2017-04-13 22:46:51 +02:00
|
|
|
<?php
|
|
|
|
|
if (!defined('DC_RC_PATH')) { return; }
|
|
|
|
|
|
2017-04-30 17:38:07 +02:00
|
|
|
$core->url->register('rest','rest','^rest(?:/(.*))?$',array('rest','getResponse'));
|
2017-04-13 22:46:51 +02:00
|
|
|
class rest extends dcUrlHandlers
|
|
|
|
|
{
|
|
|
|
|
public static function getResponse($args)
|
|
|
|
|
{
|
|
|
|
|
global $core;
|
|
|
|
|
$active = (boolean)$core->blog->settings->rest->rest_active;
|
|
|
|
|
if (!$active){
|
|
|
|
|
self::p404();
|
|
|
|
|
return;
|
|
|
|
|
}
|
2017-04-27 19:35:58 +02:00
|
|
|
|
2017-04-27 20:01:47 +02:00
|
|
|
//coors headers
|
|
|
|
|
if($core->blog->settings->rest->rest_send_cors_headers){
|
|
|
|
|
header('Access-Control-Allow-Origin: *');
|
2017-04-30 17:38:07 +02:00
|
|
|
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE');
|
|
|
|
|
header('Access-Control-Allow-Headers: Content-Type, authorization, x_dc_key');
|
2017-04-27 20:01:47 +02:00
|
|
|
}
|
2017-04-28 19:34:27 +02:00
|
|
|
header('Content-Type: application/json');
|
2017-04-27 19:35:58 +02:00
|
|
|
|
2017-04-30 17:38:07 +02:00
|
|
|
$apiKey = rest::get_api_key_sended();
|
2017-04-28 19:34:27 +02:00
|
|
|
|
2017-04-30 17:38:07 +02:00
|
|
|
if($apiKey){
|
|
|
|
|
$user = new restAuth($core);
|
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//test:
|
|
|
|
|
if($user->checkUser('','',$apiKey) === false){
|
|
|
|
|
error_log("wrong key");
|
|
|
|
|
|
|
|
|
|
}else{
|
|
|
|
|
error_log($user->userID());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-04-28 19:34:27 +02:00
|
|
|
private function get_api_key_sended(){
|
2017-04-30 17:38:07 +02:00
|
|
|
//to do: test it on nginx
|
|
|
|
|
$headers = apache_request_headers();
|
2017-04-28 19:34:27 +02:00
|
|
|
if(isset($headers['x_dc_key'])){
|
|
|
|
|
return $headers['x_dc_key'];
|
|
|
|
|
}else{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2017-04-13 22:46:51 +02:00
|
|
|
}
|
2017-04-28 19:34:27 +02:00
|
|
|
|
2017-04-13 22:46:51 +02:00
|
|
|
}
|
