Controller implements the following steps in a RESTful API request handling cycle:
1. Resolving response format (see [[ContentNegotiator]]);
2. Validating request method (see Controller::verbs).
3. Authenticating user (see [[\yii\filters\auth\AuthInterface]]);
4. Rate limiting (see [[RateLimiter]]);
5. Formatting response data (see Controller::serializeData).
For more details and usage information on Controller, see the guide article on rest controllers.
public function behaviors() { $behaviors = parent::behaviors(); $behaviors['contentNegotiator'] = ['class' => ContentNegotiator::className(), 'formats' => ['application\\json' => Response::FORMAT_JSON]]; $behaviors['authenticator'] = ['class' => QueryParamAuth::className()]; return $behaviors; }
public function actions() { $actions = parent::actions(); unset($actions['index']); unset($actions['view']); return $actions; }
/** * @inheritDoc */ public function beforeAction($action) { if (self::getAdminModule()->allowLoginViaToken == false) { throw new NotFoundHttpException(); } return parent::beforeAction($action); }
/** @inheritdoc */ public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator']['authMethods'][] = QueryParamAuth::class; $behaviors['authenticator']['authMethods'][] = HttpBearerAuth::class; return $behaviors; }
/** * @inheritdoc */ public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator']['authMethods'] = !$this->authMethods ? [] : [QueryParamAuth::className()]; $behaviors['authenticator']['user'] = Yii::createObject(['class' => 'api\\components\\auth\\AuthApi', 'identityClass' => 'api\\components\\auth\\CheckToken']); return $behaviors; }
public function behaviors() { $behaviors = parent::behaviors(); $behaviors['contentNegotiator']['formats']['text/html'] = \yii\web\Response::FORMAT_JSON; $behaviors['rateLimiter']['user'] = $this->user; return $behaviors; }
/** * @inheritdoc */ public function init() { parent::init(); if ($this->modelClass === null) { throw new InvalidConfigException('The "modelClass" property must be set.'); } }
public function behaviors() { $behaviors = parent::behaviors(); $behaviors['verbs'] = ['class' => VerbFilter::className(), 'actions' => ['login' => ['POST', 'OPTIONS']]]; $behaviors['authenticator'] = ['class' => CompositeAuth::className(), 'except' => ['login'], 'authMethods' => [QueryParamAuth::className()]]; return $behaviors; }
/** * Behaviors * @return array */ public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator']['optional'] = $this->unsecuredActions; $behaviors['authenticator']['authMethods'][] = ['class' => QueryParamAuth::className(), 'tokenParam' => 'token']; return $behaviors; }
public function beforeAction($action) { if (!\Yii::$app->request->getIsAjax()) { \Yii::$app->user->enableSession = false; \Yii::$app->session->destroy(); } return parent::beforeAction($action); }
public function beforeAction($action) { if (parent::beforeAction($action)) { /** validate user token here */ return true; } return false; }
/** * @inheritdoc */ public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator'] = ['class' => HttpBearerAuth::className(), 'only' => ['dashboard']]; $behaviors['contentNegotiator'] = ['class' => ContentNegotiator::className(), 'formats' => ['application/json' => Response::FORMAT_JSON]]; $behaviors['access'] = ['class' => AccessControl::className(), 'only' => ['dashboard'], 'rules' => [['actions' => ['dashboard'], 'allow' => true, 'roles' => ['@']]]]; return $behaviors; }
public function behaviors() { // Options Request Behavior must going at first because swagger makes OPTIONS requests before POST // and this behavior must run early than VerbsFilter $behaviors = ['optionsRequestFilter' => OptionsRequestFilter::className()]; $behaviors = array_merge($behaviors, parent::behaviors(), ['contentNegotiator' => ['class' => ContentNegotiator::className(), 'formats' => ['application/json' => Response::FORMAT_JSON]], 'corsFilter' => Cors::className(), 'authenticator' => QueryParamAuthSwagger::className()]); return $behaviors; }
/** * @inheritdoc * Fix Yii2 Bug #5665: The `currentPage` meta data in the RESTful result should be 1-based, similar to that in HTTP headers * There is a similar fix in backend\components\rest\RestController.php */ public function afterAction($action, $result) { $result = parent::afterAction($action, $result); $fixActions = ['message-history']; if (in_array($action->id, $fixActions) && isset($result['_meta']['currentPage'])) { $result['_meta']['currentPage']++; } return $result; }
public function init() { parent::init(); $request = wanhunet::$app->request; if (!$request->isGet) { $params = json_decode(file_get_contents('php://input'), true); $request->setBodyParams($params); } }
public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator'] = ['class' => QueryParamAuth::className(), 'tokenParam' => 'access_token']; //unset($behaviors['contentNegotiator']['formats']); $behaviors['contentNegotiator']['formats']['application/xml'] = Response::FORMAT_JSON; $behaviors['rateLimiter']['enableRateLimitHeaders'] = false; return $behaviors; }
protected function serializeData($data) { if ($this->jsonCallback) { $result['data'] = parent::serializeData($data); $result['callback'] = $this->jsonCallback; return $result; } return parent::serializeData($data); }
public function beforeAction($action) { \Yii::$app->response->on(Response::EVENT_BEFORE_SEND, [$this, 'modifyResponse']); if (!parent::beforeAction($action)) { return false; } return true; // or false to not run the action }
public function behaviors() { $behaviors = parent::behaviors(); $behaviors['contentNegotiator']['formats'] = ['application/json' => Response::FORMAT_JSON]; $behaviors['access'] = ['class' => 'yii\\filters\\AccessControl', 'rules' => [['allow' => true, 'matchCallback' => function ($rule, $action) { return in_array(Yii::$app->request->hostInfo, Yii::$app->params['acceptableHosts']); }]]]; $behaviors['corsFilter'] = ['class' => 'yii\\filters\\Cors', 'cors' => ['Origin' => Yii::$app->params['acceptableHosts'], 'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'], 'Access-Control-Request-Headers' => ['*'], 'Access-Control-Allow-Credentials' => true, 'Access-Control-Max-Age' => 86400, 'Access-Control-Expose-Headers' => []]]; return $behaviors; }
/** * @inheritdoc */ public function init() { parent::init(); if (isset($_GET['type']) && ($typeItem = Yii::$app->collectors['types']->getOne($_GET['type'])) && ($type = $typeItem->object) && !empty($type) && $type->enableApiAccess) { $this->modelClass = $type->primaryModel; } if ($this->modelClass === null) { throw new ForbiddenHttpException('Unable to access the object type \'' . (isset($_GET['type']) ? $_GET['type'] : 'unknown') . '\'.'); } }
/** * Makes necessary preparation before the action. In this case it sets up the appropriate response format * * @param \yii\base\Action $action * * @return bool * @throws \yii\web\BadRequestHttpException */ function beforeAction($action) { /** @noinspection PhpUndefinedFieldInspection */ if (Yii::$app->has('api', true) && Yii::$app->api->enableProfiling) { Yii::beginProfile($action->uniqueId); } if (!parent::beforeAction($action) || !$this->checkContentType()) { return false; } return true; }
public function behaviors() { $behaviors = parent::behaviors(); $behaviors['contentNegotiator']['formats']['text/html'] = Response::FORMAT_JSON; $behaviors['authenticator'] = ['class' => CompositeAuth::className(), 'authMethods' => [HttpBearerAuth::className()]]; // $behaviors['authenticator']['only'] = ['delete']; $behaviors['access'] = ['class' => AccessControl::className(), 'rules' => [['allow' => true, 'actions' => ['index'], 'matchCallback' => function ($rule, $action) { if (User::findOne(Yii::$app->user->id)) { return User::findOne(Yii::$app->user->id)->username === 'root'; } }], ['allow' => true, 'actions' => ['view'], 'roles' => ['@']]]]; return $behaviors; }
/** * @inheritdoc */ public function beforeAction($action) { if (!parent::beforeAction($action)) { return false; } // check for CORS preflight OPTIONS. if so, then return false so that it doesn't run // the controller action // @link https://github.com/yiisoft/yii2/pull/8626/files // @link https://github.com/yiisoft/yii2/issues/6254 if (Yii::$app->request->isOptions) { return false; } return true; }
/** * Runs an action within this controller with the specified action ID and parameters. */ public function runAction($id, $params = []) { $params = \Yii::$app->request->get(); if (false === empty($params['id'])) { static::$configAlias = $params['id']; } $this->configName = empty(static::$configAlias) ?: static::$configAlias; $this->getConfig(); if (empty(static::$config)) { throw new NotFoundHttpException(\Yii::t('yii', 'Unknown daemon ID!')); } $this->reloadComponent(); return parent::runAction($id, $params); }
/** * @inheritdoc */ public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator'] = ['class' => QueryParamAuth::className()]; return $behaviors; }
public function behaviors() { return ArrayHelper::merge(parent::behaviors(), ['authenticator' => ['class' => CompositeAuth::className(), 'authMethods' => [['class' => QueryParamAuth::className(), 'tokenParam' => 'access_token']]]]); }
public function behaviors() { $behaviors = parent::behaviors(); $behaviors['verbs'] = ['class' => VerbFilter::className(), 'actions' => ['index' => ['get']]]; return $behaviors; }
public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator'] = ['class' => HttpBearerAuth::className(), 'only' => ['logout', 'test']]; return \yii\helpers\ArrayHelper::merge([['class' => \yii\filters\Cors::className(), 'cors' => ['Origin' => ['*'], 'Access-Control-Allow-Origin' => ['*'], 'Access-Control-Request-Method' => $this->_verbs, 'Access-Control-Request-Headers' => ['*']]]], $behaviors); }
/** * @return array */ public function behaviors() { $behaviors = parent::behaviors(); $behaviors['contentNegotiator']['formats'] = ['application/json' => Response::FORMAT_JSON]; return $behaviors; }
/** * @inheritdoc */ public function behaviors() { $behaviors = parent::behaviors(); $behaviors['authenticator'] = ['class' => CompositeAuth::className(), 'authMethods' => [['class' => HttpBearerAuth::className(), 'only' => $this->authOnly(), 'except' => $this->authExcept()], ['class' => QueryParamAuth::className(), 'only' => $this->authOnly(), 'except' => $this->authExcept()]]]; return $behaviors; }