We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Validate a session in a subdomain-hosted microframework based phalcon app

Hi, phalconers!

I need some help with the design of my phalcon app. Until now I got working a simple MVC app, and now I'm writing a small microframework, since my app needs to use an internal REST API.

The point is that my microframework-based app needs to be used based on the ACL specivied in the MVC app (which code is largely inspired from vokuro), - some of the API needs to be public, some - private, and there are also a couple to be used only by a certain group of users.

How do I achieve this result? I thought about some kind of an API key based on JWT, or OAuth2.0, - but how do I integrate that in phalcon? Also, I stated that I'm separating my app in 2 concerns - MVC and REST API, but is that really the desired approach? Maybe, I could simply merge them somehow?

tl;dr: some paths need to show a view, some need to return only a JSON, but all need authentication and session control. How should I proceed?



145.0k
Accepted
answer
edited Jul '16

You can just create rest controllers in MVC which will return just json, no need to create micro aplication and rest api. If you have already done what are you tlaking like ACL etc in mvc application then there is no reason to create same code for micro application.



1.1k
edited Jul '16

Oh... I just saw this discussion in the forum. I just tested it, and this code:

class SearchController extends ControllerBase
{
  public function getAction()
  {
    $this->view->disable();
    //Create a response instance
    $response = new \Phalcon\Http\Response();
    //Set the content of the response
    $response->setContent(json_encode([1, 2, 3]));
    //Set content type
    $response->setContentType('application/json', 'UTF-8');
    //Return the response
    return $response;
  }
}

appears to be exatly what I was searching for. I added the content type part, though, - otherwise it would return the wrong one. Thank you for your time.

edited Jul '16

You can just use:

@vandr0iy

return $this->response->setJsonContent([1, 2, 3]);

No reason to do such a nasty things :D Also you only need to disable view to get rid of default rendering, if you will return response object then you don't need to do it.