69 lines
1.8 KiB
PHP
69 lines
1.8 KiB
PHP
<?php
|
|
|
|
namespace Catalyst\APIBundle\EventSubscriber;
|
|
|
|
use Catalyst\APIBundle\Controller\APIController;
|
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|
use Symfony\Component\HttpKernel\Event\FilterControllerEvent;
|
|
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
|
|
use Symfony\Component\HttpKernel\KernelEvents;
|
|
use Doctrine\ORM\EntityManagerInterface;
|
|
|
|
class TokenSubscriber implements EventSubscriberInterface
|
|
{
|
|
const HEADER_API_KEY = 'X-Catalyst-API-Key';
|
|
const HEADER_SIGNATURE = 'X-Catalyst-Signature';
|
|
|
|
const MODE_HEADER = 'header';
|
|
const MODE_QUERY_STRING = 'query';
|
|
|
|
protected $em;
|
|
|
|
public function __construct(EntityManagerInterface $em)
|
|
{
|
|
$this-> em = $em;
|
|
}
|
|
|
|
public function onKernelController(FilterControllerEvent $event)
|
|
{
|
|
$controller = $event->getController();
|
|
|
|
// not a controller class? (docs said to handle)
|
|
if (!is_array($controller))
|
|
return;
|
|
|
|
|
|
// not an api controller
|
|
if (!($controller[0] instanceof APIController))
|
|
return;
|
|
|
|
// TODO: check if we have a mode setup
|
|
|
|
// TODO: if no mode specified default to header
|
|
|
|
$req = $event->getRequest();
|
|
|
|
// api key header
|
|
$api_key = $req->headers->get(self::HEADER_API_KEY);
|
|
if ($api_key == null)
|
|
throw new AccessDeniedHttpException('No api key sent.');
|
|
|
|
// TODO: check valid api key
|
|
|
|
// signature header
|
|
$sig = $req->header->get(self::HEADER_SIGNATURE);
|
|
if ($sig == null)
|
|
throw new AccessDeniedHttpException('No signature sent.');
|
|
|
|
// TODO: check valid signature
|
|
|
|
return;
|
|
}
|
|
|
|
public static function getSubscribedEvents()
|
|
{
|
|
return [
|
|
KernelEvents::CONTROLLER => 'onKernelController',
|
|
];
|
|
}
|
|
}
|