/**
* Checks to see if the API Key is valid and allowed to make calls (ie: is not banned).
*
* If more specific checking is needed (method-specific), use ApiGate::isRequestAllowed() instead. Please
* note that isRequestAllowed might not be any different (at the time of this writing, method-specific permissions
* per key are not implemented, so isRequestAllowed() is identical to checkKey()).
*
* For most uses, you'll probably want to use isRequestAllowed() since that will allow the method-specific permissions
* per key once implemented.
*
* @param apiKey - string - the API key to check for validity.
* @return int - an HTTP status code such as 200 if okay, 401 if auth wasn't provided (but was needed), 509 if the key has been rate-limited, etc..
*/
public static function checkKey($apiKey)
{
wfProfileIn(__METHOD__);
$retVal = ApiGate::HTTP_STATUS_OK;
// HARDCODED FOR DEBUGGING. An "apiKey" of 509 (which wouldn't be an actual API key) will return a status-code of 509 for testing/debugging.
if ($apiKey == "509") {
$retVal = ApiGate::HTTP_STATUS_LIMIT_EXCEEDED;
} else {
if ($apiKey == "") {
// TODO: If the API gets to a point where the auth is always required, uncomment this.
//$retVal = ApiGate::HTTP_STATUS_UNAUTHORIZED;
} else {
// Find if the API key is in the database and is enabled.
$dbr = ApiGate_Config::getSlaveDb();
$queryString = "SELECT enabled FROM " . ApiGate::TABLE_KEYS . " WHERE apiKey='" . mysql_real_escape_string($apiKey, $dbr) . "'";
$enabled = ApiGate::simpleQuery($queryString);
if ($enabled === "") {
// The API key was not in the database.
$retVal = ApiGate::HTTP_STATUS_UNAUTHORIZED;
} else {
if ($enabled === "0") {
$retVal = ApiGate::HTTP_STATUS_LIMIT_EXCEEDED;
} else {
$retVal = ApiGate::HTTP_STATUS_OK;
}
}
}
}
wfProfileOut(__METHOD__);
return $retVal;
}
/**
* Lazy-loads and returns the reason that this key is disabled. If the key is NOT disabled, then this will return null.
*
* If the key is banned, but no reason could be found, then this will return an empty string.
*/
public function getReasonBanned()
{
$reason = null;
if (!$this->isEnabled()) {
if ($this->reasonBanned == null) {
$queryString = "SELECT reason FROM " . ApiGate::TABLE_BANLOG . " WHERE apiKey='{$this->getApiKeySqlSafe()}'";
$queryString .= " ORDER BY createdOn DESC LIMIT 1";
$this->reasonBanned = ApiGate::simpleQuery($queryString);
$reason = $this->reasonBanned;
} else {
$reason = $this->reasonBanned;
}
}
return $reason;
}
/**
* @param keyToTest - an API key which will be checked to see if it is already registered in the system.
* @return bool - true if 'keyToTest' is a registered API key in the system, false if 'keyToTest' is NOT registered.
*/
protected static function keyExists($keyToTest)
{
wfProfileIn(__METHOD__);
$keyExists = false;
$queryString = "SELECT count(*) FROM " . ApiGate::TABLE_KEYS . " WHERE apiKey='" . mysql_real_escape_string($keyToTest) . "'";
$numKeys = ApiGate::simpleQuery($queryString);
$keyExists = $numKeys > 0;
wfProfileOut(__METHOD__);
return $keyExists;
}
