Merge pull request chriskacerguis#146 from davidstanley01/master

Added config elements to force ssl and to allow user to specify column name containing api key

Author: Phil Sturgeon

application/config/rest.php

@@ -1,5 +1,17 @@
 <?php defined('BASEPATH') OR exit('No direct script access allowed');
 
+/*
+|--------------------------------------------------------------------------
+| HTTP protocol
+|--------------------------------------------------------------------------
+|
+| Should the service accept only HTTPS requests or not?
+|
+|	Default: FALSE
+|
+*/
+$config['force_https'] = FALSE;
+
 /*
 |--------------------------------------------------------------------------
 | REST Format
@@ -163,6 +175,17 @@
 */
 $config['rest_enable_keys'] = FALSE;
 
+/*
+|--------------------------------------------------------------------------
+| REST Table Key Column Name
+|--------------------------------------------------------------------------
+|
+| If you are not using the default table schema as shown above, what is the 
+| name of the db column that holds the api key value?
+|
+*/
+$config['rest_key_column'] = 'key';
+
 /*
 |--------------------------------------------------------------------------
 | REST Key Length
@@ -219,7 +242,7 @@
 	  `api_key` varchar(40) NOT NULL,
 	  `ip_address` varchar(45) NOT NULL,
 	  `time` int(11) NOT NULL,
-	  `authorized` tinyint(1) NOT NULL,
+	  `authorized` tinyint(1) NOT NULL
 	  PRIMARY KEY (`id`)
 	) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 |

application/libraries/REST_Controller.php

@@ -60,6 +60,13 @@ abstract class REST_Controller extends CI_Controller
 	 */
 	protected $rest = NULL;
 
+	/**
+	 * Object to store data about the client sending the request
+	 *
+	 * @var object
+	 */
+    protected $client = NULL;	 
+
 	/**
 	 * The arguments for the GET request method
 	 *
@@ -145,8 +152,13 @@ public function __construct()
 		// Lets grab the config and get ready to party
 		$this->load->config('rest');
 
-		// How is this request being made? POST, DELETE, GET, PUT?
+		// let's learn about the request
 		$this->request = new stdClass();
+		
+		// Is it over SSL?
+		$this->request->ssl = $this->_detect_ssl();
+		
+		// How is this request being made? POST, DELETE, GET, PUT?
 		$this->request->method = $this->_detect_method();
 
 		// Create argument container, if nonexistent
@@ -250,6 +262,12 @@ public function __construct()
 	 */
 	public function _remap($object_called, $arguments)
 	{
+		// Should we answer if not over SSL?
+		if (config_item('force_https') AND !$this->_detect_ssl())
+		{
+    	   $this->response(array('status' => false, 'error' => 'Unsupported protocol'), 403);	
+		}
+		
 		$pattern = '/^(.*)\.('.implode('|', array_keys($this->_supported_formats)).')$/';
 		if (preg_match($pattern, $object_called, $matches))
 		{
@@ -407,6 +425,17 @@ public function response($data = array(), $http_code = null)
 		exit($output);
 	}
 
+	/*
+	 * Detect SSL use
+	 *
+	 * Detect whether SSL is being used or not
+	 */
+	protected function _detect_ssl()
+	{
+    		return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on"));
+	}
+	
+	
 	/*
 	 * Detect input format
 	 *
@@ -569,18 +598,20 @@ protected function _detect_api_key()
 		// Find the key from server or arguments
 		if (($key = isset($this->_args[$api_key_variable]) ? $this->_args[$api_key_variable] : $this->input->server($key_name)))
 		{
-			if ( ! ($row = $this->rest->db->where('key', $key)->get(config_item('rest_keys_table'))->row()))
+			if ( ! ($this->client = $this->rest->db->where(config_item('rest_key_column'), $key)->get(config_item('rest_keys_table'))->row()))
 			{
 				return FALSE;
 			}
 
-			$this->rest->key = $row->key;
+			$this->rest->key = $this->client->{config_item('rest_key_column')};
 
+			/*
 			isset($row->user_id) AND $this->rest->user_id = $row->user_id;
 			isset($row->level) AND $this->rest->level = $row->level;
 			isset($row->ignore_limits) AND $this->rest->ignore_limits = $row->ignore_limits;
+			*/
 
-			return TRUE;
+			return $this->client;
 		}
 
 		// No key has been sent