-
Notifications
You must be signed in to change notification settings - Fork 1
/
routes.php
68 lines (56 loc) · 2.74 KB
/
routes.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
<?php
declare(strict_types=1);
use BigGive\Identity\Application\Actions\ChangePasswordUsingToken;
use BigGive\Identity\Application\Actions\CreatePasswordResetToken;
use BigGive\Identity\Application\Actions\GetDonationFundsTransferInstructions;
use BigGive\Identity\Application\Actions\GetPasswordResetToken;
use BigGive\Identity\Application\Actions\Login;
use BigGive\Identity\Application\Actions\Person;
use BigGive\Identity\Application\Actions\Status;
use BigGive\Identity\Application\Middleware\CredentialsCaptchaMiddleware;
use BigGive\Identity\Application\Middleware\PersonGetAuthMiddleware;
use BigGive\Identity\Application\Middleware\PersonPatchAuthMiddleware;
use BigGive\Identity\Application\Middleware\PersonCaptchaMiddleware;
use BigGive\Identity\Application\Middleware\PlainCaptchaMiddleware;
use LosMiddleware\RateLimit\RateLimitMiddleware;
use Middlewares\ClientIp;
use Psr\Http\Message\RequestInterface;
use Psr\Http\Message\ResponseInterface;
use Slim\App;
use Slim\Interfaces\RouteCollectorProxyInterface as Group;
return function (App $app) {
$app->get('/ping', Status::class);
// Provides real IP for logging etc.
$ipMiddleware = getenv('APP_ENV') === 'local'
? new ClientIp()
: (new ClientIp())->proxy([], ['X-Forwarded-For']);
$app->group('/v1', function (Group $versionGroup) {
$versionGroup->post('/people', Person\Create::class)
->add(PersonCaptchaMiddleware::class); // Runs last, after group's IP + rate limit middlewares.
$versionGroup->put('/people/{personId:[a-z0-9-]{36}}', Person\Update::class)
->add(PersonPatchAuthMiddleware::class);
$versionGroup->group('/people/{personId:[a-z0-9-]{36}}', function (Group $personGetGroup) {
$personGetGroup->get('', Person\Get::class);
$personGetGroup->get('/funding_instructions', GetDonationFundsTransferInstructions::class);
})
->add(PersonGetAuthMiddleware::class);
$versionGroup->post('/auth', Login::class)
->add(CredentialsCaptchaMiddleware::class); // Runs last, after group's IP + rate limit middlewares.
$versionGroup->post(
'/password-reset-token',
CreatePasswordResetToken::class
)
->add(PlainCaptchaMiddleware::class)
;
$versionGroup->get('/password-reset-token/{base58Secret:[A-Za-z0-9-]{22}}', GetPasswordResetToken::class);
$versionGroup->post('/change-forgotten-password', ChangePasswordUsingToken::class)
;
})
->add($ipMiddleware)
->add(RateLimitMiddleware::class);
// CORS Pre-Flight OPTIONS Request Handler
$app->options(
'/{routes:.+}',
fn(RequestInterface $request, ResponseInterface $response, array $_args) => $response
);
};