1 files changed, 47 insertions, 36 deletions

diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index 26e5b31a..374ae0d2 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -18,51 +18,62 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Rest_Controller extends Controller {
-  public function access_key() {
-    try {
-      $request = (object)Input::instance()->get();
-      if (empty($request->user) || empty($request->password)) {
-        throw new Rest_Exception(403, "Forbidden");
-      }
+  public function index() {
+    $username = Input::instance()->post("user");
+    $password = Input::instance()->post("password");
 
-      $user = identity::lookup_user_by_name($request->user);
-      if (empty($user)) {
-        throw new Rest_Exception(403, "Forbidden");
-      }
-
-      if (!identity::is_correct_password($user, $request->password)) {
-        throw new Rest_Exception(403, "Forbidden");
-      }
+    if (empty($username) || auth::too_many_failed_logins($username)) {
+      throw new Rest_Exception("Forbidden", 403);
+    }
 
-      $key = ORM::factory("user_access_token")
-        ->where("user_id", "=", $user->id)
-        ->find();
-      if (!$key->loaded()) {
-        $key->user_id = $user->id;
-        $key->access_key = md5($user->name . rand());
-        $key->save();
-      }
-      print rest::success(array("token" => $key->access_key));
-    } catch (Rest_Exception $e) {
-      $e->sendHeaders();
+    $user = identity::lookup_user_by_name($username);
+    if (empty($user) || !identity::is_correct_password($user, $password)) {
+      module::event("user_login_failed", $username);
+      throw new Rest_Exception("Forbidden", 403);
     }
+
+    auth::login($user);
+
+    $key = rest::get_access_token($user->id);
+    rest::reply($key->access_key);
  }
 
   public function __call($function, $args) {
-    $request = rest::normalize_request($args);
-    try {
-      if (rest::set_active_user($request->access_token)) {
-        $handler_class = "{$function}_rest";
-        $handler_method = $request->method;
+    $input = Input::instance();
+    $request = new stdClass();
+    switch ($method = strtolower($input->server("REQUEST_METHOD"))) {
+    case "get":
+      $request->params = (object) $input->get();
+      break;
+
+    case "post":
+      $request->params = (object) $input->post();
+      if (isset($_FILES["file"])) {
+        $request->file = upload::save("file");
+      }
+      break;
+    }
+
+    $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method));
+    $request->access_token = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
+    $request->url = url::abs_current(true);
 
-        if (!method_exists($handler_class, $handler_method)) {
-          throw new Rest_Exception(403, "Forbidden");
-        }
+    rest::set_active_user($request->access_token);
 
-        print call_user_func(array($handler_class, $handler_method), $request);
+    $handler_class = "{$function}_rest";
+    $handler_method = $request->method;
+
+    if (!method_exists($handler_class, $handler_method)) {
+      throw new Rest_Exception("Bad Request", 400);
+    }
+
+    try {
+      print rest::reply(call_user_func(array($handler_class, $handler_method), $request));
+    } catch (ORM_Validation_Exception $e) {
+      foreach ($e->validation->errors() as $key => $value) {
+        $msgs[] = "$key: $value";
       }
-    } catch (Rest_Exception $e) {
-      $e->sendHeaders();
+      throw new Rest_Exception("Bad Request: " . join(", ", $msgs), 400);
     }
   }
 }
\ No newline at end of file