I have an API built with Slim v2, and I am protecting certain routes by passing the authenticate middleware function:
/** * List marca novos * method GET * url /novos/marca/:idmarca */ $app->get('/novos/marca/:idmarca', 'authenticate', function($idmarca) { $response = array(); $db = new DbHandler('dbnovos'); // fetching marca $marca = $db->getMarcaNovos($idmarca); $response["error"] = false; $response["marca"] = array(); array_walk_recursive($marca, function(&$val) { $val = utf8_encode((string)$val); }); array_push($response["marca"], $marca); echoRespnse(200, $response, "marcaoutput"); })->via('GET', 'POST');
The authentication function checks whether the header authorization value (user_api_key) has been sent and checked against the database.
I am trying to get the same functionality in Slim v3 API using the following route:
/** * List marca novos * method GET * url /novos/marca/:idmarca */ $app->get('/novos/marca/{idmarca}', function ($request, $response, $args) { $output = array(); $db = new DbHandler('mysql-localhost'); $marca = $db->getMarcaNovos($args['idmarca']); if ($marca != NULL) { $i = 0; foreach($marca as $m) { $output[$i]["id"] = $m['id']; $output[$i]["nome"] = utf8_encode($m['nome']); $i++; } } else { // unknown error occurred $output['error'] = true; $output['message'] = "An error occurred. Please try again"; } // Render marca view echoRespnse(200, $response, $output, "marca"); })->add($auth);
This is my middleware.
/** * Adding Middle Layer to authenticate every request * Checking if the request has valid api key in the 'Authorization' header */ $auth = function ($request, $response, $next) { $headers = $request->getHeaders(); $outcome = array(); // Verifying Authorization Header if (isset($headers['Authorization'])) { $db = new DbHandler('mysql-localhost'); // get the api key $api_key = $headers['Authorization']; // validating api key if (!$db->isValidApiKey($api_key)) { // api key is not present in users table $outcome["error"] = true; $outcome["message"] = "Access Denied. Invalid Api key"; echoRespnse(401, $outcome, $output); } else { global $user_id; // get user primary key id $user_id = $db->getUserId($api_key); $response = $next($request, $response); return $response; } } else { // api key is missing in header $outcome["error"] = true; $outcome["message"] = "Api key is missing"; //echoRespnse(400, $response, $outcome); return $response->withStatus(401)->write("Not allowed here - ".$outcome["message"]); } };
But I always get the error message: "Not allowed here - Api key missing" In principle, the test, if $ headers ['Authorization'] is installed, does not work. What is the structure of the $ headers array or how do I get the authorization value passed through the header?