AUTH OK, fix headers coors
This commit is contained in:
parent
05c416f0e8
commit
c26cffc249
|
@ -0,0 +1,7 @@
|
|||
<?php
|
||||
global $__autoload;
|
||||
|
||||
$__autoload['ApiKey'] = dirname(__FILE__).'/inc/class.rest.key.php';
|
||||
$__autoload['restAuth'] = dirname(__FILE__).'/inc/class.rest.auth.php';
|
||||
$__autoload['RestQuery'] = dirname(__FILE__).'/inc/class.rest.query.php';
|
||||
$__autoload['RestQueryGetBlogs'] = dirname(__FILE__).'/inc/class.rest.query.get.blogs.php';
|
25
_public.php
25
_public.php
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
if (!defined('DC_RC_PATH')) { return; }
|
||||
|
||||
$core->url->register('rest','rest','^rest(?:/(.+))?$',array('rest','getResponse'));
|
||||
$core->url->register('rest','rest','^rest(?:/(.*))?$',array('rest','getResponse'));
|
||||
class rest extends dcUrlHandlers
|
||||
{
|
||||
public static function getResponse($args)
|
||||
|
@ -16,16 +16,33 @@ class rest extends dcUrlHandlers
|
|||
//coors headers
|
||||
if($core->blog->settings->rest->rest_send_cors_headers){
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Methods: GET, POST');
|
||||
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
|
||||
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE');
|
||||
header('Access-Control-Allow-Headers: Content-Type, authorization, x_dc_key');
|
||||
}
|
||||
header('Content-Type: application/json');
|
||||
|
||||
$apiKey = rest::get_api_key_sended();
|
||||
|
||||
if($apiKey){
|
||||
$user = new restAuth($core);
|
||||
;
|
||||
|
||||
|
||||
//test:
|
||||
if($user->checkUser('','',$apiKey) === false){
|
||||
error_log("wrong key");
|
||||
|
||||
}else{
|
||||
error_log($user->userID());
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
private function get_api_key_sended(){
|
||||
$headers = getallheaders();
|
||||
//to do: test it on nginx
|
||||
$headers = apache_request_headers();
|
||||
if(isset($headers['x_dc_key'])){
|
||||
return $headers['x_dc_key'];
|
||||
}else{
|
||||
|
|
|
@ -4,13 +4,13 @@ info:
|
|||
description: Manage your(s) blogs with this API
|
||||
version: "0.0.1"
|
||||
# the domain of the service
|
||||
host: your.blog.com
|
||||
host: dotclear.localhost
|
||||
# array of all schemes that your API supports
|
||||
schemes:
|
||||
- https
|
||||
- http
|
||||
# will be prefixed to all paths
|
||||
# (part of plugin url)
|
||||
basePath: /rest
|
||||
basePath: /dotclear/index.php?rest/
|
||||
produces:
|
||||
- application/json
|
||||
paths:
|
||||
|
@ -20,8 +20,8 @@ paths:
|
|||
parameters:
|
||||
- name: x_dc_key
|
||||
in: header
|
||||
type: string
|
||||
required: false
|
||||
type: string
|
||||
responses:
|
||||
200:
|
||||
description: array serving blogs properties
|
||||
|
|
|
@ -5,20 +5,82 @@ class restAuth extends dcAuth
|
|||
# L'utilisateur n'a pas le droit de changer son mot de passe
|
||||
protected $allow_pass_change = false;
|
||||
|
||||
# La méthode de vérification du mot de passe
|
||||
public function checkUser($api_key)
|
||||
/**
|
||||
* Méthode de vérification de la clef d'api_key
|
||||
* Remplace la méthode chekUser (id: password)
|
||||
* Only use $user_key (all others parameters are for compatibility with the parent function)
|
||||
* input: $user_key STRING
|
||||
* output: boolean
|
||||
*/
|
||||
|
||||
public function checkUser($user_id, $pwd = NULL, $user_key = NULL, $check_blog = true)
|
||||
{
|
||||
|
||||
global $core;
|
||||
|
||||
# Si un mot de passe a été donné, nous allons le vérifier avec la
|
||||
# méthode auth.login XML-RPC.
|
||||
|
||||
|
||||
# Les opérations précédentes se sont déroulées sans erreur, nous
|
||||
# pouvons maintenant appeler la méthode parente afin d'initialiser
|
||||
# l'utilisateur dans l'object $core->auth
|
||||
return parent::checkUser($user_id,$pwd);
|
||||
//Check for the user api key
|
||||
$sqlStr = " SELECT setting_id
|
||||
FROM dc_setting
|
||||
WHERE setting_ns='rest'
|
||||
AND setting_id LIKE 'rest_key_%'
|
||||
AND setting_value = md5('".$core->con->escape($user_key)."');";
|
||||
|
||||
try {
|
||||
$rs = $core->con->select($sqlStr);
|
||||
} catch (Exception $e) {
|
||||
$err = $e->getMessage();
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($rs->isEmpty()) {
|
||||
sleep(rand(2,5));
|
||||
return false;
|
||||
}
|
||||
|
||||
//get the user ID from the previous query
|
||||
$userId = explode("_", $rs->setting_id)[2];
|
||||
|
||||
//get USER infos
|
||||
|
||||
$strReq = 'SELECT user_id, user_super, user_pwd, user_change_pwd, '.
|
||||
'user_name, user_firstname, user_displayname, user_email, '.
|
||||
'user_url, user_default_blog, user_options, '.
|
||||
'user_lang, user_tz, user_post_status, user_creadt, user_upddt '.
|
||||
'FROM '.$this->con->escapeSystem($this->user_table).' '.
|
||||
"WHERE user_id = '".$this->con->escape($userId)."'";
|
||||
|
||||
try {
|
||||
$rs = $core->con->select($strReq);
|
||||
} catch (Exception $e) {
|
||||
$err = $e->getMessage();
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($rs->isEmpty()) {
|
||||
sleep(rand(2,5));
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
$this->user_id = $rs->user_id;
|
||||
$this->user_change_pwd = (boolean) $rs->user_change_pwd;
|
||||
$this->user_admin = (boolean) $rs->user_super;
|
||||
$this->user_info['user_pwd'] = $rs->user_pwd;
|
||||
$this->user_info['user_name'] = $rs->user_name;
|
||||
$this->user_info['user_firstname'] = $rs->user_firstname;
|
||||
$this->user_info['user_displayname'] = $rs->user_displayname;
|
||||
$this->user_info['user_email'] = $rs->user_email;
|
||||
$this->user_info['user_url'] = $rs->user_url;
|
||||
$this->user_info['user_default_blog'] = $rs->user_default_blog;
|
||||
$this->user_info['user_lang'] = $rs->user_lang;
|
||||
$this->user_info['user_tz'] = $rs->user_tz;
|
||||
$this->user_info['user_post_status'] = $rs->user_post_status;
|
||||
$this->user_info['user_creadt'] = $rs->user_creadt;
|
||||
$this->user_info['user_upddt'] = $rs->user_upddt;
|
||||
$this->user_info['user_cn'] = dcUtils::getUserCN($rs->user_id, $rs->user_name,
|
||||
$rs->user_firstname, $rs->user_displayname);
|
||||
//$this->user_options = array_merge($this->core->userDefaults(),$rs->options());
|
||||
$this->user_prefs = new dcPrefs($this->core,$this->user_id);
|
||||
return true;
|
||||
}
|
||||
}
|
11
inc/class.rest.query.get.blogs.php
Normal file
11
inc/class.rest.query.get.blogs.php
Normal file
|
@ -0,0 +1,11 @@
|
|||
<?php
|
||||
|
||||
class RestQueryGetBlogs
|
||||
{
|
||||
public function __construct($apiKey){
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -5,11 +5,16 @@ class RestQuery{
|
|||
public $response_message; //array
|
||||
private $queryObj;
|
||||
|
||||
public function __construct($httpMethod,$params){
|
||||
public function __construct($httpMethod,$args,$apiKey = ''){
|
||||
|
||||
//définir la methode API (pas HTML) appelée
|
||||
switch($httpMethod){
|
||||
case "get":
|
||||
if($args='blogs'){
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
break;
|
||||
case "post":
|
||||
|
@ -107,14 +112,6 @@ class RestQuery{
|
|||
}
|
||||
|
||||
|
||||
}
|
||||
class QueryGetBlogs extends RestQuery
|
||||
{
|
||||
|
||||
}
|
||||
class QueryPostBlogs extends RestQuery
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
//etc...
|
Loading…
Reference in New Issue
Block a user