renamed reAuth to reconnect

README.md

@@ -99,7 +99,7 @@ The following features are supported:
   - Supports a JSON array as input (batch insert)
   - Sanitize and validate input using callbacks
   - Permission system for databases, tables, columns and records
-  - Multi-tenant database layouts are supported
+  - Multi-tenant single and multi database layouts are supported
   - Multi-domain CORS support for cross-domain requests
   - Support for reading joined results from multiple tables
   - Search support on multiple criteria
@@ -110,6 +110,7 @@ The following features are supported:
   - Spatial/GIS fields and filters supported with WKT and GeoJSON
   - Generate API documentation using OpenAPI tools
   - Authentication via JWT token or username/password
+  - Database connection parameters may depend on authentication
   - Support for reading database structure in JSON
   - Support for modifying database structure using REST endpoint
   - Security enhancing middleware is included
@@ -137,84 +138,6 @@ This script will install and run [Composer](https://getcomposer.org/) to update
 
 NB: The update script will also patch the dependencies in the vendor directory for PHP 7.0 compatibility.
 
-## Middleware
-
-You can enable the following middleware using the "middlewares" config parameter:
-
-- "firewall": Limit access to specific IP addresses
-- "cors": Support for CORS requests (enabled by default)
-- "xsrf": Block XSRF attacks using the 'Double Submit Cookie' method
-- "ajaxOnly": Restrict non-AJAX requests to prevent XSRF attacks
-- "dbAuth": Support for "Database Authentication"
-- "jwtAuth": Support for "JWT Authentication"
-- "basicAuth": Support for "Basic Authentication"
-- "reconnect": Reconnect to the database with different parameters
-- "authorization": Restrict access to certain tables or columns
-- "validation": Return input validation errors for custom rules
-- "ipAddress": Fill a protected field with the IP address on create
-- "sanitation": Apply input sanitation on create and update
-- "multiTenancy": Restricts tenants access in a multi-tenant scenario
-- "pageLimits": Restricts list operations to prevent database scraping
-- "joinLimits": Restricts join parameters to prevent database scraping
-- "customization": Provides handlers for request and response customization
-
-The "middlewares" config parameter is a comma separated list of enabled middlewares.
-You can tune the middleware behavior using middleware specific configuration parameters:
-
-- "firewall.reverseProxy": Set to "true" when a reverse proxy is used ("")
-- "firewall.allowedIpAddresses": List of IP addresses that are allowed to connect ("")
-- "cors.allowedOrigins": The origins allowed in the CORS headers ("*")
-- "cors.allowHeaders": The headers allowed in the CORS request ("Content-Type, X-XSRF-TOKEN")
-- "cors.allowMethods": The methods allowed in the CORS request ("OPTIONS, GET, PUT, POST, DELETE, PATCH")
-- "cors.allowCredentials": To allow credentials in the CORS request ("true")
-- "cors.exposeHeaders": Whitelist headers that browsers are allowed to access ("")
-- "cors.maxAge": The time that the CORS grant is valid in seconds ("1728000")
-- "xsrf.excludeMethods": The methods that do not require XSRF protection ("OPTIONS,GET")
-- "xsrf.cookieName": The name of the XSRF protection cookie ("XSRF-TOKEN")
-- "xsrf.headerName": The name of the XSRF protection header ("X-XSRF-TOKEN")
-- "ajaxOnly.excludeMethods": The methods that do not require AJAX ("OPTIONS,GET")
-- "ajaxOnly.headerName": The name of the required header ("X-Requested-With")
-- "ajaxOnly.headerValue": The value of the required header ("XMLHttpRequest")
-- "dbAuth.mode": Set to "optional" if you want to allow anonymous access ("required")
-- "dbAuth.usersTable": The table that is used to store the users in ("users")
-- "dbAuth.usernameColumn": The users table column that holds usernames ("username")
-- "dbAuth.passwordColumn": The users table column that holds passwords ("password")
-- "dbAuth.returnedColumns": The columns returned on successful login, empty means 'all' ("")
-- "jwtAuth.mode": Set to "optional" if you want to allow anonymous access ("required")
-- "jwtAuth.header": Name of the header containing the JWT token ("X-Authorization")
-- "jwtAuth.leeway": The acceptable number of seconds of clock skew ("5")
-- "jwtAuth.ttl": The number of seconds the token is valid ("30")
-- "jwtAuth.secret": The shared secret used to sign the JWT token with ("")
-- "jwtAuth.algorithms": The algorithms that are allowed, empty means 'all' ("")
-- "jwtAuth.audiences": The audiences that are allowed, empty means 'all' ("")
-- "jwtAuth.issuers": The issuers that are allowed, empty means 'all' ("")
-- "basicAuth.mode": Set to "optional" if you want to allow anonymous access ("required")
-- "basicAuth.realm": Text to prompt when showing login ("Username and password required")
-- "basicAuth.passwordFile": The file to read for username/password combinations (".htpasswd")
-- "reconnect.driverHandler": Handler to implement retrieval of the database driver ("")
-- "reconnect.addressHandler": Handler to implement retrieval of the database address ("")
-- "reconnect.portHandler": Handler to implement retrieval of the database port ("")
-- "reconnect.databaseHandler": Handler to implement retrieval of the database name ("")
-- "reconnect.usernameHandler": Handler to implement retrieval of the database username ("")
-- "reconnect.passwordHandler": Handler to implement retrieval of the database password ("")
-- "authorization.tableHandler": Handler to implement table authorization rules ("")
-- "authorization.columnHandler": Handler to implement column authorization rules ("")
-- "authorization.recordHandler": Handler to implement record authorization filter rules ("")
-- "validation.handler": Handler to implement validation rules for input values ("")
-- "ipAddress.tables": Tables to search for columns to override with IP address ("")
-- "ipAddress.columns": Columns to protect and override with the IP address on create ("")
-- "sanitation.handler": Handler to implement sanitation rules for input values ("")
-- "multiTenancy.handler": Handler to implement simple multi-tenancy rules ("")
-- "pageLimits.pages": The maximum page number that a list operation allows ("100")
-- "pageLimits.records": The maximum number of records returned by a list operation ("1000")
-- "joinLimits.depth": The maximum depth (length) that is allowed in a join path ("3")
-- "joinLimits.tables": The maximum number of tables that you are allowed to join ("10")
-- "joinLimits.records": The maximum number of records returned for a joined entity ("1000")
-- "customization.beforeHandler": Handler to implement request customization ("")
-- "customization.afterHandler": Handler to implement response customization ("")
-
-If you don't specify these parameters in the configuration, then the default values (between brackets) are used.
-
 ## TreeQL, a pragmatic GraphQL
 
 [TreeQL](https://treeql.org) allows you to create a "tree" of JSON objects based on your SQL database structure (relations) and your query.
@@ -646,6 +569,86 @@ The following Geometry types are supported by the GeoJSON implementation:
 
 The GeoJSON functionality is enabled by default, but can be disabled using the "controllers" configuration.
 
+## Middleware
+
+You can enable the following middleware using the "middlewares" config parameter:
+
+- "firewall": Limit access to specific IP addresses
+- "cors": Support for CORS requests (enabled by default)
+- "xsrf": Block XSRF attacks using the 'Double Submit Cookie' method
+- "ajaxOnly": Restrict non-AJAX requests to prevent XSRF attacks
+- "dbAuth": Support for "Database Authentication"
+- "jwtAuth": Support for "JWT Authentication"
+- "basicAuth": Support for "Basic Authentication"
+- "reconnect": Reconnect to the database with different parameters
+- "authorization": Restrict access to certain tables or columns
+- "validation": Return input validation errors for custom rules
+- "ipAddress": Fill a protected field with the IP address on create
+- "sanitation": Apply input sanitation on create and update
+- "multiTenancy": Restricts tenants access in a multi-tenant scenario
+- "pageLimits": Restricts list operations to prevent database scraping
+- "joinLimits": Restricts join parameters to prevent database scraping
+- "customization": Provides handlers for request and response customization
+
+The "middlewares" config parameter is a comma separated list of enabled middlewares.
+You can tune the middleware behavior using middleware specific configuration parameters:
+
+- "firewall.reverseProxy": Set to "true" when a reverse proxy is used ("")
+- "firewall.allowedIpAddresses": List of IP addresses that are allowed to connect ("")
+- "cors.allowedOrigins": The origins allowed in the CORS headers ("*")
+- "cors.allowHeaders": The headers allowed in the CORS request ("Content-Type, X-XSRF-TOKEN")
+- "cors.allowMethods": The methods allowed in the CORS request ("OPTIONS, GET, PUT, POST, DELETE, PATCH")
+- "cors.allowCredentials": To allow credentials in the CORS request ("true")
+- "cors.exposeHeaders": Whitelist headers that browsers are allowed to access ("")
+- "cors.maxAge": The time that the CORS grant is valid in seconds ("1728000")
+- "xsrf.excludeMethods": The methods that do not require XSRF protection ("OPTIONS,GET")
+- "xsrf.cookieName": The name of the XSRF protection cookie ("XSRF-TOKEN")
+- "xsrf.headerName": The name of the XSRF protection header ("X-XSRF-TOKEN")
+- "ajaxOnly.excludeMethods": The methods that do not require AJAX ("OPTIONS,GET")
+- "ajaxOnly.headerName": The name of the required header ("X-Requested-With")
+- "ajaxOnly.headerValue": The value of the required header ("XMLHttpRequest")
+- "dbAuth.mode": Set to "optional" if you want to allow anonymous access ("required")
+- "dbAuth.usersTable": The table that is used to store the users in ("users")
+- "dbAuth.usernameColumn": The users table column that holds usernames ("username")
+- "dbAuth.passwordColumn": The users table column that holds passwords ("password")
+- "dbAuth.returnedColumns": The columns returned on successful login, empty means 'all' ("")
+- "jwtAuth.mode": Set to "optional" if you want to allow anonymous access ("required")
+- "jwtAuth.header": Name of the header containing the JWT token ("X-Authorization")
+- "jwtAuth.leeway": The acceptable number of seconds of clock skew ("5")
+- "jwtAuth.ttl": The number of seconds the token is valid ("30")
+- "jwtAuth.secret": The shared secret used to sign the JWT token with ("")
+- "jwtAuth.algorithms": The algorithms that are allowed, empty means 'all' ("")
+- "jwtAuth.audiences": The audiences that are allowed, empty means 'all' ("")
+- "jwtAuth.issuers": The issuers that are allowed, empty means 'all' ("")
+- "basicAuth.mode": Set to "optional" if you want to allow anonymous access ("required")
+- "basicAuth.realm": Text to prompt when showing login ("Username and password required")
+- "basicAuth.passwordFile": The file to read for username/password combinations (".htpasswd")
+- "reconnect.driverHandler": Handler to implement retrieval of the database driver ("")
+- "reconnect.addressHandler": Handler to implement retrieval of the database address ("")
+- "reconnect.portHandler": Handler to implement retrieval of the database port ("")
+- "reconnect.databaseHandler": Handler to implement retrieval of the database name ("")
+- "reconnect.usernameHandler": Handler to implement retrieval of the database username ("")
+- "reconnect.passwordHandler": Handler to implement retrieval of the database password ("")
+- "authorization.tableHandler": Handler to implement table authorization rules ("")
+- "authorization.columnHandler": Handler to implement column authorization rules ("")
+- "authorization.recordHandler": Handler to implement record authorization filter rules ("")
+- "validation.handler": Handler to implement validation rules for input values ("")
+- "ipAddress.tables": Tables to search for columns to override with IP address ("")
+- "ipAddress.columns": Columns to protect and override with the IP address on create ("")
+- "sanitation.handler": Handler to implement sanitation rules for input values ("")
+- "multiTenancy.handler": Handler to implement simple multi-tenancy rules ("")
+- "pageLimits.pages": The maximum page number that a list operation allows ("100")
+- "pageLimits.records": The maximum number of records returned by a list operation ("1000")
+- "joinLimits.depth": The maximum depth (length) that is allowed in a join path ("3")
+- "joinLimits.tables": The maximum number of tables that you are allowed to join ("10")
+- "joinLimits.records": The maximum number of records returned for a joined entity ("1000")
+- "customization.beforeHandler": Handler to implement request customization ("")
+- "customization.afterHandler": Handler to implement response customization ("")
+
+If you don't specify these parameters in the configuration, then the default values (between brackets) are used.
+
+In the sections below you find more information on the built-in middleware.
+
 ### Authentication
 
 Currently there are three types of authentication supported. They all store the authenticated user in the `$_SESSION` super global.