Hi there,
I am new with Slim Framework, using JWT to protect my api. It helped me to protect, redirect to Auth page at abc.com/auth. After login with correct username/password, a cookie will be set ($_COOKIE[‘access_token’]) and client can see the homepage’s content.
But with a CURL from another site set URL to ‘abc.com’, all content of homepage’s shown (I call CURL from GUEST MODE, no cookie…).
This is my code, I hope someone can help me out ;)!
Br,
<?php
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use Slim\Psr7\Response;
use Selective\BasePath\BasePathMiddleware;
use Slim\App;
use Slim\Middleware\ErrorMiddleware;
return function (App $app) {
// Parse json, form data and xml
$app->addBodyParsingMiddleware();
$app->add(function (Request $request, RequestHandler $handler) {
$before = '';
$response = $handler->handle($request);
$uri = $request->getUri();
if( !isset($_COOKIE['access_token']) && $uri->getPath() != '/auth' ){
return $response->withHeader('Location', '/auth')->withStatus(302);
}else{
$token = $_COOKIE['access_token'];
}
$existingContent = (string) $response->getBody();
$response = new Response();
$response->getBody()->write($before . $existingContent);
return $response;
});
$app->add(function ($request, $handler) {
$response = $handler->handle($request);
$response->getBody()->write('AFTER');
return $response;
});
// Add the Slim built-in routing middleware
$app->addRoutingMiddleware();
$app->add(BasePathMiddleware::class); // <--- here
// Catch exceptions and errors
$app->add(ErrorMiddleware::class);
};