From e3b98b2d678aec7fa2078f1060bc0412c9044330 Mon Sep 17 00:00:00 2001
From: Awilum <awilum@msn.com>
Date: Thu, 2 Jan 2020 22:21:06 +0300
Subject: [PATCH] feat(core): add validate_auth_token() for api #159

---
 flextype/routes/api.php | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/flextype/routes/api.php b/flextype/routes/api.php
index db19cc96..c83f12a9 100644
--- a/flextype/routes/api.php
+++ b/flextype/routes/api.php
@@ -12,18 +12,26 @@ namespace Flextype;
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 
+/**
+ * Validate auth token
+ */
+function validate_auth_token($request, $flextype) : bool
+{
+    return isset($request->getQueryParams()['auth_token']) && $request->getQueryParams()['auth_token'] == $flextype->registry->get('settings.auth_token') ? true : false;
+}
+
 $app->get('/api/entries', function (Request $request, Response $response, array $args) use ($flextype) {
 
     // Get Query Params
     $query = $request->getQueryParams();
 
-    // 
-    if (!isset($query['auth_token'])) {
-        return $response->withJson(["detail" => "Incorrect authentication credentials."]);
+    // Validate auth token
+    if (!validate_auth_token($request, $flextype)) {
+        return $response->withJson(["detail" => "Incorrect authentication credentials."], 404);
     }
 
     // Response data
-    $data = [];
+    $data = ['s'];
 
     // Return response
     return $response->withJson($data);