Added some more handlers with built-in security support

handlers.php

@@ -9,31 +9,108 @@
 namespace webbasics;
 
 require_once 'router.php';
+require_once 'security.php';
 
 abstract class BaseHandler implements RouteHandler {
 	function handleRequest(array $data) {
+		list($method_name, $args) = $this->extractMethodAndArgs($data);
+		
+		return call_user_func_array(array($this, $method_name), $args);
+	}
+	
+	protected function extractMethodAndArgs(array $data) {
 		$request_type = strtolower($_SERVER['REQUEST_METHOD']);
 		
 		// Try to use first match value as method name, e.g. getAction() if
-		// first match value is "action"
+		// first match value is "action" and request method is "GET"
 		if (count($data)) {
 			$method_name = $request_type . camelize($data[0], true);
 			
 			if (method_exists($this, $method_name)) {
+				// getAction() or getAction($data)
 				array_shift($data);
-				
-				if (count($data)) 
-					return $this->$method_name($data);
-				else
-					return $this->$method_name();
+			} else {
+				// get($data) or post($data)
+				$method_name = $request_type;
 			}
-			
-			// get($data) or post($data)
-			return $this->$request_type($data);
+		} else {
+			// get() or post()
+			$method_name = $request_type;
 		}
 		
-		// get() or post()
-		return $this->$request_type();
+		$args = count($data) ? array($data) : array();
+		return array($method_name, $args);
+	}
+}
+
+abstract class AuthenticatedHandler extends BaseHandler {
+	function handleRequest(array $data) {
+		// A user must be logged in
+		self::checkLogin();
+		
+		// Base class will call the corresponding method
+		return parent::handleRequest();
+	}
+	
+	static function checkLogin() {
+		Authentication::getInstance()->requireLogin();
+	}
+}
+
+abstract class TokenizedHandler extends BaseHandler {
+	const TOKEN_NAME = 'auth_token';
+	
+	function handleRequest(array $data) {
+		// Token must exist and have the right value
+		self::checkToken();
+		
+		// Base class will call the corresponding method
+		return parent::handleRequest();
+	}
+	
+	static function checkToken() {
+		if (!isset($_REQUEST[self::TOKEN_NAME]))
+			throw new AuthenticationError('token missing in request data');
+		
+		Authentication::getInstance()->requireToken($_REQUEST[self::TOKEN_NAME]);
+	}
+}
+
+abstract class AuthorizedHandler extends BaseHandler {
+	function handleRequest(array $data) {
+		// A user must be logged in
+		AuthenticatedHandler::checkLogin();
+		
+		// The user must have access to the called method
+		list($method_name, $args) = $this->extractMethodAndArgs($data);
+		$role = $this->determineRequiredRole($method_name, $args);
+		Authentication::getInstance()->requireUserRole($role);
+		
+		// Base class will call the corresponding method
+		return parent::handleRequest();
+	}
+	
+	abstract function getRequiredRole($method_name, array $args);
+}
+
+abstract class TokenizedAuthenticatedHandler extends TokenizedHandler {
+	function handleRequest(array $data) {
+		// A user must be logged in
+		AuthenticatedHandler::checkLogin();
+		
+		// Parent class will check the token
+		return parent::handleRequest();
+	}
+}
+
+abstract class TokenizedAuthorizedHandler extends AuthorizedHandler {
+	function handleRequest(array $data) {
+		// Token must exist and have the right value
+		TokenizedHandler::checkToken();
+		
+		// Parent class will verify that a user is logged in and has access to
+		// the called method
+		return parent::handleRequest($data);
 	}
 }