Typically you would do this with Middleware. Any routes requiring an authenticated user would have some sort of an authentication middleware. Such a route might look like this.
$app->get('/admin', function ($request, $response) {
return $response->getBody()->write('Logged In');
})->add('App\Middleware\Authentication');
The Authentication Middleware might then look something like this:
<?php
namespace App\Middleware;
class Authentication
{
/**
* Authentication middleware invokable class
*
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @param \Psr\Http\Message\ResponseInterface $response PSR7 response
* @param callable $next Next middleware
*
* @return \Psr\Http\Message\ResponseInterface
**/
public function __invoke(Request $request, Response $response, $next)
{
if (!$user->loggedIn()) {
return $response->withRedirect($this->router->pathFor('login'), 403);
}
$response = $next($request, $response);
return $response;
}
}