AlternC/api/panel/index.php

<?php

/**
 * multiple call-mode API for Alternc
 * you can call this HTTP(s) API as follow: 
 * from the base url https://panel.example.fr/api/
 * 1. /api/post use GETted data (?token=xx&object=xx&action=yy&option1=value1&option2=value2
 * 2. /api/post use POSTED json data using the same keys 
 * 3. use a sub-url (rest-style) of the form /api/rest/object/action?token=xx&option1=value1&option2=value2
 * 4. the same (REST) but options and value are POSTED
 * 
 * the json-object contains:
 *  ->object = the Alternc_Api_Object_<classname> to call
 *  ->action = the method to call in this class
 *  ->options = an object passed as it is while calling the method.
 *
 * Authentication is done by asking for /api/auth/<method>?option1=value1&option2=value2
 * or POSTED data
 * a token is returned for this session
 * Use /api/auth to know which method you can use and what parameter they expect
 * @todo add HTML pages that will self-document this API
 */
// bootstrap AlternC
require_once("bootstrap.php");

/**
 * Attempts to load a class in multiple path, the PSR-0 or old style way
 * 
 * @staticvar array $srcPathList
 * @staticvar boolean $init
 * @param string $class_name
 * @return boolean
 */
function __autoload($class_name) {
    // Contains (Namespace) => directory
    static $srcPathList = array();
    static $init = null;

    // Attempts to set include path and directories once
    if (is_null($init)) {

        // Sets init flag
        $init = true;

        // Sets a contextual directory
        $srcPathList["standard"] = "/usr/share/php";

        // Updates include_path according to this list
        $includePathList = explode(PATH_SEPARATOR, get_include_path());

        foreach ($srcPathList as $path) {
            if (!in_array($path, $includePathList)) {
                $includePathList[] = $path;
            }
        }
        // Reverses the path for search efficiency
        $finalIncludePathList = array_reverse($includePathList);

        // Sets the updated include_path
        set_include_path(implode(PATH_SEPARATOR, $finalIncludePathList));
    }

    // Accepts old Foo_Bar namespacing
    if (preg_match("/_/", $class_name)) {
        $file_name = str_replace('_', DIRECTORY_SEPARATOR, $class_name) . '.php';

        // Accepts 5.3 Foo\Bar PSR-0 namespacing 
    } else if (preg_match("/\\/", $class_name)) {
        $file_name = str_replace('\\', DIRECTORY_SEPARATOR, ltrim($class_name, '\\')) . '.php';

        // Accepts non namespaced classes
    } else {
        $file_name = $class_name . '.php';
    }

    // Attempts to find file in namespace
    foreach ($srcPathList as $namespace => $path) {
        $file_path = $path . DIRECTORY_SEPARATOR . $file_name;
        if (is_file($file_path) && is_readable($file_path)) {
            require $file_path;
            return true;
        }
    }

    // Failed to find file
    return false;
}

function apicall($data, $token) {
    global $dbh;
    $options["databaseAdapter"] = $dbh;
    $options["loginAdapterList"] = array("sharedsecret", "login");
    // TODO (no loggerAdapter PSR3-Interface-compliant class as of now)
    try {
        $data["token_hash"] = $token;
        $service = new Alternc_Api_Service($options);

        $response = $service->call(
                new Alternc_Api_Request($data)
        );

        header("Content-Type: application/json");
        echo $response->toJson();
        exit();
    } catch (Exception $e) {
        // something went wrong, we spit out the exception as an Api_Response
        // TODO : Don't do that on production! spit out a generic "fatal error" code and LOG the exception !
        header("Content-Type: application/json");
        $response = new Alternc_Api_Response(array("code" => $e->getCode(), "message" => $e->getMessage()));
        echo $response->toJson();
        exit();
    }
}

function apiauth($data) {
    global $dbh;
    $options["databaseAdapter"] = $dbh;
    // TODO (no loggerAdapter PSR3-Interface-compliant class as of now)
    try {
        $service = new Alternc_Api_Service($options);
        $response = $service->auth($data);
        header("Content-Type: application/json");
        echo $response->toJson();
        exit();
    } catch (Exception $e) {
        // something went wrong, we spit out the exception as an Api_Response
        // TODO : Don't do that on production! spit out a generic "fatal error" code and LOG the exception !
        header("Content-Type: application/json");
        $response = new Alternc_Api_Response(array("code" => $e->code, "message" => $e->message));
        echo $response->toJson();
        exit();
    }
}

/**
 * Main code: either we are authenticating
 * or calling one of the APIs 
 * or asking for some documentation
 */
// Authentication 
if (preg_match("#^/api/auth/([^/\?]*)[/\?]?#", $_SERVER["REQUEST_URI"], $mat)) {
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        $data = array("options" => $_POST,
            "method" => $mat[1]);
        apiauth($data);
        exit();
    } else {
        $data = array("options" => $_GET,
            "method" => $mat[1]);
        apiauth($data);
        exit();
    }
}

// We support 4 api calls methods:
if ($_SERVER["REQUEST_URI"] == "/api/post") {
    // simple ?q or POST of json data
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        $data = array("options" => $_POST,
            "object" => $_POST["object"],
            "action" => $_POST["action"],
        );
        $token = $_POST["token"];
        apicall($data, $token);
        exit();
    } else {
        $data = array("options" => $_GET,
            "object" => $_GET["object"],
            "action" => $_GET["action"],
        );
        $token = $_GET["token"];
        apicall($data, $token);
        exit();
    }
}
if (preg_match("#^/api/rest/([^/]*)/([^/\?]*)[/\?]?#", $_SERVER["REQUEST_URI"], $mat)) {
    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        $data = array("options" => $_POST,
            "object" => $mat[1],
            "action" => $mat[2]
        );
        $token = $_POST["token"];
        apicall($data, $token);
        exit();
    } else {
        $data = array("options" => $_GET,
            "object" => $mat[1],
            "action" => $mat[2]
        );
        $token = $_GET["token"];
        apicall($data, $token);
        exit();
    }
}

echo "I did nothing. Did you call the api properly?";
adding the real api (quick bootstrap + serving apicalls at /api/. need to do AUTH now, and makefile/debian package 2014-09-20 15:29:40 +00:00			`<?php`

			`/**`
			`* multiple call-mode API for Alternc`
			`* you can call this HTTP(s) API as follow:`
			`* from the base url https://panel.example.fr/api/`
			`* 1. /api/post use GETted data (?token=xx&object=xx&action=yy&option1=value1&option2=value2`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`* 2. /api/post use POSTED json data using the same keys`
adding the real api (quick bootstrap + serving apicalls at /api/. need to do AUTH now, and makefile/debian package 2014-09-20 15:29:40 +00:00			`* 3. use a sub-url (rest-style) of the form /api/rest/object/action?token=xx&option1=value1&option2=value2`
			`* 4. the same (REST) but options and value are POSTED`
			`*`
			`* the json-object contains:`
			`* ->object = the Alternc_Api_Object_<classname> to call`
			`* ->action = the method to call in this class`
			`* ->options = an object passed as it is while calling the method.`
adding AUTH to the API 2014-09-20 16:01:22 +00:00			`*`
			`* Authentication is done by asking for /api/auth/<method>?option1=value1&option2=value2`
			`* or POSTED data`
			`* a token is returned for this session`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`* Use /api/auth to know which method you can use and what parameter they expect`
			`* @todo add HTML pages that will self-document this API`
adding the real api (quick bootstrap + serving apicalls at /api/. need to do AUTH now, and makefile/debian package 2014-09-20 15:29:40 +00:00			`*/`
			`// bootstrap AlternC`
			`require_once("bootstrap.php");`

[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00			`/**`
			`* Attempts to load a class in multiple path, the PSR-0 or old style way`
			`*`
			`* @staticvar array $srcPathList`
			`* @staticvar boolean $init`
			`* @param string $class_name`
			`* @return boolean`
			`*/`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`function __autoload($class_name) {`
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00			`// Contains (Namespace) => directory`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`static $srcPathList = array();`
			`static $init = null;`
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00
			`// Attempts to set include path and directories once`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`if (is_null($init)) {`
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00
			`// Sets init flag`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`$init = true;`

[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00			`// Sets a contextual directory`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`$srcPathList["standard"] = "/usr/share/php";`
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00
			`// Updates include_path according to this list`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`$includePathList = explode(PATH_SEPARATOR, get_include_path());`
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`foreach ($srcPathList as $path) {`
			`if (!in_array($path, $includePathList)) {`
			`$includePathList[] = $path;`
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00			`}`
			`}`
			`// Reverses the path for search efficiency`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`$finalIncludePathList = array_reverse($includePathList);`

[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00			`// Sets the updated include_path`
			`set_include_path(implode(PATH_SEPARATOR, $finalIncludePathList));`
			`}`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00			`// Accepts old Foo_Bar namespacing`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`if (preg_match("/_/", $class_name)) {`
			`$file_name = str_replace('_', DIRECTORY_SEPARATOR, $class_name) . '.php';`

			`// Accepts 5.3 Foo\Bar PSR-0 namespacing`
			`} else if (preg_match("/\\/", $class_name)) {`
			`$file_name = str_replace('\\', DIRECTORY_SEPARATOR, ltrim($class_name, '\\')) . '.php';`

			`// Accepts non namespaced classes`
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00			`} else {`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`$file_name = $class_name . '.php';`
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00			`}`

			`// Attempts to find file in namespace`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`foreach ($srcPathList as $namespace => $path) {`
			`$file_path = $path . DIRECTORY_SEPARATOR . $file_name;`
			`if (is_file($file_path) && is_readable($file_path)) {`
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00			`require $file_path;`
			`return true;`
			`}`
			`}`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00
[fix] __autoload for api from alban + fixing variables & bad preg 2014-09-21 11:27:51 +00:00			`// Failed to find file`
			`return false;`
			`}`

[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`function apicall($data, $token) {`
			`global $dbh;`
			`$options["databaseAdapter"] = $dbh;`
			`$options["loginAdapterList"] = array("sharedsecret", "login");`
			`// TODO (no loggerAdapter PSR3-Interface-compliant class as of now)`
			`try {`
			`$data["token_hash"] = $token;`
			`$service = new Alternc_Api_Service($options);`

			`$response = $service->call(`
			`new Alternc_Api_Request($data)`
			`);`

			`header("Content-Type: application/json");`
			`echo $response->toJson();`
			`exit();`
			`} catch (Exception $e) {`
			`// something went wrong, we spit out the exception as an Api_Response`
			`// TODO : Don't do that on production! spit out a generic "fatal error" code and LOG the exception !`
			`header("Content-Type: application/json");`
			`$response = new Alternc_Api_Response(array("code" => $e->getCode(), "message" => $e->getMessage()));`
			`echo $response->toJson();`
			`exit();`
			`}`
adding the real api (quick bootstrap + serving apicalls at /api/. need to do AUTH now, and makefile/debian package 2014-09-20 15:29:40 +00:00			`}`

[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`function apiauth($data) {`
			`global $dbh;`
			`$options["databaseAdapter"] = $dbh;`
			`// TODO (no loggerAdapter PSR3-Interface-compliant class as of now)`
			`try {`
			`$service = new Alternc_Api_Service($options);`
			`$response = $service->auth($data);`
			`header("Content-Type: application/json");`
			`echo $response->toJson();`
			`exit();`
			`} catch (Exception $e) {`
			`// something went wrong, we spit out the exception as an Api_Response`
			`// TODO : Don't do that on production! spit out a generic "fatal error" code and LOG the exception !`
			`header("Content-Type: application/json");`
			`$response = new Alternc_Api_Response(array("code" => $e->code, "message" => $e->message));`
			`echo $response->toJson();`
			`exit();`
			`}`
adding AUTH to the API 2014-09-20 16:01:22 +00:00			`}`

[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`/**`
			`* Main code: either we are authenticating`
			`* or calling one of the APIs`
			`* or asking for some documentation`
			`*/`
adding AUTH to the API 2014-09-20 16:01:22 +00:00			`// Authentication`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`if (preg_match("#^/api/auth/([^/\?]*)[/\?]?#", $_SERVER["REQUEST_URI"], $mat)) {`
			`if ($_SERVER["REQUEST_METHOD"] == "POST") {`
			`$data = array("options" => $_POST,`
			`"method" => $mat[1]);`
			`apiauth($data);`
			`exit();`
			`} else {`
			`$data = array("options" => $_GET,`
			`"method" => $mat[1]);`
			`apiauth($data);`
			`exit();`
			`}`
adding AUTH to the API 2014-09-20 16:01:22 +00:00			`}`
adding the real api (quick bootstrap + serving apicalls at /api/. need to do AUTH now, and makefile/debian package 2014-09-20 15:29:40 +00:00
adding AUTH to the API 2014-09-20 16:01:22 +00:00			`// We support 4 api calls methods:`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`if ($_SERVER["REQUEST_URI"] == "/api/post") {`
			`// simple ?q or POST of json data`
			`if ($_SERVER["REQUEST_METHOD"] == "POST") {`
			`$data = array("options" => $_POST,`
			`"object" => $_POST["object"],`
			`"action" => $_POST["action"],`
			`);`
			`$token = $_POST["token"];`
			`apicall($data, $token);`
			`exit();`
			`} else {`
			`$data = array("options" => $_GET,`
			`"object" => $_GET["object"],`
			`"action" => $_GET["action"],`
			`);`
			`$token = $_GET["token"];`
			`apicall($data, $token);`
			`exit();`
			`}`
adding the real api (quick bootstrap + serving apicalls at /api/. need to do AUTH now, and makefile/debian package 2014-09-20 15:29:40 +00:00			`}`
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`if (preg_match("#^/api/rest/([^/])/([^/\?])[/\?]?#", $_SERVER["REQUEST_URI"], $mat)) {`
			`if ($_SERVER["REQUEST_METHOD"] == "POST") {`
			`$data = array("options" => $_POST,`
			`"object" => $mat[1],`
			`"action" => $mat[2]`
			`);`
			`$token = $_POST["token"];`
			`apicall($data, $token);`
			`exit();`
			`} else {`
			`$data = array("options" => $_GET,`
			`"object" => $mat[1],`
			`"action" => $mat[2]`
			`);`
			`$token = $_GET["token"];`
			`apicall($data, $token);`
			`exit();`
			`}`
adding the real api (quick bootstrap + serving apicalls at /api/. need to do AUTH now, and makefile/debian package 2014-09-20 15:29:40 +00:00			`}`
[fix] Auth OK, Call OK 2014-09-21 14:44:06 +00:00
[enh] mainly space fixes 2015-04-13 15:15:55 +00:00			`echo "I did nothing. Did you call the api properly?";`