diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2009-12-08 18:06:16 -0800 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2009-12-08 18:06:16 -0800 |
| commit | 837396ca2889b9e4e4a7b33a31409a2cd12a483c (patch) | |
| tree | faf5f67d49ea2bea2fa13aae0b2731d56cb1b7a0 /modules/rest/controllers | |
| parent | 6fd04069aec67ff115cac4296c013cb5eea6782b (diff) | |
Change the url mapping so that path to the is part of the url
The request key is put in the X-Gallery-Request-Key header
The HTTP method can be override by using the X-Gallery-Request-Method header
Normalize the request data so that it doesn't matter where it comes from (HTTP get or HTTP post request)
Diffstat (limited to 'modules/rest/controllers')
| -rw-r--r-- | modules/rest/controllers/rest.php | 87 |
1 files changed, 53 insertions, 34 deletions
diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index 0e5cbe96..0c88877a 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -47,58 +47,77 @@ class Rest_Controller extends Controller { } public function __call($function, $args) { - $access_token = $this->input->get("request_key"); - $request = $this->input->post("request", null); + $request = $this->_normalize_request($args); - if (empty($access_token)) { + if (empty($request->access_token)) { print rest::forbidden("No access token supplied."); return; } try { - $key = ORM::factory("user_access_token") - ->where("access_key", $access_token) - ->find(); + if ($this->_set_active_user($request->access_token)) { + $handler_class = "{$function}_rest"; + $handler_method = "{$request->method}"; - if (!$key->loaded) { - print rest::forbidden("Invalid key: $access_token"); - return; - } + if (!method_exists($handler_class, $handler_method)) { + print rest::not_implemented("$handler_class::$handler_method is not implemented"); + return; + } - $user = identity::lookup_user($key->user_id); - if (empty($user)) { - print rest::forbidden("User not found: {$key->user_id}"); - return; + print call_user_func(array($handler_class, $handler_method), $request); } + } catch (Exception $e) { + print rest::internal_error($e); + } + } - if (!empty($request)) { - $method = strtolower($this->input->server("HTTP_X_HTTP_METHOD_OVERRIDE", "POST")); + private function _normalize_request($args) { + $method = strtolower($this->input->server("REQUEST_METHOD")); + if ($method != "get") { + $request = $this->input->post("request", null); + if ($request) { $request = json_decode($request); } else { - print rest::invalid_request("Empty Request"); - return; + $request = new stdClass(); } - - - if (empty($args[0])) { - print rest::invalid_request("Resource not supplied"); - return; + } else { + $request = new stdClass(); + foreach (array_keys($_GET) as $key) { + if ($key == "request_key") { + continue; + } + $request->$key = $this->input->get($key); } + } - $handler_class = "{$function}_rest"; - $handler_method = "{$method}_{$args[0]}"; + $override_method = strtolower($this->input->server("HTTP_X_GALLERY_REQUEST_METHOD", null)); + $request->method = empty($override_method) ? $method : $override_method; + $request->access_token = $this->input->server("HTTP_X_GALLERY_REQUEST_KEY"); + $request->path = implode("/", $args); - if (!method_exists($handler_class, $handler_method)) { - print rest::not_implemented("$handler_class::$handler_method is not implemented"); - return; - } + return $request; + } - identity::set_active_user($user); + private function _set_active_user($access_token) { + if (empty($access_token)) { + $user = identity::guest(); + } else { + $key = ORM::factory("user_access_token") + ->where("access_key", $access_token) + ->find(); - print call_user_func(array($handler_class, $handler_method), $request); - } catch (Exception $e) { - print rest::internal_error($e); + if ($key->loaded) { + $user = identity::lookup_user($key->user_id); + if (empty($user)) { + print rest::forbidden("User not found: {$key->user_id}"); + return false;; + } + } else { + print rest::forbidden("Invalid user access token supplied: {$key->user_id}"); + return false; + } } + identity::set_active_user($user); + return true; } - }
\ No newline at end of file |