2020-08-19 19:23:13 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Grocy\Middleware;
|
|
|
|
|
|
2020-08-31 20:40:31 +02:00
|
|
|
use Grocy\Services\SessionService;
|
2023-07-29 14:02:56 +02:00
|
|
|
use DI\Container;
|
2020-08-19 19:23:13 +02:00
|
|
|
use Psr\Http\Message\ResponseFactoryInterface;
|
|
|
|
|
use Psr\Http\Message\ResponseInterface as Response;
|
|
|
|
|
use Psr\Http\Message\ServerRequestInterface as Request;
|
|
|
|
|
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
|
|
|
|
|
use Slim\Routing\RouteContext;
|
|
|
|
|
|
|
|
|
|
abstract class AuthMiddleware extends BaseMiddleware
|
|
|
|
|
{
|
2023-07-29 14:02:56 +02:00
|
|
|
public function __construct(Container $container, ResponseFactoryInterface $responseFactory)
|
2020-08-29 16:41:27 +02:00
|
|
|
{
|
|
|
|
|
parent::__construct($container);
|
|
|
|
|
$this->ResponseFactory = $responseFactory;
|
|
|
|
|
}
|
2020-08-19 19:23:13 +02:00
|
|
|
|
2021-07-16 17:32:08 +02:00
|
|
|
protected $ResponseFactory;
|
|
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
public function __invoke(Request $request, RequestHandler $handler): Response
|
|
|
|
|
{
|
|
|
|
|
$routeContext = RouteContext::fromRequest($request);
|
|
|
|
|
$route = $routeContext->getRoute();
|
|
|
|
|
$routeName = $route->getName();
|
|
|
|
|
$isApiRoute = string_starts_with($request->getUri()->getPath(), '/api/');
|
2020-08-19 19:23:13 +02:00
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
if ($routeName === 'root')
|
|
|
|
|
{
|
|
|
|
|
return $handler->handle($request);
|
|
|
|
|
}
|
2020-09-01 21:29:47 +02:00
|
|
|
elseif ($routeName === 'login')
|
2020-08-29 16:41:27 +02:00
|
|
|
{
|
|
|
|
|
define('GROCY_AUTHENTICATED', false);
|
|
|
|
|
return $handler->handle($request);
|
|
|
|
|
}
|
2020-08-31 20:40:31 +02:00
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
if (GROCY_MODE === 'dev' || GROCY_MODE === 'demo' || GROCY_MODE === 'prerelease' || GROCY_IS_EMBEDDED_INSTALL || GROCY_DISABLE_AUTH)
|
|
|
|
|
{
|
|
|
|
|
$sessionService = SessionService::getInstance();
|
|
|
|
|
$user = $sessionService->GetDefaultUser();
|
2020-08-19 19:23:13 +02:00
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
define('GROCY_AUTHENTICATED', true);
|
|
|
|
|
define('GROCY_USER_USERNAME', $user->username);
|
2020-12-20 22:08:50 +01:00
|
|
|
define('GROCY_USER_PICTURE_FILE_NAME', $user->picture_file_name);
|
2020-08-19 19:23:13 +02:00
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
return $handler->handle($request);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$user = $this->authenticate($request);
|
2020-08-19 19:23:13 +02:00
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
if ($user === null)
|
|
|
|
|
{
|
|
|
|
|
define('GROCY_AUTHENTICATED', false);
|
2020-08-19 19:23:13 +02:00
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
$response = $this->ResponseFactory->createResponse();
|
2020-08-31 20:40:31 +02:00
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
if ($isApiRoute)
|
|
|
|
|
{
|
|
|
|
|
return $response->withStatus(401);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
2022-04-08 17:06:51 +02:00
|
|
|
return $response->withStatus(302)->withHeader('Location', $this->AppContainer->get('UrlManager')->ConstructUrl('/login'));
|
2020-08-29 16:41:27 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
define('GROCY_AUTHENTICATED', true);
|
|
|
|
|
define('GROCY_USER_ID', $user->id);
|
|
|
|
|
define('GROCY_USER_USERNAME', $user->username);
|
2020-12-20 22:08:50 +01:00
|
|
|
define('GROCY_USER_PICTURE_FILE_NAME', $user->picture_file_name);
|
2020-08-19 19:23:13 +02:00
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
return $response = $handler->handle($request);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-08-19 19:23:13 +02:00
|
|
|
|
2020-10-19 18:38:12 +02:00
|
|
|
protected static function SetSessionCookie($sessionKey)
|
|
|
|
|
{
|
|
|
|
|
// Cookie never expires, session validity is up to SessionService
|
|
|
|
|
setcookie(SessionService::SESSION_COOKIE_NAME, $sessionKey, PHP_INT_SIZE == 4 ? PHP_INT_MAX : PHP_INT_MAX >> 32);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @param array $postParams
|
|
|
|
|
* @return bool True/False if the provided credentials were valid
|
2021-03-31 21:12:51 +01:00
|
|
|
* @throws \Exception Throws an \Exception if an error happened during credentials processing or if this AuthMiddleware doesn't provide credentials processing (e. g. handles this externally)
|
2020-10-19 18:38:12 +02:00
|
|
|
*/
|
|
|
|
|
abstract public static function ProcessLogin(array $postParams);
|
|
|
|
|
|
2020-08-29 16:41:27 +02:00
|
|
|
/**
|
|
|
|
|
* @param Request $request
|
|
|
|
|
* @return mixed|null the user row or null if the request is not authenticated
|
|
|
|
|
* @throws \Exception Throws an \Exception if config is invalid.
|
|
|
|
|
*/
|
2020-09-01 21:29:47 +02:00
|
|
|
abstract protected function authenticate(Request $request);
|
2020-08-19 19:23:13 +02:00
|
|
|
}
|
