function handleRequest(DevblocksHttpRequest $request)
{
$stack = $request->path;
$db = DevblocksPlatform::getDatabaseService();
// **** BEGIN AUTH
@($verb = $_SERVER['REQUEST_METHOD']);
@($header_date = $_SERVER['HTTP_DATE']);
@($header_signature = $_SERVER['HTTP_PORTSENSOR_AUTH']);
@($this->_payload = $this->_getRawPost());
@(list($auth_worker_email, $auth_signature) = explode(":", $header_signature, 2));
$url_parts = parse_url(DevblocksPlatform::getWebPath());
$url_path = $url_parts['path'];
$url_query = $this->_sortQueryString($_SERVER['QUERY_STRING']);
$string_to_sign_prefix = "{$verb}\n{$header_date}\n{$url_path}\n{$url_query}\n{$this->_payload}";
if (!$this->_validateRfcDate($header_date)) {
$this->_error("Access denied! (Invalid timestamp)");
}
// if(strpos($auth_access_key,'@')) { // WORKER-LEVEL AUTH
$results = DAO_Worker::getWhere(sprintf("%s = %s", DAO_Worker::EMAIL, $db->qstr($auth_worker_email)));
if (empty($results)) {
$this->_error("Access denied! (Invalid authentication)");
} else {
$worker = array_shift($results);
$this->setActiveWorker($worker);
}
if (null == $this->getActiveWorker()) {
$this->_error("Access denied! (Invalid worker)");
}
if (!$worker->hasPriv('plugin.usermeet.webapi')) {
$this->_error("Access denied! (No permission)");
}
$pass = $this->getActiveWorker()->pass;
$string_to_sign = "{$string_to_sign_prefix}\n{$pass}\n";
$compare_hash = base64_encode(sha1($string_to_sign, true));
if (0 != strcmp($auth_signature, $compare_hash)) {
$this->_error("Access denied! (Invalid password)");
}
// **** END APP AUTH
// Figure out our format by looking at the last path argument
@(list($command, $format) = explode('.', array_pop($stack)));
array_push($stack, $command);
$this->_format = $format;
// Call the verb as an action
$method = strtolower($verb) . 'Action';
if (method_exists($this, $method)) {
call_user_func(array(&$this, $method), $stack);
} else {
$this->_error("Invalid action.");
}
}
function handleRequest(DevblocksHttpRequest $request)
{
$stack = $request->path;
$db = DevblocksPlatform::getDatabaseService();
// **** BEGIN AUTH
@($verb = $_SERVER['REQUEST_METHOD']);
@($header_date = $_SERVER['HTTP_DATE']);
@($header_signature = $_SERVER['HTTP_CERB4_AUTH']);
@($this->_payload = $this->_getRawPost());
@(list($auth_access_key, $auth_signature) = explode(":", $header_signature, 2));
$url_parts = parse_url(DevblocksPlatform::getWebPath());
$url_path = $url_parts['path'];
$url_query = $this->_sortQueryString($_SERVER['QUERY_STRING']);
$string_to_sign_prefix = "{$verb}\n{$header_date}\n{$url_path}\n{$url_query}\n{$this->_payload}";
if (!$this->_validateRfcDate($header_date)) {
$this->_error("Access denied! (Invalid timestamp)");
}
if (strpos($auth_access_key, '@')) {
// WORKER-LEVEL AUTH
$workers = DAO_Worker::getAll();
foreach ($workers as $worker) {
/* @var $worker CerberusWorker */
if ($worker->email == $auth_access_key) {
$this->setActiveWorker($worker);
break;
}
}
if (null == $this->getActiveWorker()) {
$this->_error("Access denied! (Invalid worker)");
}
$pass = $this->getActiveWorker()->pass;
$string_to_sign = "{$string_to_sign_prefix}\n{$pass}\n";
$compare_hash = base64_encode(sha1($string_to_sign, true));
if (0 != strcmp($auth_signature, $compare_hash)) {
$this->_error("Access denied! (Invalid password)");
}
} else {
// APP-LEVEL AUTH
$stored_keychains = DAO_WebapiKey::getWhere(sprintf("%s = %s", DAO_WebapiKey::ACCESS_KEY, $db->qstr(str_replace(' ', '', $auth_access_key))));
/* @var $stored_keychain Model_WebApiKey */
if (!empty($stored_keychains)) {
@($stored_keychain = array_shift($stored_keychains));
@($auth_secret_key = $stored_keychain->secret_key);
@($auth_rights = $stored_keychain->rights);
$string_to_sign = "{$string_to_sign_prefix}\n{$auth_secret_key}\n";
$compare_hash = base64_encode(sha1($string_to_sign, true));
if (0 != strcmp($auth_signature, $compare_hash)) {
$this->_error("Access denied! (Invalid signature)");
}
// Check that this IP is allowed to perform the VERB
if (!$stored_keychain->isValidIp($_SERVER['REMOTE_ADDR'])) {
$this->_error(sprintf("Access denied! (IP %s not authorized)", $_SERVER['REMOTE_ADDR']));
}
} else {
$this->_error("Access denied! (Unknown access key)");
}
}
// **** END APP AUTH
// Figure out our format by looking at the last path argument
@(list($command, $format) = explode('.', array_pop($stack)));
array_push($stack, $command);
$this->_format = $format;
if (null != $this->getActiveWorker()) {
$method = strtolower($verb) . 'WorkerAction';
if (method_exists($this, $method)) {
call_user_func(array(&$this, $method), $stack);
}
} else {
$method = strtolower($verb) . 'Action';
if (method_exists($this, $method)) {
call_user_func(array(&$this, $method), $stack, $stored_keychain);
}
}
}
