break;
case EX_NOPERM:
Http::response(403, $code, 'text/plain');
break;
case EX_DATAERR:
case EX_NOINPUT:
default:
Http::response(416, $code, 'text/plain');
}
}
exit($code);
}
//Remote hosts need authorization.
if ($remotehost) {
$ip = $_SERVER['REMOTE_ADDR'];
$key = $_SERVER['HTTP_USER_AGENT'];
//pulling all tricks.
//Upto 10 consecutive errors allowed...before a 5 minute timeout.
//One more error during timeout and timeout starts a new clock
if ($_SESSION['api']['errors'] > 10 && time() - $_SESSION['api']['time'] <= 5 * 60) {
// timeout!
api_exit(EX_NOPERM, "Remote host [{$ip}] in timeout - error #" . $_SESSION['api']['errors']);
}
//Check API key & ip
if (!Validator::is_ip($ip) || !Api::validate($key, $ip)) {
api_exit(EX_NOPERM, 'Unknown remote host [' . $ip . '] or invalid API key [' . $key . ']');
}
//At this point we know the remote host/IP is allowed.
$_SESSION['api']['errors'] = 0;
//clear errors for the session.
}
function requireApiKey()
{
# Validate the API key -- required to be sent via the X-API-Key
# header
if (!isset($_SERVER['HTTP_X_API_KEY'])) {
Http::response(403, "API key required");
} else {
if (!Api::validate($_SERVER['HTTP_X_API_KEY'], $_SERVER['REMOTE_ADDR'])) {
Http::response(401, "API key not found or source IP not authorized");
}
}
}