diff options
| -rw-r--r-- | modules/rest/config/routes.php | 23 | ||||
| -rw-r--r-- | modules/rest/controllers/rest.php | 111 | ||||
| -rw-r--r-- | modules/rest/helpers/rest_event.php | 75 | ||||
| -rw-r--r-- | modules/rest/helpers/rest_installer.php | 37 | ||||
| -rw-r--r-- | modules/rest/libraries/Form_Label.php | 45 | ||||
| -rw-r--r-- | modules/rest/models/rest_key.php | 21 | ||||
| -rw-r--r-- | modules/rest/module.info | 4 | ||||
| -rw-r--r-- | modules/rest/tests/Rest_Controller_Test.php | 220 |
8 files changed, 536 insertions, 0 deletions
diff --git a/modules/rest/config/routes.php b/modules/rest/config/routes.php new file mode 100644 index 00000000..ec65fda8 --- /dev/null +++ b/modules/rest/config/routes.php @@ -0,0 +1,23 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ + +// Redirect module REST requests to the REST Controller +$config["^(\w+)/rest/(.*)$"] = "rest/$1/$2"; + diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php new file mode 100644 index 00000000..d16d2316 --- /dev/null +++ b/modules/rest/controllers/rest.php @@ -0,0 +1,111 @@ +<?php defined("SYSPATH") or die("No direct script access.");/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Rest_Controller extends Controller { + public function access_key() { + $request = json_decode($this->input->post("request")); + if (empty($request->user) || empty($request->password)) { + print json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))); + return; + } + + $user = identity::lookup_user_by_name($request->user); + if (empty($user)) { + print json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))); + return; + } + + if (!identity::is_correct_password($user, $request->password)) { + print json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))); + return; + } + $key = ORM::factory("rest_key") + ->where("user_id", $user->id) + ->find(); + if (!$key->loaded) { + $key->user_id = $user->id; + $key->access_key = md5($user->name . rand()); + $key->save(); + Kohana::log("alert", Kohana::debug($key->as_array())); + } + print json_encode(array("status" => "OK", "token" => $key->access_key)); + } + + public function __call($function, $args) { + $access_token = $this->input->get("request_key"); + $request = $this->input->post("request", null); + + if (empty($access_token)) { + print json_encode(array("status" => "ERROR", + "message" => (string)t("Authorization failed"))); + return; + } + + if (!empty($request)) { + $method = strtolower($this->input->server("HTTP_X_HTTP_METHOD_OVERRIDE", "POST")); + $request = json_decode($request); + } else { + print json_encode(array("status" => "ERROR", + "message" => (string)t("Authorization failed"))); + return; + } + + try { + $key = ORM::factory("rest_key") + ->where("access_key", $access_token) + ->find(); + + if (!$key->loaded) { + print json_encode(array("status" => "ERROR", + "message" => (string)t("Authorization failed"))); + return; + } + + $user = identity::lookup_user($key->user_id); + if (empty($user)) { + print json_encode(array("status" => "ERROR", + "message" => (string)t("Authorization failed"))); + return; + } + + if (empty($args[0])) { + print json_encode(array("status" => "ERROR", + "message" => (string)t("Invalid request parameters"))); + return; + } + + $handler_class = "{$function}_rest"; + $handler_method = "{$method}_{$args[0]}"; + + if (!method_exists($handler_class, $handler_method)) { + Kohana::log("error", "$handler_class::$handler_method is not implemented"); + print json_encode(array("status" => "ERROR", + "message" => (string)t("Service not implemented"))); + return; + } + + $response = call_user_func(array($handler_class, $handler_method), $request); + + print json_encode($response); + } catch (Exception $e) { + Kohana::log("error", $e->__toString()); + print json_encode(array("status" => "ERROR", "message" => (string)t("Internal error"))); + } + } + +}
\ No newline at end of file diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php new file mode 100644 index 00000000..fd1c25be --- /dev/null +++ b/modules/rest/helpers/rest_event.php @@ -0,0 +1,75 @@ +<?php defined("SYSPATH") or die("No direct script access.");/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class rest_event { + /** + * Called just before a user is deleted. This will remove the user from + * the user_homes directory. + */ + static function user_before_delete($user) { + ORM::factory("rest_key") + ->where("id", $user->id) + ->delete_all(); + } + + /** + * Called after a user has been added. Just add a remote access key + * on every add. + */ + static function user_add_form_admin_completed($user, $form) { + $key = ORM::factory("rest_key"); + $key->user_id = $user->id; + $key->access_key = md5($user->name . rand()); + $key->save(); + } + + /** + * Called when admin is editing a user + */ + static function user_edit_form_admin($user, $form) { + self::_get_access_key_form($user, $form); + } + + /** + * Called when user is editing their own form + */ + static function user_edit_form($user, $form) { + self::_get_access_key_form($user, $form); + } + + /** + * Get the form fields for user edit + */ + static function _get_access_key_form($user, $form) { + $key = ORM::factory("rest_key") + ->where("user_id", $user->id) + ->find(); + + if (!$key->loaded) { + $key->user_id = $user->id; + $key->access_key = md5($user->name . rand()); + $key->save(); + } + + $form->edit_user->input("access_key") + ->value($key->access_key) + ->readonly("readonly") + ->class("g-form-static") + ->label(t("Remote access key")); + } +} diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php new file mode 100644 index 00000000..274002c0 --- /dev/null +++ b/modules/rest/helpers/rest_installer.php @@ -0,0 +1,37 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class rest_installer { + static function install() { + Database::instance() + ->query("CREATE TABLE {rest_keys} ( + `id` int(9) NOT NULL auto_increment, + `user_id` int(9) NOT NULL, + `access_key` char(32) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY(`access_key`), + UNIQUE KEY(`user_id`)) + DEFAULT CHARSET=utf8;"); + module::set_version("rest", 1); + } + + static function uninstall() { + Database::instance()->query("DROP TABLE IF EXISTS {rest_keys}"); + } +} diff --git a/modules/rest/libraries/Form_Label.php b/modules/rest/libraries/Form_Label.php new file mode 100644 index 00000000..315ff510 --- /dev/null +++ b/modules/rest/libraries/Form_Label.php @@ -0,0 +1,45 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Form_Label_Core extends Form_Input { + protected $data = array( + "type" => "label", + "text" => ""); + + public function __construct($label) { + $this->data["text"] = $label; + } + + public function __get($key) { + return isset($this->data[$key]) ? $this->data[$key] : null; + } + + // In this element we never want print any html so make sure + // render and ultimately html_element only return the empty string + public function render() { + return $this->html_element(); + } + + public function html_element() { + $data = $this->data; + unset($data["text"]); + return "<p " . html::attributes() . ">{$this->data['text']}</p>"; + } + +} // End Form Script
\ No newline at end of file diff --git a/modules/rest/models/rest_key.php b/modules/rest/models/rest_key.php new file mode 100644 index 00000000..4dee8b65 --- /dev/null +++ b/modules/rest/models/rest_key.php @@ -0,0 +1,21 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Rest_Key_Model extends ORM { +} diff --git a/modules/rest/module.info b/modules/rest/module.info new file mode 100644 index 00000000..5576ec81 --- /dev/null +++ b/modules/rest/module.info @@ -0,0 +1,4 @@ +name = REST Access Module +description = "The RESTful implementation/interface to Gallery3" + +version = 1 diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php new file mode 100644 index 00000000..16c5177b --- /dev/null +++ b/modules/rest/tests/Rest_Controller_Test.php @@ -0,0 +1,220 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Rest_Controller_Test extends Unit_Test_Case { + public function setup() { + $this->_save = array($_GET, $_POST, $_SERVER); + $this->_user = identity::create_user("access_test", "Access Test", "password"); + $key = ORM::factory("rest_key"); + $this->_access_key = $key->access_key = md5($this->_user->name . rand()); + $key->user_id = $this->_user->id; + $key->save(); + + $root = ORM::factory("item", 1); + $this->_album = album::create($root, "album", "Test Album", rand()); + $this->_child = album::create($this->_album, "child", "Test Child Album", rand()); + + $filename = MODPATH . "gallery/tests/test.jpg"; + $rand = rand(); + $this->_photo = photo::create($this->_child, $filename, "$rand.jpg", $rand); + $this->_path = $this->_photo->relative_path(); + } + + public function teardown() { + list($_GET, $_POST, $_SERVER) = $this->_save; + + try { + if (!empty($this->_user)) { + $this->_user->delete(); + } + if (!empty($this->_album)) { + $this->_album->delete(); + } + } catch (Exception $e) { } + } + + public function rest_access_key_exists_test() { + $_SERVER["REQUEST_METHOD"] = "POST"; + $_POST["request"] = json_encode(array("user" => "access_test", "password" => "password")); + + $this->assert_equal( + json_encode(array("status" => "OK", "token" => $this->_access_key)), + $this->_call_controller()); + } + + public function rest_access_key_generated_test() { + ORM::factory("rest_key") + ->where("access_key", $this->_access_key) + ->delete(); + $_SERVER["REQUEST_METHOD"] = "POST"; + $_POST["request"] = json_encode(array("user" => "access_test", "password" => "password")); + + $results = json_decode($this->_call_controller()); + + $this->assert_equal("OK", $results->status); + $this->assert_false(empty($results->token)); + } + + public function rest_access_key_no_parameters_test() { + $_SERVER["REQUEST_METHOD"] = "POST"; + + $this->assert_equal( + json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))), + $this->_call_controller()); + } + + public function rest_access_key_user_not_found_test() { + $_SERVER["REQUEST_METHOD"] = "POST"; + $_POST["request"] = json_encode(array("user" => "access_test2", "password" => "password")); + + $this->assert_equal( + json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))), + $this->_call_controller()); + } + + public function rest_access_key_invalid_password_test() { + $_SERVER["REQUEST_METHOD"] = "POST"; + $_POST["request"] = json_encode(array("user" => "access_test", "password" => "invalid")); + + $this->assert_equal( + json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))), + $this->_call_controller()); + } + + public function rest_get_album_no_request_key_test() { + $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET"; + + $_SERVER["REQUEST_METHOD"] = "POST"; + $_POST["request"] = json_encode(array("path" => "/test_album")); + + $this->assert_equal( + json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))), + $this->_call_controller("rest")); + } + + public function rest_get_album_no_request_content_test() { + $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET"; + + $_SERVER["REQUEST_METHOD"] = "POST"; + $_GET["request_key"] = $this->_access_key; + + $this->assert_equal( + json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))), + $this->_call_controller("rest")); + } + + public function rest_get_album_invalid_key_test() { + $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET"; + + $_SERVER["REQUEST_METHOD"] = "POST"; + $_GET["request_key"] = md5($this->_access_key); // screw up the access key + $_POST["request"] = json_encode(array("path" => "/test_album")); + + $this->assert_equal( + json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))), + $this->_call_controller()); + } + + public function rest_get_album_no_user_for_key_test() { + $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET"; + $_SERVER["REQUEST_METHOD"] = "POST"; + + $_GET["request_key"] = $this->_access_key; + $_POST["request"] = json_encode(array("path" => "/test_album")); + + $this->_user->delete(); + unset($this->_user); + + $this->assert_equal( + json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))), + $this->_call_controller("rest")); + } + + public function rest_get_album_no_resource_test() { + $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET"; + $_SERVER["REQUEST_METHOD"] = "POST"; + + $_GET["request_key"] = $this->_access_key; + $_POST["request"] = json_encode(array("path" => "/test_album")); + + $this->assert_equal( + json_encode(array("status" => "ERROR", "message" => (string)t("Invalid request parameters"))), + $this->_call_controller("rest")); + } + + public function rest_get_album_no_handler_test() { + $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET"; + $_SERVER["REQUEST_METHOD"] = "POST"; + + $_GET["request_key"] = $this->_access_key; + $_POST["request"] = json_encode(array("path" => "/test_album")); + + $this->assert_equal( + json_encode(array("status" => "ERROR", "message" => (string)t("Service not implemented"))), + $this->_call_controller("rest", "album")); + } + + public function rest_get_album_test() { + $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET"; + $_SERVER["REQUEST_METHOD"] = "POST"; + + $_GET["request_key"] = $this->_access_key; + $_POST["request"] = json_encode(array("path" => $this->_path)); + + $this->assert_equal( + json_encode(array("status" => "OK", "message" => (string)t("Processed"), + "item" => array("path" => $this->_photo->relative_path_cache, + "title" => $this->_photo->title, + "thumb_url" => $this->_photo->thumb_url(), + "description" => $this->_photo->description, + "internet_address" => $this->_photo->slug, + "type" => $this->_photo->type))), + $this->_call_controller("rest", "photo")); + } + + private function _call_controller($method="access_key", $arg=null) { + $controller = new Rest_Controller(); + + ob_start(); + call_user_func(array($controller, $method), $arg); + $results = ob_get_contents(); + ob_end_clean(); + + return $results; + } +} + +class rest_rest { + static $request = null; + + static function get_photo($request) { + self::$request = $request; + $item = ORM::factory("item") + ->where("relative_path_cache", $request->path) + ->find(); + $response["path"] = $item->relative_path_cache; + $response["title"] = $item->title; + $response["thumb_url"] = $item->thumb_url(); + $response["description"] = $item->description; + $response["internet_address"] = $item->slug; + $response["type"] = $item->type; + return array("status" => "OK", "message" => (string)t("Processed"), "item" => $response); + } + +} |