start api implementation
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
100
lib/classes/api/class.FroxlorRPC.php
Normal file
100
lib/classes/api/class.FroxlorRPC.php
Normal file
@@ -0,0 +1,100 @@
|
||||
<?php
|
||||
|
||||
class FroxlorRPC
|
||||
{
|
||||
|
||||
/**
|
||||
* validate a given request
|
||||
*
|
||||
* @param array $request
|
||||
*
|
||||
* @throws Exception
|
||||
* @return array
|
||||
*/
|
||||
public static function validateRequest($request)
|
||||
{
|
||||
// check header
|
||||
if (! isset($request['header']) || empty($request['header'])) {
|
||||
throw new Exception("Invalid request header", 400);
|
||||
}
|
||||
|
||||
// check authorization
|
||||
if (! isset($request['header']['apikey']) || empty($request['header']['apikey']) || ! isset($request['header']['secret']) || empty($request['header']['secret'])) {
|
||||
throw new Exception("No authorization credentials given", 400);
|
||||
}
|
||||
self::validateAuth($request['header']['apikey'], $request['header']['secret']);
|
||||
|
||||
// check command
|
||||
return self::validateBody($request);
|
||||
}
|
||||
|
||||
/**
|
||||
* validates the given api credentials
|
||||
*
|
||||
* @param string $key
|
||||
* @param string $secret
|
||||
*
|
||||
* @throws Exception
|
||||
* @return boolean
|
||||
*/
|
||||
private static function validateAuth($key, $secret)
|
||||
{
|
||||
$sel_stmt = Database::prepare("SELECT * FROM `api_keys` WHERE `apikey` = :ak AND `secret` = :as");
|
||||
$result = Database::pexecute_first($sel_stmt, array(
|
||||
'ak' => $key,
|
||||
'as' => $secret
|
||||
), true, true);
|
||||
if ($result) {
|
||||
if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == -1 || $result['valid_until'] >= time())) {
|
||||
if (!empty($result['allowed_from'])) {
|
||||
$ip_list = explode(",", $result['allowed_from']);
|
||||
$access_ip = $_SERVER['REMOTE_ADDR'];
|
||||
// @fixme finish me
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
throw new Exception("Invalid authorization credentials", 400);
|
||||
}
|
||||
|
||||
/**
|
||||
* validates the given command
|
||||
*
|
||||
* @param array $body
|
||||
*
|
||||
* @throws Exception
|
||||
* @return boolean
|
||||
*/
|
||||
private static function validateBody($request)
|
||||
{
|
||||
// check body
|
||||
if (! isset($request['body']) || empty($request['body'])) {
|
||||
throw new Exception("Invalid request body", 400);
|
||||
}
|
||||
|
||||
// check command exists
|
||||
if (! isset($request['body']['command']) || empty($request['body']['command'])) {
|
||||
throw new Exception("No command given", 400);
|
||||
}
|
||||
|
||||
$command = explode(".", $request['body']['command']);
|
||||
|
||||
if (count($command) != 2) {
|
||||
throw new Exception("Invalid command", 400);
|
||||
}
|
||||
// simply check for file-existance, as we do not want to use our autoloader because this way
|
||||
// it will recognize non-api classes+methods as valid commands
|
||||
$apiclass = FROXLOR_INSTALL_DIR . '/lib/classes/api/commands/class.' . $command[0] . '.php';
|
||||
if (! file_exists($apiclass) || ! @method_exists($command[0], $command[1])) {
|
||||
// there will be an exception from the autoloader for class_exists hence the try-catch-block
|
||||
throw new Exception("Unknown command", 400);
|
||||
}
|
||||
return array(
|
||||
'command' => array(
|
||||
'class' => $command[0],
|
||||
'method' => $command[1]
|
||||
),
|
||||
'params' => isset($request['body']['params']) ? $request['body']['params'] : null
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user