summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--modules/rest/controllers/rest.php87
-rw-r--r--modules/rest/helpers/rest.php5
-rw-r--r--modules/rest/tests/Rest_Controller_Test.php70
3 files changed, 73 insertions, 89 deletions
diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index 0e5cbe96..0c88877a 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -47,58 +47,77 @@ class Rest_Controller extends Controller {
}
public function __call($function, $args) {
- $access_token = $this->input->get("request_key");
- $request = $this->input->post("request", null);
+ $request = $this->_normalize_request($args);
- if (empty($access_token)) {
+ if (empty($request->access_token)) {
print rest::forbidden("No access token supplied.");
return;
}
try {
- $key = ORM::factory("user_access_token")
- ->where("access_key", $access_token)
- ->find();
+ if ($this->_set_active_user($request->access_token)) {
+ $handler_class = "{$function}_rest";
+ $handler_method = "{$request->method}";
- if (!$key->loaded) {
- print rest::forbidden("Invalid key: $access_token");
- return;
- }
+ if (!method_exists($handler_class, $handler_method)) {
+ print rest::not_implemented("$handler_class::$handler_method is not implemented");
+ return;
+ }
- $user = identity::lookup_user($key->user_id);
- if (empty($user)) {
- print rest::forbidden("User not found: {$key->user_id}");
- return;
+ print call_user_func(array($handler_class, $handler_method), $request);
}
+ } catch (Exception $e) {
+ print rest::internal_error($e);
+ }
+ }
- if (!empty($request)) {
- $method = strtolower($this->input->server("HTTP_X_HTTP_METHOD_OVERRIDE", "POST"));
+ private function _normalize_request($args) {
+ $method = strtolower($this->input->server("REQUEST_METHOD"));
+ if ($method != "get") {
+ $request = $this->input->post("request", null);
+ if ($request) {
$request = json_decode($request);
} else {
- print rest::invalid_request("Empty Request");
- return;
+ $request = new stdClass();
}
-
-
- if (empty($args[0])) {
- print rest::invalid_request("Resource not supplied");
- return;
+ } else {
+ $request = new stdClass();
+ foreach (array_keys($_GET) as $key) {
+ if ($key == "request_key") {
+ continue;
+ }
+ $request->$key = $this->input->get($key);
}
+ }
- $handler_class = "{$function}_rest";
- $handler_method = "{$method}_{$args[0]}";
+ $override_method = strtolower($this->input->server("HTTP_X_GALLERY_REQUEST_METHOD", null));
+ $request->method = empty($override_method) ? $method : $override_method;
+ $request->access_token = $this->input->server("HTTP_X_GALLERY_REQUEST_KEY");
+ $request->path = implode("/", $args);
- if (!method_exists($handler_class, $handler_method)) {
- print rest::not_implemented("$handler_class::$handler_method is not implemented");
- return;
- }
+ return $request;
+ }
- identity::set_active_user($user);
+ private function _set_active_user($access_token) {
+ if (empty($access_token)) {
+ $user = identity::guest();
+ } else {
+ $key = ORM::factory("user_access_token")
+ ->where("access_key", $access_token)
+ ->find();
- print call_user_func(array($handler_class, $handler_method), $request);
- } catch (Exception $e) {
- print rest::internal_error($e);
+ if ($key->loaded) {
+ $user = identity::lookup_user($key->user_id);
+ if (empty($user)) {
+ print rest::forbidden("User not found: {$key->user_id}");
+ return false;;
+ }
+ } else {
+ print rest::forbidden("Invalid user access token supplied: {$key->user_id}");
+ return false;
+ }
}
+ identity::set_active_user($user);
+ return true;
}
-
} \ No newline at end of file
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
index 64a32d40..22c13be9 100644
--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -60,9 +60,12 @@ class rest_Core {
if (!empty($message)) {
$response["message"] = (string)$message;
}
+ if ($response_data) {
+ $response = array_merge($response, $response_data);
+ }
// We don't need to save the session for this request
Session::abort_save();
- return json_encode(array_merge($response, $response_data));
+ return json_encode($response);
}
private static function _format_response($message, $log_message) {
diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php
index afac2d05..1417c315 100644
--- a/modules/rest/tests/Rest_Controller_Test.php
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -72,7 +72,7 @@ class Rest_Controller_Test extends Unit_Test_Case {
}
public function rest_access_key_no_parameters_test() {
- $_SERVER["REQUEST_METHOD"] = "POST";
+ $_SERVER["REQUEST_METHOD"] = "GET";
$this->assert_equal(
json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
@@ -90,7 +90,6 @@ class Rest_Controller_Test extends Unit_Test_Case {
public function rest_access_key_invalid_password_test() {
$_SERVER["REQUEST_METHOD"] = "POST";
- $_POST["request"] = json_encode(array("user" => "access_test", "password" => "invalid"));
$this->assert_equal(
json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
@@ -100,31 +99,14 @@ class Rest_Controller_Test extends Unit_Test_Case {
public function rest_get_resource_no_request_key_test() {
$_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
- $_SERVER["REQUEST_METHOD"] = "POST";
- $_POST["request"] = json_encode(array("path" => $this->_path));
-
$this->assert_equal(
json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
- $this->_call_controller("rest"));
- }
-
- public function rest_get_resource_no_request_content_test() {
- $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
-
- $_SERVER["REQUEST_METHOD"] = "POST";
- $_GET["request_key"] = $this->_access_key;
-
- $this->assert_equal(
- json_encode(array("status" => "ERROR", "message" => (string)t("Invalid request"))),
- $this->_call_controller("rest"));
+ $this->_call_controller("rest", explode("/", $this->_photo->relative_path())));
}
public function rest_get_resource_invalid_key_test() {
- $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
-
- $_SERVER["REQUEST_METHOD"] = "POST";
- $_GET["request_key"] = md5($this->_access_key); // screw up the access key
- $_POST["request"] = json_encode(array("path" => $this->_path));
+ $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = md5($this->_access_key); // screw up the access key;
+ $_SERVER["REQUEST_METHOD"] = "GET";
$this->assert_equal(
json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
@@ -132,50 +114,30 @@ class Rest_Controller_Test extends Unit_Test_Case {
}
public function rest_get_resource_no_user_for_key_test() {
- $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
- $_SERVER["REQUEST_METHOD"] = "POST";
-
- $_GET["request_key"] = $this->_access_key;
- $_POST["request"] = json_encode(array("path" => $this->_path));
+ $_SERVER["REQUEST_METHOD"] = "GET";
+ $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $this->_access_key;
$this->_user->delete();
unset($this->_user);
$this->assert_equal(
json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
- $this->_call_controller("rest"));
- }
-
- public function rest_get_resource_no_resource_test() {
- $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
- $_SERVER["REQUEST_METHOD"] = "POST";
-
- $_GET["request_key"] = $this->_access_key;
- $_POST["request"] = json_encode(array("path" => $this->_path));
-
- $this->assert_equal(
- json_encode(array("status" => "ERROR", "message" => (string)t("Invalid request"))),
- $this->_call_controller("rest"));
+ $this->_call_controller("rest", explode("/", $this->_photo->relative_path())));
}
public function rest_get_resource_no_handler_test() {
- $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
- $_SERVER["REQUEST_METHOD"] = "POST";
-
- $_GET["request_key"] = $this->_access_key;
- $_POST["request"] = json_encode(array("path" => $this->_path));
+ $_SERVER["REQUEST_METHOD"] = "GET";
+ $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $this->_access_key;
+ $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "PUT";
$this->assert_equal(
json_encode(array("status" => "ERROR", "message" => (string)t("Service not implemented"))),
- $this->_call_controller("rest", "album"));
+ $this->_call_controller("rest", explode("/", $this->_photo->relative_path())));
}
public function rest_get_resource_test() {
- $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
- $_SERVER["REQUEST_METHOD"] = "POST";
-
- $_GET["request_key"] = $this->_access_key;
- $_POST["request"] = json_encode(array("path" => $this->_path));
+ $_SERVER["REQUEST_METHOD"] = "GET";
+ $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $this->_access_key;
$this->assert_equal(
json_encode(array("status" => "OK", "message" => (string)t("Processed"),
@@ -185,14 +147,14 @@ class Rest_Controller_Test extends Unit_Test_Case {
"description" => $this->_photo->description,
"internet_address" => $this->_photo->slug,
"type" => $this->_photo->type))),
- $this->_call_controller("rest", "photo"));
+ $this->_call_controller("rest", explode("/", $this->_photo->relative_path())));
}
private function _call_controller($method="access_key", $arg=null) {
$controller = new Rest_Controller();
ob_start();
- call_user_func(array($controller, $method), $arg);
+ call_user_func_array(array($controller, $method), $arg);
$results = ob_get_contents();
ob_end_clean();
@@ -203,7 +165,7 @@ class Rest_Controller_Test extends Unit_Test_Case {
class rest_rest {
static $request = null;
- static function get_photo($request) {
+ static function get($request) {
self::$request = $request;
$item = ORM::factory("item")
->where("relative_path_cache", $request->path)
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 12:36:26 +0000