/** * Checks to see if the API Key is valid and allowed to make calls (ie: is not banned). * * If more specific checking is needed (method-specific), use ApiGate::isRequestAllowed() instead. Please * note that isRequestAllowed might not be any different (at the time of this writing, method-specific permissions * per key are not implemented, so isRequestAllowed() is identical to checkKey()). * * For most uses, you'll probably want to use isRequestAllowed() since that will allow the method-specific permissions * per key once implemented. * * @param apiKey - string - the API key to check for validity. * @return int - an HTTP status code such as 200 if okay, 401 if auth wasn't provided (but was needed), 509 if the key has been rate-limited, etc.. */ public static function checkKey($apiKey) { wfProfileIn(__METHOD__); $retVal = ApiGate::HTTP_STATUS_OK; // HARDCODED FOR DEBUGGING. An "apiKey" of 509 (which wouldn't be an actual API key) will return a status-code of 509 for testing/debugging. if ($apiKey == "509") { $retVal = ApiGate::HTTP_STATUS_LIMIT_EXCEEDED; } else { if ($apiKey == "") { // TODO: If the API gets to a point where the auth is always required, uncomment this. //$retVal = ApiGate::HTTP_STATUS_UNAUTHORIZED; } else { // Find if the API key is in the database and is enabled. $dbr = ApiGate_Config::getSlaveDb(); $queryString = "SELECT enabled FROM " . ApiGate::TABLE_KEYS . " WHERE apiKey='" . mysql_real_escape_string($apiKey, $dbr) . "'"; $enabled = ApiGate::simpleQuery($queryString); if ($enabled === "") { // The API key was not in the database. $retVal = ApiGate::HTTP_STATUS_UNAUTHORIZED; } else { if ($enabled === "0") { $retVal = ApiGate::HTTP_STATUS_LIMIT_EXCEEDED; } else { $retVal = ApiGate::HTTP_STATUS_OK; } } } } wfProfileOut(__METHOD__); return $retVal; }
/** * Lazy-loads and returns the reason that this key is disabled. If the key is NOT disabled, then this will return null. * * If the key is banned, but no reason could be found, then this will return an empty string. */ public function getReasonBanned() { $reason = null; if (!$this->isEnabled()) { if ($this->reasonBanned == null) { $queryString = "SELECT reason FROM " . ApiGate::TABLE_BANLOG . " WHERE apiKey='{$this->getApiKeySqlSafe()}'"; $queryString .= " ORDER BY createdOn DESC LIMIT 1"; $this->reasonBanned = ApiGate::simpleQuery($queryString); $reason = $this->reasonBanned; } else { $reason = $this->reasonBanned; } } return $reason; }
/** * @param keyToTest - an API key which will be checked to see if it is already registered in the system. * @return bool - true if 'keyToTest' is a registered API key in the system, false if 'keyToTest' is NOT registered. */ protected static function keyExists($keyToTest) { wfProfileIn(__METHOD__); $keyExists = false; $queryString = "SELECT count(*) FROM " . ApiGate::TABLE_KEYS . " WHERE apiKey='" . mysql_real_escape_string($keyToTest) . "'"; $numKeys = ApiGate::simpleQuery($queryString); $keyExists = $numKeys > 0; wfProfileOut(__METHOD__); return $keyExists; }