auth fix
This commit is contained in:
parent
254a2cf97a
commit
c961bc2c88
@ -5,7 +5,7 @@ RewriteCond %{HTTPS} off
|
||||
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
||||
|
||||
#token to HTTP_AUTHORIZATION
|
||||
RewriteCond %{HTTP:Authorization} ^(.)
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
|
||||
|
||||
# serve all files from public subfolder
|
||||
|
@ -52,8 +52,9 @@ class AuthManager {
|
||||
}
|
||||
|
||||
public function validateToken($token){
|
||||
$tokens = Db::loadAll('SELECT * FROM tokens WHERE token = ? AND expire >= CURRENT_TIMESTAMP AND blocked = 0;', array($token));
|
||||
if (count($tokens) == 1) {
|
||||
list($type, $hash) = explode(' ', $token);
|
||||
$tokens = Db::loadAll('SELECT * FROM tokens WHERE token = ? AND expire >= CURRENT_TIMESTAMP AND blocked = 0;', array($hash));
|
||||
if ($type == 'Bearer' && count($tokens) == 1) {
|
||||
return true;
|
||||
} else if (count($tokens) == 0) {
|
||||
return false;
|
||||
|
@ -20,7 +20,7 @@ class ApiController {
|
||||
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
|
||||
// TODO: call appropriate class/method
|
||||
$authManager = new AuthManager();
|
||||
$this->authenticated = $authManager>validateToken($_SERVER['HTTP_AUTHORIZATION']);
|
||||
$this->authenticated = $authManager->validateToken($_SERVER['HTTP_AUTHORIZATION']);
|
||||
if(!$this->authenticated){
|
||||
throw new Exception("Authorization required", 401);
|
||||
}
|
||||
|
@ -7,6 +7,10 @@ RewriteCond %{REQUEST_FILENAME} !.css
|
||||
RewriteCond %{REQUEST_FILENAME} !.js
|
||||
RewriteRule (.*) ./index.php?url=$1 [QSA,L]
|
||||
|
||||
#token to HTTP_AUTHORIZATION
|
||||
RewriteCond %{HTTP:Authorization} ^(.*)
|
||||
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]
|
||||
|
||||
RewriteCond %{HTTPS} off
|
||||
RewriteCond %{REQUEST_FILENAME} !api.php
|
||||
RewriteCond %{REQUEST_FILENAME} !apiFront.php
|
||||
|
Loading…
Reference in New Issue
Block a user