68 lines
1.9 KiB
PHP
68 lines
1.9 KiB
PHP
<?php
|
|
|
|
namespace Khofmann\Auth;
|
|
|
|
use Exception;
|
|
use Pecee\Http\Middleware\IMiddleware;
|
|
use Pecee\Http\Request;
|
|
use Khofmann\Models\User\User;
|
|
use Khofmann\Response\Response;
|
|
|
|
/**
|
|
* Middleware for admin authenticated routes
|
|
*/
|
|
class AdminAuth implements IMiddleware
|
|
{
|
|
/**
|
|
* Request handler
|
|
*
|
|
* Returns 401 if `token`is missing, no user is found with the `token`or user is not admin.
|
|
*
|
|
* Keeps session fresh if request is authenticated.
|
|
*
|
|
* @param Request $request Incoming request
|
|
*/
|
|
public function handle(Request $request): void
|
|
{
|
|
$token = $request->getHeader("token");
|
|
|
|
// No token
|
|
if ($token === null) {
|
|
Response::response()
|
|
->header("Cache-control: no-cache")
|
|
->header("Access-Control-Allow-Origin: *")
|
|
->header("Access-Control-Allow-Methods: *")
|
|
->header("Access-Control-Allow-Headers: *")
|
|
->httpCode(401)
|
|
->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
|
|
}
|
|
|
|
try {
|
|
// Get user
|
|
$user = User::getByToken($token);
|
|
// Check if user is admin
|
|
if (!$user->getIsAdmin()) {
|
|
Response::response()
|
|
->header("Cache-control: no-cache")
|
|
->header("Access-Control-Allow-Origin: *")
|
|
->header("Access-Control-Allow-Methods: *")
|
|
->header("Access-Control-Allow-Headers: *")
|
|
->httpCode(401)
|
|
->json(["code" => "NotAllowed", "message" => "Not Authorized"]);
|
|
}
|
|
|
|
// Keep fresh
|
|
$user->keepFresh();
|
|
} catch (Exception $err) {
|
|
// No user with this token exists
|
|
Response::response()
|
|
->header("Cache-control: no-cache")
|
|
->header("Access-Control-Allow-Origin: *")
|
|
->header("Access-Control-Allow-Methods: *")
|
|
->header("Access-Control-Allow-Headers: *")
|
|
->httpCode(401)
|
|
->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
|
|
}
|
|
}
|
|
}
|