Incoviba/oficial
1
0
Fork 0
Code Issues Pull Requests 2 Releases Wiki Activity

FIX: Auth had all paths starting with slash as valid

Browse Source
This commit is contained in:
Juan Pablo Vial
2024-03-20 20:48:05 -03:00
parent e50d80560c
commit 2ccbc31ae0
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
app/src/Middleware/Authentication.php
View File

@ -20,6 +20,7 @@ class Authentication
public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{ {
$this->logger->critical(var_export([$this->service->isIn(), $this->isValid($request)],true));
if ($this->service->isIn() or $this->isValid($request)) { if ($this->service->isIn() or $this->isValid($request)) {
return $handler->handle($request); return $handler->handle($request);
} }
@ -45,13 +46,15 @@ class Authentication
]); ]);
$valid_paths = [ $valid_paths = [
'/', '/'
'/api'
]; ];
if (in_array($current_path, $valid_paths, true)) { if (in_array($current_path, $valid_paths, true)) {
return true; return true;
} }
foreach ($valid_paths as $path) { $valid_subpaths = [
'/api'
];
foreach ($valid_subpaths as $path) {
if (str_starts_with($current_path, $path)) { if (str_starts_with($current_path, $path)) {
return true; return true;
} }