HttpAuthentication.php at 0a360f7 ⋅ terrylinooo/shieldon

<?php
/**
 * This file is part of the Shieldon package.
 *
 * (c) Terry L. <contact@terryl.in>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 * 
 * php version 7.1.0
 * 
 * @category  Web-security
 * @package   Shieldon
 * @author    Terry Lin <contact@terryl.in>
 * @copyright 2019 terrylinooo
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
 * @link      https://github.com/terrylinooo/shieldon
 * @see       https://shieldon.io
 */

declare(strict_types=1);

namespace Shieldon\Firewall\Middleware;

use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Shieldon\Psr7\Response;
use InvalidArgumentException;
use function array_column;
use function count;
use function password_verify;
use function strpos;

/**
 * A PSR-15 middleware that provides WWW-Authenticate protection.
 */
class HttpAuthentication implements MiddlewareInterface
{
    /**
     * 401 - Unauthorized.
     *
     * @var int
     */
    const HTTP_STATUS_CODE = 401;

    /**
     * The URL list that you want to protect.
     *
     * @var array
     */
    protected $list = [
        [
            // Begin-with URL 
            'url' => '/wp-amdin', 

            // Username
            'user' => 'wp_shieldon_user',

            // Password encrypted by `password_hash()` function.
            // In this case, the uncrypted string is `wp_shieldon_pass`.
            'pass' => '$2y$10$eA/S6rH3JDkYV9nrrUvuMOTh8Q/ts33DdCerbNAUpdwtSl3Xq9cQq'  
        ]
    ];

    /**
     * The text displays on prompted window.
     * Most modern browsers won't show this anymore. You can ignore that.
     *
     * @var string
     */
    protected $realm;

    /**
     * Constructor.
     * 
     * @param array  $list  The list that want to be protected.
     * @param string $realm The welcome message.
     *
     * @return void
     */
    public function __construct(array $list = [], string $realm = 'Welcome to area 51.')
    {
        $this->set($list);
        $this->realm = $realm;
    }

    /**
     * Invoker.
     *
     * @param ServerRequestInterface  $request The PSR-7 server request.
     * @param RequestHandlerInterface $handler The PSR-15 request handler.
     *
     * @return ResponseInterface
     */
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        $currentUrl = $request->getUri()->getPath();
        $serverParams = $request->getServerParams();

        foreach ($this->list as $urlInfo) {

            // If we have set the protection for current URL.
            if (0 === strpos($currentUrl, $urlInfo['url'])) {

                // Prompt a window to ask for username and password.
                if (
                    !isset($serverParams['PHP_AUTH_USER']) ||
                    !isset($serverParams['PHP_AUTH_PW'])
                ) {
                    $authenticate = 'Basic realm="' . $this->realm . '"';
                    return (new Response)
                        ->withStatus(self::HTTP_STATUS_CODE)
                        ->withHeader('WWW-Authenticate', $authenticate);
                }

                // Identify the username and password for current URL.
                if (
                    $urlInfo['user'] !== $serverParams['PHP_AUTH_USER'] ||
                    !password_verify($serverParams['PHP_AUTH_PW'], $urlInfo['pass'])
                ) {
                    unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
                    return (new Response)->withStatus(self::HTTP_STATUS_CODE);
                }
            }
        }

        return $handler->handle($request);
    }

    /**
     * Set up the URL list that you want to protect.
     * 
     * @param array $list The URL list want to be protected.
     *
     * @return void
     */
    public function set(array $list = []): void
    {
        if (!empty($list)) {
            $count = count($list);
            $urlCount = count(array_column($list, 'url'));
            $userCount = count(array_column($list, 'user'));
            $passCount = count(array_column($list, 'pass'));

            if (
                $count !== $urlCount || 
                $count !== $userCount || 
                $count !== $passCount
            ) {
                throw new InvalidArgumentException(
                    'The columns in the array should be fit the specification. '
                );
            }

            $this->list = $list;
        }
    }
}

Read our documentation on viewing source code .

1		<?php
2		/**
3		* This file is part of the Shieldon package.
4		*
5		* (c) Terry L. <contact@terryl.in>
6		*
7		* For the full copyright and license information, please view the LICENSE
8		* file that was distributed with this source code.
9		*
10		* php version 7.1.0
11		*
12		* @category Web-security
13		* @package Shieldon
14		* @author Terry Lin <contact@terryl.in>
15		* @copyright 2019 terrylinooo
16		* @license https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17		* @link https://github.com/terrylinooo/shieldon
18		* @see https://shieldon.io
19		*/
20
21		declare(strict_types=1);
22
23		namespace Shieldon\Firewall\Middleware;
24
25		use Psr\Http\Message\ResponseInterface;
26		use Psr\Http\Message\ServerRequestInterface;
27		use Psr\Http\Server\MiddlewareInterface;
28		use Psr\Http\Server\RequestHandlerInterface;
29		use Shieldon\Psr7\Response;
30		use InvalidArgumentException;
31		use function array_column;
32		use function count;
33		use function password_verify;
34		use function strpos;
35
36		/**
37		* A PSR-15 middleware that provides WWW-Authenticate protection.
38		*/
39		class HttpAuthentication implements MiddlewareInterface
40		{
41		/**
42		* 401 - Unauthorized.
43		*
44		* @var int
45		*/
46		const HTTP_STATUS_CODE = 401;
47
48		/**
49		* The URL list that you want to protect.
50		*
51		* @var array
52		*/
53		protected $list = [
54		[
55		// Begin-with URL
56		'url' => '/wp-amdin',
57
58		// Username
59		'user' => 'wp_shieldon_user',
60
61		// Password encrypted by `password_hash()` function.
62		// In this case, the uncrypted string is `wp_shieldon_pass`.
63		'pass' => '$2y$10$eA/S6rH3JDkYV9nrrUvuMOTh8Q/ts33DdCerbNAUpdwtSl3Xq9cQq'
64		]
65		];
66
67		/**
68		* The text displays on prompted window.
69		* Most modern browsers won't show this anymore. You can ignore that.
70		*
71		* @var string
72		*/
73		protected $realm;
74
75		/**
76		* Constructor.
77		*
78		* @param array $list The list that want to be protected.
79		* @param string $realm The welcome message.
80		*
81		* @return void
82		*/
83	3	public function __construct(array $list = [], string $realm = 'Welcome to area 51.')
84		{
85	3	$this->set($list);
86	3	$this->realm = $realm;
87		}
88
89		/**
90		* Invoker.
91		*
92		* @param ServerRequestInterface $request The PSR-7 server request.
93		* @param RequestHandlerInterface $handler The PSR-15 request handler.
94		*
95		* @return ResponseInterface
96		*/
97	3	public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
98		{
99	3	$currentUrl = $request->getUri()->getPath();
100	3	$serverParams = $request->getServerParams();
101
102	3	foreach ($this->list as $urlInfo) {
103
104		// If we have set the protection for current URL.
105	3	if (0 === strpos($currentUrl, $urlInfo['url'])) {
106
107		// Prompt a window to ask for username and password.
108		if (
109	3	!isset($serverParams['PHP_AUTH_USER']) \|\|
110	3	!isset($serverParams['PHP_AUTH_PW'])
111		) {
112	3	$authenticate = 'Basic realm="' . $this->realm . '"';
113	3	return (new Response)
114	3	->withStatus(self::HTTP_STATUS_CODE)
115	3	->withHeader('WWW-Authenticate', $authenticate);
116		}
117
118		// Identify the username and password for current URL.
119		if (
120	3	$urlInfo['user'] !== $serverParams['PHP_AUTH_USER'] \|\|
121	3	!password_verify($serverParams['PHP_AUTH_PW'], $urlInfo['pass'])
122		) {
123	3	unset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
124	3	return (new Response)->withStatus(self::HTTP_STATUS_CODE);
125		}
126		}
127		}
128
129	3	return $handler->handle($request);
130		}
131
132		/**
133		* Set up the URL list that you want to protect.
134		*
135		* @param array $list The URL list want to be protected.
136		*
137		* @return void
138		*/
139	3	public function set(array $list = []): void
140		{
141	3	if (!empty($list)) {
142	3	$count = count($list);
143	3	$urlCount = count(array_column($list, 'url'));
144	3	$userCount = count(array_column($list, 'user'));
145	3	$passCount = count(array_column($list, 'pass'));
146
147		if (
148	3	$count !== $urlCount \|\|
149	3	$count !== $userCount \|\|
150	3	$count !== $passCount
151		) {
152	3	throw new InvalidArgumentException(
153	3	'The columns in the array should be fit the specification. '
154		);
155		}
156
157	3	$this->list = $list;
158		}
159		}
160		}

Navigation	Overlay
`t` Navigate files	`h` Toggle hits
`y` Change url to tip of branch	`m` Toggle misses
`b / v` Jump to prev/next hit line	`p` Toggle partial
`z / x` Jump to prev/next missed or partial line	`1..9` Toggle flags
`shift + o` Open current page in GitHub	`a` Toggle all on
`/ or ?` Show keyboard shortcuts dialog	`c` Toggle context lines or commits