| 
									
										
										
										
											2020-08-19 19:23:13 +02:00
										 |  |  | <?php | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | namespace Grocy\Middleware; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | use Grocy\Services\DatabaseService; | 
					
						
							|  |  |  | use Grocy\Services\UsersService; | 
					
						
							| 
									
										
										
										
											2020-08-31 20:40:31 +02:00
										 |  |  | use Psr\Http\Message\ServerRequestInterface as Request; | 
					
						
							| 
									
										
										
										
											2020-08-19 19:23:13 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | class ReverseProxyAuthMiddleware extends AuthMiddleware | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2020-09-01 21:29:47 +02:00
										 |  |  | 	public function authenticate(Request $request) | 
					
						
							| 
									
										
										
										
											2020-08-29 16:41:27 +02:00
										 |  |  | 	{ | 
					
						
							| 
									
										
										
										
											2021-07-03 19:40:42 +02:00
										 |  |  | 		define('GROCY_EXTERNALLY_MANAGED_AUTHENTICATION', true); | 
					
						
							| 
									
										
										
										
											2020-12-24 10:00:51 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-07-03 19:40:42 +02:00
										 |  |  | 		$db = DatabaseService::getInstance()->GetDbConnection(); | 
					
						
							| 
									
										
										
										
											2020-08-29 16:41:27 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-12-24 10:00:51 +01:00
										 |  |  | 		// API key authentication is also ok
 | 
					
						
							|  |  |  | 		$auth = new ApiKeyAuthMiddleware($this->AppContainer, $this->ResponseFactory); | 
					
						
							|  |  |  | 		$user = $auth->authenticate($request); | 
					
						
							|  |  |  | 		if ($user !== null) | 
					
						
							|  |  |  | 		{ | 
					
						
							|  |  |  | 			return $user; | 
					
						
							|  |  |  | 		} | 
					
						
							| 
									
										
										
										
											2020-08-29 16:41:27 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-01-16 14:46:04 +01:00
										 |  |  | 		if (GROCY_REVERSE_PROXY_AUTH_USE_ENV) | 
					
						
							| 
									
										
										
										
											2020-08-29 16:41:27 +02:00
										 |  |  | 		{ | 
					
						
							| 
									
										
										
										
											2022-01-16 14:46:04 +01:00
										 |  |  | 			if (!isset($_SERVER[GROCY_REVERSE_PROXY_AUTH_HEADER])) | 
					
						
							|  |  |  | 			{ | 
					
						
							|  |  |  | 				// Variable is not set
 | 
					
						
							|  |  |  | 				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' env variable is missing (could not be found in $_SERVER array)'); | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 			$username = $_SERVER[GROCY_REVERSE_PROXY_AUTH_HEADER]; | 
					
						
							|  |  |  | 			if (strlen($username) === 0) | 
					
						
							|  |  |  | 			{ | 
					
						
							|  |  |  | 				// Variable is empty
 | 
					
						
							|  |  |  | 				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' env variable is invalid'); | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 		else | 
					
						
							|  |  |  | 		{ | 
					
						
							|  |  |  | 			$username = $request->getHeader(GROCY_REVERSE_PROXY_AUTH_HEADER); | 
					
						
							|  |  |  | 			if (count($username) !== 1) | 
					
						
							|  |  |  | 			{ | 
					
						
							|  |  |  | 				// Invalid configuration of Proxy
 | 
					
						
							|  |  |  | 				throw new \Exception('ReverseProxyAuthMiddleware: ' . GROCY_REVERSE_PROXY_AUTH_HEADER . ' header is missing or invalid'); | 
					
						
							|  |  |  | 			} | 
					
						
							|  |  |  | 			$username = $username[0]; | 
					
						
							| 
									
										
										
										
											2020-08-29 16:41:27 +02:00
										 |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		$user = $db->users()->where('username', $username)->fetch(); | 
					
						
							|  |  |  | 		if ($user == null) | 
					
						
							|  |  |  | 		{ | 
					
						
							|  |  |  | 			$user = UsersService::getInstance()->CreateUser($username, '', '', ''); | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		return $user; | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-10-19 18:38:12 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | 	public static function ProcessLogin(array $postParams) | 
					
						
							|  |  |  | 	{ | 
					
						
							|  |  |  | 		throw new \Exception('Not implemented'); | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2020-08-19 19:23:13 +02:00
										 |  |  | } |