<?php namespace CoreAuth\Filters;
use CoreAuth\Enums\FilterErrorType;
use CodeIgniter\HTTP\RequestInterface;
use CodeIgniter\HTTP\Response;
use CodeIgniter\HTTP\ResponseInterface;
use CodeIgniter\Filters\FilterInterface;
class AuthFilter implements FilterInterface
{
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
{
}
public function before(RequestInterface $request, $arguments = null)
{
$ruleRoute = \CoreAuth\Config\Services::ruleRoute();
if ($ruleRoute->ignoreRoute()) {
return;
}
$response = \CodeIgniter\Config\Services::response();
$uri = uri_string();
$authenticate = \Myth\Auth\Config\Services::authentication();
$authorize = \Myth\Auth\Config\Services::authorization();
$explode = explode('/', $uri);
$controller = strtolower($explode[1]);
$controllerRule = $ruleRoute->getRuleAccess(explode('/', $uri)[1]);
$isGroup = false;
$isAccess = false;
$counterPermission = 0;
if (!function_exists('logged_in')) {
// helper('Myth\Auth\Helpers\Auth');
helper('auth');
}
$current = (string)current_url(true)
->setHost('')
->setScheme('')
->stripQuery('token');
// Make sure this isn't already a login route
if (in_array((string)$current, [route_to('login'), route_to('forgot'), route_to('reset-password'), route_to('register'), route_to('activate-account')])) {
return;
}
// if no user is logged in then send to the login form
if (!$authenticate->check()) {
return $response->setJSON(['success' => false,
'type' => FilterErrorType::Login,
'error' => lang('Authenticate.filter.login')])->setContentType('application/json')
->setStatusCode(Response::HTTP_UNAUTHORIZED, lang('Authenticate.filter.login'));
}
if (empty($controllerRule)) {
return;
}
// Check each requested permission
foreach ($controllerRule as $group) {
if ($authorize->inGroup($group, $authenticate->id())) {
$isGroup = true;
// return;
}
}
$method = strtolower($_SERVER['REQUEST_METHOD']);
// permission by http request post put delete
$permissions = permissionMethod($method);
if ($isGroup == true && !empty($permissions)) {
foreach ($permissions as $item) {
if ($authorize->permission($controller . "" . $item)) {
$counterPermission++;
if ($authorize->hasPermission($controller . "" . $item, $authenticate->id())) {
$isAccess = true;
break;
}
}
}
}
// it get request dont need any permission
//or dont have permission in database for http request
if (empty($permissions) || $counterPermission == 0) {
$isAccess = true;
}
if ($isGroup == true and $isAccess == true) {
return;
}
if ($authenticate->silent()) {
$redirectURL = session('redirect_url') ?? '/';
unset($_SESSION['redirect_url']);
}
return $response->setJSON(['success' => false,
'type' => FilterErrorType::Permission,
'error' => lang('Auth.notEnoughPrivilege')])->setContentType('application/json')
->setStatusCode(Response::HTTP_UNAUTHORIZED, lang('Auth.notEnoughPrivilege'));
}
}