-
paliz
Member
-
Posts: 236
Threads: 19
Joined: Oct 2020
Reputation:
1
06-11-2021, 10:09 AM
(This post was last modified: 06-11-2021, 10:11 AM by paliz.)
i faced issue too but find way to manage it
i have a few filter
PHP Code: public $aliases = [ //'csrf' => CSRF::class, 'toolbar' => DebugToolbar::class, 'honeypot' => Honeypot::class, 'csrf' => CsrfFilter::class, 'cors' => CorsFilter::class, 'auth' => AuthFilter::class, 'jwt' => JwtFilter::class, 'url' => UrlFilter::class,
];
priporty are
cros , url , auth ,jwt, csrf
cros and url csrf filter is global filter but for other routes
PHP Code: this code not working beacuse ci4 support single filter at same time for it $routes->resource('x',['filter'=>['auth:admin','jwt','csrf']);
the best way handle it do my
first create service and set rules in it
PHP Code: <?php
namespace CoreAuth\Services;
class RuleRoute { public static function getRuleAccess(string $name): ?array { $listOfRule = array( 'profile' => null, 'chatContact' => null, 'chatRoom' => null, 'chatRoomMedia' => null, 'chatPrivate' => null, 'chatPrivateMedia' => null, 'dashboard' => null, 'user' => ['admin'], 'group' => ['admin'], 'setting' => ['admin'], 'visitor' => ['admin'], 'advertisement' => ['admin'], 'advertisementMedia' => ['admin'], 'contact' => ['admin', 'coworker'], 'contactMedia' => ['admin', 'coworker'], 'newsCategory' => ['admin', 'coworker'], 'newsSubCategory' => ['admin', 'coworker'], 'newsPost' => ['admin', 'coworker'], 'newsComment' => ['admin', 'coworker'], 'newsMedia' => ['admin', 'coworker'], 'viewOption' => ['admin', 'coworker'], 'viewMedia' => ['admin', 'coworker'], 'requestCategory' => ['admin', 'coworker'], 'requestPost' => ['admin', 'coworker'], 'requestReply' => ['admin', 'coworker'], );
foreach ($listOfRule as $key => $value) { if ($key == $name) { return $value; } } return null; }
public static function ignoreRoute():bool { $listOfIgnore = array('home', 'test', 'auth');
foreach ($listOfIgnore as $item) { if (preg_match("~\b" . $item . "\b~", uri_string())) { return true; } }
return false; }
}
PHP Code: <?php namespace CoreAuth\Config;
use Config\Services as BaseService; use CoreAuth\Services\RuleRoute;
class Services extends BaseService {
public static function ruleRoute($getShared = true) { if ($getShared) { return static::getSharedInstance('ruleRoute'); }
return new RuleRoute(); }
public static function jwtSecretKey() { return 'sljjljtgidhvxvxzfdfarwfsdkk_ayuikjukliebmvlhqewhw'; } }
config/filter.php files
jwt and auth run after /api* in uri
PHP Code: <?php
namespace Config;
use CodeIgniter\Config\BaseConfig; use CodeIgniter\Filters\CSRF; use CodeIgniter\Filters\DebugToolbar; use CodeIgniter\Filters\Honeypot; use CoreAuth\Filters\AuthFilter; use CoreAuth\Filters\JwtFilter; use CoreCommon\Filters\CorsFilter; use CoreCommon\Filters\ThrottleFilter; use CoreCommon\Filters\UrlFilter; use CSRF\Filters\CsrfFilter;
class Filters extends BaseConfig { /** * Configures aliases for Filter classes to * make reading things nicer and simpler. * * @var array */ public $aliases = [ //'csrf' => CSRF::class, 'toolbar' => DebugToolbar::class, 'honeypot' => Honeypot::class, 'csrf' => CsrfFilter::class, 'cors' => CorsFilter::class, 'auth' => AuthFilter::class, 'jwt' => JwtFilter::class, 'url' => UrlFilter::class, 'throttle' => ThrottleFilter::class
];
/** * List of filter aliases that are always * applied before and after every request. * * @var array */ public $globals = [ 'before' => [ // 'honeypot', // 'csrf', 'cors', 'url', // 'csrf', ], 'after' => [ 'toolbar', // 'csrf', // 'honeypot', ], ];
/** * List of filter aliases that works on a * particular HTTP method (GET, POST, etc.). * * Example: * 'post' => ['csrf', 'throttle'] * * @var array */ public $methods = [
// 'get' => ['csrf'], // 'post' => ['csrf'], // 'put' => ['csrf'], // 'delete' => ['csrf']
];
/** * List of filter aliases that should run on any * before or after URI patterns. * * Example: * 'isLoggedIn' => ['before' => ['account/*', 'profiles/*']] * * @var array */ public $filters = [ 'auth' => ['before' => 'api*'], 'jwt' => ['before' => 'api*',],
]; }
this jwt and auth filter filter
Quote:PHP Code: <?php namespace CoreAuth\Filters;
use CoreAuth\Enums\FilterErrorType; use CodeIgniter\HTTP\RequestInterface; use CodeIgniter\HTTP\Response; use CodeIgniter\HTTP\ResponseInterface; use CodeIgniter\Filters\FilterInterface; use CodeIgniter\Config\Services;
class JwtFilter implements FilterInterface {
public function before(RequestInterface $request, $arguments = null) {
$authHeader = $request->getServer('HTTP_AUTHORIZATION');
$ruleRoute = \CoreAuth\Config\Services::ruleRoute(); if ($ruleRoute->ignoreRoute()) { return; }
helper('jwt'); try { $token = isJWT($authHeader);
validateJWT($token, \CoreAuth\Config\Services::jwtSecretKey());
} catch (\Exception $e) {
return Services::response()->setJSON(['success' => false, 'type' => FilterErrorType::Jwt, 'error' => lang('Authenticate.filter.jwt')])->setContentType('application/json') ->setStatusCode(Response::HTTP_UNAUTHORIZED, lang('Authenticate.filter.jwt'));
} }
//--------------------------------------------------------------------
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null) { // Do something here } }
you can apply multiple filters with my code
you can apply multiple filters with my code
Enlightenment Is Freedom
|