From bb0a14f4431adac46dacab9ebd041656be83a258 Mon Sep 17 00:00:00 2001 From: Bradley Hamilton Date: Sat, 10 May 2014 10:55:26 -0400 Subject: [PATCH] added authentication to routing --- core/BaseRouter.core.php | 82 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 81 insertions(+), 1 deletion(-) diff --git a/core/BaseRouter.core.php b/core/BaseRouter.core.php index 62fa4f3..b51604e 100644 --- a/core/BaseRouter.core.php +++ b/core/BaseRouter.core.php @@ -38,9 +38,18 @@ class BaseRouter { private $secureRoute=false; + /** + * Store authentication requirements on route + */ + private $auth=null; + + /* - * When we tear down the object is when we do the work + * When we tear down the object is when we do the work. + * Since the BaseRouter instance is instantiated and never referenced is it destroyed as soon as it is + * called and its method chain has been executed. + * * Find if there is a match and take the appropriate action: * - Execute an instance of a Closure * - Resolve the requested Controller and method @@ -51,10 +60,24 @@ class BaseRouter { */ public function __destruct(){ + //if the route should be authenticated and no action should be taken + if($this->auth!=null && $this->auth['action']==null){ + if(!$this->authenticated()){ + return; + }//if + }//if + //have no match already and this matches? if(!Router::routeMatch() && $this->match($this->param)){ Router::routeMatch(true); + //if the route should be authenticated and an action should be taken + if($this->auth!=null){ + if(!$this->authenticated()){ + header('Location:'.$this->auth['action']); + }//if + }//if + if(!$this->function instanceof Closure){ //is a controller being requested? @@ -79,6 +102,36 @@ public function __destruct(){ }//destruct + /** + * Return whether or not the request is authenticated by a session + * + * + * @return boolean + */ + private function authenticated(){ + + if(is_array($this->auth['session'])){ + $has=false; + foreach($this->auth['session'] as $s){ + if(Session::has($s)){ + $has=true; + }//if + }//foreach + if(!$has){ + return false; + }//if + }//if + else { + if(!Session::has($this->auth['session'])){ + return false; + }//if + }//el + + return true; + + }//authenticated + + /** * Only allow match on route if request method * was HTTPS @@ -92,6 +145,32 @@ public function secure(){ }//secure + /** + * Protect a route via the exsistence of a session + * + * + * @param mixed $session Either the session name, or an array of session names + * @param mixed $action a URL string to redirect to if the route matches and the user isn't authenticated + * @return object $this + * + */ + public function auth($session,$action=null){ + + $this->auth = Array('session'=>null,'action'=>null); + + if(is_array($session)){ + $this->auth['session'] = $session; + }//if + else { + $this->auth['session']=$session; + }//el + + $this->auth['action']=$action; + + return $this; + }//auth + + /** * When a route is not a match this function essentially destroys it @@ -227,6 +306,7 @@ public function where($k,$v=null){ return; }//if $this->variableRestrictions[$k]=$v; + return $this; }//where