Protected read (GET) for admin routes

app/routes.php

@@ -22,6 +22,9 @@ $app->group('', function (RouteCollectorProxy $group) {
     $group->map([OPTIONS, GET, POST], '/database', App\Action\DatabaseListAction::class);
     $group->map([OPTIONS, GET, PUT, DELETE], '/database/{id}', App\Action\DatabaseAction::class);
     $group->map([OPTIONS, GET], '/database/{id}/table', App\Action\TableListAction::class);
+})->add(new App\Middleware\AdminMiddleware($container->get(SETTINGS)['token'], false));
+
+$app->group('', function (RouteCollectorProxy $group) {
     $group->map([OPTIONS, GET, POST], '/project', App\Action\ProjectListAction::class);
     $group->map([OPTIONS, GET, PUT, DELETE], '/project/{name}', App\Action\ProjectAction::class);
     $group->map([OPTIONS, GET, POST], '/instance', App\Action\InstanceListAction::class);
@@ -51,7 +54,7 @@ $app->group('', function (RouteCollectorProxy $group) {
         '/dataset/{name}/attribute/{id}/distinct',
         App\Action\AttributeDistinctAction::class
     );
-})->add(new App\Middleware\AdminMiddleware($container->get(SETTINGS)['token']));
+})->add(new App\Middleware\AdminMiddleware($container->get(SETTINGS)['token'], true));
 
 $app->get('/search/{dname}', App\Action\SearchAction::class);
 $app->get('/download-file/{dname}/[{fpath:.*}]', App\Action\DownloadFileAction::class);

src/Middleware/AdminMiddleware.php

@@ -27,23 +27,33 @@ final class AdminMiddleware implements MiddlewareInterface
      */
     private $settings;
 
+    /**
+     * If read === true method GET is authorized without permission
+     * If read === false method GET need token and permission
+     *
+     * @var bool
+     */
+    private $read;
+
     /**
      * Create the classe before call process to execute this middleware
      *
      * @param array $settings Settings about token
+     * @param bool  $read     If true GET is authorized without token
      */
-    public function __construct(array $settings)
+    public function __construct(array $settings, bool $read)
     {
         $this->settings = $settings;
+        $this->read = $read;
     }
 
     public function process(Request $request, RequestHandler $handler): Response
     {
-        if (
-            $request->getMethod() === OPTIONS
-            || $request->getMethod() === GET
-            || $this->settings['enabled'] === 0
-        ) {
+        if ($request->getMethod() === OPTIONS || $this->settings['enabled'] === 0) {
+            return $handler->handle($request);
+        }
+
+        if ($this->read === true && $request->getMethod() === GET) {
             return $handler->handle($request);
         }
 

src/Middleware/AuthorizationMiddleware.php

@@ -94,19 +94,6 @@ final class AuthorizationMiddleware implements MiddlewareInterface
         return $handler->handle($request->withAttribute('token', $token));
     }
 
-    // private function getPublicKey(string $issuer, string $kid): string
-    // {
-    //     $urlOpenIdConfiguration = $issuer . '/.well-known/openid-configuration';
-    //     $openIdConfiguration = json_decode(file_get_contents($urlOpenIdConfiguration), true);
-    //     $jwksUri = $openIdConfiguration['jwks_uri'];
-    //     $jwks = json_decode(file_get_contents($jwksUri), true);
-    //     foreach ($jwks['keys'] as $jwk) {
-    //         if ($jwk['kid'] === $kid) {
-    //             return $jwk['x5c'];
-    //         }
-    //     }
-    // }
-
     private function getUnauthorizedResponse(string $message)
     {
         $resonse = new NyholmResponse();