Added dbAuth middleware

mevdschee · mevdschee · commit 4e0ab9ac42ac · 2019-07-11T02:38:48.000+02:00
diff --git a/api.php b/api.php
@@ -5235,8 +5235,14 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
             $passwordColumnName = $this->getProperty('passwordColumn', 'password');
             $passwordColumn = $table->getColumn($passwordColumnName);
             $condition = new ColumnCondition($usernameColumn, 'eq', $username);
-            $columnNames = $table->getColumnNames();
-            $users = $this->db->selectAll($table, $columnNames, $condition, [], 0, -1);
+            $returnedColumns = $this->getProperty('returnedColumns', '');
+            if (!$returnedColumns) {
+                $columnNames = $table->getColumnNames();
+            } else {
+                $columnNames = array_map('trim', explode(',', $returnedColumns));
+                $columnNames[] = $passwordColumnName;
+            }
+            $users = $this->db->selectAll($table, $columnNames, $condition, [], 0, 1);
             foreach ($users as $user) {
                 if (password_verify($password, $user[$passwordColumnName]) == 1) {
                     if (!headers_sent()) {
@@ -5253,7 +5259,9 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
             if (isset($_SESSION['user'])) {
                 $user = $_SESSION['user'];
                 unset($_SESSION['user']);
-                session_destroy();
+                if (session_status() != PHP_SESSION_NONE) {
+                    session_destroy();
+                }
                 return $this->responder->success($user);
             }
             return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');
diff --git a/src/index.php b/src/index.php
@@ -10,10 +10,6 @@
     'username' => 'php-crud-api',
     'password' => 'php-crud-api',
     'database' => 'php-crud-api',
-    'middlewares' => 'dbAuth,authorization',
-    'authorization.tableHandler' => function ($operation, $tableName) {
-        return $tableName != 'users';
-    },
 ]);
 $request = RequestFactory::fromGlobals();
 $api = new Api($config);
