arifsetiawan/Acl.php

## Acl.php
<?php

//
// Here, we define route and its auth requirements
function getAcl() {

  $acls = array(
      "/secret"    => array("member"),
      "/moresecret" => array("member","subscribe")
  );

  return $acls;
};

## Auth.php
<?php

namespace Middleware\Auth;

//
// Auth middleware
class AuthMiddleware extends \Slim\Middleware
{
  protected $acl;

  public function __construct($acl)
  {
    $this->acl = $acl;
  }

  public function call()
  {
    $this->app->hook('slim.before.dispatch', array($this, 'onBeforeDispatch'));

    $this->next->call();
  }

  public function onBeforeDispatch()
  {
    $route = $this->app->router()->getCurrentRoute()->getPattern();
    $params = $this->app->request->params();

    $this->checkAcl($route,$params);
  }

  protected function checkAcl($route, $params) {

    // brute function to check each route then get its acl requirements
    foreach ($this->acl as $key => $value) {

      // full string match. consider also other substring match possibility
      if ($key == $route) {
        $this->app->log->debug('Check ACL');

        foreach ($value as $acl) {

          // check if valid member
          if ($acl == 'member') {

            if (!isset($params['token'])) {
              endResponse(403, 'Error', 'Invalid credentials. No token are provided.', null, $this->app);
            }

            if ($params['token'] != 'aMxRfN0TjOc9UzUmG3SgtMvv02E7FhoK') {
              endResponse(403, 'Error', 'Invalid token. Perhaps expired.', null, $this->app);
            }
          }

          // check if valid subscriber
          if ($acl == 'subscribe') {
            $this->app->log->debug('Check Subscription');
          }

        } // each acl values

      }

    } // each route in acl
  }

}

## index.php
<?php
error_reporting(E_ALL | E_STRICT);

//
// Require modules
require 'Slim/Slim.php';
\Slim\Slim::registerAutoloader();

require 'Slim/Log.php';
require 'Middleware/auth.php';
require 'Slim/Extras/Log/DateTimeFileWriter.php';
require 'Lib/Utils.php';
require 'Lib/Acl.php';

//
// Init Slim
$app = new \Slim\Slim(array(
    'debug' => true,
    'log.writer' => new \Slim\Extras\Log\DateTimeFileWriter(array(
        'path' => './logs',
        'name_format' => 'Y-m-d',
        'message_format' => '%label% - %date% - %message%'
    ))
));
$app->add(new \Middleware\Auth\AuthMiddleware(getAcl()));

//
// Routes

// Home
$app->get('/',function () use ($app) {
  $app->log->debug('root');
  endResponse(200, 'OK', 'Welcome to API!', null, $app);
});

// Auth
$app->post('/login', function () use ($app) {
  $body = $app->request->post();

  if (!(isset($body['username']) && isset($body['password']))) {
    endResponse(403, 'Error', 'Required field is missing.', null, $app);
  }

  if ($body['username'] == 'bill' && $body['password'] == 'kill') {
    $data['token'] = 'aMxRfN0TjOc9UzUmG3SgtMvv02E7FhoK';
    endResponse(200, 'OK', 'Login OK', $data, $app);
  }
  else {
    endResponse(403, 'Error', 'Invalid credentials.', null, $app);
  }

});

// Auth-only resources
$app->get('/secret', function () use ($app) {

  $data['secret'] = 'This is super secret information available only to you!!';
  endResponse(200, 'OK', 'Secret is here!!', $data, $app);
});

// Auth-only with Subscription resources
$app->get('/moresecret', function () use ($app) {

  $data['secret'] = 'This is super subscriber secret information available only to you!!';
  endResponse(200, 'OK', 'Subscriber Secret is here!!', $data, $app);
});

//
// Run
$app->run();

## slim-middleware.md

      
    Raw
  

              slim-middleware.md
            
          
    Sample Slim Middleware

App Structure :

/Lib

Acl.php
Utils.php


/Middleware

Auth.php


index.php

This example use DateTimeFileWriter.php from Slim Extras. Get Slim Extras from here https://github.com/codeguy/Slim-Extras

  
## Utils.php
<?php

//
// Send JSON data and end slim request using halt()
function endResponse($code, $status, $message, $data, $app) {
  $result['status'] = $status;
  $result['message'] = $message;
  if (isset($data)) {
    $result['data'] = $data;
  }
  $app->halt($code, json_encode($result));
};
	<?php

	//
	// Here, we define route and its auth requirements
	function getAcl() {

	$acls = array(
	"/secret" => array("member"),
	"/moresecret" => array("member","subscribe")
	);

	return $acls;
	};
	<?php

	namespace Middleware\Auth;

	//
	// Auth middleware
	class AuthMiddleware extends \Slim\Middleware
	{
	protected $acl;

	public function __construct($acl)
	{
	$this->acl = $acl;
	}

	public function call()
	{
	$this->app->hook('slim.before.dispatch', array($this, 'onBeforeDispatch'));

	$this->next->call();
	}

	public function onBeforeDispatch()
	{
	$route = $this->app->router()->getCurrentRoute()->getPattern();
	$params = $this->app->request->params();

	$this->checkAcl($route,$params);
	}

	protected function checkAcl($route, $params) {

	// brute function to check each route then get its acl requirements
	foreach ($this->acl as $key => $value) {

	// full string match. consider also other substring match possibility
	if ($key == $route) {
	$this->app->log->debug('Check ACL');

	foreach ($value as $acl) {

	// check if valid member
	if ($acl == 'member') {

	if (!isset($params['token'])) {
	endResponse(403, 'Error', 'Invalid credentials. No token are provided.', null, $this->app);
	}

	if ($params['token'] != 'aMxRfN0TjOc9UzUmG3SgtMvv02E7FhoK') {
	endResponse(403, 'Error', 'Invalid token. Perhaps expired.', null, $this->app);
	}
	}

	// check if valid subscriber
	if ($acl == 'subscribe') {
	$this->app->log->debug('Check Subscription');
	}

	} // each acl values

	}

	} // each route in acl
	}

	}
	<?php
	error_reporting(E_ALL \| E_STRICT);

	//
	// Require modules
	require 'Slim/Slim.php';
	\Slim\Slim::registerAutoloader();

	require 'Slim/Log.php';
	require 'Middleware/auth.php';
	require 'Slim/Extras/Log/DateTimeFileWriter.php';
	require 'Lib/Utils.php';
	require 'Lib/Acl.php';

	//
	// Init Slim
	$app = new \Slim\Slim(array(
	'debug' => true,
	'log.writer' => new \Slim\Extras\Log\DateTimeFileWriter(array(
	'path' => './logs',
	'name_format' => 'Y-m-d',
	'message_format' => '%label% - %date% - %message%'
	))
	));
	$app->add(new \Middleware\Auth\AuthMiddleware(getAcl()));

	//
	// Routes

	// Home
	$app->get('/',function () use ($app) {
	$app->log->debug('root');
	endResponse(200, 'OK', 'Welcome to API!', null, $app);
	});

	// Auth
	$app->post('/login', function () use ($app) {
	$body = $app->request->post();

	if (!(isset($body['username']) && isset($body['password']))) {
	endResponse(403, 'Error', 'Required field is missing.', null, $app);
	}

	if ($body['username'] == 'bill' && $body['password'] == 'kill') {
	$data['token'] = 'aMxRfN0TjOc9UzUmG3SgtMvv02E7FhoK';
	endResponse(200, 'OK', 'Login OK', $data, $app);
	}
	else {
	endResponse(403, 'Error', 'Invalid credentials.', null, $app);
	}

	});

	// Auth-only resources
	$app->get('/secret', function () use ($app) {

	$data['secret'] = 'This is super secret information available only to you!!';
	endResponse(200, 'OK', 'Secret is here!!', $data, $app);
	});

	// Auth-only with Subscription resources
	$app->get('/moresecret', function () use ($app) {

	$data['secret'] = 'This is super subscriber secret information available only to you!!';
	endResponse(200, 'OK', 'Subscriber Secret is here!!', $data, $app);
	});

	//
	// Run
	$app->run();
	<?php

	//
	// Send JSON data and end slim request using halt()
	function endResponse($code, $status, $message, $data, $app) {
	$result['status'] = $status;
	$result['message'] = $message;
	if (isset($data)) {
	$result['data'] = $data;
	}
	$app->halt($code, json_encode($result));
	};