function testQueries() { $r = new RestServer(); $t = count(explode("/", $_SERVER["REQUEST_URI"])) - 2; $this->assertEquals($r->getQuery($t), "tests"); $this->assertEquals($r->getRequest()->getURI($t), "tests"); $r->setQuery("/teste/me"); $this->assertEquals($r->getQuery(2), "me"); $this->assertEquals($r->getRequest()->getURI(2), "me"); }
public function show(RestServer $rest) { $r = "Method=" . $rest->getRequest()->getMethod() . "\n"; $r .= "URI=" . $rest->getRequest()->getRequestURI() . "\n"; foreach ($rest->getRequest()->getGET() as $key => $value) { $r .= "GET[" . $key . "]=" . $value . "\n"; } foreach ($rest->getRequest()->getPOST() as $key => $value) { $r .= "POST[" . $key . "]=" . $value . "\n"; } $rest->getResponse()->setResponse(nl2br($r)); return $rest; }
function testNamed() { $rs = new RestServer(); $rs->setMatch(array("", "user", ":me")); $r = $rs->getRequest(); $r->setURI("/user/diogo"); $this->assertEquals($r->getURI("me"), "diogo"); $this->assertEquals($r->getURI("user"), null); }
/** * Constructor * * @param string $message message id to return to the interface * @param int $code http error code * @param mixed $details details about what happened (for logging) */ public function __construct($message, $code = 0, $details = '') { $request = RestServer::getRequest(); parent::__construct($message, $details, $request ? $request->context : null); $this->code = $code; }
/** * Get user(s) * * Call examples : * /user : get all users (admin) * /user/@me : get current user (null if no session) * /user/<uid> : get user (admin or current) * * @param int $id user id to get info about * * @return mixed * * @throws RestAuthenticationRequiredException * @throws RestAdminRequiredException * @throws RestBadParameterException */ public static function get($id = null) { // "Session getter" if ($id == '@me') { return Auth::isAuthenticated() ? static::cast(Auth::user()) : null; } // Need to be authenticated ... if (!Auth::isAuthenticated()) { throw new RestAuthenticationRequiredException(); } $request = RestServer::getRequest(); if ($id) { $user = User::fromId($id); // Check ownership if (!$user->is(Auth::user()) && !Auth::isAdmin()) { throw new RestOwnershipRequiredException(Auth::user()->id, 'user = ' . $user->id); } return self::cast($user); } if (!Auth::isAdmin()) { throw new RestAdminRequiredException(); } $users = User::all(); if ($request->filterOp) { $users = static::filter($users, $request->filterOp); } if ($request->updatedSince) { $time = $request->updatedSince; $users = array_filter($users, function ($user) use($time) { return $user->last_activity >= $time; }); } $data = array(); foreach ($users as $user) { $data[] = static::cast($user); } return $data; }
/** * Update survey * * @param int $id survey id * * Request body must be an object with properties to update * * @return array * * @throws RestBadParameterException * @throws RestMissingParameterException * @throws RestSurveyNotFoundException * @throws RestNotAllowedException */ public static function put($id) { if (!$id) { throw new RestMissingParameterException('id'); } // Get survey and update data $survey = Survey::fromId($id); $data = RestServer::getRequest()->input; // Check permissions if (!Auth::isAdmin() || !$survey->owner->is(Auth::user())) { throw new RestNotAllowedException('update survey ' . $survey->id); } if (property_exists($data, 'title')) { if (!$data->title) { throw new RestMissingParameterException('survey.title'); } $survey->title = $data->title; } if (property_exists($data, 'description')) { $survey->description = $data->description; } $survey->save(); return self::cast($survey); }
/** * Update vote to a survey * * @param int $id vote id * * Request body must be an array of objects with properties : * * key : choice key * * value : answer value for choice * * @return array * * @throws RestBadParameterException * @throws RestMissingParameterException * @throws RestVoteNotFoundException * @throws RestNotAllowedException */ public static function put($id) { if (!$id) { throw new RestMissingParameterException('id'); } // Get vote and update data $vote = Vote::fromId($id); $answers = RestServer::getRequest()->input; if (!is_array($answers)) { throw new RestBadParameterException('answers'); } // Check permissions if (!$vote->survey->can->vote) { throw new RestNotAllowedException('update vote ' . $vote->id); } // Update answers and save vote if anything changed $changed = false; foreach ($answers as $answer) { if (!is_object($answer)) { throw new RestBadParameterException('answers[]'); } if (!property_exists($answer, 'key')) { throw new RestMissingParameterException('answers[].key'); } if (!property_exists($answer, 'value')) { throw new RestMissingParameterException('answers[].value'); } $changed |= $vote->updateAnswer($answer->key, $answer->value); // throws if anything wrong } if ($changed) { $vote->save(); } return self::cast($vote); }
/** * Process the request * * @throws lots of various exceptions */ public static function process() { try { @session_start(); // If undergoing maintenance report it as an error if (Config::get('maintenance')) { throw new RestUndergoingMaintenanceException(); } // Split request path to get tokens $path = array(); if (array_key_exists('PATH_INFO', $_SERVER)) { $path = array_filter(explode('/', $_SERVER['PATH_INFO'])); } // Get method from possible headers $method = null; foreach (array('X_HTTP_METHOD_OVERRIDE', 'REQUEST_METHOD') as $k) { if (!array_key_exists($k, $_SERVER)) { continue; } $method = strtolower($_SERVER[$k]); } // Record called method (for log), fail if unknown if (!in_array($method, array('get', 'post', 'put', 'delete'))) { throw new RestMethodNotAllowedException(); } // Get endpoint (first token), fail if none $endpoint = array_shift($path); if (!$endpoint) { throw RestEndpointNotFound(); } // Request data accessor self::$request = new RestRequest($method, $endpoint, $path); // Because php://input can only be read once for PUT requests we rely on a shared getter $input = Request::body(); // Get request content type from possible headers $type = array_key_exists('CONTENT_TYPE', $_SERVER) ? $_SERVER['CONTENT_TYPE'] : null; if (!$type && array_key_exists('HTTP_CONTENT_TYPE', $_SERVER)) { $type = $_SERVER['HTTP_CONTENT_TYPE']; } // Parse content type $type_parts = array_map('trim', explode(';', $type)); $type = array_shift($type_parts); self::$request->properties['type'] = $type; $type_properties = array(); foreach ($type_parts as $part) { $part = array_map('trim', explode('=', $part)); if (count($part) == 2) { self::$request->properties[$part[0]] = $part[1]; } } Logger::debug('Got "' . $method . '" request for endpoint "' . $endpoint . '/' . implode('/', $path) . '" with ' . strlen($input) . ' bytes payload'); // Parse body switch ($type) { case 'text/plain': self::$request->rawinput = trim(Utilities::sanitizeInput($input)); break; case 'application/octet-stream': // Don't sanitize binary input ! self::$request->rawinput = $input; break; case 'application/x-www-form-urlencoded': $data = array(); parse_str($input, $data); self::$request->input = (object) Utilities::sanitizeInput($data); break; case 'application/json': default: self::$request->input = json_decode(trim(Utilities::sanitizeInput($input))); } // Get authentication state (fills auth data in relevant classes) Auth::isAuthenticated(); if (Auth::isRemoteApplication()) { // Remote applications must honor ACLs $application = AuthRemote::application(); if (!$application->allowedTo($method, $endpoint)) { throw new RestNotAllowedException(); } } else { if (Auth::isRemoteUser()) { // Nothing peculiar to do } else { if (in_array($method, array('post', 'put', 'delete'))) { // SP or Guest, lets do XSRF check $token_name = 'HTTP_X_SECURITY_TOKEN'; $token = array_key_exists($token_name, $_SERVER) ? $_SERVER[$token_name] : ''; if ($method == 'post' && array_key_exists('security-token', $_POST)) { $token = $_POST['security-token']; } if (!$token || !Utilities::checkSecurityToken($token)) { throw new RestXSRFTokenInvalidException($token); } } } } // JSONP specifics if (array_key_exists('callback', $_GET) && $method != 'get') { throw new RestJSONPonlyGETException(); } // Get response filters foreach ($_GET as $k => $v) { switch ($k) { case 'count': case 'startIndex': if (preg_match('`^[0-9]+$`', $v)) { self::$request->{$k} = (int) $v; } break; case 'format': break; case 'filterOp': if (is_array($v)) { foreach ($v as $p => $f) { self::$request->filterOp[$p] = array(); foreach (array('equals', 'startWith', 'contains', 'present') as $k) { if (array_key_exists($k, $f)) { self::$request->filterOp[$p][$k] = $f[$k]; } } } } break; case 'sortOrder': if (in_array($v, array('ascending', 'descending'))) { self::$request->sortOrder = $v; } break; case 'updatedSince': // updatedSince takes ISO date, relative N days|weeks|months|years format and epoch timestamp (UTC) $updatedSince = null; if (preg_match('`^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}(Z|[+-][0-9]{2}:[0-9]{2})$`', $v)) { // ISO date $localetz = new DateTimeZone(Config::get('default_timezone')); $offset = $localetz->getOffset(new DateTime($v)); $updatedSince = strtotime($v) + $offset; } else { if (preg_match('`^([0-9]+)\\s*(hour|day|week|month|year)s?$`', $v, $m)) { // Relative N day|days|week|weeks|month|months|year|years format $updatedSince = strtotime('-' . $m[1] . ' ' . $m[2]); } else { if (preg_match('`^[0-9]+$`', $v)) { $updatedSince = (int) $v; } } } // Epoch timestamp if (!$updatedSince || !is_numeric($updatedSince)) { throw new RestUpdatedSinceBadFormatException($updatedSince); } self::$request->updatedSince = $updatedSince; break; } } $event = new Event('rest_request', self::$request); $data = $event->trigger(function () { $request = RestServer::getRequest(); // Forward to handler, fail if unknown or method not implemented $class = ucfirst($request->endpoint) . 'Endpoint'; if (!file_exists(APPLICATION_BASE . '/classes/endpoints/' . $class . '.class.php') && !file_exists(APPLICATION_BASE . '/classes/core/endpoints/' . $class . '.class.php')) { throw new RestEndpointNotFoundException(); } if (!method_exists($class, $request->method)) { throw new RestMethodNotImplementedException(); } Logger::debug('Forwarding call to ' . $class . '::' . $request->method . '() handler'); return call_user_func_array($class . '::' . $request->method, $request->path); }); Logger::debug('Got data to send back'); // Output data if (array_key_exists('callback', $_GET)) { header('Content-Type: text/javascript'); $callback = preg_replace('`[^a-z0-9_\\.-]`i', '', $_GET['callback']); echo $callback . '(' . json_encode($data) . ');'; exit; } if (array_key_exists('iframe_callback', $_GET)) { header('Content-Type: text/html'); $callback = preg_replace('`[^a-z0-9_\\.-]`i', '', $_GET['iframe_callback']); echo '<html><body><script type="text/javascript">window.parent.' . $callback . '(' . json_encode($data) . ');</script></body></html>'; exit; } header('Content-Type: application/json'); if ($method == 'post' && $data) { RestUtilities::sendResponseCode(201); if (substr($data['path'], 0, 1) != '/') { $data['path'] = '/' . $data['path']; } header('Location: ' . Config::get('application_url') . 'rest.php' . $data['path']); $data = $data['data']; } echo json_encode($data); } catch (Exception $e) { // Return exceptions as HTTP errors $code = $e->getCode(); if ($code < 400 || $code >= 600) { $code = 500; } RestUtilities::sendResponseCode($code); header('Content-Type: application/json'); echo json_encode(array('message' => $e->getMessage(), 'uid' => method_exists($e, 'getUid') ? $e->getUid() : null, 'details' => method_exists($e, 'getDetails') ? $e->getDetails() : null)); } }