Authenticate on fat free framework with basic http authentication, how?

Question

I have two one question about the Fat Free Framework.

First of all, how can i use multiple parameters(tokens in fat free framework) in a GET request? Or, is there only 1 token possible per REST GET request, and should one handle additional arguments as a regular GET request, for example:

domain/rest/somedata/5231?param1=value1&param2=value2

where the ?param1=value1&param2=value2 should be 'manually' parsed, not by a framework?

Is it at all possible to build a RESTful API with Fat Free Framework and also have some area's or routes needing authentication? if so, how?

I just stumbled upon this related question: REST API Best practices: Where to put parameters?

[edit]: i've found out that it is indeed possible to have authentication with fat free framework using several methods. However, they seem not very well documented (at least not on their github wiki).

[edit2] Since it's only very basic authentication, for now i'm using this:

function beforeRoute($f3,$params) {
    $url = $params[0];
    $parsed_key = parse_str(parse_url($url, PHP_URL_QUERY));

    if (isset($apikey)){
        // check if apikey is in database
        $authenticated = false;
        foreach(R::find('apikey') as $key_bean) {
            if($key_bean->key == $apikey) {
                $authenticated = true;
                break;
            }
        }
        if($authenticated == false) $f3->error(403);
    } else {
        $f3->error(403);
    }
}

I'm looking for documentation on the basic http authentication method!

Answer 1

The auth class always authenticates you against a mapper. Feel free to use F3's Jig, Mongo or SQL.

$db = new DB\SQL('mysql:host=localhost;dbname=mydb', 'dbuser', '1234');
$mapper = new DB\SQL\Mapper($db, 'users');    
$auth = new Auth($mapper, array('id'=>'username','pw'=>'password'));

if($auth->basic())
    return true;

password and username are field names in the database. id and pw are internal used by the auth class. I recommend checking the auth class code and the unit tests in the dev branch on Github.

Answer 2

An simple example would be something like...

---

Username: admin, Password: 123

// Create users table using Jig.
$db = new \DB\Jig('data/');
$users = array(
    0 => array('username' => 'admin', 'password' => '202cb962ac59075b964b07152d234b70'),
);
$db->write('users', $users);

$db_mapper = new \DB\Jig\Mapper($db, 'users');
$auth = new \Auth($db_mapper, array('id' => 'username', 'pw' => 'password'));

// Callback function because of md5 stored password.
function chkauth($pw) {    
    return md5($pw);
}

$auth->basic('chkauth');