mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-06-26 14:39:25 +02:00
8c15e451c6
This shaves about 45ms from every request (PHP 7.1 on a 2013 rMBP), cutting down execution time of a “hello world” controller by about 33%. database_is_ready is still used in dev/build and ?flush=1 to stop people from people bypassing security by DOSing the database or otherwise forcing a DatabaseException
64 lines
1.6 KiB
PHP
64 lines
1.6 KiB
PHP
<?php
|
|
|
|
namespace SilverStripe\Security;
|
|
|
|
use SilverStripe\Control\HTTPRequest;
|
|
use SilverStripe\Control\HTTPResponse;
|
|
use SilverStripe\Control\Middleware\HTTPMiddleware;
|
|
use SilverStripe\Core\Config\Configurable;
|
|
use SilverStripe\ORM\ValidationException;
|
|
use SilverStripe\ORM\Connect\DatabaseException;
|
|
|
|
class AuthenticationMiddleware implements HTTPMiddleware
|
|
{
|
|
use Configurable;
|
|
|
|
/**
|
|
* @var AuthenticationHandler
|
|
*/
|
|
protected $authenticationHandler;
|
|
|
|
/**
|
|
* @return AuthenticationHandler
|
|
*/
|
|
public function getAuthenticationHandler()
|
|
{
|
|
return $this->authenticationHandler;
|
|
}
|
|
|
|
/**
|
|
* @param AuthenticationHandler $authenticationHandler
|
|
* @return $this
|
|
*/
|
|
public function setAuthenticationHandler(AuthenticationHandler $authenticationHandler)
|
|
{
|
|
$this->authenticationHandler = $authenticationHandler;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Identify the current user from the request
|
|
*
|
|
* @param HTTPRequest $request
|
|
* @param callable $delegate
|
|
* @return HTTPResponse
|
|
*/
|
|
public function process(HTTPRequest $request, callable $delegate)
|
|
{
|
|
try {
|
|
$this
|
|
->getAuthenticationHandler()
|
|
->authenticateRequest($request);
|
|
} catch (ValidationException $e) {
|
|
return new HTTPResponse(
|
|
"Bad log-in details: " . $e->getMessage(),
|
|
400
|
|
);
|
|
} catch (DatabaseException $e) {
|
|
// Database isn't ready, carry on.
|
|
}
|
|
|
|
return $delegate($request);
|
|
}
|
|
}
|