48 lines
1.5 KiB
PHP
48 lines
1.5 KiB
PHP
<?php
|
|
|
|
namespace App\Filters;
|
|
|
|
use CodeIgniter\Filters\FilterInterface;
|
|
use CodeIgniter\HTTP\RequestInterface;
|
|
use CodeIgniter\HTTP\ResponseInterface;
|
|
|
|
/**
|
|
* MobileStudentFacePhotoFilter
|
|
*
|
|
* Melindungi endpoint foto wajah siswa:
|
|
* - Wajib ada header X-Student-Id
|
|
* - Nilai header harus sama dengan query student_id
|
|
*
|
|
* Catatan: ini lapisan keamanan tambahan di atas kontrol app mobile.
|
|
* Untuk produksi bisa dikembangkan ke token-based auth khusus mobile.
|
|
*/
|
|
class MobileStudentFacePhotoFilter implements FilterInterface
|
|
{
|
|
public function before(RequestInterface $request, $arguments = null)
|
|
{
|
|
// RequestInterface di runtime adalah IncomingRequest yang mendukung getGet(),
|
|
// namun untuk hint static gunakan service('request') sebagai sumber query.
|
|
$ciRequest = service('request');
|
|
$studentIdParam = (int) ($ciRequest->getGet('student_id') ?? 0);
|
|
$headerId = (int) ($request->getHeaderLine('X-Student-Id') ?: 0);
|
|
|
|
if ($studentIdParam < 1 || $headerId < 1 || $studentIdParam !== $headerId) {
|
|
$response = service('response');
|
|
return $response
|
|
->setStatusCode(403)
|
|
->setJSON([
|
|
'success' => false,
|
|
'message' => 'Forbidden: student_id tidak cocok dengan identitas mobile.',
|
|
]);
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
public function after(RequestInterface $request, ResponseInterface $response, $arguments = null)
|
|
{
|
|
return $response;
|
|
}
|
|
}
|
|
|