nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Allow authorization handler to disable openapi (#712) 

Adds a new authorization middleware config option:

    'authorization.allowOpenApiAccessHandler' => function () {
        return false;
    },

Returning false from this operation will disable the OpenAPI endpoint

Fixes #672
Florian Orben 3 years ago
parent
2122cf5d92
commit
220a7d795f
No account linked to committer's email address
3 changed files with 32 additions and 1 deletions
Split View Show Diff Stats
  1. 8
    1
      README.md
  2. 12
    0
      api.php
  3. 12
    0
      src/Tqdev/PhpCrudApi/Middleware/AuthorizationMiddleware.php

+ 8
- 1
README.md View File 

@@ -665,6 +665,7 @@ You can tune the middleware behavior using middleware specific configuration par
665 665 
 - "reconnect.passwordHandler": Handler to implement retrieval of the database password ("")
666 666 
 - "authorization.tableHandler": Handler to implement table authorization rules ("")
667 667 
 - "authorization.columnHandler": Handler to implement column authorization rules ("")
668 
+- "authorization.pathHandler": Handler to implement path authorization rules ("")
668 669 
 - "authorization.recordHandler": Handler to implement record authorization filter rules ("")
669 670 
 - "validation.handler": Handler to implement validation rules for input values ("")
670 671 
 - "validation.types": Types to enable type validation for, empty means 'none' ("all")
 
@@ -852,7 +853,7 @@ Add the "columns" controller in the configuration to enable this functionality.
852 853
853 854 
 ### Authorizing tables, columns and records
854 855
855 
-By default all tables and columns are accessible. If you want to restrict access to some tables you may add the 'authorization' middleware
856 
+By default all tables, columns and paths are accessible. If you want to restrict access to some tables you may add the 'authorization' middleware
856 857 
 and define a 'authorization.tableHandler' function that returns 'false' for these tables.
857 858
858 859 
     'authorization.tableHandler' => function ($operation, $tableName) {
 
@@ -874,6 +875,12 @@ The above example will restrict access to the 'password' field of the 'users' ta
874 875 
 The above example will disallow access to user records where the username is 'admin'.
875 876 
 This construct adds a filter to every executed query.
876 877
878 
+    'authorization.pathHandler' => function ($path) {
879 
+        return $path === 'openapi' ? false : true;
880 
+    },
881 
+
882 
+The above example will disabled the `/openapi` route.
883 
+
877 884 
 NB: You need to handle the creation of invalid records with a validation (or sanitation) handler.
878 885
879 886 
 ### SQL GRANT authorization

+ 12
- 0
api.php View File 

@@ -7164,6 +7164,7 @@ namespace Tqdev\PhpCrudApi\Middleware {
7164 7164 
     use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
7165 7165 
     use Tqdev\PhpCrudApi\Middleware\Communication\VariableStore;
7166 7166 
     use Tqdev\PhpCrudApi\Middleware\Router\Router;
7167 
+    use Tqdev\PhpCrudApi\Record\ErrorCode;
7167 7168 
     use Tqdev\PhpCrudApi\Record\FilterInfo;
7168 7169 
     use Tqdev\PhpCrudApi\RequestUtils;
7169 7170 
 
@@ -7225,9 +7226,20 @@ namespace Tqdev\PhpCrudApi\Middleware {
7225 7226 
             }
7226 7227 
         }
7227 7228
7229 
+        private function pathHandler(string $path) /*: bool*/
7230 
+        {
7231 
+            $pathHandler = $this->getProperty('pathHandler', '');
7232 
+            return $pathHandler ? call_user_func($pathHandler, $path) : true;
7233 
+        }
7234 
+
7228 7235 
         public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
7229 7236 
         {
7230 7237 
             $path = RequestUtils::getPathSegment($request, 1);
7238 
+
7239 
+            if (!$this->pathHandler($path)) {
7240 
+                return $this->responder->error(ErrorCode::ROUTE_NOT_FOUND, $request->getUri()->getPath());
7241 
+            }
7242 
+
7231 7243 
             $operation = RequestUtils::getOperation($request);
7232 7244 
             $tableNames = RequestUtils::getTableNames($request, $this->reflection);
7233 7245 
             foreach ($tableNames as $tableName) {

+ 12
- 0
src/Tqdev/PhpCrudApi/Middleware/AuthorizationMiddleware.php View File 

@@ -10,6 +10,7 @@ use Tqdev\PhpCrudApi\Controller\Responder;
10 10 
 use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
11 11 
 use Tqdev\PhpCrudApi\Middleware\Communication\VariableStore;
12 12 
 use Tqdev\PhpCrudApi\Middleware\Router\Router;
13 
+use Tqdev\PhpCrudApi\Record\ErrorCode;
13 14 
 use Tqdev\PhpCrudApi\Record\FilterInfo;
14 15 
 use Tqdev\PhpCrudApi\RequestUtils;
15 16 
 
@@ -71,9 +72,20 @@ class AuthorizationMiddleware extends Middleware
71 72 
         }
72 73 
     }
73 74
75 
+    private function pathHandler(string $path) /*: bool*/
76 
+    {
77 
+        $pathHandler = $this->getProperty('pathHandler', '');
78 
+        return $pathHandler ? call_user_func($pathHandler, $path) : true;
79 
+    }
80 
+
74 81 
     public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
75 82 
     {
76 83 
         $path = RequestUtils::getPathSegment($request, 1);
84 
+
85 
+        if (!$this->pathHandler($path)) {
86 
+            return $this->responder->error(ErrorCode::ROUTE_NOT_FOUND, $request->getUri()->getPath());
87 
+        }
88 
+
77 89 
         $operation = RequestUtils::getOperation($request);
78 90 
         $tableNames = RequestUtils::getTableNames($request, $this->reflection);
79 91 
         foreach ($tableNames as $tableName) {

Write Preview
Loading…
Cancel
Save