gnieark/dc-rest
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

AUTH OK, fix headers coors

Browse Source
This commit is contained in:
Gnieark 2017-04-30 17:38:07 +02:00
parent 05c416f0e8
commit c26cffc249
7 changed files with 123 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
_prepend.php
View File

@ -0,0 +1,7 @@
<?php
global $__autoload;
$__autoload['ApiKey'] = dirname(__FILE__).'/inc/class.rest.key.php';
$__autoload['restAuth'] = dirname(__FILE__).'/inc/class.rest.auth.php';
$__autoload['RestQuery'] = dirname(__FILE__).'/inc/class.rest.query.php';
$__autoload['RestQueryGetBlogs'] = dirname(__FILE__).'/inc/class.rest.query.get.blogs.php';

25
_public.php
View File

@ -1,7 +1,7 @@
<?php <?php
if (!defined('DC_RC_PATH')) { return; } if (!defined('DC_RC_PATH')) { return; }
$core->url->register('rest','rest','^rest(?:/(.+))?$',array('rest','getResponse')); $core->url->register('rest','rest','^rest(?:/(.*))?$',array('rest','getResponse'));
class rest extends dcUrlHandlers class rest extends dcUrlHandlers
{ {
public static function getResponse($args) public static function getResponse($args)
@ -16,16 +16,33 @@ class rest extends dcUrlHandlers
//coors headers //coors headers
if($core->blog->settings->rest->rest_send_cors_headers){ if($core->blog->settings->rest->rest_send_cors_headers){
header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST'); header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept'); header('Access-Control-Allow-Headers: Content-Type, authorization, x_dc_key');
} }
header('Content-Type: application/json'); header('Content-Type: application/json');
$apiKey = rest::get_api_key_sended();
if($apiKey){
$user = new restAuth($core);
;
//test:
if($user->checkUser('','',$apiKey) === false){
error_log("wrong key");
}else{
error_log($user->userID());
}
}
}
private function get_api_key_sended(){ private function get_api_key_sended(){
$headers = getallheaders(); //to do: test it on nginx
$headers = apache_request_headers();
if(isset($headers['x_dc_key'])){ if(isset($headers['x_dc_key'])){
return $headers['x_dc_key']; return $headers['x_dc_key'];
}else{ }else{

8
documentation/definition.yaml
View File

@ -4,13 +4,13 @@ info:
description: Manage your(s) blogs with this API description: Manage your(s) blogs with this API
version: "0.0.1" version: "0.0.1"
# the domain of the service # the domain of the service
host: your.blog.com host: dotclear.localhost
# array of all schemes that your API supports # array of all schemes that your API supports
schemes: schemes:
- https - http
# will be prefixed to all paths # will be prefixed to all paths
# (part of plugin url) # (part of plugin url)
basePath: /rest basePath: /dotclear/index.php?rest/
produces: produces:
- application/json - application/json
paths: paths:
@ -20,8 +20,8 @@ paths:
parameters: parameters:
- name: x_dc_key - name: x_dc_key
in: header in: header
type: string
required: false required: false
type: string
responses: responses:
200: 200:
description: array serving blogs properties description: array serving blogs properties

82
inc/class.rest.auth.php
View File

@ -5,20 +5,82 @@ class restAuth extends dcAuth
# L'utilisateur n'a pas le droit de changer son mot de passe # L'utilisateur n'a pas le droit de changer son mot de passe
protected $allow_pass_change = false; protected $allow_pass_change = false;
# La méthode de vérification du mot de passe /**
public function checkUser($api_key) * Méthode de vérification de la clef d'api_key
* Remplace la méthode chekUser (id: password)
* Only use $user_key (all others parameters are for compatibility with the parent function)
* input: $user_key STRING
* output: boolean
*/
public function checkUser($user_id, $pwd = NULL, $user_key = NULL, $check_blog = true)
{ {
global $core;
# Si un mot de passe a été donné, nous allons le vérifier avec la //Check for the user api key
# méthode auth.login XML-RPC. $sqlStr = " SELECT setting_id
FROM dc_setting
WHERE setting_ns='rest'
# Les opérations précédentes se sont déroulées sans erreur, nous AND setting_id LIKE 'rest_key_%'
# pouvons maintenant appeler la méthode parente afin d'initialiser AND setting_value = md5('".$core->con->escape($user_key)."');";
# l'utilisateur dans l'object $core->auth
return parent::checkUser($user_id,$pwd); try {
$rs = $core->con->select($sqlStr);
} catch (Exception $e) {
$err = $e->getMessage();
return false;
}
if ($rs->isEmpty()) {
sleep(rand(2,5));
return false;
}
//get the user ID from the previous query
$userId = explode("_", $rs->setting_id)[2];
//get USER infos
$strReq = 'SELECT user_id, user_super, user_pwd, user_change_pwd, '.
'user_name, user_firstname, user_displayname, user_email, '.
'user_url, user_default_blog, user_options, '.
'user_lang, user_tz, user_post_status, user_creadt, user_upddt '.
'FROM '.$this->con->escapeSystem($this->user_table).' '.
"WHERE user_id = '".$this->con->escape($userId)."'";
try {
$rs = $core->con->select($strReq);
} catch (Exception $e) {
$err = $e->getMessage();
return false;
}
if ($rs->isEmpty()) {
sleep(rand(2,5));
return false;
}
$this->user_id = $rs->user_id;
$this->user_change_pwd = (boolean) $rs->user_change_pwd;
$this->user_admin = (boolean) $rs->user_super;
$this->user_info['user_pwd'] = $rs->user_pwd;
$this->user_info['user_name'] = $rs->user_name;
$this->user_info['user_firstname'] = $rs->user_firstname;
$this->user_info['user_displayname'] = $rs->user_displayname;
$this->user_info['user_email'] = $rs->user_email;
$this->user_info['user_url'] = $rs->user_url;
$this->user_info['user_default_blog'] = $rs->user_default_blog;
$this->user_info['user_lang'] = $rs->user_lang;
$this->user_info['user_tz'] = $rs->user_tz;
$this->user_info['user_post_status'] = $rs->user_post_status;
$this->user_info['user_creadt'] = $rs->user_creadt;
$this->user_info['user_upddt'] = $rs->user_upddt;
$this->user_info['user_cn'] = dcUtils::getUserCN($rs->user_id, $rs->user_name,
$rs->user_firstname, $rs->user_displayname);
//$this->user_options = array_merge($this->core->userDefaults(),$rs->options());
$this->user_prefs = new dcPrefs($this->core,$this->user_id);
return true;
} }
} }

11
inc/class.rest.query.get.blogs.php Normal file
View File

@ -0,0 +1,11 @@
<?php
class RestQueryGetBlogs
{
public function __construct($apiKey){
}
}

15
inc/class.rest.query.php
View File

@ -5,11 +5,16 @@ class RestQuery{
public $response_message; //array public $response_message; //array
private $queryObj; private $queryObj;
public function __construct($httpMethod,$params){ public function __construct($httpMethod,$args,$apiKey = ''){
//définir la methode API (pas HTML) appelée //définir la methode API (pas HTML) appelée
switch($httpMethod){ switch($httpMethod){
case "get": case "get":
if($args='blogs'){
}
break; break;
case "post": case "post":
@ -107,14 +112,6 @@ class RestQuery{
} }
}
class QueryGetBlogs extends RestQuery
{
}
class QueryPostBlogs extends RestQuery
{
} }
//etc... //etc...

2
index.php
View File

@ -2,7 +2,7 @@
if (!defined('DC_CONTEXT_ADMIN')) { return; } if (!defined('DC_CONTEXT_ADMIN')) { return; }
require_once(dirname(__FILE__).'/inc/class.rest.key.php');
$apiKey = new ApiKey; $apiKey = new ApiKey;
// Setting default parameters if missing configuration // Setting default parameters if missing configuration