Added dbAuth middleware

src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php

@@ -0,0 +1,79 @@
+<?php
+namespace Tqdev\PhpCrudApi\Middleware;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Tqdev\PhpCrudApi\Column\ReflectionService;
+use Tqdev\PhpCrudApi\Controller\Responder;
+use Tqdev\PhpCrudApi\Database\GenericDB;
+use Tqdev\PhpCrudApi\Middleware\Base\Middleware;
+use Tqdev\PhpCrudApi\Middleware\Router\Router;
+use Tqdev\PhpCrudApi\Record\Condition\ColumnCondition;
+use Tqdev\PhpCrudApi\Record\ErrorCode;
+use Tqdev\PhpCrudApi\RequestUtils;
+
+class DbAuthMiddleware extends Middleware
+{
+    private $reflection;
+    private $db;
+
+    public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection, GenericDB $db)
+    {
+        parent::__construct($router, $responder, $properties);
+        $this->reflection = $reflection;
+        $this->db = $db;
+    }
+
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
+    {
+        if (session_status() == PHP_SESSION_NONE) {
+            if (!headers_sent()) {
+                session_start();
+            }
+        }
+        $path = RequestUtils::getPathSegment($request, 1);
+        $method = $request->getMethod();
+        if ($method == 'POST' && $path == 'login') {
+            $body = $request->getParsedBody();
+            $username = isset($body->username) ? $body->username : '';
+            $password = isset($body->password) ? $body->password : '';
+            $tableName = $this->getProperty('usersTable', 'users');
+            $table = $this->reflection->getTable($tableName);
+            $usernameColumnName = $this->getProperty('usernameColumn', 'username');
+            $usernameColumn = $table->getColumn($usernameColumnName);
+            $passwordColumnName = $this->getProperty('passwordColumn', 'password');
+            $passwordColumn = $table->getColumn($passwordColumnName);
+            $condition = new ColumnCondition($usernameColumn, 'eq', $username);
+            $columnNames = $table->getColumnNames();
+            $users = $this->db->selectAll($table, $columnNames, $condition, [], 0, -1);
+            foreach ($users as $user) {
+                if (password_verify($password, $user[$passwordColumnName]) == 1) {
+                    if (!headers_sent()) {
+                        session_regenerate_id(true);
+                    }
+                    unset($user[$passwordColumnName]);
+                    $_SESSION['user'] = $user;
+                    return $this->responder->success($user);
+                }
+            }
+            return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);
+        }
+        if ($method == 'POST' && $path == 'logout') {
+            if (isset($_SESSION['user'])) {
+                $user = $_SESSION['user'];
+                unset($_SESSION['user']);
+                session_destroy();
+                return $this->responder->success($user);
+            }
+            return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');
+        }
+        if (!isset($_SESSION['user']) || !$_SESSION['user']) {
+            $authenticationMode = $this->getProperty('mode', 'required');
+            if ($authenticationMode == 'required') {
+                return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');
+            }
+        }
+        return $next->handle($request);
+    }
+}

tests/functional/002_auth/003_db_auth.log

@@ -0,0 +1,69 @@
+GET /records/invisibles/e42c77c6-06a4-4502-816c-d112c7142e6d
+===
+404
+Content-Type: application/json
+Content-Length: 54
+
+{"code":1001,"message":"Table 'invisibles' not found"}
+===
+POST /login
+Content-Type: application/json
+
+{"username":"user2","password":"pass2"}
+===
+200
+Content-Type: application/json
+Content-Length: 43
+
+{"id":2,"username":"user2","location":null}
+===
+GET /records/invisibles/e42c77c6-06a4-4502-816c-d112c7142e6d
+===
+200
+Content-Type: application/json
+Content-Length: 45
+
+{"id":"e42c77c6-06a4-4502-816c-d112c7142e6d"}
+===
+POST /login
+Content-Type: application/json
+
+{"username":"user2","password":"incorect password"}
+===
+403
+Content-Type: application/json
+Content-Length: 59
+
+{"code":1012,"message":"Authentication failed for 'user2'"}
+===
+GET /records/invisibles/e42c77c6-06a4-4502-816c-d112c7142e6d
+===
+200
+Content-Type: application/json
+Content-Length: 45
+
+{"id":"e42c77c6-06a4-4502-816c-d112c7142e6d"}
+===
+POST /logout
+===
+200
+Content-Type: application/json
+Content-Length: 43
+
+{"id":2,"username":"user2","location":null}
+===
+GET /records/invisibles/e42c77c6-06a4-4502-816c-d112c7142e6d
+===
+404
+Content-Type: application/json
+Content-Length: 54
+
+{"code":1001,"message":"Table 'invisibles' not found"}
+===
+POST /logout
+===
+401
+Content-Type: application/json
+Content-Length: 49
+
+{"code":1011,"message":"Authentication required"}