**
|
|
* JWT Authentication
|
|
* @param App $app - Slim App
|
|
*/
|
|
function jwtAuth(App $app): void
|
|
{
|
|
$jwtSecret = getSecretKey();
|
|
$app->add(new JwtAuthentication([
|
|
"rules" => [
|
|
new RequestPathRule([
|
|
"path" => ["/api/projectData", "/api/timeline/[a-z]*", "/api/user/testMethod"],
|
|
"ignore" => ["/api/contact", "/api/user/login", "/api/user/changePassword"]
|
|
]),
|
|
new RequestMethodRule([
|
|
"ignore" => ["OPTIONS", "GET"]
|
|
])
|
|
],
|
|
"secret" => $jwtSecret,
|
|
"error" => function ($response)
|
|
{
|
|
session_destroy();
|
|
$response->getBody()->write(json_encode(array("status" => "401", "message" =>
|
|
"Unauthorized, please provide a valid token")));
|
|
return $response->withStatus(401);
|
|
}
|
|
]));
|
|
}
|
|
|
|
function errorHandling(App $app): void
|
|
{
|
|
$app->add(function (ServerRequestInterface $request, RequestHandlerInterface $handler)
|
|
{
|
|
try
|
|
{
|
|
return $handler->handle($request);
|
|
}
|
|
catch (HttpNotFoundException $httpException)
|
|
{
|
|
$response = (new Response())->withStatus(404);
|
|
$response->getBody()->write(json_encode(array("status" => "404", "message" => $request->getUri()->getPath() . " not found")));
|
|
return $response;
|
|
}
|
|
catch (HttpMethodNotAllowedException $httpException)
|
|
{
|
|
$response = (new Response())->withStatus(405);
|
|
$response->getBody()->write(json_encode(array("status" => "405", "message" => "Method not allowed")));
|
|
return $response;
|
|
}
|
|
});
|
|
$app->addErrorMiddleware(true, true, true);
|
|
|
|
}
|
|
|
|
} |