ApiAuthorizationMiddleware.inc.php

<?php
 
class ApiAuthorizationMiddleware {
 
   protected $_handler = null;
 
   public function __construct(APIHandler $handler) {
      $this->_handler = $handler;
   }
 
   protected function _authorize($slimRequest) {
      // share SlimRequest with Handler
      $this->_handler->setSlimRequest($slimRequest);
      $request = $this->_handler->getRequest();
      $args = array($slimRequest);
      if (!$slimRequest->getAttribute('route')) {
         return $request->getRouter()->handleAuthorizationFailure($request, 'api.404.endpointNotFound');
      } elseif ($this->_handler->authorize($request, $args, $this->_handler->getRoleAssignments())) {
         $this->_handler->validate($request, $args);
         $this->_handler->initialize($request, $args);
         return true;
      } else {
         AppLocale::requireComponents(LOCALE_COMPONENT_PKP_API, LOCALE_COMPONENT_APP_API);
         $authorizationMessage = $this->_handler->getLastAuthorizationMessage();
         if ($authorizationMessage == '') $authorizationMessage = 'api.403.unauthorized';
         $router = $request->getRouter();
         $result = $router->handleAuthorizationFailure($request, $authorizationMessage);
         switch(1) {
            case is_string($result): return $result;
            case is_a($result, 'JSONMessage'): return $result->getString();
            default:
               assert(false);
               return null;
         }
      }
   }
 
   public function __invoke($request, $response, $next) {
      $result = $this->_authorize($request);
      if ($result !== true) {
         return $result;
      }
 
      $response = $next($request, $response);
      return $response;
   }
}