/**
* This function looks at the super-global variable $_SERVER and extracts the various
* header variables needed for the HMAC PAM
*
* @return stdClass Containing all the values.
* @throws APIException Detailing any error.
* @access private
*/
function get_and_validate_api_headers()
{
$result = new stdClass();
$result->method = get_call_method();
// Only allow these methods
if ($result->method != "GET" && $result->method != "POST") {
throw new APIException(elgg_echo('APIException:NotGetOrPost'));
}
$result->api_key = $_SERVER['HTTP_X_ELGG_APIKEY'];
if ($result->api_key == "") {
throw new APIException(elgg_echo('APIException:MissingAPIKey'));
}
$result->hmac = $_SERVER['HTTP_X_ELGG_HMAC'];
if ($result->hmac == "") {
throw new APIException(elgg_echo('APIException:MissingHmac'));
}
$result->hmac_algo = $_SERVER['HTTP_X_ELGG_HMAC_ALGO'];
if ($result->hmac_algo == "") {
throw new APIException(elgg_echo('APIException:MissingHmacAlgo'));
}
$result->time = $_SERVER['HTTP_X_ELGG_TIME'];
if ($result->time == "") {
throw new APIException(elgg_echo('APIException:MissingTime'));
}
// Must have been sent within 25 hour period.
// 25 hours is more than enough to handle server clock drift.
// This values determines how long the HMAC cache needs to store previous
// signatures. Heavy use of HMAC is better handled with a shorter sig lifetime.
// See cache_hmac_check_replay()
if ($result->time < time() - 90000 || $result->time > time() + 90000) {
throw new APIException(elgg_echo('APIException:TemporalDrift'));
}
$result->nonce = $_SERVER['HTTP_X_ELGG_NONCE'];
if ($result->nonce == "") {
throw new APIException(elgg_echo('APIException:MissingNonce'));
}
if ($result->method == "POST") {
$result->posthash = $_SERVER['HTTP_X_ELGG_POSTHASH'];
if ($result->posthash == "") {
throw new APIException(elgg_echo('APIException:MissingPOSTHash'));
}
$result->posthash_algo = $_SERVER['HTTP_X_ELGG_POSTHASH_ALGO'];
if ($result->posthash_algo == "") {
throw new APIException(elgg_echo('APIException:MissingPOSTAlgo'));
}
$result->content_type = $_SERVER['CONTENT_TYPE'];
if ($result->content_type == "") {
throw new APIException(elgg_echo('APIException:MissingContentType'));
}
}
return $result;
}
/**
* This function looks at the super-global variable $_SERVER and extracts the various
* header variables needed to pass to the validation functions after performing basic validation.
*
* @return stdClass Containing all the values.
* @throws APIException Detailing any error.
*/
function get_and_validate_api_headers()
{
$result = new stdClass();
$result->method = get_call_method();
if ($result->method != "GET" && $result->method != "POST") {
// Only allow these methods
throw new APIException(elgg_echo('APIException:NotGetOrPost'));
}
$result->api_key = $_SERVER['HTTP_X_ELGG_APIKEY'];
if ($result->api_key == "") {
throw new APIException(elgg_echo('APIException:MissingAPIKey'));
}
$result->hmac = $_SERVER['HTTP_X_ELGG_HMAC'];
if ($result->hmac == "") {
throw new APIException(elgg_echo('APIException:MissingHmac'));
}
$result->hmac_algo = $_SERVER['HTTP_X_ELGG_HMAC_ALGO'];
if ($result->hmac_algo == "") {
throw new APIException(elgg_echo('APIException:MissingHmacAlgo'));
}
$result->time = $_SERVER['HTTP_X_ELGG_TIME'];
if ($result->time == "") {
throw new APIException(elgg_echo('APIException:MissingTime'));
}
if ($result->time < microtime(true) - 86400.0 || $result->time > microtime(true) + 86400.0) {
// Basic timecheck, think about making this smaller if we get loads of users and the cache gets really big.
throw new APIException(elgg_echo('APIException:TemporalDrift'));
}
$result->get_variables = get_parameters_for_method(get_input('method'));
//$_SERVER['QUERY_STRING'];
if ($result->get_variables == "") {
throw new APIException(elgg_echo('APIException:NoQueryString'));
}
if ($result->method == "POST") {
$result->posthash = $_SERVER['HTTP_X_ELGG_POSTHASH'];
if ($result->posthash == "") {
throw new APIException(elgg_echo('APIException:MissingPOSTHash'));
}
$result->posthash_algo = $_SERVER['HTTP_X_ELGG_POSTHASH_ALGO'];
if ($result->posthash_algo == "") {
throw new APIException(elgg_echo('APIException:MissingPOSTAlgo'));
}
$result->content_type = $_SERVER['CONTENT_TYPE'];
if ($result->content_type == "") {
throw new APIException(elgg_echo('APIException:MissingContentType'));
}
}
return $result;
}
