Controller implements the following steps in a RESTful API request handling cycle:
1. Resolving response format (see [[ContentNegotiator]]);
2. Validating request method (see Controller::verbs).
3. Authenticating user (see [[\yii\filters\auth\AuthInterface]]);
4. Rate limiting (see [[RateLimiter]]);
5. Formatting response data (see Controller::serializeData).
For more details and usage information on Controller, see the guide article on rest controllers.
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['contentNegotiator'] = ['class' => ContentNegotiator::className(), 'formats' => ['application\\json' => Response::FORMAT_JSON]];
$behaviors['authenticator'] = ['class' => QueryParamAuth::className()];
return $behaviors;
}
public function actions()
{
$actions = parent::actions();
unset($actions['index']);
unset($actions['view']);
return $actions;
}
/**
* @inheritDoc
*/
public function beforeAction($action)
{
if (self::getAdminModule()->allowLoginViaToken == false) {
throw new NotFoundHttpException();
}
return parent::beforeAction($action);
}
/** @inheritdoc */
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator']['authMethods'][] = QueryParamAuth::class;
$behaviors['authenticator']['authMethods'][] = HttpBearerAuth::class;
return $behaviors;
}
/**
* @inheritdoc
*/
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator']['authMethods'] = !$this->authMethods ? [] : [QueryParamAuth::className()];
$behaviors['authenticator']['user'] = Yii::createObject(['class' => 'api\\components\\auth\\AuthApi', 'identityClass' => 'api\\components\\auth\\CheckToken']);
return $behaviors;
}
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['contentNegotiator']['formats']['text/html'] = \yii\web\Response::FORMAT_JSON;
$behaviors['rateLimiter']['user'] = $this->user;
return $behaviors;
}
/**
* @inheritdoc
*/
public function init()
{
parent::init();
if ($this->modelClass === null) {
throw new InvalidConfigException('The "modelClass" property must be set.');
}
}
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['verbs'] = ['class' => VerbFilter::className(), 'actions' => ['login' => ['POST', 'OPTIONS']]];
$behaviors['authenticator'] = ['class' => CompositeAuth::className(), 'except' => ['login'], 'authMethods' => [QueryParamAuth::className()]];
return $behaviors;
}
/**
* Behaviors
* @return array
*/
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator']['optional'] = $this->unsecuredActions;
$behaviors['authenticator']['authMethods'][] = ['class' => QueryParamAuth::className(), 'tokenParam' => 'token'];
return $behaviors;
}
public function beforeAction($action)
{
if (!\Yii::$app->request->getIsAjax()) {
\Yii::$app->user->enableSession = false;
\Yii::$app->session->destroy();
}
return parent::beforeAction($action);
}
public function beforeAction($action)
{
if (parent::beforeAction($action)) {
/** validate user token here */
return true;
}
return false;
}
/**
* @inheritdoc
*/
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = ['class' => HttpBearerAuth::className(), 'only' => ['dashboard']];
$behaviors['contentNegotiator'] = ['class' => ContentNegotiator::className(), 'formats' => ['application/json' => Response::FORMAT_JSON]];
$behaviors['access'] = ['class' => AccessControl::className(), 'only' => ['dashboard'], 'rules' => [['actions' => ['dashboard'], 'allow' => true, 'roles' => ['@']]]];
return $behaviors;
}
public function behaviors()
{
// Options Request Behavior must going at first because swagger makes OPTIONS requests before POST
// and this behavior must run early than VerbsFilter
$behaviors = ['optionsRequestFilter' => OptionsRequestFilter::className()];
$behaviors = array_merge($behaviors, parent::behaviors(), ['contentNegotiator' => ['class' => ContentNegotiator::className(), 'formats' => ['application/json' => Response::FORMAT_JSON]], 'corsFilter' => Cors::className(), 'authenticator' => QueryParamAuthSwagger::className()]);
return $behaviors;
}
/**
* @inheritdoc
* Fix Yii2 Bug #5665: The `currentPage` meta data in the RESTful result should be 1-based, similar to that in HTTP headers
* There is a similar fix in backend\components\rest\RestController.php
*/
public function afterAction($action, $result)
{
$result = parent::afterAction($action, $result);
$fixActions = ['message-history'];
if (in_array($action->id, $fixActions) && isset($result['_meta']['currentPage'])) {
$result['_meta']['currentPage']++;
}
return $result;
}
public function init()
{
parent::init();
$request = wanhunet::$app->request;
if (!$request->isGet) {
$params = json_decode(file_get_contents('php://input'), true);
$request->setBodyParams($params);
}
}
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = ['class' => QueryParamAuth::className(), 'tokenParam' => 'access_token'];
//unset($behaviors['contentNegotiator']['formats']);
$behaviors['contentNegotiator']['formats']['application/xml'] = Response::FORMAT_JSON;
$behaviors['rateLimiter']['enableRateLimitHeaders'] = false;
return $behaviors;
}
protected function serializeData($data)
{
if ($this->jsonCallback) {
$result['data'] = parent::serializeData($data);
$result['callback'] = $this->jsonCallback;
return $result;
}
return parent::serializeData($data);
}
public function beforeAction($action)
{
\Yii::$app->response->on(Response::EVENT_BEFORE_SEND, [$this, 'modifyResponse']);
if (!parent::beforeAction($action)) {
return false;
}
return true;
// or false to not run the action
}
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['contentNegotiator']['formats'] = ['application/json' => Response::FORMAT_JSON];
$behaviors['access'] = ['class' => 'yii\\filters\\AccessControl', 'rules' => [['allow' => true, 'matchCallback' => function ($rule, $action) {
return in_array(Yii::$app->request->hostInfo, Yii::$app->params['acceptableHosts']);
}]]];
$behaviors['corsFilter'] = ['class' => 'yii\\filters\\Cors', 'cors' => ['Origin' => Yii::$app->params['acceptableHosts'], 'Access-Control-Request-Method' => ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'HEAD', 'OPTIONS'], 'Access-Control-Request-Headers' => ['*'], 'Access-Control-Allow-Credentials' => true, 'Access-Control-Max-Age' => 86400, 'Access-Control-Expose-Headers' => []]];
return $behaviors;
}
/**
* @inheritdoc
*/
public function init()
{
parent::init();
if (isset($_GET['type']) && ($typeItem = Yii::$app->collectors['types']->getOne($_GET['type'])) && ($type = $typeItem->object) && !empty($type) && $type->enableApiAccess) {
$this->modelClass = $type->primaryModel;
}
if ($this->modelClass === null) {
throw new ForbiddenHttpException('Unable to access the object type \'' . (isset($_GET['type']) ? $_GET['type'] : 'unknown') . '\'.');
}
}
/**
* Makes necessary preparation before the action. In this case it sets up the appropriate response format
*
* @param \yii\base\Action $action
*
* @return bool
* @throws \yii\web\BadRequestHttpException
*/
function beforeAction($action)
{
/** @noinspection PhpUndefinedFieldInspection */
if (Yii::$app->has('api', true) && Yii::$app->api->enableProfiling) {
Yii::beginProfile($action->uniqueId);
}
if (!parent::beforeAction($action) || !$this->checkContentType()) {
return false;
}
return true;
}
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['contentNegotiator']['formats']['text/html'] = Response::FORMAT_JSON;
$behaviors['authenticator'] = ['class' => CompositeAuth::className(), 'authMethods' => [HttpBearerAuth::className()]];
// $behaviors['authenticator']['only'] = ['delete'];
$behaviors['access'] = ['class' => AccessControl::className(), 'rules' => [['allow' => true, 'actions' => ['index'], 'matchCallback' => function ($rule, $action) {
if (User::findOne(Yii::$app->user->id)) {
return User::findOne(Yii::$app->user->id)->username === 'root';
}
}], ['allow' => true, 'actions' => ['view'], 'roles' => ['@']]]];
return $behaviors;
}
/**
* @inheritdoc
*/
public function beforeAction($action)
{
if (!parent::beforeAction($action)) {
return false;
}
// check for CORS preflight OPTIONS. if so, then return false so that it doesn't run
// the controller action
// @link https://github.com/yiisoft/yii2/pull/8626/files
// @link https://github.com/yiisoft/yii2/issues/6254
if (Yii::$app->request->isOptions) {
return false;
}
return true;
}
/**
* Runs an action within this controller with the specified action ID and parameters.
*/
public function runAction($id, $params = [])
{
$params = \Yii::$app->request->get();
if (false === empty($params['id'])) {
static::$configAlias = $params['id'];
}
$this->configName = empty(static::$configAlias) ?: static::$configAlias;
$this->getConfig();
if (empty(static::$config)) {
throw new NotFoundHttpException(\Yii::t('yii', 'Unknown daemon ID!'));
}
$this->reloadComponent();
return parent::runAction($id, $params);
}
/**
* @inheritdoc
*/
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = ['class' => QueryParamAuth::className()];
return $behaviors;
}
public function behaviors()
{
return ArrayHelper::merge(parent::behaviors(), ['authenticator' => ['class' => CompositeAuth::className(), 'authMethods' => [['class' => QueryParamAuth::className(), 'tokenParam' => 'access_token']]]]);
}
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['verbs'] = ['class' => VerbFilter::className(), 'actions' => ['index' => ['get']]];
return $behaviors;
}
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = ['class' => HttpBearerAuth::className(), 'only' => ['logout', 'test']];
return \yii\helpers\ArrayHelper::merge([['class' => \yii\filters\Cors::className(), 'cors' => ['Origin' => ['*'], 'Access-Control-Allow-Origin' => ['*'], 'Access-Control-Request-Method' => $this->_verbs, 'Access-Control-Request-Headers' => ['*']]]], $behaviors);
}
/**
* @return array
*/
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['contentNegotiator']['formats'] = ['application/json' => Response::FORMAT_JSON];
return $behaviors;
}
/**
* @inheritdoc
*/
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = ['class' => CompositeAuth::className(), 'authMethods' => [['class' => HttpBearerAuth::className(), 'only' => $this->authOnly(), 'except' => $this->authExcept()], ['class' => QueryParamAuth::className(), 'only' => $this->authOnly(), 'except' => $this->authExcept()]]];
return $behaviors;
}
