Ejemplo n.º 1
0
 /**
  * Set the new credentials in the DB.
  * 
  * @param array $credentials	The array of new credentials for the API
  * @param string $api_name		The name of the API to set the credentials for or empty for the current API
  * 
  * @return bool True on success or false on fail
  */
 public static function set_credentials(array $credentials, $api_name = null)
 {
     // Specific API
     if (!empty($api_name)) {
         if (($api_id = \V1\Model\APIs::get_api_id($api_name, true)) === false) {
             return false;
         }
         $credentials_encrypted = \Crypt::encode(json_encode($credentials));
         \V1\Model\APIsMetaData::set_credentials($credentials_encrypted, $api_id);
         return true;
     }
     // Figure out what to set based on the current request
     if (\V1\APIRequest::is_static() === true) {
         $credentials_encrypted = \Crypt::encode(json_encode($credentials));
         return \V1\Model\APIsMetaData::set_credentials($credentials_encrypted);
     } else {
         $account_data = \V1\Model\Account::get_account();
         // Only store them their credentials if the account holder wants us to.
         if ($account_data['store_credentials'] === 1) {
             $credentials[\V1\APIRequest::get('api')] = $credentials;
             if (!empty($account_data['credentials'])) {
                 $account_data['credentials'] = json_decode(\Crypt::decode($account_data['credentials']), true);
                 $account_data['credentials'][\V1\APIRequest::get('api')] = $credentials[\V1\APIRequest::get('api')];
                 $credentials = $account_data['credentials'];
             }
             $credentials_encrypted = \Crypt::encode(json_encode($credentials));
             return \V1\Model\AccountsMetaData::set_credentials($account_data['id'], $credentials_encrypted);
         }
         return true;
     }
 }
 /**
  * Configure a static call
  * 
  * @return mixed The \V1\APICall object or an error array if the call wasn't found
  */
 public static function configure_call()
 {
     if (is_array($static_calls = \V1\RAML::parse_static_calls())) {
         $api_data = \V1\Model\APIs::get_api();
         $account_data = \V1\Model\Account::get_account();
         foreach ($static_calls as $call => $call_data) {
             // The static call data matches the request.
             if ('/' . \V1\APIRequest::get('static-call') === $call) {
                 // If we can't run the inactive call, then error out.
                 if (isset($call_data['stability']) && $call_data['stability'] === 0 && ($account_data['can_run_inactive'] === 0 || $account_data['id'] !== $api_data['account_id'])) {
                     return \Utility::format_error(403, \V1\Err::DISABLED_STATIC, \Lang::get('v1::errors.disabled_static'));
                 }
                 // Do we have a cached entry?
                 if (is_array($cached_data = \V1\Call\StaticCall::get_call_cache())) {
                     // Set their usage stats.
                     \V1\Usage::set_usage();
                     // Set the API provider stats
                     \V1\Usage::set_api_stats($cached_data['response']['status']);
                     // Return the response-formatted data from the cached entry.
                     return $cached_data;
                 }
                 // Try to get an APICall object
                 if (($apicall = static::apicall_object($call)) !== false) {
                     return $apicall;
                 }
             }
         }
         // The static call wasn't found.
         return \Utility::format_error(404, \V1\Err::BAD_STATIC, \Lang::get('v1::errors.bad_static'));
     } else {
         // If they've requested a static call when there aren't any for the requested API, give 'em errors!
         return \Utility::format_error(404, \V1\Err::NO_STATIC, \Lang::get('v1::errors.no_static'));
     }
 }
 /**
  * Check if the account has reached the maximum number of API calls it can make globally (not API specific)
  * 
  * @return boolean True if they're within their limits, false if not
  */
 protected static function check_global_limits()
 {
     $account_data = \V1\Model\Account::get_account();
     $total_calls = \V1\Usage::get_usage(false);
     // If they've used up all of their calls, and they aren't unlimited, then they've hit their global limits.
     if ($total_calls === $account_data['max_calls'] && $account_data['max_calls'] != 0) {
         return false;
     }
     return true;
 }
Ejemplo n.º 4
0
 /**
  * Get the ID for a given API name
  * 
  * @param string $api_name	The name of the API
  * @param bool $public_only	Set to true to exclude account owned APIs
  * 
  * @return mixed The API ID or false on fail
  */
 public static function get_api_id($api_name, $public_only = false)
 {
     // Select the chosen one.
     $api_data = static::query()->where('name', '=', $api_name)->and_where_open()->where('private', '=', 0);
     if ($public_only === false) {
         $account_data = \V1\Model\Account::get_account();
         $api_data->or_where_open()->where('private', '=', 1)->where('account_id', '=', $account_data['id'])->or_where_close();
     }
     $row = $api_data->and_where_close()->get_one();
     if (!empty($row['id'])) {
         return $row['id'];
     }
     return false;
 }
 /**
  * Get the row of Data Call data from the DB.
  *
  * @param string $data_call The name of the Data Call to pull data for or null to grab the posted Data Call
  * @return array The array of data for the Data Call from the DB, or an empty array
  */
 public static function get_data_call($data_call = null)
 {
     $data_call = empty($data_call) ? \V1\APIRequest::get('data-call') : $data_call;
     $account_data = \V1\Model\Account::get_account();
     // Select the chosen one.
     $data_call_data = static::query()->where('name', '=', $data_call)->and_where_open()->where('account_id', '=', 0)->or_where('account_id', '=', $account_data['id'])->and_where_close()->get_one();
     if (!empty($data_call_data)) {
         $return = array();
         // Turn the object into an array (You can't just cast it to an array unfortunately.)
         foreach ($data_call_data as $key => $value) {
             $return[$key] = $value;
         }
         return $return;
     } else {
         return array();
     }
 }
Ejemplo n.º 6
0
 /**
  * Delete all usage statistics, or the usage statistics for an API.
  * 
  * @param string $api The API to delete the usage statistics for, or leave it empty to remove everything
  */
 public static function delete_usage($api = null)
 {
     // Delete everything
     if (empty($api)) {
         \Cache::delete('account.' . \Session::get('consumer_key') . 'usage');
         /*
          * Remove the reset time from the DB so that we aren't always resetting it.
          * Free account don't pay (obviously), so we set their reset timer to 30 days
          * from now.
          */
         $account_data = \V1\Model\Account::get_account();
         $time = null;
         if ($account_data['access_level'] === 1) {
             $time = time() + (int) \Config::get('tiers.free.reset_period', 30) * 24 * 60 * 60;
         }
         \Debug::dump($time);
         \V1\Model\Account::set_reset_usage($time);
     } else {
         try {
             // If we have an entry for the API, then delete it.
             $usage = \Cache::get('account.' . \Session::get('consumer_key') . 'usage');
             if (isset($usage[$api])) {
                 unset($usage[$api]);
             }
             // Set it without the value for the chosen API.
             \Cache::set('account.' . \Session::get('consumer_key') . 'usage', $usage);
         } catch (\CacheNotFoundException $e) {
         }
     }
 }
Ejemplo n.º 7
0
 /**
  * Add the array of Bit API Hub headers for the call
  * 
  * @param array $headers The array of existing headers
  * @return array $headers with the Bit API Hub headers added on
  */
 public static function get_headers(array $headers)
 {
     $api = \V1\Model\APIs::get_api();
     $account = \V1\Model\Account::get_account();
     $forwarded_for = \Input::real_ip('0.0.0.0', true);
     if ($internal_call = \Utility::is_internal_call()) {
         $forwarded_for = \Config::get('engine.call_test_ip');
     }
     $headers = array_replace($headers, array('User-Agent' => 'API Optimization Engine/V1', 'X-Forwarded-For' => $forwarded_for));
     if (\Config::get('engine.send_engine_auth', false) === true) {
         // If the API hasn't yet received a secret identity, generate one.
         if (empty($api['secret'])) {
             $secret = \V1\Model\APIs::set_api_secret($api['id']);
         } else {
             $secret = \Crypt::decode($api['secret']);
         }
         $headers = array_replace($headers, array('X-AOE-Secret' => $secret, 'X-AOE-Account' => $account['id'], 'X-AOE-Version' => 'V1'));
     }
     return $headers;
 }
 /**
  * Check the speed limits of an API to make sure that the account isn't calling the API more than it's
  * allowed to in the specified time frame.
  * 
  * @return mixed True if the call is within the speed limits, or the error array if it isn't
  */
 private static function check_usage_limits()
 {
     $api_data = \V1\Model\APIs::get_api(\V1\APIRequest::get('api'));
     $account_data = \V1\Model\Account::get_account();
     $package_limits = \V1\RAML::parse_package_limits();
     /*
      * Are there any limits on the API for our package level? API limits are imposed
      * by Bit API Hub, not the API provider. It helps to limit the amount of bandwidth
      * we allot for each call. The heavier the call, the less calls people can make.
      */
     if (is_array($package_limits) && array_key_exists('level' . $account_data['access_level'], $package_limits) && !empty($usage = \V1\Usage::get_usage(\V1\APIRequest::get('api')))) {
         // Loop the allotments of API calls per time period
         foreach ($package_limits['level' . $account_data['access_level']] as $time_period => $allotment) {
             // If we have a valid log for the time period, and it's already maxed out, fail the check.
             if (isset($usage[$time_period]) && $usage[$time_period]['count'] == $allotment && \Utility::subtract_seconds($time_period) <= $usage[$time_period]['ts'] && $usage[$time_period]['ts'] <= time()) {
                 return \Utility::format_error(429, \V1\Err::TOO_MANY_REQUESTS, \Lang::get('v1::errors.too_many_requests', array('allotment' => number_format($allotment), 'period' => $time_period)));
             }
         }
     }
     // We're not breaking the speed limit, so shush.
     return true;
 }
Ejemplo n.º 9
0
 /**
  * Validate the signature for the call
  * 
  * @param array $tokens The OAuth tokens from the header
  * @return boolean True if valid, false if invalid
  */
 protected static function valid_signature($tokens)
 {
     $mt = microtime(true);
     // Decode the signature, or fail
     if (($decoded_sig = urldecode(base64_decode($tokens['oauth_signature']))) === false) {
         return false;
     }
     // Grab the account data so we have a copy of the customer's secret key.
     $account_data = \V1\Model\Account::get_account($tokens['oauth_consumer_key']);
     // If the account is invalid, fail.
     if (empty($account_data)) {
         return false;
     }
     $secret = \Crypt::decode($account_data['consumer_secret']);
     // Reconstruct the data to build the signature.
     $oauth = array('oauth_nonce' => $tokens['oauth_nonce'], 'oauth_timestamp' => $tokens['oauth_timestamp'], 'oauth_consumer_key' => $tokens['oauth_consumer_key'], 'oauth_consumer_secret' => $secret, 'body' => urlencode(urlencode(base64_encode(json_encode(\V1\APIRequest::post_data())))));
     ksort($oauth);
     $oauth_encoded = array();
     foreach ($oauth as $key => $value) {
         $oauth_encoded[] = $key . '=' . $value;
     }
     // Now we have the string to make the hash
     $signed_string = urlencode(implode('&', $oauth_encoded));
     // Final product
     $hash = hash_hmac('sha256', $signed_string, $secret);
     // If they match, it's valid.
     return $hash === $decoded_sig;
 }
Ejemplo n.º 10
0
 /**
  * Parse the HTML data
  * 
  * @param array $template		The array of template data from the Data Call call script
  * @param array $api_responses	The array of responses we ran with the Data Call
  * @param bool $return_html		Set to true to return only HTML, not the array of parsed template data
  * 
  * @return mixed The array of parsed template data, or a string of HTML body contents if $return_html is true
  */
 protected static function process_template(array $template, array $api_responses, $return_html = false)
 {
     // Fill out our variables if we have some. (Kind of pointless not to.)
     if (!empty($template['variables'])) {
         $variables = array();
         foreach ($template['variables'] as $variable => $value_location) {
             $variables[$variable] = null;
             // Check if it resolves.
             if (($value = \Arr::get($api_responses, $value_location, 'BAH_NO_VALUE')) !== 'BAH_NO_VALUE') {
                 // Add the value to the variable so we can replace it.
                 if (is_numeric($value) || is_string($value) || is_null($value)) {
                     $variables[$variable] = (string) $value;
                 }
                 // Boolean doesn't like to get cast to a string properly.
                 if (is_bool($value)) {
                     $variables[$variable] = $value === false ? 'false' : 'true';
                 }
             }
         }
         // We don't return these.
         unset($template['variables']);
         // Replace the variables in the template.
         if (!empty($variables)) {
             $template = str_replace(array_keys($variables), array_values($variables), $template);
         }
     }
     $account_data = \V1\Model\Account::get_account();
     /**
      * Add our link back on free accounts, or account who wish to show a link back. While free accounts
      * could just decide not to show the body, they cannot configure their own Data Calls to place body
      * content in "css" or "js". Anyone can just preg_replace() away the linkback, but in general,
      * free accounts will show our link back.
      */
     if (!empty($template['body']) && ($account_data['access_level'] === 1 || $account_data['link_back'] === 1)) {
         $template['body'] .= \View::forge('linkback', array('color' => \V1\APIRequest::data_call('linkback-color', 'dark')), false)->render();
     }
     // We'll parse the template for them.
     if ($return_html === true) {
         $html = null;
         // CSS should be in <style> tags.
         $html .= !empty($template['css']) ? $template['css'] . '<body>' : null;
         // HTML body
         $html .= !empty($template['body']) ? $template['body'] : null;
         // JS comes at the end to keep things speedy.
         $html .= !empty($template['js']) ? $template['js'] : null;
         return $html;
     }
     // Send the template data sectioned out for use.
     return $template;
 }