Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature ignore domain #16

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Feature ignore domain #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2ed496a
Add option to allow ignoring domains, with HTTP methods
SparoHawk May 9, 2018
b634b97
Fix method to get the request domain
gabbanaesteban May 9, 2018
7e9549d
Merge pull request #1 from gabbanaesteban/patch-3
SparoHawk May 9, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 27 additions & 10 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,16 @@ ignoreUri[] = regex:/users/:POST,PUT
;; literal strings
ignoreUri[] = /auth/user:POST,PUT
ignoreUri[] = /auth/application

; If you want to disable the middleware on certain domains:
;; regex pattern with http methods
ignoreDomain[] = regex:domain\.com
ignoreDomain[] = regex:api\.domain\.com
ignoreDomain[] = regex:.+\.domain\.com

;; literal strings
ignoreDomain[] = domain.com
ignoreDomain[] = api.domain.com
```

in bootstrap or index file
Expand Down Expand Up @@ -100,16 +110,23 @@ $app = new Micro($di);
$authConfig = [
'secretKey' => '923753F2317FC1EE5B52DF23951B1',
'payload' => [
'exp' => 1440,
'iss' => 'phalcon-jwt-auth'
],
'ignoreUri' => [
'/',
'regex:/application/',
'regex:/users/:POST,PUT',
'/auth/user:POST,PUT',
'/auth/application'
]
'exp' => 1440,
'iss' => 'phalcon-jwt-auth'
],
'ignoreUri' => [
'/',
'regex:/application/',
'regex:/users/:POST,PUT',
'/auth/user:POST,PUT',
'/auth/application'
],
'ignoreDomain' => [
'domain.com',
'api.domain.com',
'regex:domain\.com',
'regex:api\.domain\.com',
'regex:.+\.domain\.com'
]
];

// AUTH MICRO
Expand Down
94 changes: 79 additions & 15 deletions src/Phalcon/Auth/Middleware/Micro.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@ class Micro
// ignored urls
protected $ignoreUri;

// ignored domains
protected $ignoreDomain;

// JWT secret key
protected $secretKey;

Expand All @@ -57,12 +60,16 @@ public function __construct(MvcMicro $app, array $config=NULL)
* [jwtAuth]
* secretKey = nSrL7k4/7NcW|AN
* payload[exp] = 120
* payload[iss] = phalcon-jwt-auth
* payload[sub] = 123
* payload[name] = John Doe
* payload[role] = admin
* payload[iss] = phalcon-jwt-auth
* payload[sub] = 123
* payload[name] = John Doe
* payload[role] = admin
* ignoreUri[] = regex:/register/:POST
* ignoreUri[] = /register
* ignoreDomain[] = regex:api\.domain\.com:POST
* ignoreDomain[] = api.domain.com:POST,GET
* ignoreDomain[] = regex:api\.domain\.com
* ignoreDomain[] = api.domain.com
*/

if(!$config && !$app->getDI()->has(self::$configDi)) {
Expand All @@ -76,13 +83,17 @@ public function __construct(MvcMicro $app, array $config=NULL)
$this->config = $config ?? $app[self::$configDi]->{self::$configSection};

if( !is_array($this->config) ) {
$this->config = (array) $this->config;
$this->config = (array) $this->config;
}

if(isset($this->config['ignoreUri'])) {
$this->ignoreUri = $this->config['ignoreUri'];
}

if(isset($this->config['ignoreDomain'])) {
$this->ignoreDomain = $this->config['ignoreDomain'];
}

// secret key is required
if(!isset($this->config['secretKey'])) {
throw new \InvalidArgumentException('missing jwt secret key');
Expand Down Expand Up @@ -136,29 +147,28 @@ protected function setEventChecker()

$eventsManager = $this->app->getEventsManager() ?? new EventsManager();
$eventsManager->attach(
"micro:beforeExecuteRoute",
function (Event $event, $app) use($diName) {
'micro:beforeExecuteRoute',
function (Event $event, $app) use ($diName) {
$auth = $app[$diName];

// check if it has CORS support
// Check if it has CORS support
if ($auth->isIgnoreOptionsMethod() && $app['request']->getMethod() == 'OPTIONS') {
return true;
}

if($auth->isIgnoreUri()) {
if ($auth->isIgnoreUri() || $auth->isIgnoreDomain()) {
/**
* Let's try to parse if there's a token
* but we don't want to get an invalid token
*/
if( !$auth->check() && $this->getMessages()[0] != 'missing token')
{
if (!$auth->check() && $this->getMessages()[0] != 'missing token') {
return $auth->unauthorized();
}

return true;
}

if($auth->check()) {
if ($auth->check()) {
return true;
}

Expand Down Expand Up @@ -191,7 +201,38 @@ protected function hasMatchIgnoreUri($requestUri, $requestMethod)
$methods = ( !$methods || empty($methods) ? false : explode(',', $methods) );

$match = ( $type == 'str' ? $requestUri == $pattern : preg_match("#{$pattern}#", $requestUri) );
if( $match && (!$methods || in_array($requestMethod, $methods)) ) {
if ($match && (!$methods || in_array($requestMethod, $methods))) {
return true;
}
}

return false;
}

/**
* Checks if the domain has a match in the passed self::$ignoreDomain.
*
* @param string $requestDomain
* @param string $requestMethod HTTP METHODS
*
* @return bool
*/
protected function hasMatchIgnoreDomains($requestDomain, $requestMethod)
{
foreach($this->ignoreDomain as $domain) {
if(strpos($domain, 'regex:') === false) {
$type = 'str';
} else {
$type = 'regex';
$domain = str_replace('regex:', '', $domain);
}

list($pattern, $methods) = (strpos($domain, ':') === false ? [$domain, false] : explode(':', $domain ));
$methods = (!$methods || empty($methods) ? false : explode(',', $methods));

$match = ($type == 'str' ? $requestDomain == $pattern : preg_match("#{$pattern}#", $requestDomain));

if ($match && (!$methods || in_array($requestMethod, $methods))) {
return true;
}
}
Expand Down Expand Up @@ -222,6 +263,29 @@ public function isIgnoreUri()
return $this->hasMatchIgnoreUri($uri, $method);
}

/**
* Checks if the HTTP HOST (domain) can bypass the authentication.
*
* @return bool
*/
public function isIgnoreDomain()
{
if (!$this->ignoreDomain) {
return false;
}

// access request object
$request = $this->app['request'];

// http method
$method = $request->getMethod();

// http host
$domain = $request->getHttpHost();

return $this->hasMatchIgnoreDomains($domain, $method);
}

/**
* Authenticates.
*
Expand Down Expand Up @@ -250,7 +314,7 @@ public function make($data)
*
* @param callable $callback
*/
public function onCheck($callback)
public function onCheck($callback)
{
$this->auth->onCheck($callback);
}
Expand Down Expand Up @@ -299,7 +363,7 @@ public function unauthorized() {
*/
public function getMessages()
{
return $this->auth->getMessages();
return $this->auth->getMessages();
}

/**
Expand Down