CodeIgniter Forums
CI4 Filters Not Working - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forum-28.html)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forum-30.html)
+--- Thread: CI4 Filters Not Working (/thread-78407.html)



CI4 Filters Not Working - Eyad Mohammed Osama - 01-15-2021

Greetings everyone
I've created a filter for authorization using JWT, but it's not working at all.

Here's the filter class:
PHP Code:
<?php

namespace HMS\Filters;

use \
CodeIgniter\Filters\FilterInterface;
use \
CodeIgniter\HTTP\RequestInterface;
use \
CodeIgniter\HTTP\ResponseInterface;
use 
Firebase\JWT\ExpiredException;
use \
Firebase\JWT\JWT;
use 
Firebase\JWT\SignatureInvalidException;
use 
UnexpectedValueException;

class 
AdminFilter implements FilterInterface
{
    public function before(RequestInterface $request$arguments NULL)
    {
        $uri = \Config\Services::uri();
        if ($uri->getSegment(1) === "Admin") {
            $token $request->getServer("HTTP_AUTHORIZATION");
            $response = \Config\Services::response();
            $isOkay TRUE;

            if (is_null($token)) {
                $response->setStatusCode(403"Access Not Allowed");
                $response->send();
            } else {
                $decoded = [];

                try {
                    $decoded JWT::decode($tokenHMS_KEY);
                } catch (UnexpectedValueException $e) {
                    $response->setStatusCode(401"Authorization failed because of invalid supplied JWT");
                    $response->send();
                    $isOkay FALSE;
                } catch (SignatureInvalidException $e) {
                    $response->setStatusCode(401"Authorization failed because signature verification has failed");
                    $response->send();
                    $isOkay FALSE;
                } catch (ExpiredException $e) {
                    $response->setStatusCode(401"Authorization failed because the token has expired");
                    $response->send();
                    $isOkay FALSE;
                }

                if ($isOkay) {
                    $data $decoded["data"];
                    if ($data["role"] !== "admin") {
                        $response->setStatusCode(403"Access Not Allowed");
                        $response->send();
                    }
                }
            }
        }
    }

    public function after(RequestInterface $requestResponseInterface $response$arguments NULL)
    {
    }


And here's the configuration of app/Config/Filters.php :
PHP Code:
<?php

namespace Config;

use 
CodeIgniter\Config\BaseConfig;

class 
Filters extends BaseConfig
{
    
// Makes reading things below nicer,
    // and simpler to change out script that's used.
    
public $aliases = [
        
'csrf'     => \CodeIgniter\Filters\CSRF::class,
        
'toolbar'  => \CodeIgniter\Filters\DebugToolbar::class,
        
'honeypot' => \CodeIgniter\Filters\Honeypot::class,
        
"adminauth" => \HMS\Filters\AdminFilter::class
    ];

    
// Always applied before every request
    
public $globals = [
        
'before' => [
            
"adminauth"
        
],
        
'after'  => [
            
'toolbar'
        
],
    ];

    
// Works on all of a particular HTTP method
    // (GET, POST, etc) as BEFORE filters only
    //     like: 'post' => ['CSRF', 'throttle'],
    
public $methods = [];

    
// List filter aliases and any before/after uri patterns
    // that they should run on, like:
    //    'isLoggedIn' => ['before' => ['account/*', 'profiles/*']],
    
public $filters = [
        
"adminauth" => [
            
"before" => ["Admin/*"]
        ]
    ];


I don't know what's going on, i used the same concept in a previous project and it's working fine.