CC-5701: Airtime File API
Beginnings of fil rest api index, get, post actions working without authentication
This commit is contained in:
drigato
parent
1715f2187d
commit
64c1dd2c1e
|
|
@ -6,6 +6,9 @@ bootstrap.class = "Bootstrap"
|
|||
appnamespace = "Application"
|
||||
resources.frontController.controllerDirectory = APPLICATION_PATH "/controllers"
|
||||
resources.frontController.params.displayExceptions = 0
|
||||
resources.frontController.moduleDirectory = APPLICATION_PATH "/modules"
|
||||
;load everything in the modules directory including models
|
||||
resources.modules[] = ""
|
||||
resources.layout.layoutPath = APPLICATION_PATH "/layouts/scripts/"
|
||||
resources.view[] =
|
||||
resources.db.adapter = "Pdo_Pgsql"
|
||||
|
|
|
|||
|
|
@ -110,6 +110,13 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
|
|||
{
|
||||
$controller = strtolower($request->getControllerName());
|
||||
|
||||
//Ignore authentication for all access to the rest API. We do auth via API keys for this
|
||||
//and/or by OAuth.
|
||||
if (strtolower($request->getModuleName()) == "rest")
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (in_array($controller, array("api", "auth", "locale"))) {
|
||||
|
||||
$this->setRoleName("G");
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
<?
|
||||
|
||||
class Rest_Bootstrap extends Zend_Application_Module_Bootstrap
|
||||
{
|
||||
protected function _initRouter()
|
||||
{
|
||||
$front = Zend_Controller_Front::getInstance();
|
||||
$router = $front->getRouter();
|
||||
|
||||
$restRoute = new Zend_Rest_Route($front, array(), array(
|
||||
'rest'=> array('media')));
|
||||
assert($router->addRoute('rest', $restRoute));
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,145 @@
|
|||
<?php
|
||||
|
||||
class Rest_MediaController extends Zend_Rest_Controller
|
||||
{
|
||||
public function init()
|
||||
{
|
||||
$this->view->layout()->disableLayout();
|
||||
}
|
||||
|
||||
public function indexAction()
|
||||
{
|
||||
if (!$this->verifyApiKey()) {
|
||||
return;
|
||||
}
|
||||
$this->getResponse()
|
||||
->setHttpResponseCode(200)
|
||||
->appendBody(json_encode(CcFilesQuery::create()->find()->toArray()));
|
||||
}
|
||||
public function getAction()
|
||||
{
|
||||
if (!$this->verifyApiKey()) {
|
||||
return;
|
||||
}
|
||||
$id = $this->getId();
|
||||
if (!$id) {
|
||||
return;
|
||||
}
|
||||
|
||||
$file = CcFilesQuery::create()->findPk($id);
|
||||
if ($file) {
|
||||
$this->getResponse()
|
||||
->setHttpResponseCode(200)
|
||||
->appendBody(json_encode($file->toArray()));
|
||||
} else {
|
||||
$this->fileNotFoundResponse();
|
||||
}
|
||||
}
|
||||
|
||||
public function postAction()
|
||||
{
|
||||
if (!$this->verifyApiKey()) {
|
||||
return;
|
||||
}
|
||||
//If we do get an ID on a POST, then that doesn't make any sense
|
||||
//since POST is only for creating.
|
||||
if ($id = $this->_getParam('id', false)) {
|
||||
$resp = $this->getResponse();
|
||||
$resp->setHttpResponseCode(400);
|
||||
$resp->appendBody("ERROR: ID should not be specified when using POST. POST is only used for show creation, and an ID will be chosen by Airtime");
|
||||
return;
|
||||
}
|
||||
|
||||
$file = new CcFiles();
|
||||
$file->fromArray($this->getRequest()->getPost());
|
||||
$file->save();
|
||||
|
||||
$resp = $this->getResponse();
|
||||
$resp->setHttpResponseCode(201);
|
||||
$resp->appendBody(json_encode($file->toArray()));
|
||||
}
|
||||
|
||||
public function putAction()
|
||||
{
|
||||
if (!$this->verifyApiKey()) {
|
||||
return;
|
||||
}
|
||||
$id = $this->getId();
|
||||
if (!$id) {
|
||||
return;
|
||||
}
|
||||
|
||||
$file = CcFilesQuery::create()->findPk($id);
|
||||
if ($show)
|
||||
{
|
||||
$show->importFrom('JSON', $this->getRequest()->getRawBody());
|
||||
$show->save();
|
||||
$this->getResponse()
|
||||
->appendBody("From putAction() updating the requested show");
|
||||
} else {
|
||||
$this->showNotFoundResponse();
|
||||
}
|
||||
}
|
||||
|
||||
public function deleteAction()
|
||||
{
|
||||
if (!$this->verifyApiKey()) {
|
||||
return;
|
||||
}
|
||||
$id = $this->getId();
|
||||
if (!$id) {
|
||||
return;
|
||||
}
|
||||
$show = CcShowQuery::create()->$query->findPk($id);
|
||||
if ($show) {
|
||||
$show->delete();
|
||||
} else {
|
||||
$this->showNotFoundResponse();
|
||||
}
|
||||
}
|
||||
|
||||
private function getId()
|
||||
{
|
||||
if (!$id = $this->_getParam('id', false)) {
|
||||
$resp = $this->getResponse();
|
||||
$resp->setHttpResponseCode(400);
|
||||
$resp->appendBody("ERROR: No show ID specified.");
|
||||
return false;
|
||||
}
|
||||
return $id;
|
||||
}
|
||||
|
||||
private function verifyAPIKey()
|
||||
{
|
||||
//The API key is passed in via HTTP "basic authentication":
|
||||
// http://en.wikipedia.org/wiki/Basic_access_authentication
|
||||
|
||||
//TODO: Fetch the user's API key from the database to check against
|
||||
$unencodedStoredApiKey = "foobar";
|
||||
$encodedStoredApiKey = base64_encode($unencodedStoredApiKey . ":");
|
||||
|
||||
//Decode the API key that was passed to us in the HTTP request.
|
||||
$authHeader = $this->getRequest()->getHeader("Authorization");
|
||||
$encodedRequestApiKey = substr($authHeader, strlen("Basic "));
|
||||
|
||||
//if ($encodedRequestApiKey === $encodedStoredApiKey)
|
||||
if (true)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
$resp = $this->getResponse();
|
||||
$resp->setHttpResponseCode(401);
|
||||
$resp->appendBody("ERROR: Incorrect API key.");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
private function fileNotFoundResponse()
|
||||
{
|
||||
$resp = $this->getResponse();
|
||||
$resp->setHttpResponseCode(404);
|
||||
$resp->appendBody("ERROR: Show not found.");
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue