forked from ssrini/scalr
/
api.php
53 lines (39 loc) · 1.77 KB
/
api.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
<?php
use Scalr\Util\CryptoTool;
/**
* @deprecated This API is deprecated. You should not build your apps on it.
*/
$path = trim(str_replace("?{$_SERVER['QUERY_STRING']}", "", $_SERVER['REQUEST_URI']), '/');
@session_start();
try {
require "src/prepend.inc.php";
$keyId = $_SERVER['HTTP_X_SCALR_AUTH_KEY'];
$token = $_SERVER['HTTP_X_SCALR_AUTH_TOKEN'];
$envId = (int)$_SERVER['HTTP_X_SCALR_ENV_ID'];
$pathChunks = explode('/', $path);
$version = array_shift($pathChunks);
$path = '/' . $path;
$user = Scalr_Account_User::init();
$user->loadByApiAccessKey($keyId);
if (!$user->getSetting(Scalr_Account_User::SETTING_API_ENABLED))
throw new Exception("API disabled for this account");
//Check IP whitelist
$postData = isset($_POST['rawPostData']) ? $_POST['rawPostData'] : '';
$secretKey = $user->getSetting(Scalr_Account_User::SETTING_API_SECRET_KEY);
$stringToSign = "{$path}:{$keyId}:{$envId}:{$postData}:{$secretKey}";
$validToken = CryptoTool::hash($stringToSign);
if ($validToken != $token)
throw new Exception("Invalid authentification token");
// prepate input data
$postDataConvert = array();
foreach (json_decode($postData, true) as $key => $value) {
$postDataConvert[str_replace('.', '_', $key)] = $value;
}
$request = Scalr_UI_Request::initializeInstance(Scalr_UI_Request::REQUEST_TYPE_API, getallheaders(), $_SERVER, $postDataConvert, $_FILES, $user->id, $envId);
$request->requestApiVersion = intval(trim($version, 'v'));
Scalr_Api_Controller::handleRequest($pathChunks);
Scalr_UI_Response::getInstance()->sendResponse();
} catch (Exception $e) {
Scalr_UI_Response::getInstance()->failure($e->getMessage());
Scalr_UI_Response::getInstance()->sendResponse();
}