summaryrefslogtreecommitdiff
path: root/modules/rest
diff options
context:
space:
mode:
Diffstat (limited to 'modules/rest')
-rw-r--r--modules/rest/controllers/rest.php114
-rw-r--r--modules/rest/helpers/rest.php97
-rw-r--r--modules/rest/helpers/rest_event.php75
-rw-r--r--modules/rest/helpers/rest_installer.php37
-rw-r--r--modules/rest/models/user_access_token.php21
-rw-r--r--modules/rest/module.info4
-rw-r--r--modules/rest/tests/Rest_Controller_Test.php186
7 files changed, 534 insertions, 0 deletions
diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
new file mode 100644
index 00000000..6715bc15
--- /dev/null
+++ b/modules/rest/controllers/rest.php
@@ -0,0 +1,114 @@
+<?php defined("SYSPATH") or die("No direct script access.");/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class Rest_Controller extends Controller {
+ public function access_key() {
+ $request = (object)Input::instance()->get();
+ if (empty($request->user) || empty($request->password)) {
+ print rest::forbidden("No user or password supplied");
+ return;
+ }
+
+ $user = identity::lookup_user_by_name($request->user);
+ if (empty($user)) {
+ print rest::forbidden("User '{$request->user}' not found");
+ return;
+ }
+
+ if (!identity::is_correct_password($user, $request->password)) {
+ print rest::forbidden("Invalid password for '{$request->user}'.");
+ return;
+ }
+
+ $key = ORM::factory("user_access_token")
+ ->where("user_id", "=", $user->id)
+ ->find();
+ if (!$key->loaded()) {
+ $key->user_id = $user->id;
+ $key->access_key = md5($user->name . rand());
+ $key->save();
+ Kohana_Log::add("alert", Kohana::debug($key->as_array()));
+ }
+ print rest::success(array("token" => $key->access_key));
+ }
+
+ public function __call($function, $args) {
+ $request = $this->_normalize_request($args);
+ try {
+ if ($this->_set_active_user($request->access_token)) {
+ $handler_class = "{$function}_rest";
+ $handler_method = $request->method;
+
+ if (!method_exists($handler_class, $handler_method)) {
+ print rest::not_implemented("$handler_class::$handler_method is not implemented");
+ return;
+ }
+
+ print call_user_func(array($handler_class, $handler_method), $request);
+ }
+ } catch (Exception $e) {
+ print rest::internal_error($e->__toString());
+ }
+ }
+
+ private function _normalize_request($args=array()) {
+ $input = Input::instance();
+ $method = strtolower($input->server("REQUEST_METHOD"));
+ $request = new stdClass();
+ foreach (array_keys($input->get()) as $key) {
+ $request->$key = $input->get($key);
+ }
+ if ($method != "get") {
+ foreach (array_keys($input->post()) as $key) {
+ $request->$key = $input->post($key);
+ }
+ foreach (array_keys($_FILES) as $key) {
+ $request->$key = $_FILES[$key];
+ }
+ }
+
+ $request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method));
+ $request->access_token = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
+ $request->arguments = $args; // Let the rest handler figure out what the arguments mean
+
+ return $request;
+ }
+
+ private function _set_active_user($access_token) {
+ if (empty($access_token)) {
+ $user = identity::guest();
+ } else {
+ $key = ORM::factory("user_access_token")
+ ->where("access_key", "=", $access_token)
+ ->find();
+
+ if ($key->loaded()) {
+ $user = identity::lookup_user($key->user_id);
+ if (empty($user)) {
+ print rest::forbidden("User not found: {$key->user_id}");
+ return false;;
+ }
+ } else {
+ print rest::forbidden("Invalid user access token supplied: {$key->user_id}");
+ return false;
+ }
+ }
+ identity::set_active_user($user);
+ return true;
+ }
+} \ No newline at end of file
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
new file mode 100644
index 00000000..276ff0c2
--- /dev/null
+++ b/modules/rest/helpers/rest.php
@@ -0,0 +1,97 @@
+<?php defined("SYSPATH") or die("No direct script access.");/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class rest_Core {
+ /**
+ * Authorization Failure
+ */
+ static function forbidden($log_message=null) {
+ return self::_format_failure_response(t("Authorization failed"), $log_message);
+ }
+
+ /**
+ * Invalid Failure
+ */
+ static function invalid_request($log_message=null) {
+ return self::_format_failure_response(t("Invalid request"), $log_message);
+ }
+
+ /**
+ * Not Implemented
+ */
+ static function not_implemented($log_message=null) {
+ return self::_format_failure_response(t("Service not implemented"), $log_message);
+ }
+
+ /**
+ * Internal Error
+ */
+ static function internal_error($log_message=null) {
+ return self::_format_failure_response(t("Internal error"), $log_message);
+ }
+
+ /**
+ * Resource Not Found
+ */
+ static function not_found($log_message=null) {
+ return self::_format_failure_response(t("Resource not found"), $log_message);
+ }
+
+ /**
+ * Resource Not Found
+ */
+ static function fail($log_message=null) {
+ return self::_format_failure_response($log_message, $log_message);
+ }
+
+ /**
+ * Success
+ */
+ static function success($response_data=array(), $message=null) {
+ $response = array("status" => "OK");
+ if (!empty($message)) {
+ $response["message"] = (string)$message;
+ }
+ $response = array_merge($response, $response_data);
+
+ // We don't need to save the session for this request
+ Session::abort_save();
+ return json_encode($response);
+ }
+
+ /**
+ * Validation Error
+ */
+ static function validation_error($error_data) {
+ $response = array("status" => "VALIDATE_ERROR");
+ $response = array_merge($response, array("fields" => $error_data));
+
+ // We don't need to save the session for this request
+ Session::abort_save();
+ return json_encode($response);
+ }
+
+ private static function _format_failure_response($message, $log_message) {
+ if (!empty($log_message)) {
+ Kohana_Log::add("info", $log_message);
+ }
+ // We don't need to save the session for this request
+ Session::abort_save();
+ return json_encode(array("status" => "ERROR", "message" => (string)$message));
+ }
+}
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
new file mode 100644
index 00000000..ce926107
--- /dev/null
+++ b/modules/rest/helpers/rest_event.php
@@ -0,0 +1,75 @@
+<?php defined("SYSPATH") or die("No direct script access.");/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class rest_event {
+ /**
+ * Called just before a user is deleted. This will remove the user from
+ * the user_homes directory.
+ */
+ static function user_before_delete($user) {
+ ORM::factory("user_access_token")
+ ->where("id", $user->id)
+ ->delete_all();
+ }
+
+ /**
+ * Called after a user has been added. Just add a remote access key
+ * on every add.
+ */
+ static function user_add_form_admin_completed($user, $form) {
+ $key = ORM::factory("user_access_token");
+ $key->user_id = $user->id;
+ $key->access_key = md5($user->name . rand());
+ $key->save();
+ }
+
+ /**
+ * Called when admin is editing a user
+ */
+ static function user_edit_form_admin($user, $form) {
+ self::_get_access_key_form($user, $form);
+ }
+
+ /**
+ * Called when user is editing their own form
+ */
+ static function user_edit_form($user, $form) {
+ self::_get_access_key_form($user, $form);
+ }
+
+ /**
+ * Get the form fields for user edit
+ */
+ static function _get_access_key_form($user, $form) {
+ $key = ORM::factory("user_access_token")
+ ->where("user_id", $user->id)
+ ->find();
+
+ if (!$key->loaded) {
+ $key->user_id = $user->id;
+ $key->access_key = md5($user->name . rand());
+ $key->save();
+ }
+
+ $form->edit_user->input("user_access_token")
+ ->value($key->access_key)
+ ->readonly("readonly")
+ ->class("g-form-static")
+ ->label(t("Remote access key"));
+ }
+}
diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php
new file mode 100644
index 00000000..9fbc5b2e
--- /dev/null
+++ b/modules/rest/helpers/rest_installer.php
@@ -0,0 +1,37 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class rest_installer {
+ static function install() {
+ Database::instance()
+ ->query("CREATE TABLE {user_access_tokens} (
+ `id` int(9) NOT NULL auto_increment,
+ `user_id` int(9) NOT NULL,
+ `access_key` char(32) NOT NULL,
+ PRIMARY KEY (`id`),
+ UNIQUE KEY(`access_key`),
+ UNIQUE KEY(`user_id`))
+ DEFAULT CHARSET=utf8;");
+ module::set_version("rest", 1);
+ }
+
+ static function uninstall() {
+ Database::instance()->query("DROP TABLE IF EXISTS {user_access_tokens}");
+ }
+}
diff --git a/modules/rest/models/user_access_token.php b/modules/rest/models/user_access_token.php
new file mode 100644
index 00000000..5669d8d1
--- /dev/null
+++ b/modules/rest/models/user_access_token.php
@@ -0,0 +1,21 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class User_Access_Token_Model extends ORM {
+}
diff --git a/modules/rest/module.info b/modules/rest/module.info
new file mode 100644
index 00000000..5576ec81
--- /dev/null
+++ b/modules/rest/module.info
@@ -0,0 +1,4 @@
+name = REST Access Module
+description = "The RESTful implementation/interface to Gallery3"
+
+version = 1
diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php
new file mode 100644
index 00000000..6bebc47d
--- /dev/null
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -0,0 +1,186 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+class Rest_Controller_Test extends Unit_Test_Case {
+ public function setup() {
+ $this->_save = array($_GET, $_POST, $_SERVER);
+ $this->_user = identity::create_user("access_test", "Access Test", "password");
+ $key = ORM::factory("user_access_token");
+ $this->_access_key = $key->access_key = md5($this->_user->name . rand());
+ $key->user_id = $this->_user->id;
+ $key->save();
+
+ $root = ORM::factory("item", 1);
+ $this->_album = album::create($root, "album", "Test Album", rand());
+ $this->_child = album::create($this->_album, "child", "Test Child Album", rand());
+
+ $filename = MODPATH . "gallery/tests/test.jpg";
+ $rand = rand();
+ $this->_photo = photo::create($this->_child, $filename, "$rand.jpg", $rand);
+ }
+
+ public function teardown() {
+ list($_GET, $_POST, $_SERVER) = $this->_save;
+
+ try {
+ if (!empty($this->_user)) {
+ $this->_user->delete();
+ }
+ if (!empty($this->_album)) {
+ $this->_album->delete();
+ }
+ } catch (Exception $e) { }
+ }
+
+ public function rest_access_key_exists_test() {
+ $_SERVER["REQUEST_METHOD"] = "GET";
+ $_GET["user"] = "access_test";
+ $_GET["password"] = "password";
+
+ $this->assert_equal(
+ json_encode(array("status" => "OK", "token" => $this->_access_key)),
+ $this->_call_controller());
+ }
+
+ public function rest_access_key_generated_test() {
+ ORM::factory("user_access_token")
+ ->where("access_key", $this->_access_key)
+ ->delete();
+ $_SERVER["REQUEST_METHOD"] = "GET";
+ $_GET["user"] = "access_test";
+ $_GET["password"] = "password";
+
+ $results = json_decode($this->_call_controller());
+
+ $this->assert_equal("OK", $results->status);
+ $this->assert_false(empty($results->token));
+ }
+
+ public function rest_access_key_no_parameters_test() {
+ $_SERVER["REQUEST_METHOD"] = "GET";
+
+ $this->assert_equal(
+ json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
+ $this->_call_controller());
+ }
+
+ public function rest_access_key_user_not_found_test() {
+ $_SERVER["REQUEST_METHOD"] = "POST";
+ $_POST["request"] = json_encode(array("user" => "access_test2", "password" => "password"));
+
+ $this->assert_equal(
+ json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
+ $this->_call_controller());
+ }
+
+ public function rest_access_key_invalid_password_test() {
+ $_SERVER["REQUEST_METHOD"] = "POST";
+
+ $this->assert_equal(
+ json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
+ $this->_call_controller());
+ }
+
+ public function rest_get_resource_no_request_key_test() {
+ $_SERVER["REQUEST_METHOD"] = "GET";
+
+ $this->assert_equal(
+ json_encode(array("status" => "OK", "message" => (string)t("Processed"),
+ "photo" => array("path" => $this->_photo->relative_url(),
+ "title" => $this->_photo->title,
+ "thumb_url" => $this->_photo->thumb_url(),
+ "description" => $this->_photo->description,
+ "internet_address" => $this->_photo->slug))),
+ $this->_call_controller("rest", explode("/", $this->_photo->relative_url())));
+ }
+
+ public function rest_get_resource_invalid_key_test() {
+ $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = md5($this->_access_key); // screw up the access key;
+ $_SERVER["REQUEST_METHOD"] = "GET";
+
+ $this->assert_equal(
+ json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
+ $this->_call_controller());
+ }
+
+ public function rest_get_resource_no_user_for_key_test() {
+ $_SERVER["REQUEST_METHOD"] = "GET";
+ $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $this->_access_key;
+
+ $this->_user->delete();
+ unset($this->_user);
+
+ $this->assert_equal(
+ json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
+ $this->_call_controller("rest", explode("/", $this->_photo->relative_url())));
+ }
+
+ public function rest_get_resource_no_handler_test() {
+ $_SERVER["REQUEST_METHOD"] = "GET";
+ $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $this->_access_key;
+ $_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "PUT";
+
+ $this->assert_equal(
+ json_encode(array("status" => "ERROR", "message" => (string)t("Service not implemented"))),
+ $this->_call_controller("rest", explode("/", $this->_photo->relative_url())));
+ }
+
+ public function rest_get_resource_test() {
+ $_SERVER["REQUEST_METHOD"] = "GET";
+ $_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $this->_access_key;
+
+ $this->assert_equal(
+ json_encode(array("status" => "OK", "message" => (string)t("Processed"),
+ "photo" => array("path" => $this->_photo->relative_url(),
+ "title" => $this->_photo->title,
+ "thumb_url" => $this->_photo->thumb_url(),
+ "description" => $this->_photo->description,
+ "internet_address" => $this->_photo->slug))),
+ $this->_call_controller("rest", explode("/", $this->_photo->relative_url())));
+ }
+
+ private function _call_controller($method="access_key", $arg=null) {
+ $controller = new Rest_Controller();
+
+ ob_start();
+ call_user_func_array(array($controller, $method), $arg);
+ $results = ob_get_contents();
+ ob_end_clean();
+
+ return $results;
+ }
+}
+
+class rest_rest {
+ static $request = null;
+
+ static function get($request) {
+ self::$request = $request;
+ $item = ORM::factory("item")
+ ->where("relative_url_cache", "=", implode("/", $request->arguments))
+ ->find();
+ $response["path"] = $item->relative_url();
+ $response["title"] = $item->title;
+ $response["thumb_url"] = $item->thumb_url();
+ $response["description"] = $item->description;
+ $response["internet_address"] = $item->slug;
+ return rest::success(array($item->type => $response), t("Processed"));
+ }
+
+}
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 23:15:00 +0000