adding token_hash to Request, fixing token vs. token_hash paradigm/transtyping
This commit is contained in:
Benjamin Sonntag
parent
0897effdc7
commit
bde156f63d
|
|
@ -9,10 +9,16 @@ class Alternc_Api_Request {
|
|||
|
||||
/**
|
||||
*
|
||||
* @var Alternc_Api_Token
|
||||
* @var Alternc_Api_Token object
|
||||
*/
|
||||
public $token;
|
||||
|
||||
/**
|
||||
*
|
||||
* @var string a token hash (to be authenticated)
|
||||
*/
|
||||
public $token_hash;
|
||||
|
||||
/**
|
||||
* must link to a Alternc_Api_Object_Interface
|
||||
*
|
||||
|
|
@ -46,34 +52,47 @@ class Alternc_Api_Request {
|
|||
|
||||
|
||||
// Attempts to retrieve object
|
||||
if (isset($options["object"]) && !is_null($options["object"])) {
|
||||
if (isset($options["object"]) && is_string($options["object"])) {
|
||||
$this->object = $options["object"];
|
||||
} else {
|
||||
throw new \Exception("Missing parameter object", self::ERR_MISSING_PARAMETER);
|
||||
}
|
||||
|
||||
// Attempts to retrieve token
|
||||
if (isset($options["token"]) && is_a( $options["token"], Alternc_Api_Token)) {
|
||||
$this->token = $options["token"];
|
||||
} else {
|
||||
throw new \Exception("Missing parameter token", self::ERR_MISSING_PARAMETER);
|
||||
}
|
||||
|
||||
// Attempts to retrieve action
|
||||
if (isset($options["action"]) && $var ) {
|
||||
if (isset($options["action"]) && is_string($options["action"])) {
|
||||
$this->action = $options["action"];
|
||||
} else {
|
||||
throw new \Exception("Missing parameter action", self::ERR_MISSING_PARAMETER);
|
||||
}
|
||||
|
||||
// Attempts to retrieve options
|
||||
if (isset($options["options"]) && is_array($options)) {
|
||||
if (isset($options["options"])) {
|
||||
if (is_array($options)) {
|
||||
$this->options = $options["options"];
|
||||
} else {
|
||||
throw new \Exception("Missing parameter options", self::ERR_MISSING_PARAMETER);
|
||||
}
|
||||
} else {
|
||||
$this->options=array();
|
||||
}
|
||||
|
||||
// Attempts to retrieve metadata
|
||||
// Attempts to retrieve token
|
||||
if (isset($options["token"])) {
|
||||
if (is_a( $options["token"], Alternc_Api_Token)) {
|
||||
$this->token = $options["token"];
|
||||
} else {
|
||||
throw new \Exception("Bad parameter token", self::ERR_MISSING_PARAMETER);
|
||||
}
|
||||
} else {
|
||||
// Attempts to retrieve token_hash then
|
||||
if (isset($options["token_hash"]) && is_string( $options["token_hash"])) {
|
||||
$this->token_hash = $options["token_hash"];
|
||||
} else {
|
||||
throw new \Exception("Missing parameter token OR token_hash", self::ERR_MISSING_PARAMETER);
|
||||
}
|
||||
}
|
||||
|
||||
// Attempts to retrieve metadata (eg: API version)
|
||||
if (isset($options["metadata"])) {
|
||||
$this->metadata = $options["metadata"];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,6 +18,9 @@ class Alternc_Api_Service {
|
|||
const ERR_INVALID_ANSWER = 111803;
|
||||
const ERR_SETUID_FORBIDDEN = 111804;
|
||||
const ERR_SETUID_USER_NOT_FOUND = 111805;
|
||||
const ERR_OBJECT_NOT_FOUND = 111806;
|
||||
const ERR_ACTION_NOT_FOUND = 111807;
|
||||
const ERR_INVALID_TOKEN = 111808;
|
||||
|
||||
/**
|
||||
* Constructor of the Api Service Wrapper
|
||||
|
|
@ -119,11 +122,33 @@ class Alternc_Api_Service {
|
|||
/**
|
||||
* Manage an API Call
|
||||
* @param Alternc_Api_Request $request The API call
|
||||
* the request must have "object" and "action" elements, and a "token" to authenticate
|
||||
* "options" are sent as it is to the Api Call.
|
||||
* @return Alternc_Api_Response an API response
|
||||
*/
|
||||
function call($request) {
|
||||
if (!$request instanceof Alternc_Api_Request)
|
||||
throw new \Exception("request must be an Alternc_Api_Request object", self::ERR_INVALID_ARGUMENT);
|
||||
|
||||
return new Alternc_Api_Response();
|
||||
|
||||
$token = Alternc_Api_Token::tokenGet($request->token_hash,$this->db);
|
||||
if ($token instanceof Alternc_Api_Response) // bad token
|
||||
return $token;
|
||||
|
||||
$className = "Alternc_Api_Object_".ucfirst(strtolower($request->object));
|
||||
if (!class_exists($className))
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_OBJECT_NOT_FOUND, "message" => "Object not found in this AlternC's instance") );
|
||||
|
||||
$object = new $className($this);
|
||||
|
||||
$action=$request->action;
|
||||
if (!method_exists($object, $action))
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_ACTiON_NOT_FOUND, "message" => "Action not found for this object in this AlternC's instance") );
|
||||
|
||||
$request->token=$token; // we receive $request->token_hash as a STRING, but we transmit its object as an Alternc_Api_Token.
|
||||
|
||||
// TODO: log this Api Call
|
||||
return $object->$action($request);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ class Alternc_Api_Token {
|
|||
const ERR_DATABASE_ERROR=112001;
|
||||
const ERR_INVALID_ARGUMENT=112002;
|
||||
const ERR_MISSING_ARGUMENT=112003;
|
||||
const ERR_INVALID_TOKEN=112004;
|
||||
|
||||
/**
|
||||
* AlternC User-Id
|
||||
|
|
@ -110,7 +111,7 @@ class Alternc_Api_Token {
|
|||
throw new \Exception("No DB Object, can't create",self::ERR_DATABASE_ERROR);
|
||||
}
|
||||
if (!is_string($token) || !preg_match("#^[a-zA-Z0-9]{32}$#",$token)) {
|
||||
throw new \Exception("Invalid argument (token)",self::ERR_INVALID_ARGUMENT);
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_TOKEN, "message" => "Invalid token") );
|
||||
}
|
||||
|
||||
foreach($db->query("SELECT * FROM token WHERE token=?", array($token)) as $tok) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue