CC-5701: Airtime File API

Beginnings of fil rest api
index, get, post actions working without authentication

airtime_mvc/application/configs/application.ini

@@ -6,6 +6,9 @@ bootstrap.class = "Bootstrap"
 appnamespace = "Application"
 resources.frontController.controllerDirectory = APPLICATION_PATH "/controllers"
 resources.frontController.params.displayExceptions = 0
+resources.frontController.moduleDirectory = APPLICATION_PATH "/modules"
+;load everything in the modules directory including models
+resources.modules[] = ""
 resources.layout.layoutPath = APPLICATION_PATH "/layouts/scripts/"
 resources.view[] =
 resources.db.adapter = "Pdo_Pgsql"

airtime_mvc/application/controllers/plugins/Acl_plugin.php

@@ -110,6 +110,13 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
     {
         $controller = strtolower($request->getControllerName());
 
+        //Ignore authentication for all access to the rest API. We do auth via API keys for this
+        //and/or by OAuth.
+        if (strtolower($request->getModuleName()) == "rest")
+        {
+            return;
+        }
+
         if (in_array($controller, array("api", "auth", "locale"))) {
 
             $this->setRoleName("G");

airtime_mvc/application/modules/rest/Bootstrap.php

@@ -0,0 +1,14 @@
+<?
+
+class Rest_Bootstrap extends Zend_Application_Module_Bootstrap
+{
+    protected function _initRouter()
+    {
+        $front = Zend_Controller_Front::getInstance();
+        $router = $front->getRouter();
+
+        $restRoute = new Zend_Rest_Route($front, array(), array(
+            'rest'=> array('media')));
+        assert($router->addRoute('rest', $restRoute));
+    }
+}

airtime_mvc/application/modules/rest/controllers/MediaController.php

@@ -0,0 +1,145 @@
+<?php
+
+class Rest_MediaController extends Zend_Rest_Controller
+{
+    public function init()
+    {
+        $this->view->layout()->disableLayout();
+    }
+
+    public function indexAction()
+    {
+        if (!$this->verifyApiKey()) {
+            return;
+        }
+        $this->getResponse()
+            ->setHttpResponseCode(200)
+            ->appendBody(json_encode(CcFilesQuery::create()->find()->toArray()));
+    }
+    public function getAction()
+    {
+        if (!$this->verifyApiKey()) {
+            return;
+        }
+        $id = $this->getId();
+        if (!$id) {
+            return;
+        }
+
+        $file = CcFilesQuery::create()->findPk($id);
+        if ($file) {
+            $this->getResponse()
+                ->setHttpResponseCode(200)
+                ->appendBody(json_encode($file->toArray()));
+        } else {
+            $this->fileNotFoundResponse();
+        }
+    }
+    
+    public function postAction()
+    {
+        if (!$this->verifyApiKey()) {
+            return;
+        }
+        //If we do get an ID on a POST, then that doesn't make any sense
+        //since POST is only for creating.
+        if ($id = $this->_getParam('id', false)) {
+            $resp = $this->getResponse();
+            $resp->setHttpResponseCode(400);
+            $resp->appendBody("ERROR: ID should not be specified when using POST. POST is only used for show creation, and an ID will be chosen by Airtime"); 
+            return;
+        }
+
+        $file = new CcFiles();
+        $file->fromArray($this->getRequest()->getPost());
+        $file->save();
+
+        $resp = $this->getResponse();
+        $resp->setHttpResponseCode(201);
+        $resp->appendBody(json_encode($file->toArray()));
+    }
+    
+    public function putAction()
+    {
+        if (!$this->verifyApiKey()) {
+            return;
+        }
+        $id = $this->getId();
+        if (!$id) {
+            return;
+        }
+        
+        $file = CcFilesQuery::create()->findPk($id);
+        if ($show)
+        {
+            $show->importFrom('JSON', $this->getRequest()->getRawBody());
+            $show->save();
+            $this->getResponse()
+                ->appendBody("From putAction() updating the requested show");
+        } else {
+            $this->showNotFoundResponse();
+        }
+    }
+    
+    public function deleteAction()
+    {
+        if (!$this->verifyApiKey()) {
+            return;
+        }
+        $id = $this->getId();
+        if (!$id) {
+            return;
+        }
+        $show = CcShowQuery::create()->$query->findPk($id);
+        if ($show) {
+            $show->delete();
+        } else {
+            $this->showNotFoundResponse();
+        }
+    }
+
+    private function getId()
+    {
+        if (!$id = $this->_getParam('id', false)) {
+            $resp = $this->getResponse();
+            $resp->setHttpResponseCode(400);
+            $resp->appendBody("ERROR: No show ID specified."); 
+            return false;
+        } 
+        return $id;
+    }
+
+    private function verifyAPIKey()
+    {
+        //The API key is passed in via HTTP "basic authentication":
+        //  http://en.wikipedia.org/wiki/Basic_access_authentication
+
+        //TODO: Fetch the user's API key from the database to check against 
+        $unencodedStoredApiKey = "foobar"; 
+        $encodedStoredApiKey = base64_encode($unencodedStoredApiKey . ":");
+
+        //Decode the API key that was passed to us in the HTTP request.
+        $authHeader = $this->getRequest()->getHeader("Authorization");
+        $encodedRequestApiKey = substr($authHeader, strlen("Basic "));
+
+        //if ($encodedRequestApiKey === $encodedStoredApiKey)
+        if (true)
+        {
+            return true;
+        }
+        else
+        {
+            $resp = $this->getResponse();
+            $resp->setHttpResponseCode(401);
+            $resp->appendBody("ERROR: Incorrect API key."); 
+            return false;
+        }
+    }
+
+    private function fileNotFoundResponse()
+    {
+        $resp = $this->getResponse();
+        $resp->setHttpResponseCode(404);
+        $resp->appendBody("ERROR: Show not found."); 
+    }
+}