Login

ChicagoPhil · 03-25-2022, 08:08 PM

(03-25-2022, 04:44 PM)kenjis Wrote: @ChicagoPhil Okay, Good question.

See this tutorial:
https://www.binaryboxtuts.com/php-tutori...ntication/

You will create app/Controllers/User.php.

And you will define routes:

PHP Code:
$routes->group("api", function ($routes) { $routes->post("register", "Register::index"); $routes->post("login", "Login::index"); $routes->get("users", "User::index", ['filter' => 'authFilter']); });

If you will navigate to http://example.com/api/users (defined route), the authFilter will be applied.
But if you will navigate to http://example.com/user/index (auto route), the filter will not be applied.

So because the routes are defined and auto routing is on, the filter is not executed but this doesn't seem to be a vulnerability in the routing as much as a coding error. I never intended to use the before filter for the library that I'm building. My plan was to get the user status in the base controller constructor and then execute a permissions check in each method by default. That would avoid the pitfalls of using filters or auto routing?
It's the way I did things in CI3. I even added a Core folder to CI4 because I'm a dinosaur that is stuck in my ways. :-)