<?php
-
namespace Shaarli\Api;
use Shaarli\Api\Exceptions\ApiException;
use Shaarli\Api\Exceptions\ApiAuthorizationException;
+
+use Shaarli\Config\ConfigManager;
use Slim\Container;
use Slim\Http\Request;
use Slim\Http\Response;
protected $container;
/**
- * @var \ConfigManager instance.
+ * @var ConfigManager instance.
*/
protected $conf;
try {
$this->checkRequest($request);
$response = $next($request, $response);
- } catch(ApiException $e) {
+ } catch (ApiException $e) {
$e->setResponse($response);
$e->setDebug($this->conf->get('dev.debug', false));
$response = $e->getApiResponse();
*
* @throws ApiAuthorizationException The token couldn't be validated.
*/
- protected function checkToken($request) {
- $jwt = $request->getHeaderLine('jwt');
- if (empty($jwt)) {
+ protected function checkToken($request)
+ {
+ if (! $request->hasHeader('Authorization')) {
throw new ApiAuthorizationException('JWT token not provided');
}
throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
}
- ApiUtils::validateJwtToken($jwt, $this->conf->get('api.secret'));
+ $authorization = $request->getHeaderLine('Authorization');
+
+ if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
+ throw new ApiAuthorizationException('Invalid JWT header');
+ }
+
+ ApiUtils::validateJwtToken($matches[1], $this->conf->get('api.secret'));
}
/**
*
* FIXME! LinkDB could use a refactoring to avoid this trick.
*
- * @param \ConfigManager $conf instance.
+ * @param ConfigManager $conf instance.
*/
protected function setLinkDb($conf)
{
projects / github / shaarli / Shaarli.git / blobdiff