Protected read (GET) for admin routes

fccc53dc · François Agneray · 41c8352b · fccc53dc · fccc53dc · fccc53dc
Commit fccc53dc authored Nov 30, 2020 by François Agneray
Showing with 20 additions and 20 deletions

app/routes.php app/routes.php +4 -1

src/Middleware/AdminMiddleware.php src/Middleware/AdminMiddleware.php +16 -6

src/Middleware/AuthorizationMiddleware.php src/Middleware/AuthorizationMiddleware.php +0 -13

No files found.
--- a/app/routes.php
+++ b/app/routes.php
@@ -22,6 +22,9 @@ $app->group('', function (RouteCollectorProxy $group) {
    $group->map([OPTIONS, GET, POST], '/database', App\Action\DatabaseListAction::class);
    $group->map([OPTIONS, GET, PUT, DELETE], '/database/{id}', App\Action\DatabaseAction::class);
    $group->map([OPTIONS, GET], '/database/{id}/table', App\Action\TableListAction::class);
+})->add(new App\Middleware\AdminMiddleware($container->get(SETTINGS)['token'], false));
+
+$app->group('', function (RouteCollectorProxy $group) {
    $group->map([OPTIONS, GET, POST], '/project', App\Action\ProjectListAction::class);
    $group->map([OPTIONS, GET, PUT, DELETE], '/project/{name}', App\Action\ProjectAction::class);
    $group->map([OPTIONS, GET, POST], '/instance', App\Action\InstanceListAction::class);
@@ -51,7 +54,7 @@ $app->group('', function (RouteCollectorProxy $group) {
        '/dataset/{name}/attribute/{id}/distinct',
        App\Action\AttributeDistinctAction::class
    );
-})->add(new App\Middleware\AdminMiddleware($container->get(SETTINGS)['token']));
+})->add(new App\Middleware\AdminMiddleware($container->get(SETTINGS)['token'], true));

 $app->get('/search/{dname}', App\Action\SearchAction::class);
 $app->get('/download-file/{dname}/[{fpath:.*}]', App\Action\DownloadFileAction::class);
--- a/src/Middleware/AdminMiddleware.php
+++ b/src/Middleware/AdminMiddleware.php
@@ -27,23 +27,33 @@ final class AdminMiddleware implements MiddlewareInterface
     */
    private $settings;

+    /**
+     * If read === true method GET is authorized without permission
+     * If read === false method GET need token and permission
+     *
+     * @var bool
+     */
+    private $read;
+
    /**
     * Create the classe before call process to execute this middleware
     *
     * @param array $settings Settings about token
+     * @param bool  $read     If true GET is authorized without token
     */
-    public function __construct(array $settings)
+    public function __construct(array $settings, bool $read)
    {
        $this->settings = $settings;
+        $this->read = $read;
    }

    public function process(Request $request, RequestHandler $handler): Response
    {
-        if (
-            $request->getMethod() === OPTIONS
-            || $request->getMethod() === GET
-            || $this->settings['enabled'] === 0
-        ) {
+        if ($request->getMethod() === OPTIONS || $this->settings['enabled'] === 0) {
+            return $handler->handle($request);
+        }
+
+        if ($this->read === true && $request->getMethod() === GET) {
            return $handler->handle($request);
        }


--- a/src/Middleware/AuthorizationMiddleware.php
+++ b/src/Middleware/AuthorizationMiddleware.php
@@ -94,19 +94,6 @@ final class AuthorizationMiddleware implements MiddlewareInterface
        return $handler->handle($request->withAttribute('token', $token));
    }

-    // private function getPublicKey(string $issuer, string $kid): string
-    // {
-    //     $urlOpenIdConfiguration = $issuer . '/.well-known/openid-configuration';
-    //     $openIdConfiguration = json_decode(file_get_contents($urlOpenIdConfiguration), true);
-    //     $jwksUri = $openIdConfiguration['jwks_uri'];
-    //     $jwks = json_decode(file_get_contents($jwksUri), true);
-    //     foreach ($jwks['keys'] as $jwk) {
-    //         if ($jwk['kid'] === $kid) {
-    //             return $jwk['x5c'];
-    //         }
-    //     }
-    // }
-
    private function getUnauthorizedResponse(string $message)
    {
        $resonse = new NyholmResponse();