Documentation

AuthMiddleware
in package
implements MiddlewareInterface

Middleware that requires user authentication.

Checks for:

  1. Session-based authentication (LWT_USER_ID in $_SESSION)
  2. API token authentication (Authorization: Bearer header)

If neither is valid, redirects to login page (web) or returns 401 (API).

Tags
category

Lwt

author

HugoFara hugo.farajallah@protonmail.com

license

Unlicense http://unlicense.org/

link
https://hugofara.github.io/lwt/docs/php/
since
3.0.0

Table of Contents

Interfaces

MiddlewareInterface
Interface for route middleware.

Properties

$userFacade  : UserFacade
User facade instance.

Methods

__construct()  : mixed
Create a new AuthMiddleware.
handle()  : bool
Handle the incoming request.
extractBearerToken()  : string|null
Extract Bearer token from Authorization header.
handleUnauthenticated()  : void
Handle unauthenticated request.
isApiRequest()  : bool
Check if the request is an API request.
redirectToLogin()  : never
Redirect to login page.
sendUnauthorizedResponse()  : never
Send 401 Unauthorized JSON response.
validateApiToken()  : bool
Validate API token authentication.
validateSession()  : bool
Validate session-based authentication.

Properties

Methods

__construct()

Create a new AuthMiddleware.

public __construct([UserFacade|null $userFacade = null ]) : mixed
Parameters
$userFacade : UserFacade|null = null

Optional user facade instance

Tags
psalm-suppress

PossiblyUnusedMethod - Public API for middleware instantiation

handle()

Handle the incoming request.

public handle() : bool

Checks for valid authentication via session or API token. On failure:

  • For API requests: returns 401 JSON response
  • For web requests: redirects to /login
Return values
bool

True if authenticated, false if halted

extractBearerToken()

Extract Bearer token from Authorization header.

private extractBearerToken() : string|null
Return values
string|null

The token or null if not present

handleUnauthenticated()

Handle unauthenticated request.

private handleUnauthenticated() : void

For API requests: return 401 JSON response For web requests: redirect to login page

isApiRequest()

Check if the request is an API request.

private isApiRequest() : bool
Return values
bool

True if this is an API request

redirectToLogin()

Redirect to login page.

private redirectToLogin() : never

Stores the current URL for redirect after login.

Return values
never

sendUnauthorizedResponse()

Send 401 Unauthorized JSON response.

private sendUnauthorizedResponse() : never
Return values
never

validateApiToken()

Validate API token authentication.

private validateApiToken() : bool

Looks for Bearer token in Authorization header.

Return values
bool

True if token is valid

validateSession()

Validate session-based authentication.

private validateSession() : bool
Return values
bool

True if session is valid


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results