Search code examples
phpzend-frameworklaminas-api-tools

Check if my GET request has Header: Token

I want to send a request with or without 'Token' as a header.

  • If request has 'Token' as a header: if the user already has that item, it will return the item with the proper item_id of a specific user (based on its token), otherwise it will return null.

  • If request doesn't have 'Token' as a header: it will return the item with that item_id

I'm working with Zend Framework and in ItemResource I have this method:

public function fetch($id)
    {
}

How can I check if my request has Token as a header or not and implement both cases inside fetch()?

Solution

  • Using Laminas API Tools it depends on wether you 're using a RPC or a REST resource. I will explain which tools the Laminas API Tools give you to evaluate the received header data.

    You don 't have to reinvent the wheel, because Laminas API Tools has the received headers already at hand, when you 're in your fetch method.

    Representational State Transfer (REST)

    Rest resources normally extend the \Laminas\ApiTools\Rest\AbstractResourceListener class. This class listens for \Laminas\ApiTools\Rest\ResourceEvent. Fortunately, this event provides you with a request object that also contains the received header data.

    <?php
declare(strict_types=1);
namespace Marcel\V1\Rest\Example;

use Laminas\ApiTools\Rest\AbstractResourceListener;

class ExampleResource extends AbstractResourceListener
{
    public function fetch($id)
    {
        // requesting for an authorization header
        $token = $this->getEvent()->getRequest()->getHeader('Authorization', null);
    
        if ($token === null) {
            // header was not received
        }
    }
}

    As you can see the ResourceEvent returns a \Laminas\Http\Request instance when calling getRequest(). The request instance already contains all request headers you 've received. Just call getHeader with the given name and as second parameter a default value, which should be returned, when the header was not set. If there is no http_token header, you 'll get null as a result.

    Remote Procedure Calls (RPC)

    Since RPC requests are handled with a MVC controller class, you can get the request as easy as in a rest resource. Controller classes extend from \Laminas\Mvc\Controller\AbstractActionController, which already contains a request instance.

    <?php
declare(strict_types=1);
namespace Marcel\V1\Rpc\Example;

use Laminas\Mvc\Controller\AbstractActionController;

class ExampleController extends AbstractActionController
{
    public function exampleAction()
    {
        $token = $this->getRequest()->getHeader('Authorization', null);
        
        if ($token === null) {
            // token was not set
        }
    }
}

    As you can see getting header data in rpc requests is as easy as in resource listeners. The procedure is the same because a request instance is also used here.

    Conclusion

    There is absolutely no need for coding things, that are already there. Just get the request instance from the event or the abstract controller and retrieve the header you want. Always keep in mind, that there are security aspects like CRLF injections, when dealing with raw data. The Laminas framework handles all this for you already.

    Additionally you can check for all received headers by calling ->getHeaders() instead of ->getHeader($name, $default). You 'll get a \Laminas\Http\Header instance with all received headers.