Note :
You must return "allowed" key into the array in this way CrowPHP would validate the middleware. if you do not specify this key, CrowPHP will put this key for you but it wont validate.
If you need create a Rest API authentication with user and password, CrowPHP give you a library 'Auth' class.
<?php
$host = "http://localhost/CrowPHP/rest";
$username = "username";
$password = "password";
$additionalHeaders = "";
/*Header for Digest method*/
//$additionalHeaders = 'Authorization:Digest ' . md5( $username . ":" . $password );
/*Header for Basic method*/
//$additionalHeaders = 'Authorization:Basic ' . base64_encode( $username . ":" . $password );
$process = curl_init($host);
curl_setopt($process, CURLOPT_HTTPHEADER, array('Content-Type: application/json', $additionalHeaders));//if you send the request by header, you need use this curl_setopt and additionalHeaders with the user and password
curl_setopt($process, CURLOPT_HEADER, false); //TRUE include header in the output.
curl_setopt($process, CURLOPT_TIMEOUT, 30); //Seconds permitted for execute cURL function.
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);//TRUE return result of transfer as string of curl_exec() value instead show directly.
$return = curl_exec($process);
/*Print Result*/
Factory::printer($return);
curl_close($process);
?><?php
$host = "http://localhost/CrowPHP/rest";
$username = "username";
$password = "password";
$process = curl_init($host);
curl_setopt($process, CURLOPT_HEADER, false); //TRUE include header in the output.
curl_setopt($process, CURLOPT_TIMEOUT, 30); //Seconds permitted for execute cURL function.
/*Note: if you want to use POST request, please comment the CURLOPT_HTTPHEADER.*/
$data = array("auth_user_name"=>"username","auth_pass_word"=>"password","extra"=>array(1,2,3,4,5));
$data = http_build_query($data);
/*OR*/
//$data = "auth_user_name=username&auth_pass_word=password";
curl_setopt($process, CURLOPT_POST, true);//to indicate if you'll do a post
curl_setopt($process, CURLOPT_POSTFIELDS, $data);//is necessary send the data with this curl_setopt if you going to use POST request.
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);//TRUE return result of transfer as string of curl_exec() value instead show directly.
$return = curl_exec($process);
/*Print Result*/
Factory::printer($return);
curl_close($process);
?>HOST SERVER
You must put all authentication code into try-catch. As the previous example
<?php
try{
/*Create object with HOST credential*/
$response = false;
$std = new stdClass();
$std->host = "localhost";
$std->username = "username";
$std->password = "password";
/*instance of Auth Class and send object*/
$auth = new lib\http\Auth($std);
/*
* There are two methods permitted in this Auth class 'Digest' and 'Basic'
* 'Digest' uses md5 encode credential and 'Basic' base64. it will depends which you need to use
*/
//$response = $auth->authDigest();
/* Or */
//$response = $auth->authBasic();
/*Theses methods return a bool value, TRUE or FALSE */
$msg = ($response) ? "Open" : "Close";
return array("response" => $msg, "status"=>$response);
} catch (RuntimeException $rexc) {
return array("response" => $rexc->getMessage(), "status"=>false);
}
?>POST HOST SERVER
<?php
try{
/*Create object with HOST credential*/
$response = false;
$std = new stdClass();
$std->host = "localhost";
$std->username = "username";
$std->password = "password";
/*instance of Auth Class and send object*/
$auth = new lib\http\Auth($std);
/*
* There is another method for Auth class.
* Using POST method you can validate an 'username' and 'password'.
* the request must define two params
* -auth_user_name
* -auth_pass_word
*/
$response = $auth->authPost();
/*
* If you want to get the params have been sent use this method
* Note: if the params are not defined, this method will return a NULL value
*/
//$object = $auth->postInput();
/*Theses methods return a bool value, TRUE or FALSE */
$msg = ($response) ? "Open" : "Close";
return array("response" => $msg, "status"=>$response);
} catch (RuntimeException $rexc) {
return array("response" => $rexc->getMessage(), "status"=>false);
}
?>CrowPHP also implements a http validation with middlewares, How we use :
There are a structure directories into lib/http/middleware
<?php
namespace lib\http\middleware;
abstract class Filter {
/**
* @var array
*/
protected static $filters = array(
/*Route*/ /*classes and params*/
"auth" => array(
"class" => array(
/*class name*/ /*class params (must be array)*/
"AuthBasic" => array(
"host" => "localhost",
"username" => "username",
"password" => "password"
),
/*class name*/ /*class params (must be array)*/
"Key" => array ("key" => "e10adc3949ba59abbe56e057f20f883e")
)
)
);
}
?>This abstract class has a protected attribute where is define all validation roles.
Note : you must define array value although it empty.
You can add multiple class like example or only one for some request.
<?php
namespace lib\http\middleware\roles;
use lib\http\middleware\IRole;
use lib\http\Auth;
use RuntimeException;
use stdClass;
class AuthDigest implements IRole
{
/**
* @param stdClass|null $object
* @return array
*/
public function handle(stdClass $object = null)
{
$response = array();
try {
$auth = new Auth($object);
$responseAuth = $auth->authDigest();
$response["text"] = ( $responseAuth ) ? "This request is allowed in Digest" : "Please verify the credentials in Digest";
$response["allowed"] = $responseAuth;
} catch (RuntimeException $rExec) {
$response["text"] = $rExec->getMessage();
$response["allowed"] = false;
}
return $response;
}
}
?>We include for you some authentication classes and we will use as example.
All roles must implement IRole interface. In this class you should write a function validation and return an array with necessary key.
You must return "allowed" key into the array in this way CrowPHP would validate the middleware. if you do not specify this key, CrowPHP will put this key for you but it wont validate.
<?php
namespace lib\http\middleware\roles;
use lib\http\middleware\IRole;
use stdClass;
class Key implements IRole
{
public function handle(stdClass $object = null)
{
$response = array(
"text" => "key not found",
"allowed" => false
);
if ( $object->key == "e10adc3949ba59abbe56e057f20f883e" ) {
$response["text"] = "key found";
$response["allowed"] = true;
}
return $response;
}
}
?>In this example we can see a custom role where is validate some key.
You can create all validation class do you need as this example and specify into Filter.php
If you want do a petition from different host that you server-side host, CORS is present. For this case you can define annotation or value into @Routing annotation that you permitte handle this request
<?php
/**
* @Routing[value=example,allowedHost=http://localhost,allowedMethod=OPTIONS:POST,type=json]
*/
public function example(){
}
?>
In this case we can see two values defined into @Routing :
-allowedHost
-allowedMethod
with allowedHost we could limit all request to this method from the host,
if another host is going to trying access to this method automatically the request will be destroy.
it is going to responding a 403 Forbidden.
There are three methods allowed into CORS Request 'OPTIONS,POST,GET', if you want limit the request by any this method must specify into allowedMethod.
The same way if the request does not have one of this method the request will be destroy.
it is going to responding a 403 Forbidden.
Note : you can put more than one method separating them with ':' like this :
@allowedMethod=OPTIONS:POST
If you do not want specify one Host for each method, you can define the host in the class header like this :
<?php
/**
* @allowedHost[host=http://localhost:3000]
*/
class SampleController extends Acontroller {
}
?>
Note : you can put more than one host separating them with '||' like this :
@allowedHost[host=http://localhost:3000||http://localhost]