add auth based on apiKey middleware (#38)

src/SAREhub/Microt/App/Auth/ApiKey/ApiKeyAuthContainerConfigurator.php

@@ -0,0 +1,19 @@
+<?php
+
+
+namespace SAREhub\Microt\App\Auth\ApiKey;
+
+
+use DI\ContainerBuilder;
+use SAREhub\Microt\App\ContainerConfigurator;
+use function DI\factory;
+
+class ApiKeyAuthContainerConfigurator implements ContainerConfigurator
+{
+    public function configure(ContainerBuilder $builder)
+    {
+        $builder->addDefinitions([
+            ApiKeyAuthMiddleware::class => factory(ApiKeyAuthMiddlewareProvider::class)
+        ]);
+    }
+}

src/SAREhub/Microt/App/Auth/ApiKey/ApiKeyAuthMiddleware.php

@@ -0,0 +1,41 @@
+<?php
+
+
+namespace SAREhub\Microt\App\Auth\ApiKey;
+
+
+use SAREhub\Microt\App\Middleware\MiddlewareInjector;
+use SAREhub\Microt\Util\JsonResponse;
+use Slim\App;
+use Slim\Http\Request;
+use Slim\Http\Response;
+
+class ApiKeyAuthMiddleware implements MiddlewareInjector
+{
+    const QP_APIKEY = "apiKey";
+
+    /**
+     * @var string
+     */
+    private $apiKey;
+
+    public function __construct(string $apiKey)
+    {
+        $this->apiKey = $apiKey;
+    }
+
+    public function injectTo(App $app)
+    {
+        $app->add($this);
+    }
+
+    public function __invoke(Request $request, Response $response, callable $next)
+    {
+        if ($request->getQueryParam(self::QP_APIKEY, "") !== $this->apiKey) {
+            return JsonResponse::wrap($response)->error("Invalid apiKey", [], 401);
+        }
+        $next($request, $response);
+    }
+
+
+}

src/SAREhub/Microt/App/Auth/ApiKey/ApiKeyAuthMiddlewareProvider.php

@@ -0,0 +1,30 @@
+<?php
+
+
+namespace SAREhub\Microt\App\Auth\ApiKey;
+
+
+use SAREhub\Commons\Misc\EnvironmentHelper;
+use SAREhub\Commons\Misc\InvokableProvider;
+use SAREhub\Commons\Secret\SecretValueProvider;
+
+class ApiKeyAuthMiddlewareProvider extends InvokableProvider
+{
+    const ENV_API_KEY_SECRET = "API_AUTH_APIKEY";
+
+    /**
+     * @var SecretValueProvider
+     */
+    private $secretValueProvider;
+
+    public function __construct(SecretValueProvider $secretValueProvider)
+    {
+        $this->secretValueProvider = $secretValueProvider;
+    }
+
+    public function get()
+    {
+        $secretName = EnvironmentHelper::getRequiredVar(self::ENV_API_KEY_SECRET);
+        return new ApiKeyAuthMiddleware($this->secretValueProvider->get($secretName));
+    }
+}

tests/unit/SAREhub/Microt/App/Auth/ApiKey/ApiKeyAuthMiddlewareTest.php

@@ -0,0 +1,54 @@
+<?php
+
+namespace SAREhub\Microt\App\Auth\ApiKey;
+
+use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration;
+use PHPUnit\Framework\TestCase;
+use SAREhub\Commons\Test\CallableMock;
+use SAREhub\Microt\Test\App\HttpHelper;
+
+class ApiKeyAuthMiddlewareTest extends TestCase
+{
+    use MockeryPHPUnitIntegration;
+
+    private $apiKey;
+
+    /**
+     * @var ApiKeyAuthMiddleware
+     */
+    private $middleware;
+
+    protected function setUp()
+    {
+        $this->apiKey = "test_api_key";
+        $this->middleware = new ApiKeyAuthMiddleware($this->apiKey);
+    }
+
+    public function testInvokeWhenPassed()
+    {
+        $request = HttpHelper::requestWithQuery([
+            ApiKeyAuthMiddleware::QP_APIKEY => $this->apiKey
+        ]);
+        $response = HttpHelper::response();
+        $next = CallableMock::create();
+
+        $next->expects("__invoke")->with($request, $response);
+
+        ($this->middleware)($request, $response, $next);
+    }
+
+    public function testInvokeWhenNotPassed()
+    {
+        $request = HttpHelper::requestWithQuery([
+            ApiKeyAuthMiddleware::QP_APIKEY => "invalid_api_key"
+        ]);
+        $response = HttpHelper::response();
+        $next = CallableMock::create();
+
+        $next->expects("__invoke")->never();
+
+        $response = ($this->middleware)($request, $response, $next);
+
+        $this->assertEquals(401, $response->getStatusCode());
+    }
+}