Congegni
/
libretime
mirror of https://github.com/libretime/libretime.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added create endpoint to provisioning controller, fixed RestAuth helper

This commit is contained in:
Duncan Sommerville 2015-02-09 17:41:03 -05:00
parent a1436bfebb
commit dd095e8933
2 changed files with 134 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
airtime_mvc/application/controllers/ProvisioningController.php
View File

@ -6,9 +6,16 @@ use Aws\S3\S3Client;
class ProvisioningController extends Zend_Controller_Action class ProvisioningController extends Zend_Controller_Action
{ {
static $dbh;
// Parameter values
private $dbuser, $dbpass, $dbname, $dbhost;
public function init() public function init()
{ {
} }
/** /**
* Delete the Airtime Pro station's files from Amazon S3 * Delete the Airtime Pro station's files from Amazon S3
*/ */
@ -16,8 +23,8 @@ class ProvisioningController extends Zend_Controller_Action
{ {
$this->view->layout()->disableLayout(); $this->view->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true); $this->_helper->viewRenderer->setNoRender(true);
if (!$this->verifyAPIKey()) { if (!RestAuth::verifyAuth(true, true, $this)) {
return; return;
} }
@ -33,27 +40,75 @@ class ProvisioningController extends Zend_Controller_Action
->appendBody("OK"); ->appendBody("OK");
} }
private function verifyAPIKey() /**
{ * RESTful endpoint for setting up and installing the Airtime database
// The API key is passed in via HTTP "basic authentication": */
// http://en.wikipedia.org/wiki/Basic_access_authentication public function createDatabaseAction() {
Logging::info("Create Database action received");
$CC_CONFIG = Config::getConfig();
if (!RestAuth::verifyAuth(true, true, $this)) {
// Decode the API key that was passed to us in the HTTP request. return;
$authHeader = $this->getRequest()->getHeader("Authorization");
$encodedRequestApiKey = substr($authHeader, strlen("Basic "));
$encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":");
if ($encodedRequestApiKey === $encodedStoredApiKey)
{
return true;
} }
try {
$this->getParams();
$this->setNewDatabaseConnection();
$this->createDatabaseTables();
} catch(Exception $e) {
$this->getResponse()
->setHttpResponseCode(400)
->appendBody($e->getMessage());
return;
}
$this->getResponse() $this->getResponse()
->setHttpResponseCode(401) ->setHttpResponseCode(201);
->appendBody("ERROR: Incorrect API key.");
return false;
} }
private function getParams() {
$this->dbuser = $this->_getParam('dbuser', '');
$this->dbpass = $this->_getParam('dbpass', '');
$this->dbname = $this->_getParam('dbname', '');
$this->dbhost = $this->_getParam('dbhost', '');
}
/**
* Set up a new database connection based on the parameters in the request
* @throws PDOException upon failure to connect
*/
private function setNewDatabaseConnection() {
self::$dbh = new PDO("pgsql:host=" . $this->dbhost
. ";dbname=" . $this->dbname
. ";port=5432" . ";user=" . $this->dbuser
. ";password=" . $this->dbpass);
$err = self::$dbh->errorInfo();
if ($err[1] != null) {
throw new PDOException("ERROR: Could not connect to database");
}
}
/**
* Install the Airtime database
* @throws Exception
*/
private function createDatabaseTables() {
$sqlDir = dirname(APPLICATION_PATH) . "/build/sql/";
$files = array("schema.sql", "sequences.sql", "views.sql", "triggers.sql", "defaultdata.sql");
foreach ($files as $f) {
try {
/*
* Unfortunately, we need to use exec here due to PDO's lack of support for importing
* multi-line .sql files. PDO->exec() almost works, but any SQL errors stop the import,
* so the necessary DROPs on non-existent tables make it unusable. Prepared statements
* have multiple issues; they similarly die on any SQL errors, fail to read in multi-line
* commands, and fail on any unescaped ? or $ characters.
*/
exec("export PGPASSWORD=" . $this->dbpass . " && psql -U " . $this->dbuser . " --dbname "
. $this->dbname . " -h " . $this->dbhost . " -f $sqlDir$f 2>/dev/null", $out, $status);
} catch (Exception $e) {
throw new Exception("ERROR: Failed to create database tables");
}
}
}
} }

118
airtime_mvc/application/modules/rest/helpers/RestAuth.php
View File

@ -1,64 +1,60 @@
<?php <?php
class RestAuth class RestAuth {
{
public static function verifyAuth($checkApiKey, $checkSession) public static function verifyAuth($checkApiKey, $checkSession, $action) {
{ //Session takes precedence over API key for now:
//Session takes precedence over API key for now: if ($checkSession && self::verifySession()
if ($checkSession && RestAuth::verifySession() || $checkApiKey && self::verifyAPIKey($action)
|| $checkApiKey && RestAuth::verifyAPIKey()) ) {
{ return true;
return true; }
}
$action->getResponse()
$resp = $this->getResponse(); ->setHttpResponseCode(401)
$resp->setHttpResponseCode(401); ->appendBody(json_encode(array("message" => "ERROR: Incorrect API key.")));
$resp->appendBody("ERROR: Incorrect API key.");
return false;
return false; }
}
public static function getOwnerId() {
public static function getOwnerId() try {
{ if (self::verifySession()) {
try { $service_user = new Application_Service_UserService();
if (RestAuth::verifySession()) { return $service_user->getCurrentUser()->getDbId();
$service_user = new Application_Service_UserService(); } else {
return $service_user->getCurrentUser()->getDbId(); $defaultOwner = CcSubjsQuery::create()
} else { ->filterByDbType(array('A', 'S'), Criteria::IN)
$defaultOwner = CcSubjsQuery::create() ->orderByDbId()
->filterByDbType('A') ->findOne();
->orderByDbId() if (!$defaultOwner) {
->findOne(); // what to do if there is no admin user?
if (!$defaultOwner) { // should we handle this case?
// what to do if there is no admin user? return null;
// should we handle this case? }
return null; return $defaultOwner->getDbId();
} }
return $defaultOwner->getDbId(); } catch (Exception $e) {
} Logging::info($e->getMessage());
} catch(Exception $e) { }
Logging::info($e->getMessage()); }
}
} private static function verifySession() {
$auth = Zend_Auth::getInstance();
private static function verifySession() return $auth->hasIdentity();
{ }
$auth = Zend_Auth::getInstance();
return $auth->hasIdentity(); private static function verifyAPIKey($action) {
} //The API key is passed in via HTTP "basic authentication":
// http://en.wikipedia.org/wiki/Basic_access_authentication
private static function verifyAPIKey() $CC_CONFIG = Config::getConfig();
{
//The API key is passed in via HTTP "basic authentication": //Decode the API key that was passed to us in the HTTP request.
// http://en.wikipedia.org/wiki/Basic_access_authentication $authHeader = $action->getRequest()->getHeader("Authorization");
$CC_CONFIG = Config::getConfig(); $encodedRequestApiKey = substr($authHeader, strlen("Basic "));
$encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":");
//Decode the API key that was passed to us in the HTTP request.
$authHeader = $this->getRequest()->getHeader("Authorization"); return ($encodedRequestApiKey === $encodedStoredApiKey);
$encodedRequestApiKey = substr($authHeader, strlen("Basic ")); }
$encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":");
return ($encodedRequestApiKey === $encodedStoredApiKey);
}
} }