/** * Mock/Force the initialization of a REST call. * Typically avoiding some HTTP request processing. * Circumvents the need to go through a REST client to invoke the API. * * @param Api_AbstractRest $rest * @param array $apiParams * * @return The initialized REST object. */ protected function initRest(Api_AbstractRest &$rest, $apiParams) { $context = Api_RequestContext::createRequestContext($apiParams); $rest->_setContext($context); $rest->validateRequest(); return $rest; }
/** * Mock/Force the initialization of a REST call. * Typically avoiding the Session creation and other HTTP request processing. * * @param Api_AbstractRest $rest * @param string $uid * @param array $apiParams * @return The initialized REST object. */ protected function initRest(Api_AbstractRest &$rest, $apiParams, $uid = null, $aid = null, $nid = null, &$session = array()) { if ($uid != null) { $session['uid'] = $uid; } if ($aid != null) { $session['app_id'] = $aid; } if ($nid != null) { $session['network_key'] = $nid; } $context = Api_RequestContext::createRequestContext($apiParams); $rest->_setContext($context); $rest->_setSession($session); $rest->validateRequest(); return $rest; }
/** * Process a Request. * * * There are a few different type's of method calls currently. * 1. Auth related methods, which all start with "auth.". These * methods do not yet typically have a session key or in process of creating/validating/removing one. * Other inner/inter systems security methods can be here as well. Note, you should NOT add a method * to authenticate a user, that should be done else where. Use the inner-method of approveToken and lock * it down within a system. * * 2. Application method calls. This is really the catchalll and executes the request handling mechanism. * * 3. Systems Management calls. (coming soon). * */ function execute($request) { ini_set('session.use_cookies', '0'); ini_set('session.save_handler', 'user'); session_set_save_handler(array('Session', 'open'), array('Session', 'close'), array('Session', 'read'), array('Session', 'write'), array('Session', 'destroy'), array('Session', 'gc')); session_cache_limiter('none'); set_error_handler(array('OpenFBServer', 'errorHandler'), E_ERROR); // There is a change dependending on magic quotes settings // that PHP will add in extra slashes, not good for us. // This is removed as of PHP 6 as well. if (get_magic_quotes_gpc()) { foreach ($request as $rname => $rval) { $request[$rname] = stripslashes($rval); } } $context = Api_RequestContext::createRequestContext($request); if ($context->getNetworkKey() == null) { $keyService = Api_Bo_KeyService::create(); $ids = $keyService->getIds($context->getApiKey()); $domain_keys = $keyService->getKeyset($ids['domain_id'], $ids['domain_id']); if ($domain_keys != null) { $context->setNetworkKey($domain_keys['api_key']); } } //error_log( "method $method requested" ); try { $response = $this->executeRequest($context, $request); $this->send_response($context->getMethod(), $response, $context->getFormat(), $context->getCallback()); } catch (Exception $exception) { error_log("When executing {$context->getMethod()} request in OpenFBServer: " . $exception->getMessage()); error_log($exception->getTraceAsString()); $this->send_exception($exception, $request, $context->getFormat(), $context->getCallback()); } // TODO - This would hurt infinite session concepts, should we just bag this concept? // Should session cache be extended after each call? // Should it be validated against expires time in session? // session_cache_expire ( 24 * 60 ); }