gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-10-04 15:12:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add slim middleware for authenticating with session

Browse Source
This commit is contained in:
Uwe Steinmann 2023-01-01 19:58:28 +01:00
parent 7202d85e55
commit 5bd69596c9
1 changed files with 73 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
inc/inc.ClassAuthenticationMiddleware.php Normal file
View File

@ -0,0 +1,73 @@
<?php
/* Middleware for authentication based on session */
class SeedDMS_Auth_Middleware_Session { /* {{{ */
private $container;
public function __construct($container) {
$this->container = $container;
}
/**
* Example middleware invokable class
*
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @param \Psr\Http\Message\ResponseInterface $response PSR7 response
* @param callable $next Next middleware
*
* @return \Psr\Http\Message\ResponseInterface
*/
public function __invoke($request, $response, $next) {
// $this->container has the DI
$dms = $this->container->dms;
$settings = $this->container->config;
$logger = $this->container->logger;
$userobj = null;
if($this->container->has('userobj'))
$userobj = $this->container->userobj;
if($userobj) {
$response = $next($request, $response);
return $response;
}
$logger->log("Invoke middleware for method ".$request->getMethod()." on '".$request->getUri()->getPath()."'", PEAR_LOG_INFO);
require_once("inc/inc.ClassSession.php");
$session = new SeedDMS_Session($dms->getDb());
if (isset($_COOKIE["mydms_session"])) {
$dms_session = $_COOKIE["mydms_session"];
$logger->log("Session key: ".$dms_session, PEAR_LOG_DEBUG);
if(!$resArr = $session->load($dms_session)) {
/* Delete Cookie */
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot);
$logger->log("Session for id '".$dms_session."' has gone", PEAR_LOG_ERR);
return $response->withStatus(403);
}
/* Load user data */
$userobj = $dms->getUser($resArr["userID"]);
if (!is_object($userobj)) {
/* Delete Cookie */
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot);
if($settings->_enableGuestLogin) {
if(!($userobj = $dms->getUser($settings->_guestID)))
return $response->withStatus(403);
} else
return $response->withStatus(403);
}
if($userobj->isAdmin()) {
if($resArr["su"]) {
if(!($userobj = $dms->getUser($resArr["su"])))
return $response->withStatus(403);
}
}
$dms->setUser($userobj);
} else {
return $response->withStatus(403);
}
$this->container['userobj'] = $userobj;
$response = $next($request, $response);
return $response;
}
} /* }}} */