Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support CI4 Filters Not Working
CI4 Filters Not Working
#1
01-15-2021, 05:01 AM

Greetings everyone
I've created a filter for authorization using JWT, but it's not working at all.

Here's the filter class:
PHP Code:
<?php

namespace HMS\Filters;

use \CodeIgniter\Filters\FilterInterface;
use \CodeIgniter\HTTP\RequestInterface;
use \CodeIgniter\HTTP\ResponseInterface;
use Firebase\JWT\ExpiredException;
use \Firebase\JWT\JWT;
use Firebase\JWT\SignatureInvalidException;
use UnexpectedValueException;

class AdminFilter implements FilterInterface
{
    public function before(RequestInterface $request$arguments NULL)
    {
        $uri = \Config\Services::uri();
        if ($uri->getSegment(1) === "Admin") {
            $token $request->getServer("HTTP_AUTHORIZATION");
            $response = \Config\Services::response();
            $isOkay TRUE;

            if (is_null($token)) {
                $response->setStatusCode(403"Access Not Allowed");
                $response->send();
            } else {
                $decoded = [];

                try {
                    $decoded JWT::decode($tokenHMS_KEY);
                } catch (UnexpectedValueException $e) {
                    $response->setStatusCode(401"Authorization failed because of invalid supplied JWT");
                    $response->send();
                    $isOkay FALSE;
                } catch (SignatureInvalidException $e) {
                    $response->setStatusCode(401"Authorization failed because signature verification has failed");
                    $response->send();
                    $isOkay FALSE;
                } catch (ExpiredException $e) {
                    $response->setStatusCode(401"Authorization failed because the token has expired");
                    $response->send();
                    $isOkay FALSE;
                }

                if ($isOkay) {
                    $data $decoded["data"];
                    if ($data["role"] !== "admin") {
                        $response->setStatusCode(403"Access Not Allowed");
                        $response->send();
                    }
                }
            }
        }
    }

    public function after(RequestInterface $requestResponseInterface $response$arguments NULL)
    {
    }


And here's the configuration of app/Config/Filters.php :
PHP Code:
<?php

namespace Config;

use CodeIgniter\Config\BaseConfig;

class Filters extends BaseConfig
{
    // Makes reading things below nicer,
    // and simpler to change out script that's used.
    public $aliases = [
        'csrf'     => \CodeIgniter\Filters\CSRF::class,
        'toolbar'  => \CodeIgniter\Filters\DebugToolbar::class,
        'honeypot' => \CodeIgniter\Filters\Honeypot::class,
        "adminauth" => \HMS\Filters\AdminFilter::class
    ];

    // Always applied before every request
    public $globals = [
        'before' => [
            "adminauth"
        ],
        'after'  => [
            'toolbar'
        ],
    ];

    // Works on all of a particular HTTP method
    // (GET, POST, etc) as BEFORE filters only
    //     like: 'post' => ['CSRF', 'throttle'],
    public $methods = [];

    // List filter aliases and any before/after uri patterns
    // that they should run on, like:
    //    'isLoggedIn' => ['before' => ['account/*', 'profiles/*']],
    public $filters = [
        "adminauth" => [
            "before" => ["Admin/*"]
        ]
    ];


I don't know what's going on, i used the same concept in a previous project and it's working fine.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB