arifsetiawan · May 30, 2014 03:32
diff --git a/Acl.php b/Acl.php
 <?php

 //
 // Here, we define route and its auth requirements
 function getAcl() {

  $acls = array(
      "/secret"    => array("member"),
      "/moresecret" => array("member","subscribe")
  );

  return $acls;
 };
diff --git a/Auth.php b/Auth.php
 <?php

 namespace Middleware\Auth;

 //
 // Auth middleware
 class AuthMiddleware extends \Slim\Middleware
 {
  protected $acl;

  public function __construct($acl)
  {
    $this->acl = $acl;
  }

  public function call()
  {
    $this->app->hook('slim.before.dispatch', array($this, 'onBeforeDispatch'));

    $this->next->call();
  }

  public function onBeforeDispatch()
  {
    $route = $this->app->router()->getCurrentRoute()->getPattern();
    $params = $this->app->request->params();

    $this->checkAcl($route,$params);
  }

  protected function checkAcl($route, $params) {

    // brute function to check each route then get its acl requirements
    foreach ($this->acl as $key => $value) {

      // full string match. consider also other substring match possibility
      if ($key == $route) {
        $this->app->log->debug('Check ACL');

        foreach ($value as $acl) {
          
          // check if valid member
          if ($acl == 'member') {

            if (!isset($params['token'])) {
              endResponse(403, 'Error', 'Invalid credentials. No token are provided.', null, $this->app);
            }

            if ($params['token'] != 'aMxRfN0TjOc9UzUmG3SgtMvv02E7FhoK') {
              endResponse(403, 'Error', 'Invalid token. Perhaps expired.', null, $this->app);
            }
          }

          // check if valid subscriber
          if ($acl == 'subscribe') {
            $this->app->log->debug('Check Subscription');
          }

        } // each acl values

      } 

    } // each route in acl
  }

 }
diff --git a/index.php b/index.php
 <?php
 error_reporting(E_ALL | E_STRICT);

 // 
 // Require modules
 require 'Slim/Slim.php';
 \Slim\Slim::registerAutoloader();

 require 'Slim/Log.php';
 require 'Middleware/auth.php';
 require 'Slim/Extras/Log/DateTimeFileWriter.php';
 require 'Lib/Utils.php';
 require 'Lib/Acl.php';

 //
 // Init Slim
 $app = new \Slim\Slim(array(
    'debug' => true,
    'log.writer' => new \Slim\Extras\Log\DateTimeFileWriter(array(
        'path' => './logs',
        'name_format' => 'Y-m-d',
        'message_format' => '%label% - %date% - %message%'
    ))
 ));
 $app->add(new \Middleware\Auth\AuthMiddleware(getAcl()));

 //
 // Routes

 // Home
 $app->get('/',function () use ($app) {
  $app->log->debug('root');
  endResponse(200, 'OK', 'Welcome to API!', null, $app);
 });

 // Auth
 $app->post('/login', function () use ($app) {
  $body = $app->request->post();

  if (!(isset($body['username']) && isset($body['password']))) {
    endResponse(403, 'Error', 'Required field is missing.', null, $app);
  }

  if ($body['username'] == 'bill' && $body['password'] == 'kill') {
    $data['token'] = 'aMxRfN0TjOc9UzUmG3SgtMvv02E7FhoK';
    endResponse(200, 'OK', 'Login OK', $data, $app);
  }
  else {
    endResponse(403, 'Error', 'Invalid credentials.', null, $app);
  }

 });

 // Auth-only resources
 $app->get('/secret', function () use ($app) {

  $data['secret'] = 'This is super secret information available only to you!!';
  endResponse(200, 'OK', 'Secret is here!!', $data, $app);
 });

 // Auth-only with Subscription resources
 $app->get('/moresecret', function () use ($app) {

  $data['secret'] = 'This is super subscriber secret information available only to you!!';
  endResponse(200, 'OK', 'Subscriber Secret is here!!', $data, $app);
 });

 //
 // Run
 $app->run();
diff --git a/slim-middleware.md b/slim-middleware.md
diff --git a/Utils.php b/Utils.php
 <?php

 //
 // Send JSON data and end slim request using halt()
 function endResponse($code, $status, $message, $data, $app) {
  $result['status'] = $status;
  $result['message'] = $message;
  if (isset($data)) {
    $result['data'] = $data;
  }
  $app->halt($code, json_encode($result));
 };
	<?php

	//
	// Here, we define route and its auth requirements
	function getAcl() {

	$acls = array(
	"/secret" => array("member"),
	"/moresecret" => array("member","subscribe")
	);

	return $acls;
	};
	<?php

	namespace Middleware\Auth;

	//
	// Auth middleware
	class AuthMiddleware extends \Slim\Middleware
	{
	protected $acl;

	public function __construct($acl)
	{
	$this->acl = $acl;
	}

	public function call()
	{
	$this->app->hook('slim.before.dispatch', array($this, 'onBeforeDispatch'));

	$this->next->call();
	}

	public function onBeforeDispatch()
	{
	$route = $this->app->router()->getCurrentRoute()->getPattern();
	$params = $this->app->request->params();

	$this->checkAcl($route,$params);
	}

	protected function checkAcl($route, $params) {

	// brute function to check each route then get its acl requirements
	foreach ($this->acl as $key => $value) {

	// full string match. consider also other substring match possibility
	if ($key == $route) {
	$this->app->log->debug('Check ACL');

	foreach ($value as $acl) {

	// check if valid member
	if ($acl == 'member') {

	if (!isset($params['token'])) {
	endResponse(403, 'Error', 'Invalid credentials. No token are provided.', null, $this->app);
	}

	if ($params['token'] != 'aMxRfN0TjOc9UzUmG3SgtMvv02E7FhoK') {
	endResponse(403, 'Error', 'Invalid token. Perhaps expired.', null, $this->app);
	}
	}

	// check if valid subscriber
	if ($acl == 'subscribe') {
	$this->app->log->debug('Check Subscription');
	}

	} // each acl values

	}

	} // each route in acl
	}

	}
	<?php
	error_reporting(E_ALL \| E_STRICT);

	//
	// Require modules
	require 'Slim/Slim.php';
	\Slim\Slim::registerAutoloader();

	require 'Slim/Log.php';
	require 'Middleware/auth.php';
	require 'Slim/Extras/Log/DateTimeFileWriter.php';
	require 'Lib/Utils.php';
	require 'Lib/Acl.php';

	//
	// Init Slim
	$app = new \Slim\Slim(array(
	'debug' => true,
	'log.writer' => new \Slim\Extras\Log\DateTimeFileWriter(array(
	'path' => './logs',
	'name_format' => 'Y-m-d',
	'message_format' => '%label% - %date% - %message%'
	))
	));
	$app->add(new \Middleware\Auth\AuthMiddleware(getAcl()));

	//
	// Routes

	// Home
	$app->get('/',function () use ($app) {
	$app->log->debug('root');
	endResponse(200, 'OK', 'Welcome to API!', null, $app);
	});

	// Auth
	$app->post('/login', function () use ($app) {
	$body = $app->request->post();

	if (!(isset($body['username']) && isset($body['password']))) {
	endResponse(403, 'Error', 'Required field is missing.', null, $app);
	}

	if ($body['username'] == 'bill' && $body['password'] == 'kill') {
	$data['token'] = 'aMxRfN0TjOc9UzUmG3SgtMvv02E7FhoK';
	endResponse(200, 'OK', 'Login OK', $data, $app);
	}
	else {
	endResponse(403, 'Error', 'Invalid credentials.', null, $app);
	}

	});

	// Auth-only resources
	$app->get('/secret', function () use ($app) {

	$data['secret'] = 'This is super secret information available only to you!!';
	endResponse(200, 'OK', 'Secret is here!!', $data, $app);
	});

	// Auth-only with Subscription resources
	$app->get('/moresecret', function () use ($app) {

	$data['secret'] = 'This is super subscriber secret information available only to you!!';
	endResponse(200, 'OK', 'Subscriber Secret is here!!', $data, $app);
	});

	//
	// Run
	$app->run();
	<?php

	//
	// Send JSON data and end slim request using halt()
	function endResponse($code, $status, $message, $data, $app) {
	$result['status'] = $status;
	$result['message'] = $message;
	if (isset($data)) {
	$result['data'] = $data;
	}
	$app->halt($code, json_encode($result));
	};