implement redirect to login for controllers for authentication is required

2023-04-16 17:09:46 +02:00 · 2023-04-16 17:09:46 +02:00 · 62e0261a0b
commit 62e0261a0b
parent 9d1bb41f02
1 changed files with 25 additions and 12 deletions
--- a/public/index.php
+++ b/public/index.php
@ -1,5 +1,13 @@
 <?php

+use SokoWeb\Interfaces\Response\IRedirect;
+use SokoWeb\Interfaces\Response\IContent;
+use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
+use SokoWeb\Interfaces\Authorization\ISecured;
+use SokoWeb\Response\Redirect;
+use SokoWeb\Response\HtmlContent;
+use SokoWeb\Response\JsonContent;
+
 require '../web.php';

 $method = strtolower($_SERVER['REQUEST_METHOD']);
@ -19,35 +27,40 @@ if ($match !== null) {
    $handler = $route->getHandler();
    $controller = new $handler[0](Container::$request);

-    if ($controller instanceof SokoWeb\Interfaces\Authorization\ISecured) {
-        $authorized = $controller->authorize();
-    } else {
-        $authorized = true;
+    if (
+        $controller instanceof IAuthenticationRequired &&
+        $controller->isAuthenticationRequired() &&
+        Container::$request->user() === null
+    ) {
+        Container::$request->session()->set('redirect_after_login', substr($_SERVER['REQUEST_URI'], strlen('/')));
+        $response = new Redirect(Container::$routeCollection->getRoute('login')->generateLink(), IRedirect::TEMPORARY);
+        header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
+        return;
    }

    if ($method === 'post' && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) {
-        $content = new SokoWeb\Response\JsonContent(['error' => 'no_valid_anti_csrf_token']);
+        $content = new JsonContent(['error' => 'no_valid_anti_csrf_token']);
        header('Content-Type: text/html; charset=UTF-8', true, 403);
        $content->render();
        return;
    }

-    if ($authorized) {
+    if (
+        !($controller instanceof ISecured) ||
+        $controller->authorize()
+    ) {
        $response = call_user_func([$controller, $handler[1]]);
-
-        if ($response instanceof SokoWeb\Interfaces\Response\IContent) {
+        if ($response instanceof IContent) {
            header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8');
            $response->render();
-
            return;
-        } elseif ($response instanceof SokoWeb\Interfaces\Response\IRedirect) {
+        } elseif ($response instanceof IRedirect) {
            header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
-
            return;
        }
    }
 }

-$content = new SokoWeb\Response\HtmlContent('error/404');
+$content = new HtmlContent('error/404');
 header('Content-Type: text/html; charset=UTF-8', true, 404);
 $content->render();