From fa0663d7df0cfcf0818e182f3d2d19fc6be2a5d1 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 8 Dec 2009 09:19:48 -0800
Subject: Rename the backing table from rest_keys to user_access_tokens
 Implement an api to format the errors and success messages Removed the custom
 routing... urls are now /rest/<module_name>/<resource>

---
 modules/rest/config/routes.php              | 23 ----------
 modules/rest/controllers/rest.php           | 53 ++++++++++------------
 modules/rest/helpers/rest.php               | 69 +++++++++++++++++++++++++++++
 modules/rest/helpers/rest_event.php         |  8 ++--
 modules/rest/helpers/rest_installer.php     |  4 +-
 modules/rest/models/rest_key.php            | 21 ---------
 modules/rest/models/user_access_token.php   | 21 +++++++++
 modules/rest/tests/Rest_Controller_Test.php | 34 +++++++-------
 8 files changed, 136 insertions(+), 97 deletions(-)
 delete mode 100644 modules/rest/config/routes.php
 create mode 100644 modules/rest/helpers/rest.php
 delete mode 100644 modules/rest/models/rest_key.php
 create mode 100644 modules/rest/models/user_access_token.php

(limited to 'modules')

diff --git a/modules/rest/config/routes.php b/modules/rest/config/routes.php
deleted file mode 100644
index ec65fda8..00000000
--- a/modules/rest/config/routes.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-// Redirect module REST requests to the REST Controller
-$config["^(\w+)/rest/(.*)$"] = "rest/$1/$2";
-
diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php
index d16d2316..0e5cbe96 100644
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -20,21 +20,21 @@ class Rest_Controller extends Controller {
   public function access_key() {
     $request = json_decode($this->input->post("request"));
     if (empty($request->user) || empty($request->password)) {
-      print json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed")));
+      print rest::forbidden("No user or password supplied");
       return;
     }
 
     $user = identity::lookup_user_by_name($request->user);
     if (empty($user)) {
-      print json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed")));
+      print rest::forbidden("User '{$request->user}' not found");
       return;
     }
 
     if (!identity::is_correct_password($user, $request->password)) {
-      print json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed")));
+      print rest::forbidden("Invalid password for '{$request->user}'.");
       return;
     }
-    $key = ORM::factory("rest_key")
+    $key = ORM::factory("user_access_token")
       ->where("user_id", $user->id)
       ->find();
     if (!$key->loaded) {
@@ -43,7 +43,7 @@ class Rest_Controller extends Controller {
       $key->save();
       Kohana::log("alert",  Kohana::debug($key->as_array()));
     }
-    print json_encode(array("status" => "OK", "token" => $key->access_key));
+    print rest::success(array("token" => $key->access_key));
   }
 
   public function __call($function, $args) {
@@ -51,41 +51,37 @@ class Rest_Controller extends Controller {
     $request = $this->input->post("request", null);
 
     if (empty($access_token)) {
-      print json_encode(array("status" => "ERROR",
-                              "message" => (string)t("Authorization failed")));
+      print rest::forbidden("No access token supplied.");
       return;
     }
 
-    if (!empty($request)) {
-      $method = strtolower($this->input->server("HTTP_X_HTTP_METHOD_OVERRIDE", "POST"));
-      $request = json_decode($request);
-    } else {
-        print json_encode(array("status" => "ERROR",
-                                "message" => (string)t("Authorization failed")));
-        return;
-    }
-
     try {
-      $key = ORM::factory("rest_key")
+      $key = ORM::factory("user_access_token")
         ->where("access_key", $access_token)
         ->find();
 
       if (!$key->loaded) {
-        print json_encode(array("status" => "ERROR",
-                                "message" => (string)t("Authorization failed")));
+        print rest::forbidden("Invalid key: $access_token");
         return;
       }
 
       $user = identity::lookup_user($key->user_id);
       if (empty($user)) {
-        print json_encode(array("status" => "ERROR",
-                                "message" => (string)t("Authorization failed")));
+        print rest::forbidden("User not found: {$key->user_id}");
         return;
       }
 
+      if (!empty($request)) {
+        $method = strtolower($this->input->server("HTTP_X_HTTP_METHOD_OVERRIDE", "POST"));
+        $request = json_decode($request);
+      } else {
+        print rest::invalid_request("Empty Request");
+        return;
+      }
+
+
       if (empty($args[0])) {
-        print json_encode(array("status" => "ERROR",
-                                "message" => (string)t("Invalid request parameters")));
+        print rest::invalid_request("Resource not supplied");
         return;
       }
 
@@ -93,18 +89,15 @@ class Rest_Controller extends Controller {
       $handler_method = "{$method}_{$args[0]}";
 
       if (!method_exists($handler_class, $handler_method)) {
-        Kohana::log("error", "$handler_class::$handler_method is not implemented");
-        print json_encode(array("status" => "ERROR",
-                                "message" => (string)t("Service not implemented")));
+        print rest::not_implemented("$handler_class::$handler_method is not implemented");
         return;
       }
 
-      $response = call_user_func(array($handler_class, $handler_method), $request);
+      identity::set_active_user($user);
 
-      print json_encode($response);
+      print call_user_func(array($handler_class, $handler_method), $request);
     } catch (Exception $e) {
-      Kohana::log("error", $e->__toString());
-      print json_encode(array("status" => "ERROR", "message" => (string)t("Internal error")));
+      print rest::internal_error($e);
     }
   }
 
diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php
new file mode 100644
index 00000000..34852a9e
--- /dev/null
+++ b/modules/rest/helpers/rest.php
@@ -0,0 +1,69 @@
+<?php defined("SYSPATH") or die("No direct script access.");/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class rest_Core {
+  /**
+   * Authorization Failure
+   */
+  static function forbidden($log_message=null) {
+    return self::_format_response(t("Authorization failed"), $log_message);
+  }
+
+  /**
+   * Invalid Failure
+   */
+  static function invalid_request($log_message=null) {
+    return self::_format_response(t("Invalid request"), $log_message);
+  }
+
+  /**
+   * Not implemented
+   */
+  static function not_implemented($log_message=null) {
+    return self::_format_response(t("Service not implemented"), $log_message);
+  }
+
+  /**
+   * Internal Error
+   */
+  static function internal_error($log_message=null) {
+    return self::_format_response(t("Internal error"), $log_message);
+  }
+
+  /**
+   * Not implemented
+   */
+  static function success($response_data, $message=null) {
+    $response = array("status" => "OK");
+    if (!empty($message)) {
+      $response["message"] = (string)$message;
+    }
+    // We don't need to save the session for this request
+    Session::abort_save();
+    return json_encode(array_merge($response, $response_data));
+  }
+
+  private static function _format_response($message, $log_message) {
+    if (!empty($log_message)) {
+      Kohana::log("info", $log_message);
+    }
+    // We don't need to save the session for this request
+    Session::abort_save();
+    return json_encode(array("status" => "ERROR", "message" => (string)$message));
+  }
+}
diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php
index fd1c25be..ce926107 100644
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -22,7 +22,7 @@ class rest_event {
    * the user_homes directory.
    */
   static function user_before_delete($user) {
-     ORM::factory("rest_key")
+     ORM::factory("user_access_token")
       ->where("id", $user->id)
       ->delete_all();
   }
@@ -32,7 +32,7 @@ class rest_event {
    * on every add.
    */
   static function user_add_form_admin_completed($user, $form) {
-    $key = ORM::factory("rest_key");
+    $key = ORM::factory("user_access_token");
     $key->user_id = $user->id;
     $key->access_key = md5($user->name . rand());
     $key->save();
@@ -56,7 +56,7 @@ class rest_event {
    * Get the form fields for user edit
    */
   static function _get_access_key_form($user, $form) {
-    $key = ORM::factory("rest_key")
+    $key = ORM::factory("user_access_token")
       ->where("user_id", $user->id)
       ->find();
 
@@ -66,7 +66,7 @@ class rest_event {
       $key->save();
     }
 
-    $form->edit_user->input("access_key")
+    $form->edit_user->input("user_access_token")
       ->value($key->access_key)
       ->readonly("readonly")
       ->class("g-form-static")
diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php
index 274002c0..9fbc5b2e 100644
--- a/modules/rest/helpers/rest_installer.php
+++ b/modules/rest/helpers/rest_installer.php
@@ -20,7 +20,7 @@
 class rest_installer {
   static function install() {
     Database::instance()
-      ->query("CREATE TABLE {rest_keys} (
+      ->query("CREATE TABLE {user_access_tokens} (
                 `id` int(9) NOT NULL auto_increment,
                 `user_id` int(9) NOT NULL,
                 `access_key` char(32) NOT NULL,
@@ -32,6 +32,6 @@ class rest_installer {
   }
 
   static function uninstall() {
-    Database::instance()->query("DROP TABLE IF EXISTS {rest_keys}");
+    Database::instance()->query("DROP TABLE IF EXISTS {user_access_tokens}");
   }
 }
diff --git a/modules/rest/models/rest_key.php b/modules/rest/models/rest_key.php
deleted file mode 100644
index 4dee8b65..00000000
--- a/modules/rest/models/rest_key.php
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class Rest_Key_Model extends ORM {
-}
diff --git a/modules/rest/models/user_access_token.php b/modules/rest/models/user_access_token.php
new file mode 100644
index 00000000..5669d8d1
--- /dev/null
+++ b/modules/rest/models/user_access_token.php
@@ -0,0 +1,21 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class User_Access_Token_Model extends ORM {
+}
diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php
index 16c5177b..afac2d05 100644
--- a/modules/rest/tests/Rest_Controller_Test.php
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -21,7 +21,7 @@ class Rest_Controller_Test extends Unit_Test_Case {
   public function setup() {
     $this->_save = array($_GET, $_POST, $_SERVER);
     $this->_user = identity::create_user("access_test", "Access Test", "password");
-    $key = ORM::factory("rest_key");
+    $key = ORM::factory("user_access_token");
     $this->_access_key = $key->access_key = md5($this->_user->name . rand());
     $key->user_id = $this->_user->id;
     $key->save();
@@ -59,7 +59,7 @@ class Rest_Controller_Test extends Unit_Test_Case {
   }
 
   public function rest_access_key_generated_test() {
-    ORM::factory("rest_key")
+    ORM::factory("user_access_token")
       ->where("access_key", $this->_access_key)
       ->delete();
     $_SERVER["REQUEST_METHOD"] = "POST";
@@ -97,46 +97,46 @@ class Rest_Controller_Test extends Unit_Test_Case {
       $this->_call_controller());
   }
 
-  public function rest_get_album_no_request_key_test() {
+  public function rest_get_resource_no_request_key_test() {
     $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
 
     $_SERVER["REQUEST_METHOD"] = "POST";
-    $_POST["request"] = json_encode(array("path" => "/test_album"));
+    $_POST["request"] = json_encode(array("path" => $this->_path));
 
     $this->assert_equal(
       json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
       $this->_call_controller("rest"));
   }
 
-  public function rest_get_album_no_request_content_test() {
+  public function rest_get_resource_no_request_content_test() {
     $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
 
     $_SERVER["REQUEST_METHOD"] = "POST";
     $_GET["request_key"] = $this->_access_key;
 
     $this->assert_equal(
-      json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
+      json_encode(array("status" => "ERROR", "message" => (string)t("Invalid request"))),
       $this->_call_controller("rest"));
   }
 
-  public function rest_get_album_invalid_key_test() {
+  public function rest_get_resource_invalid_key_test() {
     $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
 
     $_SERVER["REQUEST_METHOD"] = "POST";
     $_GET["request_key"] = md5($this->_access_key); // screw up the access key
-    $_POST["request"] = json_encode(array("path" => "/test_album"));
+    $_POST["request"] = json_encode(array("path" => $this->_path));
 
     $this->assert_equal(
       json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
       $this->_call_controller());
   }
 
-  public function rest_get_album_no_user_for_key_test() {
+  public function rest_get_resource_no_user_for_key_test() {
     $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
     $_SERVER["REQUEST_METHOD"] = "POST";
 
     $_GET["request_key"] = $this->_access_key;
-    $_POST["request"] = json_encode(array("path" => "/test_album"));
+    $_POST["request"] = json_encode(array("path" => $this->_path));
 
     $this->_user->delete();
     unset($this->_user);
@@ -146,31 +146,31 @@ class Rest_Controller_Test extends Unit_Test_Case {
       $this->_call_controller("rest"));
   }
 
-  public function rest_get_album_no_resource_test() {
+  public function rest_get_resource_no_resource_test() {
     $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
     $_SERVER["REQUEST_METHOD"] = "POST";
 
     $_GET["request_key"] = $this->_access_key;
-    $_POST["request"] = json_encode(array("path" => "/test_album"));
+    $_POST["request"] = json_encode(array("path" => $this->_path));
 
     $this->assert_equal(
-      json_encode(array("status" => "ERROR", "message" => (string)t("Invalid request parameters"))),
+      json_encode(array("status" => "ERROR", "message" => (string)t("Invalid request"))),
       $this->_call_controller("rest"));
   }
 
-  public function rest_get_album_no_handler_test() {
+  public function rest_get_resource_no_handler_test() {
     $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
     $_SERVER["REQUEST_METHOD"] = "POST";
 
     $_GET["request_key"] = $this->_access_key;
-    $_POST["request"] = json_encode(array("path" => "/test_album"));
+    $_POST["request"] = json_encode(array("path" => $this->_path));
 
     $this->assert_equal(
       json_encode(array("status" => "ERROR", "message" => (string)t("Service not implemented"))),
       $this->_call_controller("rest", "album"));
   }
 
-  public function rest_get_album_test() {
+  public function rest_get_resource_test() {
     $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
     $_SERVER["REQUEST_METHOD"] = "POST";
 
@@ -214,7 +214,7 @@ class rest_rest {
     $response["description"] = $item->description;
     $response["internet_address"] = $item->slug;
     $response["type"] = $item->type;
-    return array("status" => "OK", "message" => (string)t("Processed"), "item" => $response);
+    return rest::success(array("item" => $response), t("Processed"));
   }
 
 }
-- 
cgit v1.2.3