feat(demo): add story 1 — Sorano: Rock and Time
This commit is contained in:
@@ -0,0 +1,78 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Grav\Plugin\Api\Middleware;
|
||||
|
||||
use Grav\Common\Config\Config;
|
||||
use Grav\Common\Grav;
|
||||
use Grav\Plugin\Api\Auth\ApiKeyAuthenticator;
|
||||
use Grav\Plugin\Api\Auth\AuthenticatorInterface;
|
||||
use Grav\Plugin\Api\Auth\JwtAuthenticator;
|
||||
use Grav\Plugin\Api\Auth\SessionAuthenticator;
|
||||
use Grav\Plugin\Api\Exceptions\UnauthorizedException;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
class AuthMiddleware
|
||||
{
|
||||
/** @var AuthenticatorInterface[] */
|
||||
protected array $authenticators = [];
|
||||
|
||||
public function __construct(
|
||||
protected readonly Grav $grav,
|
||||
protected readonly Config $config,
|
||||
) {
|
||||
$this->buildAuthenticatorChain();
|
||||
}
|
||||
|
||||
public function processRequest(ServerRequestInterface $request): ServerRequestInterface
|
||||
{
|
||||
// Try each authenticator in order
|
||||
foreach ($this->authenticators as $authenticator) {
|
||||
$user = $authenticator->authenticate($request);
|
||||
if ($user !== null) {
|
||||
return $request->withAttribute('api_user', $user);
|
||||
}
|
||||
}
|
||||
|
||||
throw new UnauthorizedException(
|
||||
'No valid authentication credentials provided. Use an API key, JWT token, or active session.'
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Optimistic authentication for public routes: attach api_user when valid
|
||||
* credentials are supplied, continue as guest otherwise. Lets public
|
||||
* endpoints return richer, permission-filtered responses to logged-in
|
||||
* callers without requiring auth from anonymous ones.
|
||||
*/
|
||||
public function processOptional(ServerRequestInterface $request): ServerRequestInterface
|
||||
{
|
||||
foreach ($this->authenticators as $authenticator) {
|
||||
$user = $authenticator->authenticate($request);
|
||||
if ($user !== null) {
|
||||
return $request->withAttribute('api_user', $user);
|
||||
}
|
||||
}
|
||||
|
||||
return $request;
|
||||
}
|
||||
|
||||
protected function buildAuthenticatorChain(): void
|
||||
{
|
||||
// API Key is fastest to check - try first
|
||||
if ($this->config->get('plugins.api.auth.api_keys_enabled', true)) {
|
||||
$this->authenticators[] = new ApiKeyAuthenticator($this->grav);
|
||||
}
|
||||
|
||||
// JWT is next
|
||||
if ($this->config->get('plugins.api.auth.jwt_enabled', true)) {
|
||||
$this->authenticators[] = new JwtAuthenticator($this->grav, $this->config);
|
||||
}
|
||||
|
||||
// Session passthrough is last (requires existing session)
|
||||
if ($this->config->get('plugins.api.auth.session_enabled', true)) {
|
||||
$this->authenticators[] = new SessionAuthenticator($this->grav);
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user