diff --git a/public/index.php b/public/index.php index 0468f42..81dfb54 100644 --- a/public/index.php +++ b/public/index.php @@ -1,7 +1,12 @@ getHandler(); $controller = new $handler[0](Container::$request); - if ($controller instanceof SokoWeb\Interfaces\Authorization\ISecured) { - $authorized = $controller->authorize(); - } else { - $authorized = true; - } - - if (!$authorized) { + if ( + $controller instanceof IAuthenticationRequired && + $controller->isAuthenticationRequired() && + Container::$request->user() === null + ) { Container::$request->session()->set('redirect_after_login', substr($_SERVER['REQUEST_URI'], strlen('/'))); $response = new Redirect(Container::$routeCollection->getRoute('login')->generateLink(), IRedirect::TEMPORARY); header('Location: ' . $response->getUrl(), true, $response->getHttpCode()); @@ -36,23 +39,28 @@ if ($match !== null) { } if ($method === 'post' && !in_array($url, $antiCsrfTokenExceptions) && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) { - $content = new SokoWeb\Response\JsonContent(['error' => 'no_valid_anti_csrf_token']); + $content = new JsonContent(['error' => 'no_valid_anti_csrf_token']); header('Content-Type: text/html; charset=UTF-8', true, 403); $content->render(); return; } - $response = call_user_func([$controller, $handler[1]]); - if ($response instanceof SokoWeb\Interfaces\Response\IContent) { - header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8'); - $response->render(); - return; - } elseif ($response instanceof SokoWeb\Interfaces\Response\IRedirect) { - header('Location: ' . $response->getUrl(), true, $response->getHttpCode()); - return; + if ( + !($controller instanceof ISecured) || + $controller->authorize() + ) { + $response = call_user_func([$controller, $handler[1]]); + if ($response instanceof IContent) { + header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8'); + $response->render(); + return; + } elseif ($response instanceof IRedirect) { + header('Location: ' . $response->getUrl(), true, $response->getHttpCode()); + return; + } } } -$content = new SokoWeb\Response\HtmlContent('error/404'); +$content = new HtmlContent('error/404'); header('Content-Type: text/html; charset=UTF-8', true, 404); $content->render(); diff --git a/src/Controller/CommunityController.php b/src/Controller/CommunityController.php index ff0bddf..30b6e11 100644 --- a/src/Controller/CommunityController.php +++ b/src/Controller/CommunityController.php @@ -7,14 +7,14 @@ use RVR\PersistentData\Model\User; use RVR\Repository\CommunityRepository; use RVR\Repository\CommunityMemberRepository; use RVR\Repository\UserRepository; -use SokoWeb\Interfaces\Authorization\ISecured; +use SokoWeb\Interfaces\Authentication\IAuthenticationRequired; use SokoWeb\Interfaces\Request\IRequest; use SokoWeb\Interfaces\Response\IContent; use SokoWeb\PersistentData\PersistentDataManager; use SokoWeb\Response\HtmlContent; use SokoWeb\Response\JsonContent; -class CommunityController implements ISecured +class CommunityController implements IAuthenticationRequired { private IRequest $request; @@ -35,9 +35,9 @@ class CommunityController implements ISecured $this->communityMemberRepository = new CommunityMemberRepository(); } - public function authorize(): bool + public function isAuthenticationRequired(): bool { - return $this->request->user() !== null; + return true; } public function getCommunityHome(): ?IContent diff --git a/src/Controller/HomeController.php b/src/Controller/HomeController.php index 7cec7b6..b9233f9 100644 --- a/src/Controller/HomeController.php +++ b/src/Controller/HomeController.php @@ -2,12 +2,12 @@ use RVR\PersistentData\Model\User; use RVR\Repository\CommunityMemberRepository; -use SokoWeb\Interfaces\Authorization\ISecured; +use SokoWeb\Interfaces\Authentication\IAuthenticationRequired; use SokoWeb\Interfaces\Request\IRequest; use SokoWeb\Interfaces\Response\IContent; use SokoWeb\Response\HtmlContent; -class HomeController implements ISecured +class HomeController implements IAuthenticationRequired { private IRequest $request; @@ -19,9 +19,9 @@ class HomeController implements ISecured $this->communityMemberRepository = new CommunityMemberRepository(); } - public function authorize(): bool + public function isAuthenticationRequired(): bool { - return $this->request->user() !== null; + return true; } public function getHome(): IContent diff --git a/src/Controller/OAuthAuthController.php b/src/Controller/OAuthAuthController.php index 7dd983a..e8d636c 100644 --- a/src/Controller/OAuthAuthController.php +++ b/src/Controller/OAuthAuthController.php @@ -4,14 +4,14 @@ use DateTime; use RVR\PersistentData\Model\OAuthToken; use RVR\PersistentData\Model\User; use RVR\Repository\OAuthClientRepository; -use SokoWeb\Interfaces\Authorization\ISecured; +use SokoWeb\Interfaces\Authentication\IAuthenticationRequired; use SokoWeb\Interfaces\Request\IRequest; use SokoWeb\Interfaces\Response\IRedirect; use SokoWeb\Response\Redirect; use SokoWeb\PersistentData\PersistentDataManager; use SokoWeb\Response\HtmlContent; -class OAuthAuthController implements ISecured +class OAuthAuthController implements IAuthenticationRequired { private IRequest $request; @@ -26,9 +26,9 @@ class OAuthAuthController implements ISecured $this->oAuthClientRepository = new OAuthClientRepository(); } - public function authorize(): bool + public function isAuthenticationRequired(): bool { - return $this->request->user() !== null; + return true; } public function auth() diff --git a/src/Controller/UserController.php b/src/Controller/UserController.php index 84c8c73..43605b2 100644 --- a/src/Controller/UserController.php +++ b/src/Controller/UserController.php @@ -2,7 +2,7 @@ use DateTime; use SokoWeb\Http\Request; -use SokoWeb\Interfaces\Authorization\ISecured; +use SokoWeb\Interfaces\Authentication\IAuthenticationRequired; use SokoWeb\Interfaces\Request\IRequest; use SokoWeb\Interfaces\Response\IContent; use SokoWeb\Interfaces\Response\IRedirect; @@ -15,7 +15,7 @@ use SokoWeb\Response\Redirect; use SokoWeb\Util\JwtParser; use RVR\Repository\UserRepository; -class UserController implements ISecured +class UserController implements IAuthenticationRequired { private IRequest $request; @@ -30,9 +30,9 @@ class UserController implements ISecured $this->userRepository = new UserRepository(); } - public function authorize(): bool + public function isAuthenticationRequired(): bool { - return $this->request->user() !== null; + return true; } public function getAccount(): IContent diff --git a/src/Controller/UserSearchController.php b/src/Controller/UserSearchController.php index fab93f0..69d8c33 100644 --- a/src/Controller/UserSearchController.php +++ b/src/Controller/UserSearchController.php @@ -1,12 +1,12 @@ userRepository = new UserRepository(); } - public function authorize(): bool + public function isAuthenticationRequired(): bool { - return $this->request->user() !== null; + return true; } public function searchUser(): IContent