From 2ccbc31ae04001198250cbf23979e4bea4a23082 Mon Sep 17 00:00:00 2001
From: Juan Pablo Vial <jpvialb@incoviba.cl>
Date: Wed, 20 Mar 2024 20:48:05 -0300
Subject: [PATCH] FIX: Auth had all paths starting with slash as valid

---
 app/src/Middleware/Authentication.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/src/Middleware/Authentication.php b/app/src/Middleware/Authentication.php
index 6e5e6a7..3ac21b5 100644
--- a/app/src/Middleware/Authentication.php
+++ b/app/src/Middleware/Authentication.php
@@ -20,6 +20,7 @@ class Authentication
 
     public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
     {
+        $this->logger->critical(var_export([$this->service->isIn(), $this->isValid($request)],true));
         if ($this->service->isIn() or $this->isValid($request)) {
             return $handler->handle($request);
         }
@@ -45,13 +46,15 @@ class Authentication
         ]);
 
         $valid_paths = [
-            '/',
-            '/api'
+            '/'
         ];
         if (in_array($current_path, $valid_paths, true)) {
             return true;
         }
-        foreach ($valid_paths as $path) {
+        $valid_subpaths = [
+            '/api'
+        ];
+        foreach ($valid_subpaths as $path) {
             if (str_starts_with($current_path, $path)) {
                 return true;
             }