function testQueries()
{
$r = new RestServer();
$t = count(explode("/", $_SERVER["REQUEST_URI"])) - 2;
$this->assertEquals($r->getQuery($t), "tests");
$this->assertEquals($r->getRequest()->getURI($t), "tests");
$r->setQuery("/teste/me");
$this->assertEquals($r->getQuery(2), "me");
$this->assertEquals($r->getRequest()->getURI(2), "me");
}
public function show(RestServer $rest)
{
$r = "Method=" . $rest->getRequest()->getMethod() . "\n";
$r .= "URI=" . $rest->getRequest()->getRequestURI() . "\n";
foreach ($rest->getRequest()->getGET() as $key => $value) {
$r .= "GET[" . $key . "]=" . $value . "\n";
}
foreach ($rest->getRequest()->getPOST() as $key => $value) {
$r .= "POST[" . $key . "]=" . $value . "\n";
}
$rest->getResponse()->setResponse(nl2br($r));
return $rest;
}
function testNamed()
{
$rs = new RestServer();
$rs->setMatch(array("", "user", ":me"));
$r = $rs->getRequest();
$r->setURI("/user/diogo");
$this->assertEquals($r->getURI("me"), "diogo");
$this->assertEquals($r->getURI("user"), null);
}
/**
* Constructor
*
* @param string $message message id to return to the interface
* @param int $code http error code
* @param mixed $details details about what happened (for logging)
*/
public function __construct($message, $code = 0, $details = '')
{
$request = RestServer::getRequest();
parent::__construct($message, $details, $request ? $request->context : null);
$this->code = $code;
}
/**
* Get user(s)
*
* Call examples :
* /user : get all users (admin)
* /user/@me : get current user (null if no session)
* /user/<uid> : get user (admin or current)
*
* @param int $id user id to get info about
*
* @return mixed
*
* @throws RestAuthenticationRequiredException
* @throws RestAdminRequiredException
* @throws RestBadParameterException
*/
public static function get($id = null)
{
// "Session getter"
if ($id == '@me') {
return Auth::isAuthenticated() ? static::cast(Auth::user()) : null;
}
// Need to be authenticated ...
if (!Auth::isAuthenticated()) {
throw new RestAuthenticationRequiredException();
}
$request = RestServer::getRequest();
if ($id) {
$user = User::fromId($id);
// Check ownership
if (!$user->is(Auth::user()) && !Auth::isAdmin()) {
throw new RestOwnershipRequiredException(Auth::user()->id, 'user = ' . $user->id);
}
return self::cast($user);
}
if (!Auth::isAdmin()) {
throw new RestAdminRequiredException();
}
$users = User::all();
if ($request->filterOp) {
$users = static::filter($users, $request->filterOp);
}
if ($request->updatedSince) {
$time = $request->updatedSince;
$users = array_filter($users, function ($user) use($time) {
return $user->last_activity >= $time;
});
}
$data = array();
foreach ($users as $user) {
$data[] = static::cast($user);
}
return $data;
}
/**
* Update survey
*
* @param int $id survey id
*
* Request body must be an object with properties to update
*
* @return array
*
* @throws RestBadParameterException
* @throws RestMissingParameterException
* @throws RestSurveyNotFoundException
* @throws RestNotAllowedException
*/
public static function put($id)
{
if (!$id) {
throw new RestMissingParameterException('id');
}
// Get survey and update data
$survey = Survey::fromId($id);
$data = RestServer::getRequest()->input;
// Check permissions
if (!Auth::isAdmin() || !$survey->owner->is(Auth::user())) {
throw new RestNotAllowedException('update survey ' . $survey->id);
}
if (property_exists($data, 'title')) {
if (!$data->title) {
throw new RestMissingParameterException('survey.title');
}
$survey->title = $data->title;
}
if (property_exists($data, 'description')) {
$survey->description = $data->description;
}
$survey->save();
return self::cast($survey);
}
/**
* Update vote to a survey
*
* @param int $id vote id
*
* Request body must be an array of objects with properties :
* * key : choice key
* * value : answer value for choice
*
* @return array
*
* @throws RestBadParameterException
* @throws RestMissingParameterException
* @throws RestVoteNotFoundException
* @throws RestNotAllowedException
*/
public static function put($id)
{
if (!$id) {
throw new RestMissingParameterException('id');
}
// Get vote and update data
$vote = Vote::fromId($id);
$answers = RestServer::getRequest()->input;
if (!is_array($answers)) {
throw new RestBadParameterException('answers');
}
// Check permissions
if (!$vote->survey->can->vote) {
throw new RestNotAllowedException('update vote ' . $vote->id);
}
// Update answers and save vote if anything changed
$changed = false;
foreach ($answers as $answer) {
if (!is_object($answer)) {
throw new RestBadParameterException('answers[]');
}
if (!property_exists($answer, 'key')) {
throw new RestMissingParameterException('answers[].key');
}
if (!property_exists($answer, 'value')) {
throw new RestMissingParameterException('answers[].value');
}
$changed |= $vote->updateAnswer($answer->key, $answer->value);
// throws if anything wrong
}
if ($changed) {
$vote->save();
}
return self::cast($vote);
}
/**
* Process the request
*
* @throws lots of various exceptions
*/
public static function process()
{
try {
@session_start();
// If undergoing maintenance report it as an error
if (Config::get('maintenance')) {
throw new RestUndergoingMaintenanceException();
}
// Split request path to get tokens
$path = array();
if (array_key_exists('PATH_INFO', $_SERVER)) {
$path = array_filter(explode('/', $_SERVER['PATH_INFO']));
}
// Get method from possible headers
$method = null;
foreach (array('X_HTTP_METHOD_OVERRIDE', 'REQUEST_METHOD') as $k) {
if (!array_key_exists($k, $_SERVER)) {
continue;
}
$method = strtolower($_SERVER[$k]);
}
// Record called method (for log), fail if unknown
if (!in_array($method, array('get', 'post', 'put', 'delete'))) {
throw new RestMethodNotAllowedException();
}
// Get endpoint (first token), fail if none
$endpoint = array_shift($path);
if (!$endpoint) {
throw RestEndpointNotFound();
}
// Request data accessor
self::$request = new RestRequest($method, $endpoint, $path);
// Because php://input can only be read once for PUT requests we rely on a shared getter
$input = Request::body();
// Get request content type from possible headers
$type = array_key_exists('CONTENT_TYPE', $_SERVER) ? $_SERVER['CONTENT_TYPE'] : null;
if (!$type && array_key_exists('HTTP_CONTENT_TYPE', $_SERVER)) {
$type = $_SERVER['HTTP_CONTENT_TYPE'];
}
// Parse content type
$type_parts = array_map('trim', explode(';', $type));
$type = array_shift($type_parts);
self::$request->properties['type'] = $type;
$type_properties = array();
foreach ($type_parts as $part) {
$part = array_map('trim', explode('=', $part));
if (count($part) == 2) {
self::$request->properties[$part[0]] = $part[1];
}
}
Logger::debug('Got "' . $method . '" request for endpoint "' . $endpoint . '/' . implode('/', $path) . '" with ' . strlen($input) . ' bytes payload');
// Parse body
switch ($type) {
case 'text/plain':
self::$request->rawinput = trim(Utilities::sanitizeInput($input));
break;
case 'application/octet-stream':
// Don't sanitize binary input !
self::$request->rawinput = $input;
break;
case 'application/x-www-form-urlencoded':
$data = array();
parse_str($input, $data);
self::$request->input = (object) Utilities::sanitizeInput($data);
break;
case 'application/json':
default:
self::$request->input = json_decode(trim(Utilities::sanitizeInput($input)));
}
// Get authentication state (fills auth data in relevant classes)
Auth::isAuthenticated();
if (Auth::isRemoteApplication()) {
// Remote applications must honor ACLs
$application = AuthRemote::application();
if (!$application->allowedTo($method, $endpoint)) {
throw new RestNotAllowedException();
}
} else {
if (Auth::isRemoteUser()) {
// Nothing peculiar to do
} else {
if (in_array($method, array('post', 'put', 'delete'))) {
// SP or Guest, lets do XSRF check
$token_name = 'HTTP_X_SECURITY_TOKEN';
$token = array_key_exists($token_name, $_SERVER) ? $_SERVER[$token_name] : '';
if ($method == 'post' && array_key_exists('security-token', $_POST)) {
$token = $_POST['security-token'];
}
if (!$token || !Utilities::checkSecurityToken($token)) {
throw new RestXSRFTokenInvalidException($token);
}
}
}
}
// JSONP specifics
if (array_key_exists('callback', $_GET) && $method != 'get') {
throw new RestJSONPonlyGETException();
}
// Get response filters
foreach ($_GET as $k => $v) {
switch ($k) {
case 'count':
case 'startIndex':
if (preg_match('`^[0-9]+$`', $v)) {
self::$request->{$k} = (int) $v;
}
break;
case 'format':
break;
case 'filterOp':
if (is_array($v)) {
foreach ($v as $p => $f) {
self::$request->filterOp[$p] = array();
foreach (array('equals', 'startWith', 'contains', 'present') as $k) {
if (array_key_exists($k, $f)) {
self::$request->filterOp[$p][$k] = $f[$k];
}
}
}
}
break;
case 'sortOrder':
if (in_array($v, array('ascending', 'descending'))) {
self::$request->sortOrder = $v;
}
break;
case 'updatedSince':
// updatedSince takes ISO date, relative N days|weeks|months|years format and epoch timestamp (UTC)
$updatedSince = null;
if (preg_match('`^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(Z|[+-][0-9]{2}:[0-9]{2})$`', $v)) {
// ISO date
$localetz = new DateTimeZone(Config::get('default_timezone'));
$offset = $localetz->getOffset(new DateTime($v));
$updatedSince = strtotime($v) + $offset;
} else {
if (preg_match('`^([0-9]+)\\s*(hour|day|week|month|year)s?$`', $v, $m)) {
// Relative N day|days|week|weeks|month|months|year|years format
$updatedSince = strtotime('-' . $m[1] . ' ' . $m[2]);
} else {
if (preg_match('`^[0-9]+$`', $v)) {
$updatedSince = (int) $v;
}
}
}
// Epoch timestamp
if (!$updatedSince || !is_numeric($updatedSince)) {
throw new RestUpdatedSinceBadFormatException($updatedSince);
}
self::$request->updatedSince = $updatedSince;
break;
}
}
$event = new Event('rest_request', self::$request);
$data = $event->trigger(function () {
$request = RestServer::getRequest();
// Forward to handler, fail if unknown or method not implemented
$class = ucfirst($request->endpoint) . 'Endpoint';
if (!file_exists(APPLICATION_BASE . '/classes/endpoints/' . $class . '.class.php') && !file_exists(APPLICATION_BASE . '/classes/core/endpoints/' . $class . '.class.php')) {
throw new RestEndpointNotFoundException();
}
if (!method_exists($class, $request->method)) {
throw new RestMethodNotImplementedException();
}
Logger::debug('Forwarding call to ' . $class . '::' . $request->method . '() handler');
return call_user_func_array($class . '::' . $request->method, $request->path);
});
Logger::debug('Got data to send back');
// Output data
if (array_key_exists('callback', $_GET)) {
header('Content-Type: text/javascript');
$callback = preg_replace('`[^a-z0-9_\\.-]`i', '', $_GET['callback']);
echo $callback . '(' . json_encode($data) . ');';
exit;
}
if (array_key_exists('iframe_callback', $_GET)) {
header('Content-Type: text/html');
$callback = preg_replace('`[^a-z0-9_\\.-]`i', '', $_GET['iframe_callback']);
echo '<html><body><script type="text/javascript">window.parent.' . $callback . '(' . json_encode($data) . ');</script></body></html>';
exit;
}
header('Content-Type: application/json');
if ($method == 'post' && $data) {
RestUtilities::sendResponseCode(201);
if (substr($data['path'], 0, 1) != '/') {
$data['path'] = '/' . $data['path'];
}
header('Location: ' . Config::get('application_url') . 'rest.php' . $data['path']);
$data = $data['data'];
}
echo json_encode($data);
} catch (Exception $e) {
// Return exceptions as HTTP errors
$code = $e->getCode();
if ($code < 400 || $code >= 600) {
$code = 500;
}
RestUtilities::sendResponseCode($code);
header('Content-Type: application/json');
echo json_encode(array('message' => $e->getMessage(), 'uid' => method_exists($e, 'getUid') ? $e->getUid() : null, 'details' => method_exists($e, 'getDetails') ? $e->getDetails() : null));
}
}
