kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-04-28 17:23:56 +00:00
Code Issues Projects Releases Wiki Activity
grocy/middleware/ApiKeyAuthMiddleware.php
Bernd Bestel d4fa1a64c2
Upgrade Slim Framework to v4 (closes #561)
2020-02-11 17:42:03 +01:00

106 lines
3.1 KiB
PHP
Raw Blame History

<?php
namespace Grocy\Middleware;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use Psr\Http\Message\ResponseInterface as Response;
use Slim\Routing\RouteContext;
use Grocy\Services\SessionService;
use Grocy\Services\ApiKeyService;
class ApiKeyAuthMiddleware extends BaseMiddleware
{
public function __construct(\DI\Container $container, string $sessionCookieName, string $apiKeyHeaderName)
{
parent::__construct($container);
$this->SessionCookieName = $sessionCookieName;
$this->ApiKeyHeaderName = $apiKeyHeaderName;
}
protected $SessionCookieName;
protected $ApiKeyHeaderName;
public function __invoke(Request $request, RequestHandler $handler): Response
{
$routeContext = RouteContext::fromRequest($request);
$route = $routeContext->getRoute();
$routeName = $route->getName();
if (GROCY_MODE === 'dev' || GROCY_MODE === 'demo' || GROCY_MODE === 'prerelease' || GROCY_IS_EMBEDDED_INSTALL || GROCY_DISABLE_AUTH)
{
define('GROCY_AUTHENTICATED', true);
$response = $handler->handle($request);
}
else
{
$validSession = true;
$validApiKey = true;
$usedApiKey = null;
$sessionService = new SessionService();
if (!isset($_COOKIE[$this->SessionCookieName]) || !$sessionService->IsValidSession($_COOKIE[$this->SessionCookieName]))
{
$validSession = false;
}
$apiKeyService = new ApiKeyService();
// First check of the API key in the configured header
if (!$request->hasHeader($this->ApiKeyHeaderName) || !$apiKeyService->IsValidApiKey($request->getHeaderLine($this->ApiKeyHeaderName)))
{
$validApiKey = false;
}
else
{
$usedApiKey = $request->getHeaderLine($this->ApiKeyHeaderName);
}
// Not recommended, but it's also possible to provide the API key via a query parameter (same name as the configured header)
if (!$validApiKey && !empty($request->getQueryParam($this->ApiKeyHeaderName)) && $apiKeyService->IsValidApiKey($request->getQueryParam($this->ApiKeyHeaderName)))
{
$validApiKey = true;
$usedApiKey = $request->getQueryParam($this->ApiKeyHeaderName);
}
// Handling of special purpose API keys
if (!$validApiKey)
{
if ($routeName === 'calendar-ical')
{
if ($request->getQueryParam('secret') !== null && $apiKeyService->IsValidApiKey($request->getQueryParam('secret'), ApiKeyService::API_KEY_TYPE_SPECIAL_PURPOSE_CALENDAR_ICAL))
{
$validApiKey = true;
}
}
}
if (!$validSession && !$validApiKey)
{
define('GROCY_AUTHENTICATED', false);
$response = new \Slim\Psr7\Response(); // No content when unauthorized
$response = $response->withStatus(401);
}
elseif ($validApiKey)
{
$user = $apiKeyService->GetUserByApiKey($usedApiKey);
define('GROCY_AUTHENTICATED', true);
define('GROCY_USER_ID', $user->id);
$response = $handler->handle($request);
}
elseif ($validSession)
{
$user = $sessionService->GetUserBySessionKey($_COOKIE[$this->SessionCookieName]);
define('GROCY_AUTHENTICATED', true);
define('GROCY_USER_ID', $user->id);
$response = $handler->handle($request);
}
}
return $response;
}
}
Reference in New Issue View Git Blame Copy Permalink