github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-11-25 17:57:04 +08:00
Code Issues Actions 46 Packages Projects Releases Wiki Activity

Add a middleware for authentication with CGI wrap

Browse Source 
If the authorization header is stripped by CGI wrap,
the server can be configured to send the value along
in an environment variable. If the server admin sticks
to this convention, Flarum can now use this variable.

This is supposed to take care of #384.
This commit is contained in:
Franz Liedke 2016-03-24 21:53:11 +09:00
parent a5c8ef0566
commit 685d5f1517
2 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/Api/Server.php
View File

@ -33,6 +33,7 @@ class Server extends AbstractServer
$pipe->pipe($path, $app->make('Flarum\Api\Middleware\FakeHttpMethods'));
$pipe->pipe($path, $app->make('Flarum\Http\Middleware\StartSession'));
$pipe->pipe($path, $app->make('Flarum\Http\Middleware\RememberFromCookie'));
$pipe->pipe($path, $app->make('Flarum\Http\Middleware\SharedHosts'));
$pipe->pipe($path, $app->make('Flarum\Http\Middleware\AuthenticateWithSession'));
$pipe->pipe($path, $app->make('Flarum\Http\Middleware\AuthenticateWithHeader'));
$pipe->pipe($path, $app->make('Flarum\Http\Middleware\SetLocale'));

35
src/Http/Middleware/SharedHosts.php Normal file
View File

@ -0,0 +1,35 @@
<?php
/*
* This file is part of Flarum.
*
* (c) Toby Zerner <toby.zerner@gmail.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Flarum\Http\Middleware;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Zend\Stratigility\MiddlewareInterface;
class SharedHosts implements MiddlewareInterface
{
/**
* {@inheritdoc}
*/
public function __invoke(Request $request, Response $response, callable $out = null)
{
$SERVER = $request->getServerParams();
// CGI wrap may not pass on the Authorization header.
// In that case, the web server can be configured
// to pass its value in an env variable instead.
if (isset($SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
$request = $request->withHeader('authorization', $SERVER['REDIRECT_HTTP_AUTHORIZATION']);
}
return $out ? $out($request, $response) : $response;
}
}