/**
  * Set an API statistic in the DB
  * 
  * @param int $code		The HTTP status code from the request or cache
  * @param string $uri	The dynamic call URL or the static call name
  * @param string $api	The API to set the stats for
  * 
  * @return bool True if the stat was added/updated successfully, or false if it wasn't.
  */
 public static function set_stat($code, $uri, $api = null, $is_static = null)
 {
     // Save queries if we don't need the stats.
     if (\Config::get('engine.track_usage_stats', false) === false) {
         return true;
     }
     $api_name = $api === null ? \V1\APIRequest::get('api') : $api;
     $is_static = $is_static === null ? \V1\APIRequest::is_static() : $is_static;
     $api = \V1\Model\APIs::get_api($api_name);
     // Do we have a stat entry for this timeframe?
     $existing_api_stats_obj = static::query()->where('apis_id', '=', $api['id'])->where('code', '=', (int) $code)->where('call', '=', $uri)->where('created_at', '>', time() - (int) \Config::get('api_stats_increment', 30) * 60)->get_one();
     // If we have a row, update it.
     if (!empty($existing_api_stats_obj)) {
         $existing_api_stats_obj->count++;
         return $existing_api_stats_obj->save();
     }
     // Add the new entry.
     $api_stats_object = new static();
     $api_stats_object->apis_id = $api['id'];
     $api_stats_object->code = $code;
     $api_stats_object->count = 1;
     $api_stats_object->call = $uri;
     $api_stats_object->is_static = intval($is_static);
     return $api_stats_object->save();
 }
Exemplo n.º 2
0
 /**
  * Set the new credentials in the DB.
  * 
  * @param array $credentials	The array of new credentials for the API
  * @param string $api_name		The name of the API to set the credentials for or empty for the current API
  * 
  * @return bool True on success or false on fail
  */
 public static function set_credentials(array $credentials, $api_name = null)
 {
     // Specific API
     if (!empty($api_name)) {
         if (($api_id = \V1\Model\APIs::get_api_id($api_name, true)) === false) {
             return false;
         }
         $credentials_encrypted = \Crypt::encode(json_encode($credentials));
         \V1\Model\APIsMetaData::set_credentials($credentials_encrypted, $api_id);
         return true;
     }
     // Figure out what to set based on the current request
     if (\V1\APIRequest::is_static() === true) {
         $credentials_encrypted = \Crypt::encode(json_encode($credentials));
         return \V1\Model\APIsMetaData::set_credentials($credentials_encrypted);
     } else {
         $account_data = \V1\Model\Account::get_account();
         // Only store them their credentials if the account holder wants us to.
         if ($account_data['store_credentials'] === 1) {
             $credentials[\V1\APIRequest::get('api')] = $credentials;
             if (!empty($account_data['credentials'])) {
                 $account_data['credentials'] = json_decode(\Crypt::decode($account_data['credentials']), true);
                 $account_data['credentials'][\V1\APIRequest::get('api')] = $credentials[\V1\APIRequest::get('api')];
                 $credentials = $account_data['credentials'];
             }
             $credentials_encrypted = \Crypt::encode(json_encode($credentials));
             return \V1\Model\AccountsMetaData::set_credentials($account_data['id'], $credentials_encrypted);
         }
         return true;
     }
 }
 /**
  * Configure a static call
  * 
  * @return mixed The \V1\APICall object or an error array if the call wasn't found
  */
 public static function configure_call()
 {
     if (is_array($static_calls = \V1\RAML::parse_static_calls())) {
         $api_data = \V1\Model\APIs::get_api();
         $account_data = \V1\Model\Account::get_account();
         foreach ($static_calls as $call => $call_data) {
             // The static call data matches the request.
             if ('/' . \V1\APIRequest::get('static-call') === $call) {
                 // If we can't run the inactive call, then error out.
                 if (isset($call_data['stability']) && $call_data['stability'] === 0 && ($account_data['can_run_inactive'] === 0 || $account_data['id'] !== $api_data['account_id'])) {
                     return \Utility::format_error(403, \V1\Err::DISABLED_STATIC, \Lang::get('v1::errors.disabled_static'));
                 }
                 // Do we have a cached entry?
                 if (is_array($cached_data = \V1\Call\StaticCall::get_call_cache())) {
                     // Set their usage stats.
                     \V1\Usage::set_usage();
                     // Set the API provider stats
                     \V1\Usage::set_api_stats($cached_data['response']['status']);
                     // Return the response-formatted data from the cached entry.
                     return $cached_data;
                 }
                 // Try to get an APICall object
                 if (($apicall = static::apicall_object($call)) !== false) {
                     return $apicall;
                 }
             }
         }
         // The static call wasn't found.
         return \Utility::format_error(404, \V1\Err::BAD_STATIC, \Lang::get('v1::errors.bad_static'));
     } else {
         // If they've requested a static call when there aren't any for the requested API, give 'em errors!
         return \Utility::format_error(404, \V1\Err::NO_STATIC, \Lang::get('v1::errors.no_static'));
     }
 }
 /**
  * Configure a dynamic call
  *
  * @return mixed The \V1\APICall object or the error array on fail
  */
 public static function configure_call()
 {
     // Dynamic calls don't work through JS.
     if (\Session::get('public', true) === true) {
         return \Utility::format_error(400, \V1\Err::NO_JS_CALLS, \Lang::get('v1::errors.no_js_calls'));
     }
     // We need API configuration data.
     if (!is_array(\V1\APIRequest::get('configure', false))) {
         return \Utility::format_error(400, \V1\Err::MISSING_CONFIGURE, \Lang::get('v1::errors.missing_configure'));
     }
     // For some reason we can't parse the RAML, so we throw a 500 error.
     if (($api_def = \V1\RAML::parse()) === false) {
         return \Utility::format_error(500);
     } elseif (is_array($api_def)) {
         // Specific error
         return $api_def;
     }
     if (is_string($uri = \V1\APIRequest::get('configure.uri')) && is_string($method = \V1\APIRequest::get('configure.method'))) {
         $api_call = null;
         // Custom calls
         if (\V1\APIRequest::get('api') === 'custom') {
             if (is_string($url = \V1\APIRequest::get('configure.url')) && !empty($url)) {
                 $api_call = \V1\APICall::forge($api_def, $method, $uri, null, true, $url);
             }
             return \Utility::format_error(400, \V1\Err::NO_URL, \Lang::get('v1::errors.no_url'));
         }
         $api_data = \V1\Model\APIs::get_api();
         try {
             // Is it a valid resource?
             $api_def->getResourceByUri($uri)->getMethod($method);
             // We'll validate the call unless both the API provider and calling script deny that protection.
             $custom_dynamic = false;
             if ($api_data['force_validation'] === 0 && \V1\APIRequest::get('no-validate', false) === true) {
                 $custom_dynamic = true;
             }
             $api_call = \V1\APICall::forge($api_def, $method, $uri, null, $custom_dynamic);
         } catch (\Raml\Exception\BadParameter\ResourceNotFoundException $e) {
             // Does the API Provider allow for unconfigured static calls on their server?
             if ($api_data['allow_custom_dynamic'] === 1) {
                 $api_call = \V1\APICall::forge($api_def, $method, $uri, null, true);
             }
         }
         if (is_object($api_call)) {
             if (!empty($api_call->get_errors())) {
                 // Errors from \APICall
                 return $api_call->get_errors();
             } else {
                 // Return the \APICall object
                 return $api_call;
             }
         }
     }
     // Not found
     return \Utility::format_error(400, \V1\Err::BAD_DYNAMIC, \Lang::get('v1::errors.bad_dynamic'));
 }
 /**
  * Set the new credentials for the remote API access on the given API
  * 
  * @param string $credentials	The encrypted credentials to set
  * @param int $api_id			The ID of the API row in the DB
  * 
  * @return boolean True if it saved, or false if it didn't
  */
 public static function set_credentials($credentials, $api_id = null)
 {
     if (empty($api_id)) {
         $apis_data = \V1\Model\APIs::get_api();
         $api_id = (int) $apis_data['id'];
     }
     $apis_meta_obj = static::query()->where('apis_id', '=', $api_id)->where('key', '=', 'credentials')->get_one();
     if (empty($apis_meta_obj)) {
         $apis_meta_obj = new static();
         $apis_meta_obj->apis_id = $api_id;
         $apis_meta_obj->key = 'credentials';
         $apis_meta_obj->value = $credentials;
         return $apis_meta_obj->save();
     }
     $apis_meta_obj->value = $credentials;
     return $apis_meta_obj->save();
 }
Exemplo n.º 6
0
 /**
  * Add the array of Bit API Hub headers for the call
  * 
  * @param array $headers The array of existing headers
  * @return array $headers with the Bit API Hub headers added on
  */
 public static function get_headers(array $headers)
 {
     $api = \V1\Model\APIs::get_api();
     $account = \V1\Model\Account::get_account();
     $forwarded_for = \Input::real_ip('0.0.0.0', true);
     if ($internal_call = \Utility::is_internal_call()) {
         $forwarded_for = \Config::get('engine.call_test_ip');
     }
     $headers = array_replace($headers, array('User-Agent' => 'API Optimization Engine/V1', 'X-Forwarded-For' => $forwarded_for));
     if (\Config::get('engine.send_engine_auth', false) === true) {
         // If the API hasn't yet received a secret identity, generate one.
         if (empty($api['secret'])) {
             $secret = \V1\Model\APIs::set_api_secret($api['id']);
         } else {
             $secret = \Crypt::decode($api['secret']);
         }
         $headers = array_replace($headers, array('X-AOE-Secret' => $secret, 'X-AOE-Account' => $account['id'], 'X-AOE-Version' => 'V1'));
     }
     return $headers;
 }
 /**
  * Check the speed limits of an API to make sure that the account isn't calling the API more than it's
  * allowed to in the specified time frame.
  * 
  * @return mixed True if the call is within the speed limits, or the error array if it isn't
  */
 private static function check_usage_limits()
 {
     $api_data = \V1\Model\APIs::get_api(\V1\APIRequest::get('api'));
     $account_data = \V1\Model\Account::get_account();
     $package_limits = \V1\RAML::parse_package_limits();
     /*
      * Are there any limits on the API for our package level? API limits are imposed
      * by Bit API Hub, not the API provider. It helps to limit the amount of bandwidth
      * we allot for each call. The heavier the call, the less calls people can make.
      */
     if (is_array($package_limits) && array_key_exists('level' . $account_data['access_level'], $package_limits) && !empty($usage = \V1\Usage::get_usage(\V1\APIRequest::get('api')))) {
         // Loop the allotments of API calls per time period
         foreach ($package_limits['level' . $account_data['access_level']] as $time_period => $allotment) {
             // If we have a valid log for the time period, and it's already maxed out, fail the check.
             if (isset($usage[$time_period]) && $usage[$time_period]['count'] == $allotment && \Utility::subtract_seconds($time_period) <= $usage[$time_period]['ts'] && $usage[$time_period]['ts'] <= time()) {
                 return \Utility::format_error(429, \V1\Err::TOO_MANY_REQUESTS, \Lang::get('v1::errors.too_many_requests', array('allotment' => number_format($allotment), 'period' => $time_period)));
             }
         }
     }
     // We're not breaking the speed limit, so shush.
     return true;
 }
Exemplo n.º 8
0
 /**
  * Locate the RAML string for the current API
  * 
  * @return mixed The RAML string, or boolean false if we couldn't locate it.
  */
 protected static function get_raml_string()
 {
     $api_data = \V1\Model\APIs::get_api();
     return empty($api_data['raml']) ? false : $api_data['raml'];
 }
Exemplo n.º 9
0
 /**
  * Prepare the response to show the customer. We also handle caching and usage.
  * 
  * @param array $response	The response array containing data from the remote server
  * @param string $api		The name of the API we're preparing the response for
  * 
  * @return array The response formatted string
  */
 public static function prepare_response(array $response, $api_request = null, $is_static = null)
 {
     $api_request = empty($api_request) ? \V1\APIRequest::get() : $api_request;
     $api = $api_request['api'];
     $is_static = $is_static === null ? \V1\APIRequest::is_static() : $is_static;
     $api_data = \V1\Model\APIs::get_api($api);
     if ($is_static === true && $api_data['account_id'] === 0) {
         $response['headers'] = array();
     } else {
         $response['headers'] = static::sanitize_headers($response['headers']);
     }
     $response['body'] = static::convert_body($response['headers'], $response['body']);
     $response_array = \Utility::format_response(200, $response);
     $internal_call = \Utility::is_internal_call();
     /*
      * Cache the static call response if it the remote server didn't report an error.
      * To allow for proper testing, we don't cache calls from the account area or other internal
      * locations.
      */
     if ($is_static === true && $response['status'] < 300 && $internal_call === false) {
         $api_call = $is_static === true ? $api_request['static-call'] : null;
         \V1\Call\StaticCall::set_call_cache($response_array, $api, $api_call);
     }
     /*
      * Log the usage stats if we aren't running a call from the internal API testing system. (Ex. The
      * account area)
      */
     if ($internal_call === false) {
         // Set the account usage stats
         \V1\Usage::set_usage($api);
         // Set the API provider stats
         \V1\Usage::set_api_stats($response['status'], $api_request, $is_static);
     }
     return $response_array;
 }