Commit fccc53dc authored by François Agneray's avatar François Agneray
Browse files

Protected read (GET) for admin routes

parent 41c8352b
......@@ -22,6 +22,9 @@ $app->group('', function (RouteCollectorProxy $group) {
$group->map([OPTIONS, GET, POST], '/database', App\Action\DatabaseListAction::class);
$group->map([OPTIONS, GET, PUT, DELETE], '/database/{id}', App\Action\DatabaseAction::class);
$group->map([OPTIONS, GET], '/database/{id}/table', App\Action\TableListAction::class);
})->add(new App\Middleware\AdminMiddleware($container->get(SETTINGS)['token'], false));
$app->group('', function (RouteCollectorProxy $group) {
$group->map([OPTIONS, GET, POST], '/project', App\Action\ProjectListAction::class);
$group->map([OPTIONS, GET, PUT, DELETE], '/project/{name}', App\Action\ProjectAction::class);
$group->map([OPTIONS, GET, POST], '/instance', App\Action\InstanceListAction::class);
......@@ -51,7 +54,7 @@ $app->group('', function (RouteCollectorProxy $group) {
'/dataset/{name}/attribute/{id}/distinct',
App\Action\AttributeDistinctAction::class
);
})->add(new App\Middleware\AdminMiddleware($container->get(SETTINGS)['token']));
})->add(new App\Middleware\AdminMiddleware($container->get(SETTINGS)['token'], true));
$app->get('/search/{dname}', App\Action\SearchAction::class);
$app->get('/download-file/{dname}/[{fpath:.*}]', App\Action\DownloadFileAction::class);
......@@ -27,23 +27,33 @@ final class AdminMiddleware implements MiddlewareInterface
*/
private $settings;
/**
* If read === true method GET is authorized without permission
* If read === false method GET need token and permission
*
* @var bool
*/
private $read;
/**
* Create the classe before call process to execute this middleware
*
* @param array $settings Settings about token
* @param bool $read If true GET is authorized without token
*/
public function __construct(array $settings)
public function __construct(array $settings, bool $read)
{
$this->settings = $settings;
$this->read = $read;
}
public function process(Request $request, RequestHandler $handler): Response
{
if (
$request->getMethod() === OPTIONS
|| $request->getMethod() === GET
|| $this->settings['enabled'] === 0
) {
if ($request->getMethod() === OPTIONS || $this->settings['enabled'] === 0) {
return $handler->handle($request);
}
if ($this->read === true && $request->getMethod() === GET) {
return $handler->handle($request);
}
......
......@@ -94,19 +94,6 @@ final class AuthorizationMiddleware implements MiddlewareInterface
return $handler->handle($request->withAttribute('token', $token));
}
// private function getPublicKey(string $issuer, string $kid): string
// {
// $urlOpenIdConfiguration = $issuer . '/.well-known/openid-configuration';
// $openIdConfiguration = json_decode(file_get_contents($urlOpenIdConfiguration), true);
// $jwksUri = $openIdConfiguration['jwks_uri'];
// $jwks = json_decode(file_get_contents($jwksUri), true);
// foreach ($jwks['keys'] as $jwk) {
// if ($jwk['kid'] === $kid) {
// return $jwk['x5c'];
// }
// }
// }
private function getUnauthorizedResponse(string $message)
{
$resonse = new NyholmResponse();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment