kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[fix] Auth OK, Call OK

This commit is contained in:
Benjamin Sonntag 2014-09-21 16:44:06 +02:00
parent 924b36ee19
commit eaa3f52364
4 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
api/panel/index.php
View File

@ -103,7 +103,7 @@ function apicall($data,$token,$mode) {
$options["loginAdapterList"]=array("sharedsecret","login"); $options["loginAdapterList"]=array("sharedsecret","login");
// TODO (no loggerAdapter PSR3-Interface-compliant class as of now) // TODO (no loggerAdapter PSR3-Interface-compliant class as of now)
try { try {
$data["token_hash"]=$token;
$service=new Alternc_Api_Service($options); $service=new Alternc_Api_Service($options);
$response = $service->call( $response = $service->call(
@ -118,7 +118,7 @@ function apicall($data,$token,$mode) {
// something went wrong, we spit out the exception as an Api_Response // something went wrong, we spit out the exception as an Api_Response
// TODO : Don't do that on production! spit out a generic "fatal error" code and LOG the exception ! // TODO : Don't do that on production! spit out a generic "fatal error" code and LOG the exception !
header("Content-Type: application/json"); header("Content-Type: application/json");
$response=new Alternc_Api_Response(array("code" => $e->code, "message" => $e->message)); $response=new Alternc_Api_Response(array("code" => $e->getCode(), "message" => $e->getMessage() ));
echo $response->toJson(); echo $response->toJson();
exit(); exit();
} }
@ -185,8 +185,7 @@ if ($_SERVER["REQUEST_URI"]=="/api/post") {
exit(); exit();
} }
} }
if (preg_match("#^/api/rest/([^/]*)/([^/\?]*)[/\?]?#",$_SERVER["REQUEST_URI"],$mat)) {
if (preg_match("#^/api/rest/([^/]*)/([^/\?]*)[/\?]?$#",$_SERVER["REQUEST_URI"],$mat)) {
if ($_SERVER["REQUEST_METHOD"]=="POST") { if ($_SERVER["REQUEST_METHOD"]=="POST") {
$data=array("options" => $_POST, $data=array("options" => $_POST,
"object" => $mat[1], "object" => $mat[1],
@ -205,3 +204,5 @@ if (preg_match("#^/api/rest/([^/]*)/([^/\?]*)[/\?]?$#",$_SERVER["REQUEST_URI"],$
exit(); exit();
} }
} }
echo "I did nothing. Did you call the api properly?";

2
lib/Alternc/Api/Response.php
View File

@ -46,7 +46,7 @@ class Alternc_Api_Response {
* initialize a response object * initialize a response object
* @param options any of the public above * @param options any of the public above
*/ */
public function __constructor($options=array()) { public function __construct($options=array()) {
$os=array("code","message","content","metadata"); $os=array("code","message","content","metadata");
foreach ($os as $o) { foreach ($os as $o) {
if (isset($options[$o])) $this->$o=$options[$o]; if (isset($options[$o])) $this->$o=$options[$o];

11
lib/Alternc/Api/Service.php
View File

@ -86,7 +86,7 @@ class Alternc_Api_Service {
if (count($this->allowedAuth) && !in_array($auth["method"],$this->allowedAuth)) { if (count($this->allowedAuth) && !in_array($auth["method"],$this->allowedAuth)) {
throw new \Exception("Method not allowed", self::ERR_METHOD_DENIED); throw new \Exception("Method not allowed", self::ERR_METHOD_DENIED);
} }
if (isset($auth["options"]["uid"]) && !is_int($auth["options"]["uid"])) { if (isset($auth["options"]["uid"]) && !intval($auth["options"]["uid"])) {
throw new \Exception("Invalid UID", self::ERR_INVALID_ARGUMENT); throw new \Exception("Invalid UID", self::ERR_INVALID_ARGUMENT);
} }
@ -109,9 +109,10 @@ class Alternc_Api_Service {
return new Alternc_Api_Response( array("code" => self::ERR_SETUID_FORBIDDEN, "message" => "This user is not allowed to set his uid") ); return new Alternc_Api_Response( array("code" => self::ERR_SETUID_FORBIDDEN, "message" => "This user is not allowed to set his uid") );
} }
// Search for the requested user. We allow using *disabled* account here since we are admin // Search for the requested user. We allow using *disabled* account here since we are admin
foreach($db->query("SELECT uid FROM membres WHERE uid=?",array($auth["options"]["uid"])) as $setuid) { foreach($this->db->query("SELECT uid FROM membres WHERE uid=".intval($auth["options"]["uid"])) as $setuid) {
$token->uid=$setuid; $token->uid=intval($setuid['uid']);
$db->exec("UPDATE token SET uid=? WHERE token=?",array( $token->uid, $token->token) ); $stmt=$this->db->prepare("UPDATE token SET data=? WHERE token=?");
$stmt->execute(array( $token->toJson(), $token->token));
return $token; return $token;
} }
return new Alternc_Api_Response( array("code" => self::ERR_SETUID_USER_NOT_FOUND, "message" => "Can't find the user you want to setuid to") ); return new Alternc_Api_Response( array("code" => self::ERR_SETUID_USER_NOT_FOUND, "message" => "Can't find the user you want to setuid to") );
@ -149,7 +150,7 @@ class Alternc_Api_Service {
$request->token=$this->token; // we receive $request->token_hash as a STRING, but we transmit its object as an Alternc_Api_Token. $request->token=$this->token; // we receive $request->token_hash as a STRING, but we transmit its object as an Alternc_Api_Token.
// TODO: log this Api Call // TODO: log this Api Call
return $object->$action($request); return $object->$action($request->options);
} }

5
lib/Alternc/Api/Token.php
View File

@ -114,8 +114,9 @@ class Alternc_Api_Token {
if (!is_string($token) || !preg_match("#^[a-zA-Z0-9]{32}$#",$token)) { if (!is_string($token) || !preg_match("#^[a-zA-Z0-9]{32}$#",$token)) {
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_TOKEN, "message" => "Invalid token") ); return new Alternc_Api_Response( array("code" => self::ERR_INVALID_TOKEN, "message" => "Invalid token") );
} }
$stmt=$db->prepare("SELECT * FROM token WHERE token=?");
foreach($db->query("SELECT * FROM token WHERE token=?", array($token)) as $tok) { $stmt->execute(array($token));
while ($tok=$stmt->fetch(PDO::FETCH_OBJ)) {
return new Alternc_Api_Token( json_decode($tok->data,true) ); return new Alternc_Api_Token( json_decode($tok->data,true) );
} }