- See the article - - http://net.tutsplus.com/tutorials/php/working-with-restful-services-in-codeigniter-2/ - -
- -- The master project repository is - - https://github.com/chriskacerguis/codeigniter-restserver - -
- -- Click on the links to check whether the REST server is working. -
- -The page you are looking at is being generated dynamically by CodeIgniter.
- -If you would like to edit this page you'll find it located at:
-application/views/welcome_message.php
-
- The corresponding controller for this page is found at:
-application/controllers/Welcome.php
-
-
- If you are exploring CodeIgniter for the very first time, you should start by reading the User Guide.
- -The requested page could not be found.
-You have probably clicked on a link that is outdated and points to a page that does not exist any more or you have made an typing error in the address.
-To continue please try to find requested page in the menu, or use search field on the top.
-This is an example of a few basic user interaction methods you could use -all done with a hardcoded array
-
- REST_Controller
-
-
-
-
-Example
-
-
-
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- __destruct(),
- _auth_override_check(),
- _check_access(),
- _check_blacklist_auth(),
- _check_limit(),
- _check_login(),
- _check_php_session(),
- _check_whitelist_auth(),
- _detect_api_key(),
- _detect_input_format(),
- _detect_lang(),
- _detect_method(),
- _detect_output_format(),
- _force_login(),
- _log_access_time(),
- _log_request(),
- _log_response_code(),
- _parse_delete(),
- _parse_get(),
- _parse_head(),
- _parse_options(),
- _parse_patch(),
- _parse_post(),
- _parse_put(),
- _parse_query(),
- _perform_ldap_auth(),
- _perform_library_auth(),
- _prepare_basic_auth(),
- _prepare_digest_auth(),
- _remap(),
- _xss_clean(),
- delete(),
- early_checks(),
- get(),
- head(),
- options(),
- patch(),
- post(),
- put(),
- query(),
- response(),
- set_response(),
- validation_errors()
- |
-
- $_allow,
- $_apiuser,
- $_args,
- $_delete_args,
- $_enable_xss,
- $_end_rtime,
- $_get_args,
- $_head_args,
- $_insert_id,
- $_options_args,
- $_patch_args,
- $_post_args,
- $_put_args,
- $_query_args,
- $_start_rtime,
- $_supported_formats,
- $_user_ldap_dn,
- $allowed_http_methods,
- $http_status_codes,
- $methods,
- $request,
- $response,
- $rest,
- $rest_format
- |
-
Format class -Help convert between various formats such as XML, JSON, CSV, etc.
-
- public
-
-
-
-
- |
-
-
- #
- __construct( null $data = NULL, null $from_type = NULL )
-
-
-
-
-
- DO NOT CALL THIS DIRECTLY, USE factory() - |
-
- public
-
- object
-
-
- |
-
- - |
- public
-
- array
-
-
- |
-
- - |
- public
-
- mixed
-
-
- |
-
- - |
- public
-
- mixed
-
-
- |
-
- - |
- public
-
- string
-
-
- |
-
- - |
- public
-
- string
-
-
- |
-
- - |
- public
-
- string
-
-
- |
-
- - |
- public
-
- mixed
-
-
- |
-
- - |
- protected
-
- SimpleXMLElement
-
-
- |
-
- - |
- protected
-
- array
-
-
- |
-
- - |
- protected
-
- mixed
-
-
- |
-
- - |
- protected
-
- mixed
-
-
- |
-
- - |
- protected
-
- string
-
-
- |
-
- - |
string |
-
-
- ARRAY_FORMAT
-
-
-
-
-
-
- Array output format - |
-
-
- #
-
- 'array'
- |
-
string |
-
-
- CSV_FORMAT
-
-
-
-
-
-
- Comma Separated Value (CSV) output format - |
-
-
- #
-
- 'csv'
- |
-
string |
-
-
- JSON_FORMAT
-
-
-
-
-
-
- Json output format - |
-
-
- #
-
- 'json'
- |
-
string |
-
-
- HTML_FORMAT
-
-
-
-
-
-
- HTML output format - |
-
-
- #
-
- 'html'
- |
-
string |
-
-
- PHP_FORMAT
-
-
-
-
-
-
- PHP output format - |
-
-
- #
-
- 'php'
- |
-
string |
-
-
- SERIALIZED_FORMAT
-
-
-
-
-
-
- Serialized output format - |
-
-
- #
-
- 'serialized'
- |
-
string |
-
-
- XML_FORMAT
-
-
-
-
-
-
- XML output format - |
-
-
- #
-
- 'xml'
- |
-
string |
-
-
- DEFAULT_FORMAT
-
-
-
-
-
-
- Default format of this class - |
-
-
- #
-
- |
-
- protected
- mixed
- |
-
-
- $_data
-
-
-
-
-
- Data to parse - |
-
-
- #
-
- []
- |
-
- protected
- string
- |
-
-
- $_from_type
-
-
-
-
-
- Type to convert from - |
-
-
- #
-
- NULL
- |
-
Keys Controller -This is a basic Key Management REST controller to make and delete keys
-
- REST_Controller
-
-
-
-
-Key
-
-
-
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- __construct(),
- __destruct(),
- _auth_override_check(),
- _check_access(),
- _check_blacklist_auth(),
- _check_limit(),
- _check_login(),
- _check_php_session(),
- _check_whitelist_auth(),
- _detect_api_key(),
- _detect_input_format(),
- _detect_lang(),
- _detect_method(),
- _detect_output_format(),
- _force_login(),
- _log_access_time(),
- _log_request(),
- _log_response_code(),
- _parse_delete(),
- _parse_get(),
- _parse_head(),
- _parse_options(),
- _parse_patch(),
- _parse_post(),
- _parse_put(),
- _parse_query(),
- _perform_ldap_auth(),
- _perform_library_auth(),
- _prepare_basic_auth(),
- _prepare_digest_auth(),
- _remap(),
- _xss_clean(),
- delete(),
- early_checks(),
- get(),
- head(),
- options(),
- patch(),
- post(),
- put(),
- query(),
- response(),
- set_response(),
- validation_errors()
- |
-
- protected
- array
- |
-
-
- $methods
-
-
-
-
-
- Defines the list of method properties such as limit, log and level - |
-
-
- #
-
- [
- 'index_put' => ['level' => 10, 'limit' => 10],
- 'index_delete' => ['level' => 10],
- 'level_post' => ['level' => 10],
- 'regenerate_post' => ['level' => 10],
- ]
- |
-
- $_allow,
- $_apiuser,
- $_args,
- $_delete_args,
- $_enable_xss,
- $_end_rtime,
- $_get_args,
- $_head_args,
- $_insert_id,
- $_options_args,
- $_patch_args,
- $_post_args,
- $_put_args,
- $_query_args,
- $_start_rtime,
- $_supported_formats,
- $_user_ldap_dn,
- $allowed_http_methods,
- $http_status_codes,
- $request,
- $response,
- $rest,
- $rest_format
- |
-
CodeIgniter Rest Controller -A fully RESTful server implementation for CodeIgniter using one library, one config file and one controller.
-
-REST_Controller
-
-
-
- protected
-
-
-
-
- |
-
-
- #
- early_checks( )
-
-
-
-
-
- Extend this function to apply additional checking early on in the process - |
-
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
-
- #
- set_response( array|null $data = NULL, integer|null $http_code = NULL )
-
-
-
-
-
- Takes mixed data and optionally a status code, then creates the response -within the buffers of the Output class. The response is sent to the client -lately by the framework, after the current controller's method termination. -All the hooks after the controller's method termination are executable. - |
-
- protected
-
- string|null
-
-
- |
-
- - |
- protected
-
- mixed|null|string
-
-
- |
-
- - |
- protected
-
- string|null
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
- - |
- protected
-
- string|null
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
-
- #
- _check_limit( string $controller_method )
-
-
-
-
-
- Check if the requests to a controller method exceed a limit - |
-
- protected
-
- boolean
-
-
- |
-
-
- #
- _auth_override_check( )
-
-
-
-
-
- Check if there is a specific auth type set for the current class/method/HTTP-method being called - |
-
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- protected
-
- string
-
-
- |
-
-
- #
- _xss_clean( string $value, boolean $xss_clean )
-
-
-
-
-
- Sanitizes data so that Cross Site Scripting Hacks can be -prevented. - |
-
- public
-
- array
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
-
- #
- _perform_ldap_auth( string $username = '', string $password = NULL )
-
-
-
-
-
- Perform LDAP Authentication - |
-
- protected
-
- boolean
-
-
- |
-
-
- #
- _perform_library_auth( string $username = '', string $password = NULL )
-
-
-
-
-
- Perform Library Authentication - Override this function to change the way the library is called - |
-
- protected
-
- boolean
-
-
- |
-
-
- #
- _check_login( string $username = NULL, boolean|string $password = FALSE )
-
-
-
-
-
- Check if the user is logged in - |
-
- protected
-
-
-
-
- |
-
-
- #
- _check_php_session( )
-
-
-
-
-
- Check to see if the user is logged in with a PHP session key - |
-
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
-
- #
- _check_blacklist_auth( )
-
-
-
-
-
- Checks if the client's ip is in the 'rest_ip_blacklist' config and generates a 401 response - |
-
- protected
-
-
-
-
- |
-
-
- #
- _check_whitelist_auth( )
-
-
-
-
-
- Check if the client's ip is in the 'rest_ip_whitelist' config and generates a 401 response - |
-
- protected
-
-
-
-
- |
-
-
- #
- _force_login( string $nonce = '' )
-
-
-
-
-
- Force logging in by setting the WWW-Authenticate header - |
-
- protected
-
- boolean
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
-
- #
- _check_access( )
-
-
-
-
-
- Check to see if the API key has access to the controller and methods - |
-
integer |
-
-
- HTTP_CONTINUE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 100
- |
-
integer |
-
-
- HTTP_SWITCHING_PROTOCOLS
-
-
-
-
-
-
-
- |
-
-
- #
-
- 101
- |
-
integer |
-
-
- HTTP_PROCESSING
-
-
-
-
-
-
-
- |
-
-
- #
-
- 102
- |
-
integer |
-
-
- HTTP_OK
-
-
-
-
-
-
- The request has succeeded - |
-
-
- #
-
- 200
- |
-
integer |
-
-
- HTTP_CREATED
-
-
-
-
-
-
- The server successfully created a new resource - |
-
-
- #
-
- 201
- |
-
integer |
-
-
- HTTP_ACCEPTED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 202
- |
-
integer |
-
-
- HTTP_NON_AUTHORITATIVE_INFORMATION
-
-
-
-
-
-
-
- |
-
-
- #
-
- 203
- |
-
integer |
-
-
- HTTP_NO_CONTENT
-
-
-
-
-
-
- The server successfully processed the request, though no content is returned - |
-
-
- #
-
- 204
- |
-
integer |
-
-
- HTTP_RESET_CONTENT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 205
- |
-
integer |
-
-
- HTTP_PARTIAL_CONTENT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 206
- |
-
integer |
-
-
- HTTP_MULTI_STATUS
-
-
-
-
-
-
-
- |
-
-
- #
-
- 207
- |
-
integer |
-
-
- HTTP_ALREADY_REPORTED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 208
- |
-
integer |
-
-
- HTTP_IM_USED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 226
- |
-
integer |
-
-
- HTTP_MULTIPLE_CHOICES
-
-
-
-
-
-
-
- |
-
-
- #
-
- 300
- |
-
integer |
-
-
- HTTP_MOVED_PERMANENTLY
-
-
-
-
-
-
-
- |
-
-
- #
-
- 301
- |
-
integer |
-
-
- HTTP_FOUND
-
-
-
-
-
-
-
- |
-
-
- #
-
- 302
- |
-
integer |
-
-
- HTTP_SEE_OTHER
-
-
-
-
-
-
-
- |
-
-
- #
-
- 303
- |
-
integer |
-
-
- HTTP_NOT_MODIFIED
-
-
-
-
-
-
- The resource has not been modified since the last request - |
-
-
- #
-
- 304
- |
-
integer |
-
-
- HTTP_USE_PROXY
-
-
-
-
-
-
-
- |
-
-
- #
-
- 305
- |
-
integer |
-
-
- HTTP_RESERVED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 306
- |
-
integer |
-
-
- HTTP_TEMPORARY_REDIRECT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 307
- |
-
integer |
-
-
- HTTP_PERMANENTLY_REDIRECT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 308
- |
-
integer |
-
-
- HTTP_BAD_REQUEST
-
-
-
-
-
-
- The request cannot be fulfilled due to multiple errors - |
-
-
- #
-
- 400
- |
-
integer |
-
-
- HTTP_UNAUTHORIZED
-
-
-
-
-
-
- The user is unauthorized to access the requested resource - |
-
-
- #
-
- 401
- |
-
integer |
-
-
- HTTP_PAYMENT_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 402
- |
-
integer |
-
-
- HTTP_FORBIDDEN
-
-
-
-
-
-
- The requested resource is unavailable at this present time - |
-
-
- #
-
- 403
- |
-
integer |
-
-
- HTTP_NOT_FOUND
-
-
-
-
-
-
- The requested resource could not be found - |
-
-
- #
-
- 404
- |
-
integer |
-
-
- HTTP_METHOD_NOT_ALLOWED
-
-
-
-
-
-
- The request method is not supported by the following resource - |
-
-
- #
-
- 405
- |
-
integer |
-
-
- HTTP_NOT_ACCEPTABLE
-
-
-
-
-
-
- The request was not acceptable - |
-
-
- #
-
- 406
- |
-
integer |
-
-
- HTTP_PROXY_AUTHENTICATION_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 407
- |
-
integer |
-
-
- HTTP_REQUEST_TIMEOUT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 408
- |
-
integer |
-
-
- HTTP_CONFLICT
-
-
-
-
-
-
- The request could not be completed due to a conflict with the current state -of the resource - |
-
-
- #
-
- 409
- |
-
integer |
-
-
- HTTP_GONE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 410
- |
-
integer |
-
-
- HTTP_LENGTH_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 411
- |
-
integer |
-
-
- HTTP_PRECONDITION_FAILED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 412
- |
-
integer |
-
-
- HTTP_REQUEST_ENTITY_TOO_LARGE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 413
- |
-
integer |
-
-
- HTTP_REQUEST_URI_TOO_LONG
-
-
-
-
-
-
-
- |
-
-
- #
-
- 414
- |
-
integer |
-
-
- HTTP_UNSUPPORTED_MEDIA_TYPE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 415
- |
-
integer |
-
-
- HTTP_REQUESTED_RANGE_NOT_SATISFIABLE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 416
- |
-
integer |
-
-
- HTTP_EXPECTATION_FAILED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 417
- |
-
integer |
-
-
- HTTP_I_AM_A_TEAPOT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 418
- |
-
integer |
-
-
- HTTP_UNPROCESSABLE_ENTITY
-
-
-
-
-
-
-
- |
-
-
- #
-
- 422
- |
-
integer |
-
-
- HTTP_LOCKED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 423
- |
-
integer |
-
-
- HTTP_FAILED_DEPENDENCY
-
-
-
-
-
-
-
- |
-
-
- #
-
- 424
- |
-
integer |
-
-
- HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL
-
-
-
-
-
-
-
- |
-
-
- #
-
- 425
- |
-
integer |
-
-
- HTTP_UPGRADE_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 426
- |
-
integer |
-
-
- HTTP_PRECONDITION_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 428
- |
-
integer |
-
-
- HTTP_TOO_MANY_REQUESTS
-
-
-
-
-
-
-
- |
-
-
- #
-
- 429
- |
-
integer |
-
-
- HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 431
- |
-
integer |
-
-
- HTTP_INTERNAL_SERVER_ERROR
-
-
-
-
-
-
- The server encountered an unexpected error - |
-
-
- #
-
- 500
- |
-
integer |
-
-
- HTTP_NOT_IMPLEMENTED
-
-
-
-
-
-
- The server does not recognise the request method - |
-
-
- #
-
- 501
- |
-
integer |
-
-
- HTTP_BAD_GATEWAY
-
-
-
-
-
-
-
- |
-
-
- #
-
- 502
- |
-
integer |
-
-
- HTTP_SERVICE_UNAVAILABLE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 503
- |
-
integer |
-
-
- HTTP_GATEWAY_TIMEOUT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 504
- |
-
integer |
-
-
- HTTP_VERSION_NOT_SUPPORTED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 505
- |
-
integer |
-
-
- HTTP_VARIANT_ALSO_NEGOTIATES_EXPERIMENTAL
-
-
-
-
-
-
-
- |
-
-
- #
-
- 506
- |
-
integer |
-
-
- HTTP_INSUFFICIENT_STORAGE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 507
- |
-
integer |
-
-
- HTTP_LOOP_DETECTED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 508
- |
-
integer |
-
-
- HTTP_NOT_EXTENDED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 510
- |
-
integer |
-
-
- HTTP_NETWORK_AUTHENTICATION_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 511
- |
-
- protected
- string|null
- |
-
-
- $rest_format
-
-
-
-
-
- This defines the rest format. -Must be overridden it in a controller so that it is set. - |
-
-
- #
-
- NULL
- |
-
- protected
- array
- |
-
-
- $methods
-
-
-
-
-
- Defines the list of method properties such as limit, log and level - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $allowed_http_methods
-
-
-
-
-
- List of allowed HTTP methods - |
-
-
- #
-
- ['get', 'delete', 'post', 'put', 'options', 'patch', 'head']
- |
-
- protected
- object
- |
-
-
- $request
-
-
-
-
-
- Contains details about the request -Fields: body, format, method, ssl -Note: This is a dynamic object (stdClass) - |
-
-
- #
-
- NULL
- |
-
- protected
- object
- |
-
-
- $response
-
-
-
-
-
- Contains details about the response -Fields: format, lang -Note: This is a dynamic object (stdClass) - |
-
-
- #
-
- NULL
- |
-
- protected
- object
- |
-
-
- $rest
-
-
-
-
-
- Contains details about the REST API -Fields: db, ignore_limits, key, level, user_id -Note: This is a dynamic object (stdClass) - |
-
-
- #
-
- NULL
- |
-
- protected
- array
- |
-
-
- $_get_args
-
-
-
-
-
- The arguments for the GET request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_post_args
-
-
-
-
-
- The arguments for the POST request method - |
-
-
- #
-
- []
- |
-
- protected
- string
- |
-
-
- $_insert_id
-
-
-
-
-
- The insert_id of the log entry (if we have one) - |
-
-
- #
-
- ''
- |
-
- protected
- array
- |
-
-
- $_put_args
-
-
-
-
-
- The arguments for the PUT request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_delete_args
-
-
-
-
-
- The arguments for the DELETE request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_patch_args
-
-
-
-
-
- The arguments for the PATCH request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_head_args
-
-
-
-
-
- The arguments for the HEAD request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_options_args
-
-
-
-
-
- The arguments for the OPTIONS request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_query_args
-
-
-
-
-
- The arguments for the query parameters - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_args
-
-
-
-
-
- The arguments from GET, POST, PUT, DELETE, PATCH, HEAD and OPTIONS request methods combined - |
-
-
- #
-
- []
- |
-
- protected
- boolean
- |
-
-
- $_allow
-
-
-
-
-
- If the request is allowed based on the API key provided. - |
-
-
- #
-
- TRUE
- |
-
- protected
- string
- |
-
-
- $_user_ldap_dn
-
-
-
-
-
- The LDAP Distinguished Name of the User post authentication - |
-
-
- #
-
- ''
- |
-
- protected
- string
- |
-
-
- $_start_rtime
-
-
-
-
-
- The start of the response time from the server - |
-
-
- #
-
- ''
- |
-
- protected
- string
- |
-
-
- $_end_rtime
-
-
-
-
-
- The end of the response time from the server - |
-
-
- #
-
- ''
- |
-
- protected
- array
- |
-
-
- $_supported_formats
-
-
-
-
-
- List all supported methods, the first will be the default format - |
-
-
- #
-
- [
- 'json' => 'application/json',
- 'array' => 'application/json',
- 'csv' => 'application/csv',
- 'html' => 'text/html',
- 'jsonp' => 'application/javascript',
- 'php' => 'text/plain',
- 'serialized' => 'application/vnd.php.serialized',
- 'xml' => 'application/xml'
- ]
- |
-
- protected
- object
- |
-
-
- $_apiuser
-
-
-
-
-
- Information about the current API user - |
-
-
- #
-
- |
-
- protected
- boolean
- |
-
-
- $_enable_xss
-
-
-
-
-
- Enable XSS flag -Determines whether the XSS filter is always active when -GET, OPTIONS, HEAD, POST, PUT, DELETE and PATCH data is encountered. -Set automatically based on config setting. - |
-
-
- #
-
- FALSE
- |
-
- protected
- array
- |
-
-
- $http_status_codes
-
-
-
-
-
- HTTP status codes and their respective description -Note: Only the widely used HTTP status codes are used - |
-
-
- #
-
- [
- self::HTTP_OK => 'OK',
- self::HTTP_CREATED => 'CREATED',
- self::HTTP_NO_CONTENT => 'NO CONTENT',
- self::HTTP_NOT_MODIFIED => 'NOT MODIFIED',
- self::HTTP_BAD_REQUEST => 'BAD REQUEST',
- self::HTTP_UNAUTHORIZED => 'UNAUTHORIZED',
- self::HTTP_FORBIDDEN => 'FORBIDDEN',
- self::HTTP_NOT_FOUND => 'NOT FOUND',
- self::HTTP_METHOD_NOT_ALLOWED => 'METHOD NOT ALLOWED',
- self::HTTP_NOT_ACCEPTABLE => 'NOT ACCEPTABLE',
- self::HTTP_CONFLICT => 'CONFLICT',
- self::HTTP_INTERNAL_SERVER_ERROR => 'INTERNAL SERVER ERROR',
- self::HTTP_NOT_IMPLEMENTED => 'NOT IMPLEMENTED'
-]
- |
-
-Rest_server
-
-
-
- public
-
-
-
-
- |
-
- - |
-Welcome
-
-
-
- public
-
-
-
-
- |
-
- - |
| - CodeIgniter - | -
| - CodeIgniter\Libraries - | -
| - CodeIgniter\Rest - | -
| - None - | -
| REST_Controller | -CodeIgniter Rest Controller -A fully RESTful server implementation for CodeIgniter using one library, one config file and one controller. |
-
| Example | -This is an example of a few basic user interaction methods you could use -all done with a hardcoded array |
-
| Key | -Keys Controller -This is a basic Key Management REST controller to make and delete keys |
-
| CodeIgniter\Libraries | -
| CodeIgniter\Rest | -
| Format | -Format class -Help convert between various formats such as XML, JSON, CSV, etc. |
-
| Rest_server | -- |
| Welcome | -- |
| t |
| 's parent ( |
| itself.
- */
-jQuery.fn.sortElements = (function(){
-
- var sort = [].sort;
-
- return function(comparator, getSortable) {
-
- getSortable = getSortable || function(){return this;};
-
- var placements = this.map(function(){
-
- var sortElement = getSortable.call(this),
- parentNode = sortElement.parentNode,
-
- // Since the element itself will change position, we have
- // to have some way of storing it's original position in
- // the DOM. The easiest way is to have a 'flag' node:
- nextSibling = parentNode.insertBefore(
- document.createTextNode(''),
- sortElement.nextSibling
- );
-
- return function() {
-
- if (parentNode === this) {
- throw new Error(
- "You can't sort elements if any one is a descendant of another."
- );
- }
-
- // Insert before flag:
- parentNode.insertBefore(this, nextSibling);
- // Remove flag:
- parentNode.removeChild(nextSibling);
-
- };
-
- });
-
- return sort.call(this, comparator).each(function(i){
- placements[i].call(getSortable.call(this));
- });
-
- };
-
-})();
- $(window).load(function() {
- var $document = $(document);
- var $left = $('#left');
- var $right = $('#right');
- var $rightInner = $('#rightInner');
- var $splitter = $('#splitter');
- var $groups = $('#groups');
- var $content = $('#content');
-
- // Menu
-
- // Hide deep packages and namespaces
- $('ul span', $groups).click(function(event) {
- event.preventDefault();
- event.stopPropagation();
- $(this)
- .toggleClass('collapsed')
- .parent()
- .next('ul')
- .toggleClass('collapsed');
- }).click();
-
- $active = $('ul li.active', $groups);
- if ($active.length > 0) {
- // Open active
- $('> a > span', $active).click();
- } else {
- $main = $('> ul > li.main', $groups);
- if ($main.length > 0) {
- // Open first level of the main project
- $('> a > span', $main).click();
- } else {
- // Open first level of all
- $('> ul > li > a > span', $groups).click();
- }
- }
-
- // Content
-
- // Search autocompletion
- var autocompleteFound = false;
- var autocompleteFiles = {'c': 'class', 'co': 'constant', 'f': 'function', 'm': 'class', 'mm': 'class', 'p': 'class', 'mp': 'class', 'cc': 'class'};
- var $search = $('#search input[name=q]');
- $search
- .autocomplete(ApiGen.elements, {
- matchContains: true,
- scrollHeight: 200,
- max: 20,
- noRecord: '',
- highlight: function(value, term) {
- var term = term.toUpperCase().replace(/([\^\$\(\)\[\]\{\}\*\.\+\?\|\\])/gi, "\\$1").replace(/[A-Z0-9]/g, function(m, offset) {
- return offset === 0 ? '(?:' + m + '|^' + m.toLowerCase() + ')' : '(?:(?:[^<>]|<[^<>]*>)*' + m + '|' + m.toLowerCase() + ')';
- });
- return value.replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)(" + term + ")(?![^<>]*>)(?![^&;]+;)"), "$1");
- },
- formatItem: function(data) {
- return data.length > 1 ? data[1].replace(/^(.+\\)(.+)$/, '$1$2') : data[0];
- },
- formatMatch: function(data) {
- return data[1];
- },
- formatResult: function(data) {
- return data[1];
- },
- show: function($list) {
- var $items = $('li span', $list);
- var maxWidth = Math.max.apply(null, $items.map(function() {
- return $(this).width();
- }));
- // 10px padding
- $list
- .width(Math.max(maxWidth + 10, $search.innerWidth()))
- .css('left', $search.offset().left + $search.outerWidth() - $list.outerWidth());
- }
- }).result(function(event, data) {
- autocompleteFound = true;
- var location = window.location.href.split('/');
- location.pop();
- var parts = data[1].split(/::|$/);
- var file = $.sprintf(ApiGen.config.templates[autocompleteFiles[data[0]]].filename, parts[0].replace(/\(\)/, '').replace(/[^\w]/g, '.'));
- if (parts[1]) {
- file += '#' + ('mm' === data[0] || 'mp' === data[0] ? 'm' : '') + parts[1].replace(/([\w]+)\(\)/, '_$1');
- }
- location.push(file);
- window.location = location.join('/');
-
- // Workaround for Opera bug
- $(this).closest('form').attr('action', location.join('/'));
- }).closest('form')
- .submit(function() {
- var query = $search.val();
- if ('' === query) {
- return false;
- }
- return !autocompleteFound && '' !== $('#search input[name=cx]').val();
- });
-
- // Save natural order
- $('table.summary tr[data-order]', $content).each(function(index) {
- do {
- index = '0' + index;
- } while (index.length < 3);
- $(this).attr('data-order-natural', index);
- });
-
- // Switch between natural and alphabetical order
- var $caption = $('table.summary', $content)
- .filter(':has(tr[data-order])')
- .find('caption');
- $caption
- .click(function() {
- var $this = $(this);
- var order = $this.data('order') || 'natural';
- order = 'natural' === order ? 'alphabetical' : 'natural';
- $this.data('order', order);
- $.cookie('order', order, {expires: 365});
- var attr = 'alphabetical' === order ? 'data-order' : 'data-order-natural';
- $this
- .closest('table')
- .find('tr').sortElements(function(a, b) {
- return $(a).attr(attr) > $(b).attr(attr) ? 1 : -1;
- });
- return false;
- })
- .addClass('switchable')
- .attr('title', 'Switch between natural and alphabetical order');
- if ((null === $.cookie('order') && 'alphabetical' === ApiGen.config.options.elementsOrder) || 'alphabetical' === $.cookie('order')) {
- $caption.click();
- }
-
- // Open details
- if (ApiGen.config.options.elementDetailsCollapsed) {
- $('tr', $content).filter(':has(.detailed)')
- .click(function() {
- var $this = $(this);
- $('.short', $this).hide();
- $('.detailed', $this).show();
- });
- }
-
- // Splitter
- var splitterWidth = $splitter.width();
- var splitterPosition = $.cookie('splitter') ? parseInt($.cookie('splitter')) : null;
- var splitterPositionBackup = $.cookie('splitterBackup') ? parseInt($.cookie('splitterBackup')) : null;
- function setSplitterPosition(position)
- {
- splitterPosition = position;
-
- $left.width(position);
- $right.css('margin-left', position + splitterWidth);
- $splitter.css('left', position);
- }
- function setContentWidth()
- {
- var width = $rightInner.width();
- $rightInner
- .toggleClass('medium', width <= 960)
- .toggleClass('small', width <= 650);
- }
- $splitter.mousedown(function() {
- $splitter.addClass('active');
-
- $document.mousemove(function(event) {
- if (event.pageX >= 230 && $document.width() - event.pageX >= 600 + splitterWidth) {
- setSplitterPosition(event.pageX);
- setContentWidth();
- }
- });
-
- $()
- .add($splitter)
- .add($document)
- .mouseup(function() {
- $splitter
- .removeClass('active')
- .unbind('mouseup');
- $document
- .unbind('mousemove')
- .unbind('mouseup');
-
- $.cookie('splitter', splitterPosition, {expires: 365});
- });
-
- return false;
- });
- $splitter.dblclick(function() {
- if (splitterPosition) {
- splitterPositionBackup = $left.width();
- setSplitterPosition(0);
- } else {
- setSplitterPosition(splitterPositionBackup);
- splitterPositionBackup = null;
- }
-
- setContentWidth();
-
- $.cookie('splitter', splitterPosition, {expires: 365});
- $.cookie('splitterBackup', splitterPositionBackup, {expires: 365});
- });
- if (null !== splitterPosition) {
- setSplitterPosition(splitterPosition);
- }
- setContentWidth();
- $(window).resize(setContentWidth);
-
- // Select selected lines
- var matches = window.location.hash.substr(1).match(/^\d+(?:-\d+)?(?:,\d+(?:-\d+)?)*$/);
- if (null !== matches) {
- var lists = matches[0].split(',');
- for (var i = 0; i < lists.length; i++) {
- var lines = lists[i].split('-');
- lines[0] = parseInt(lines[0]);
- lines[1] = parseInt(lines[1] || lines[0]);
- for (var j = lines[0]; j <= lines[1]; j++) {
- $('#' + j).addClass('selected');
- }
- }
-
- var $firstLine = $('#' + parseInt(matches[0]));
- if ($firstLine.length > 0) {
- $document.scrollTop($firstLine.offset().top);
- }
- }
-
- // Save selected lines
- var lastLine;
- $('.l a').click(function(event) {
- event.preventDefault();
-
- var $selectedLine = $(this).parent();
- var selectedLine = parseInt($selectedLine.attr('id'));
-
- if (event.shiftKey) {
- if (lastLine) {
- for (var i = Math.min(selectedLine, lastLine); i <= Math.max(selectedLine, lastLine); i++) {
- $('#' + i).addClass('selected');
- }
- } else {
- $selectedLine.addClass('selected');
- }
- } else if (event.ctrlKey) {
- $selectedLine.toggleClass('selected');
- } else {
- var $selected = $('.l.selected')
- .not($selectedLine)
- .removeClass('selected');
- if ($selected.length > 0) {
- $selectedLine.addClass('selected');
- } else {
- $selectedLine.toggleClass('selected');
- }
- }
-
- lastLine = $selectedLine.hasClass('selected') ? selectedLine : null;
-
- // Update hash
- var lines = $('.l.selected')
- .map(function() {
- return parseInt($(this).attr('id'));
- })
- .get()
- .sort(function(a, b) {
- return a - b;
- });
-
- var hash = [];
- var list = [];
- for (var j = 0; j < lines.length; j++) {
- if (0 === j && j + 1 === lines.length) {
- hash.push(lines[j]);
- } else if (0 === j) {
- list[0] = lines[j];
- } else if (lines[j - 1] + 1 !== lines[j] && j + 1 === lines.length) {
- hash.push(list.join('-'));
- hash.push(lines[j]);
- } else if (lines[j - 1] + 1 !== lines[j]) {
- hash.push(list.join('-'));
- list = [lines[j]];
- } else if (j + 1 === lines.length) {
- list[1] = lines[j];
- hash.push(list.join('-'));
- } else {
- list[1] = lines[j];
- }
- }
-
- hash = hash.join(',');
- $backup = $('#' + hash).removeAttr('id');
- window.location.hash = hash;
- $backup.attr('id', hash);
- });
-});
-
diff --git a/documentation/resources/footer.png b/documentation/resources/footer.png
deleted file mode 100644
index d99890c2..00000000
Binary files a/documentation/resources/footer.png and /dev/null differ
diff --git a/documentation/resources/inherit.png b/documentation/resources/inherit.png
deleted file mode 100644
index 957079b8..00000000
Binary files a/documentation/resources/inherit.png and /dev/null differ
diff --git a/documentation/resources/resize.png b/documentation/resources/resize.png
deleted file mode 100644
index fb98a7a3..00000000
Binary files a/documentation/resources/resize.png and /dev/null differ
diff --git a/documentation/resources/sort.png b/documentation/resources/sort.png
deleted file mode 100644
index 0d0fea14..00000000
Binary files a/documentation/resources/sort.png and /dev/null differ
diff --git a/documentation/resources/style.css b/documentation/resources/style.css
deleted file mode 100644
index 0d35c212..00000000
--- a/documentation/resources/style.css
+++ /dev/null
@@ -1,614 +0,0 @@
-body {
- font: 13px/1.5 Verdana, 'Geneva CE', lucida, sans-serif;
- margin: 0;
- padding: 0;
- background: #ffffff;
- color: #333333;
-}
-
-h1, h2, h3, h4, caption {
- font-family: 'Trebuchet MS', 'Geneva CE', lucida, sans-serif;
- color: #053368;
-}
-
-h1 {
- color: #1e5eb6;
- font-size: 230%;
- font-weight: normal;
- margin: .3em 0;
-}
-
-h2 {
- color: #1e5eb6;
- font-size: 150%;
- font-weight: normal;
- margin: -.3em 0 .3em 0;
-}
-
-h3 {
- font-size: 1.6em;
- font-weight: normal;
- margin-bottom: 2px;
-}
-
-h4 {
- font-size: 100%;
- font-weight: bold;
- padding: 0;
- margin: 0;
-}
-
-caption {
- border: 1px solid #cccccc;
- background: #ecede5;
- font-weight: bold;
- font-size: 1.2em;
- padding: 3px 5px;
- text-align: left;
- margin-bottom: 0;
-}
-
-p {
- margin: .7em 0 1em;
- padding: 0;
-}
-
-hr {
- margin: 2em 0 1em;
- border: none;
- border-top: 1px solid #cccccc;
- height: 0;
-}
-
-a {
- color: #006aeb;
- padding: 3px 1px;
- text-decoration: none;
-}
-
-h1 a {
- color: #1e5eb6;
-}
-
-a:hover, a:active, a:focus, a:hover b, a:hover var {
- background-color: #006aeb;
- color: #ffffff !important;
-}
-
-code, var, pre {
- font-family: monospace;
-}
-
-var {
- font-weight: bold;
- font-style: normal;
- color: #ca8a04;
-}
-
-pre {
- margin: 0;
-}
-
-code a b {
- color: #000000;
-}
-
-.deprecated {
- text-decoration: line-through;
- opacity: .5;
-}
-
-.invalid {
- color: #e71818;
-}
-
-.hidden {
- display: none;
-}
-
-/* Left side */
-#left {
- overflow: auto;
- width: 270px;
- height: 100%;
- position: fixed;
-}
-
-/* Menu */
-#menu {
- padding: 10px;
-}
-
-#menu ul {
- list-style: none;
- padding: 0;
- margin: 0;
-}
-
-#menu ul ul {
- padding-left: 10px;
-}
-
-#menu li {
- white-space: nowrap;
- position: relative;
-}
-
-#menu a {
- display: block;
- padding: 0 2px;
-}
-
-#menu .active > a, #menu > span {
- color: #333333;
- background: none;
- font-weight: bold;
-}
-
-#menu .active > a.invalid {
- color: #e71818;
-}
-
-#menu .active > a:hover, #menu .active > a:active, #menu .active > a:focus {
- background-color: #006aeb;
-}
-
-#menu #groups span {
- position: absolute;
- top: 4px;
- right: 2px;
- cursor: pointer;
- display: block;
- width: 12px;
- height: 12px;
- background: url('http://github.com/collapsed.png') transparent 0 0 no-repeat;
-}
-
-#menu #groups span:hover {
- background-position: -12px 0;
-}
-
-#menu #groups span.collapsed {
- background-position: 0 -12px;
-}
-
-#menu #groups span.collapsed:hover {
- background-position: -12px -12px;
-}
-
-#menu #groups ul.collapsed {
- display: none;
-}
-
-/* Right side */
-#right {
- overflow: auto;
- margin-left: 275px;
- height: 100%;
- position: relative;
- left: 0;
- right: 0;
-}
-
-#rightInner {
- max-width: 1000px;
- min-width: 350px;
-}
-
-/* Search */
-#search {
- float: right;
- margin: 3px 8px;
-}
-
-#search input.text {
- padding: 3px 5px;
- width: 250px;
-}
-
-/* Autocomplete */
-.ac_results {
- padding: 0;
- border: 1px solid #cccccc;
- background-color: #ffffff;
- overflow: hidden;
- z-index: 99999;
-}
-
-.ac_results ul {
- width: 100%;
- list-style-position: outside;
- list-style: none;
- padding: 0;
- margin: 0;
-}
-
-.ac_results li {
- margin: 0;
- padding: 2px 5px;
- cursor: default;
- display: block;
- font: 12px 'Trebuchet MS', 'Geneva CE', lucida, sans-serif;
- line-height: 16px;
- overflow: hidden;
- white-space: nowrap;
-}
-
-.ac_results li strong {
- color: #000000;
-}
-
-.ac_odd {
- background-color: #eeeeee;
-}
-
-.ac_over {
- background-color: #006aeb;
- color: #ffffff;
-}
-
-.ac_results li.ac_over strong {
- color: #ffffff;
-}
-
-/* Navigation */
-#navigation {
- padding: 3px 8px;
- background-color: #f6f6f4;
- height: 26px;
-}
-
-#navigation ul {
- list-style: none;
- margin: 0 8px 4px 0;
- padding: 0;
- overflow: hidden;
- float: left;
-}
-
-#navigation ul + ul {
- border-left: 1px solid #000000;
- padding-left: 8px;
-}
-
-#navigation ul li {
- float: left;
- margin: 2px;
- padding: 0 3px;
- font-family: Verdana, 'Geneva CE', lucida, sans-serif;
- color: #808080;
-}
-
-#navigation ul li.active {
- background-color: #053368;
- color: #ffffff;
- font-weight: bold;
-}
-
-#navigation ul li a {
- color: #000000;
- font-weight: bold;
- padding: 0;
-}
-
-#navigation ul li span {
- float: left;
- padding: 0 3px;
-}
-
-#navigation ul li a:hover span, #navigation ul li a:active span, #navigation ul li a:focus span {
- background-color: #006aeb;
-}
-
-/* Content */
-#content {
- clear: both;
- padding: 5px 15px;
-}
-
-.description pre {
- padding: .6em;
- background: #fcfcf7;
-}
-
-#content > .description {
- background: #ecede5;
- padding: 1px 8px;
- margin: 1.2em 0;
-}
-
-#content > .description pre {
- margin: .5em 0;
-}
-
-dl.tree {
- margin: 1.2em 0;
-}
-
-dl.tree dd {
- margin: 0;
- padding: 0;
-}
-
-.info {
- margin: 1.2em 0;
-}
-
-.summary {
- border: 1px solid #cccccc;
- border-collapse: collapse;
- font-size: 1em;
- width: 100%;
- margin: 1.2em 0 2.4em;
-}
-
-.summary caption {
- border-width: 1px 1px 0;
-}
-
-.summary caption.switchable {
- background: #ecede5 url('http://github.com/sort.png') no-repeat center right;
- cursor: pointer;
-}
-
-.summary td {
- border: 1px solid #cccccc;
- margin: 0;
- padding: 3px 10px;
- font-size: 1em;
- vertical-align: top;
-}
-
-.summary td:first-child {
- text-align: right;
-}
-
-.summary td hr {
- margin: 3px -10px;
-}
-
-#packages.summary td:first-child, #namespaces.summary td:first-child, .inherited.summary td:first-child, .used.summary td:first-child {
- text-align: left;
-}
-
-.summary tr:hover td {
- background: #f6f6f4;
-}
-
-.summary .description pre {
- border: .5em solid #ecede5;
-}
-
-.summary .description p {
- margin: 0;
-}
-
-.summary .description p + p, .summary .description ul {
- margin: 3px 0 0 0;
-}
-
-.summary .description.detailed h4 {
- margin-top: 3px;
-}
-
-.summary dl {
- margin: 0;
-}
-
-.summary dd {
- margin: 0 0 0 25px;
-}
-
-.name, .attributes {
- white-space: nowrap;
-}
-
-.value code {
- white-space: pre-wrap;
-}
-
-td.name, td.attributes {
- width: 1%;
-}
-
-td.attributes {
- width: 1%;
-}
-
-.class .methods .name, .class .properties .name, .class .constants .name {
- width: auto;
- white-space: normal;
-}
-
-.class .methods .name > div > code {
- white-space: pre-wrap;
-}
-
-.class .methods .name > div > code span, .function .value > code {
- white-space: nowrap;
-}
-
-.class .methods td.name > div, .class td.value > div {
- position: relative;
- padding-right: 1em;
-}
-
-.anchor {
- position: absolute;
- top: 0;
- right: 0;
- line-height: 1;
- font-size: 85%;
- margin: 0;
- color: #006aeb !important;
-}
-
-.list {
- margin: 0 0 5px 25px;
-}
-
-div.invalid {
- background-color: #fae4e0;
- padding: 10px;
-}
-
-/* Splitter */
-#splitter {
- position: fixed;
- height: 100%;
- width: 5px;
- left: 270px;
- background: #1e5eb6 url('http://github.com/resize.png') left center no-repeat;
- cursor: e-resize;
-}
-
-#splitter.active {
- opacity: .5;
-}
-
-/* Footer */
-#footer {
- border-top: 1px solid #e9eeef;
- clear: both;
- color: #a7a7a7;
- font-size: 8pt;
- text-align: center;
- padding: 20px 0 0;
- margin: 3em 0 0;
- height: 90px;
- background: #ffffff url('http://github.com/footer.png') no-repeat center top;
-}
-
-/* Tree */
-div.tree ul {
- list-style: none;
- background: url('http://github.com/tree-vertical.png') left repeat-y;
- padding: 0;
- margin-left: 20px;
-}
-
-div.tree li {
- margin: 0;
- padding: 0;
-}
-
-div.tree div {
- padding-left: 30px;
-}
-
-div.tree div.notlast {
- background: url('http://github.com/tree-hasnext.png') left 10px no-repeat;
-}
-
-div.tree div.last {
- background: url('http://github.com/tree-last.png') left -240px no-repeat;
-}
-
-div.tree li.last {
- background: url('http://github.com/tree-cleaner.png') left center repeat-y;
-}
-
-div.tree span.padding {
- padding-left: 15px;
-}
-
-/* Source code */
-.php-keyword1 {
- color: #e71818;
- font-weight: bold;
-}
-
-.php-keyword2 {
- font-weight: bold;
-}
-
-.php-var {
- color: #d59401;
- font-weight: bold;
-}
-
-.php-num {
- color: #cd0673;
-}
-
-.php-quote {
- color: #008000;
-}
-
-.php-comment {
- color: #929292;
-}
-
-.xlang {
- color: #ff0000;
- font-weight: bold;
-}
-
-span.l {
- display: block;
-}
-
-span.l.selected {
- background: #f6f6f4;
-}
-
-span.l a {
- color: #333333;
-}
-
-span.l a:hover, div.l a:active, div.l a:focus {
- background: transparent;
- color: #333333 !important;
-}
-
-span.l .php-var a {
- color: #d59401;
-}
-
-span.l .php-var a:hover, span.l .php-var a:active, span.l .php-var a:focus {
- color: #d59401 !important;
-}
-
-span.l a.l {
- padding-left: 2px;
- color: #c0c0c0;
-}
-
-span.l a.l:hover, span.l a.l:active, span.l a.l:focus {
- background: transparent;
- color: #c0c0c0 !important;
-}
-
-#rightInner.medium #navigation {
- height: 52px;
-}
-
-#rightInner.medium #navigation ul:first-child + ul {
- clear: left;
- border: none;
- padding: 0;
-}
-
-#rightInner.medium .name, #rightInner.medium .attributes {
- white-space: normal;
-}
-
-#rightInner.small #search {
- float: left;
-}
-
-#rightInner.small #navigation {
- height: 78px;
-}
-
-#rightInner.small #navigation ul:first-child {
- clear: both;
-}
-
-/* global style */
-.left, .summary td.left {
- text-align: left;
-}
-.right, .summary td.right {
- text-align: right;
-}
diff --git a/documentation/resources/tree-cleaner.png b/documentation/resources/tree-cleaner.png
deleted file mode 100644
index 2eb9085b..00000000
Binary files a/documentation/resources/tree-cleaner.png and /dev/null differ
diff --git a/documentation/resources/tree-hasnext.png b/documentation/resources/tree-hasnext.png
deleted file mode 100644
index 91d6b79a..00000000
Binary files a/documentation/resources/tree-hasnext.png and /dev/null differ
diff --git a/documentation/resources/tree-last.png b/documentation/resources/tree-last.png
deleted file mode 100644
index 7f319f8f..00000000
Binary files a/documentation/resources/tree-last.png and /dev/null differ
diff --git a/documentation/resources/tree-vertical.png b/documentation/resources/tree-vertical.png
deleted file mode 100644
index 384908b2..00000000
Binary files a/documentation/resources/tree-vertical.png and /dev/null differ
diff --git a/documentation/source-class-Example.html b/documentation/source-class-Example.html
deleted file mode 100644
index 9544bae6..00000000
--- a/documentation/source-class-Example.html
+++ /dev/null
@@ -1,242 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/documentation/source-class-Format.html b/documentation/source-class-Format.html
deleted file mode 100644
index 050cbd84..00000000
--- a/documentation/source-class-Format.html
+++ /dev/null
@@ -1,636 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/documentation/source-class-Key.html b/documentation/source-class-Key.html
deleted file mode 100644
index 0d0e86e9..00000000
--- a/documentation/source-class-Key.html
+++ /dev/null
@@ -1,377 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/documentation/source-class-REST_Controller.html b/documentation/source-class-REST_Controller.html
deleted file mode 100644
index 84d4170f..00000000
--- a/documentation/source-class-REST_Controller.html
+++ /dev/null
@@ -1,2215 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/documentation/source-class-Rest_server.html b/documentation/source-class-Rest_server.html
deleted file mode 100644
index 4a18ebd3..00000000
--- a/documentation/source-class-Rest_server.html
+++ /dev/null
@@ -1,118 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/documentation/source-class-Welcome.html b/documentation/source-class-Welcome.html
deleted file mode 100644
index 6a681eb1..00000000
--- a/documentation/source-class-Welcome.html
+++ /dev/null
@@ -1,132 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/application/config/index.html b/language/bulgarian/index.html
similarity index 100%
rename from application/config/index.html
rename to language/bulgarian/index.html
diff --git a/application/language/bulgarian/rest_controller_lang.php b/language/bulgarian/rest_controller_lang.php
similarity index 86%
rename from application/language/bulgarian/rest_controller_lang.php
rename to language/bulgarian/rest_controller_lang.php
index 6145307d..4ba134d8 100644
--- a/application/language/bulgarian/rest_controller_lang.php
+++ b/language/bulgarian/rest_controller_lang.php
@@ -13,5 +13,6 @@
$lang['text_rest_api_key_unauthorized'] = 'API ключът не е оторизиран зо достъп до заявения контролер';
$lang['text_rest_api_key_permissions'] = 'API ключът няма достатъчно права';
$lang['text_rest_api_key_time_limit'] = 'API ключът е изполван с превишаване на времевия лимит за този метод';
+$lang['text_rest_ip_address_time_limit'] = 'За текущия IP адрес е превишен времевия лимит за изпълнение на метода';
$lang['text_rest_unknown_method'] = 'Неизвестен метод';
$lang['text_rest_unsupported'] = 'Неподдържан протокол';
diff --git a/application/controllers/api/index.html b/language/dutch/index.html
similarity index 100%
rename from application/controllers/api/index.html
rename to language/dutch/index.html
diff --git a/language/dutch/rest_controller_lang.php b/language/dutch/rest_controller_lang.php
new file mode 100644
index 00000000..45fd9c25
--- /dev/null
+++ b/language/dutch/rest_controller_lang.php
@@ -0,0 +1,16 @@
+
+
+
+
-
-
-
-
-
-Directory access is forbidden. + + + diff --git a/application/language/portuguese-brazilian/rest_controller_lang.php b/language/portuguese-brazilian/rest_controller_lang.php similarity index 88% rename from application/language/portuguese-brazilian/rest_controller_lang.php rename to language/portuguese-brazilian/rest_controller_lang.php index 04bbf6e3..10c164c6 100644 --- a/application/language/portuguese-brazilian/rest_controller_lang.php +++ b/language/portuguese-brazilian/rest_controller_lang.php @@ -13,5 +13,6 @@ $lang['text_rest_api_key_unauthorized'] = 'Esta chave da API não tem acesso ao controller solicitado'; $lang['text_rest_api_key_permissions'] = 'Esta chave da API não tem permissões suficientes'; $lang['text_rest_api_key_time_limit'] = 'Esta chave da API já atingiu o tempo limite para este método'; +$lang['text_rest_ip_address_time_limit'] = 'Este Endereço IP atingiu o limite de tempo para este método'; $lang['text_rest_unknown_method'] = 'Método desconhecido'; $lang['text_rest_unsupported'] = 'Sem suporte para este protocolo'; diff --git a/language/romanian/index.html b/language/romanian/index.html new file mode 100644 index 00000000..b702fbc3 --- /dev/null +++ b/language/romanian/index.html @@ -0,0 +1,11 @@ + + + +Directory access is forbidden. + + + diff --git a/language/romanian/rest_controller_lang.php b/language/romanian/rest_controller_lang.php new file mode 100644 index 00000000..3231a7c5 --- /dev/null +++ b/language/romanian/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/serbian_cyr/rest_controller_lang.php b/language/serbian_cyr/rest_controller_lang.php new file mode 100644 index 00000000..c828cc0a --- /dev/null +++ b/language/serbian_cyr/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/serbian_lat/rest_controller_lang.php b/language/serbian_lat/rest_controller_lang.php new file mode 100644 index 00000000..6046788d --- /dev/null +++ b/language/serbian_lat/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/simplified-chinese/rest_controller_lang.php b/language/simplified-chinese/rest_controller_lang.php new file mode 100644 index 00000000..9e762973 --- /dev/null +++ b/language/simplified-chinese/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/spanish/rest_controller_lang.php b/language/spanish/rest_controller_lang.php new file mode 100644 index 00000000..f98078fb --- /dev/null +++ b/language/spanish/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/traditional-chinese/rest_controller_lang.php b/language/traditional-chinese/rest_controller_lang.php new file mode 100644 index 00000000..a8450f2b --- /dev/null +++ b/language/traditional-chinese/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/turkish/rest_controller_lang.php b/language/turkish/rest_controller_lang.php new file mode 100644 index 00000000..589b28cc --- /dev/null +++ b/language/turkish/rest_controller_lang.php @@ -0,0 +1,18 @@ +_CI = &get_instance(); @@ -89,15 +93,11 @@ public function __construct($data = NULL, $from_type = NULL) $this->_CI->load->helper('inflector'); // If the provided data is already formatted we should probably convert it to an array - if ($from_type !== NULL) - { - if (method_exists($this, '_from_' . $from_type)) - { - $data = call_user_func([$this, '_from_' . $from_type], $data); - } - else - { - throw new Exception('Format class does not support conversion from "' . $from_type . '".'); + if ($from_type !== null) { + if (method_exists($this, '_from_'.$from_type)) { + $data = call_user_func([$this, '_from_'.$from_type], $data); + } else { + throw new Exception('Format class does not support conversion from "'.$from_type.'".'); } } @@ -107,14 +107,14 @@ public function __construct($data = NULL, $from_type = NULL) /** * Create an instance of the format class - * e.g: echo $this->format->factory(['foo' => 'bar'])->to_csv(); + * e.g: echo $this->format->factory(['foo' => 'bar'])->to_csv();. * - * @param mixed $data Data to convert/parse + * @param mixed $data Data to convert/parse * @param string $from_type Type to convert from e.g. json, csv, html * * @return object Instance of the format class */ - public function factory($data, $from_type = NULL) + public static function factory($data, $from_type = null) { // $class = __CLASS__; // return new $class(); @@ -125,36 +125,31 @@ public function factory($data, $from_type = NULL) // FORMATTING OUTPUT --------------------------------------------------------- /** - * Format data as an array + * Format data as an array. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor * @return array Data parsed as an array; otherwise, an empty array */ - public function to_array($data = NULL) + public function to_array($data = null) { // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } // Cast as an array if not already - if (is_array($data) === FALSE) - { + if (is_array($data) === false) { $data = (array) $data; } $array = []; - foreach ((array) $data as $key => $value) - { - if (is_object($value) === TRUE || is_array($value) === TRUE) - { + foreach ((array) $data as $key => $value) { + if (is_object($value) === true || is_array($value) === true) { $array[$key] = $this->to_array($value); - } - else - { + } else { $array[$key] = $value; } } @@ -163,50 +158,38 @@ public function to_array($data = NULL) } /** - * Format data as XML + * Format data as XML. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor + * @param null $structure + * @param string $basenode * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor - * @param NULL $structure - * @param string $basenode * @return mixed */ - public function to_xml($data = NULL, $structure = NULL, $basenode = 'xml') + public function to_xml($data = null, $structure = null, $basenode = 'xml') { - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } - // turn off compatibility mode as simple xml throws a wobbly if you don't. - if (ini_get('zend.ze1_compatibility_mode') == 1) - { - ini_set('zend.ze1_compatibility_mode', 0); - } - - if ($structure === NULL) - { + if ($structure === null) { $structure = simplexml_load_string("<$basenode />"); } // Force it to be something useful - if (is_array($data) === FALSE && is_object($data) === FALSE) - { + if (is_array($data) === false && is_object($data) === false) { $data = (array) $data; } - foreach ($data as $key => $value) - { - + foreach ($data as $key => $value) { //change false/true to 0/1 - if (is_bool($value)) - { + if (is_bool($value)) { $value = (int) $value; } // no numeric keys in our xml please! - if (is_numeric($key)) - { + if (is_numeric($key)) { // make string key... $key = (singular($basenode) != $basenode) ? singular($basenode) : 'item'; } @@ -214,31 +197,25 @@ public function to_xml($data = NULL, $structure = NULL, $basenode = 'xml') // replace anything not alpha numeric $key = preg_replace('/[^a-z_\-0-9]/i', '', $key); - if ($key === '_attributes' && (is_array($value) || is_object($value))) - { + if ($key === '_attributes' && (is_array($value) || is_object($value))) { $attributes = $value; - if (is_object($attributes)) - { + if (is_object($attributes)) { $attributes = get_object_vars($attributes); } - foreach ($attributes as $attribute_name => $attribute_value) - { + foreach ($attributes as $attribute_name => $attribute_value) { $structure->addAttribute($attribute_name, $attribute_value); } } // if there is another array found recursively call this function - elseif (is_array($value) || is_object($value)) - { + elseif (is_array($value) || is_object($value)) { $node = $structure->addChild($key); // recursive call. $this->to_xml($value, $node, $key); - } - else - { + } else { // add single node. - $value = htmlspecialchars(html_entity_decode($value, ENT_QUOTES, 'UTF-8'), ENT_QUOTES, 'UTF-8'); + $value = htmlspecialchars(html_entity_decode($value ?? '', ENT_QUOTES, 'UTF-8'), ENT_QUOTES, 'UTF-8'); $structure->addChild($key, $value); } @@ -248,35 +225,31 @@ public function to_xml($data = NULL, $structure = NULL, $basenode = 'xml') } /** - * Format data as HTML + * Format data as HTML. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor * @return mixed */ - public function to_html($data = NULL) + public function to_html($data = null) { // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } // Cast as an array if not already - if (is_array($data) === FALSE) - { + if (is_array($data) === false) { $data = (array) $data; } // Check if it's a multi-dimensional array - if (isset($data[0]) && count($data) !== count($data, COUNT_RECURSIVE)) - { + if (isset($data[0]) && count($data) !== count($data, COUNT_RECURSIVE)) { // Multi-dimensional array $headings = array_keys($data[0]); - } - else - { + } else { // Single array $headings = array_keys($data); $data = [$data]; @@ -287,8 +260,7 @@ public function to_html($data = NULL) $this->_CI->table->set_heading($headings); - foreach ($data as $row) - { + foreach ($data as $row) { // Suppressing the "array to string conversion" notice // Keep the "evil" @ here $row = @array_map('strval', $row); @@ -301,56 +273,50 @@ public function to_html($data = NULL) /** * @link http://www.metashock.de/2014/02/create-csv-file-in-memory-php/ - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor - * @param string $delimiter The optional delimiter parameter sets the field - * delimiter (one character only). NULL will use the default value (,) - * @param string $enclosure The optional enclosure parameter sets the field - * enclosure (one character only). NULL will use the default value (") + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor + * @param string $delimiter The optional delimiter parameter sets the field + * delimiter (one character only). NULL will use the default value (,) + * @param string $enclosure The optional enclosure parameter sets the field + * enclosure (one character only). NULL will use the default value (") + * * @return string A csv string */ - public function to_csv($data = NULL, $delimiter = ',', $enclosure = '"') + public function to_csv($data = null, $delimiter = ',', $enclosure = '"') { // Use a threshold of 1 MB (1024 * 1024) $handle = fopen('php://temp/maxmemory:1048576', 'w'); - if ($handle === FALSE) - { - return NULL; + if ($handle === false) { + return; } // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } // If NULL, then set as the default delimiter - if ($delimiter === NULL) - { + if ($delimiter === null) { $delimiter = ','; } // If NULL, then set as the default enclosure - if ($enclosure === NULL) - { + if ($enclosure === null) { $enclosure = '"'; } // Cast as an array if not already - if (is_array($data) === FALSE) - { + if (is_array($data) === false) { $data = (array) $data; } // Check if it's a multi-dimensional array - if (isset($data[0]) && count($data) !== count($data, COUNT_RECURSIVE)) - { + if (isset($data[0]) && count($data) !== count($data, COUNT_RECURSIVE)) { // Multi-dimensional array $headings = array_keys($data[0]); - } - else - { + } else { // Single array $headings = array_keys($data); $data = [$data]; @@ -359,18 +325,16 @@ public function to_csv($data = NULL, $delimiter = ',', $enclosure = '"') // Apply the headings fputcsv($handle, $headings, $delimiter, $enclosure); - foreach ($data as $record) - { + foreach ($data as $record) { // If the record is not an array, then break. This is because the 2nd param of // fputcsv() should be an array - if (is_array($record) === FALSE) - { + if (is_array($record) === false) { break; } // Suppressing the "array to string conversion" notice. // Keep the "evil" @ here. - $record = @ array_map('strval', $record); + $record = @array_map('strval', $record); // Returns the length of the string written or FALSE fputcsv($handle, $record, $delimiter, $enclosure); @@ -385,60 +349,61 @@ public function to_csv($data = NULL, $delimiter = ',', $enclosure = '"') // Close the handle fclose($handle); + // Convert UTF-8 encoding to UTF-16LE which is supported by MS Excel + $csv = mb_convert_encoding($csv, 'UTF-16LE', 'UTF-8'); + return $csv; } /** - * Encode data as json + * Encode data as json. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor * @return string Json representation of a value */ - public function to_json($data = NULL) + public function to_json($data = null) { // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } // Get the callback parameter (if set) $callback = $this->_CI->input->get('callback'); - if (empty($callback) === TRUE) - { - return json_encode($data); + if (empty($callback) === true) { + return json_encode($data, JSON_UNESCAPED_UNICODE); } // We only honour a jsonp callback which are valid javascript identifiers - elseif (preg_match('/^[a-z_\$][a-z0-9\$_]*(\.[a-z_\$][a-z0-9\$_]*)*$/i', $callback)) - { + elseif (preg_match('/^[a-z_\$][a-z0-9\$_]*(\.[a-z_\$][a-z0-9\$_]*)*$/i', $callback)) { // Return the data as encoded json with a callback - return $callback . '(' . json_encode($data) . ');'; + return $callback.'('.json_encode($data, JSON_UNESCAPED_UNICODE).');'; } // An invalid jsonp callback function provided. // Though I don't believe this should be hardcoded here - $data['warning'] = 'INVALID JSONP CALLBACK: ' . $callback; + $data['warning'] = 'INVALID JSONP CALLBACK: '.$callback; - return json_encode($data); + return json_encode($data, JSON_UNESCAPED_UNICODE); } /** - * Encode data as a serialized array + * Encode data as a serialized array. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor * @return string Serialized data */ - public function to_serialized($data = NULL) + public function to_serialized($data = null) { // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } @@ -446,29 +411,30 @@ public function to_serialized($data = NULL) } /** - * Format data using a PHP structure + * Format data using a PHP structure. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor * @return mixed String representation of a variable */ - public function to_php($data = NULL) + public function to_php($data = null) { // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } - return var_export($data, TRUE); + return var_export($data, true); } // INTERNAL FUNCTIONS /** - * @param $data XML string - * @return SimpleXMLElement XML element object; otherwise, empty array + * @param string $data XML string + * + * @return array XML element object; otherwise, empty array */ protected function _from_xml($data) { @@ -476,25 +442,24 @@ protected function _from_xml($data) } /** - * @param string $data CSV string + * @param string $data CSV string * @param string $delimiter The optional delimiter parameter sets the field - * delimiter (one character only). NULL will use the default value (,) + * delimiter (one character only). NULL will use the default value (,) * @param string $enclosure The optional enclosure parameter sets the field - * enclosure (one character only). NULL will use the default value (") + * enclosure (one character only). NULL will use the default value (") + * * @return array A multi-dimensional array with the outer array being the number of rows - * and the inner arrays the individual fields + * and the inner arrays the individual fields */ protected function _from_csv($data, $delimiter = ',', $enclosure = '"') { // If NULL, then set as the default delimiter - if ($delimiter === NULL) - { + if ($delimiter === null) { $delimiter = ','; } // If NULL, then set as the default enclosure - if ($enclosure === NULL) - { + if ($enclosure === null) { $enclosure = '"'; } @@ -502,7 +467,8 @@ protected function _from_csv($data, $delimiter = ',', $enclosure = '"') } /** - * @param $data Encoded json string + * @param string $data Encoded json string + * * @return mixed Decoded json string with leading and trailing whitespace removed */ protected function _from_json($data) @@ -511,7 +477,8 @@ protected function _from_json($data) } /** - * @param string Data to unserialized + * @param string $data Data to unserialize + * * @return mixed Unserialized data */ protected function _from_serialize($data) @@ -520,12 +487,12 @@ protected function _from_serialize($data) } /** - * @param $data Data to trim leading and trailing whitespace + * @param string $data Data to trim leading and trailing whitespace + * * @return string Data with leading and trailing whitespace removed */ protected function _from_php($data) { return trim($data); } - } diff --git a/application/libraries/REST_Controller.php b/src/RestController.php similarity index 50% rename from application/libraries/REST_Controller.php rename to src/RestController.php index c528d5e5..7f292a98 100644 --- a/application/libraries/REST_Controller.php +++ b/src/RestController.php @@ -1,171 +1,46 @@ 'application/json', - 'array' => 'application/json', - 'csv' => 'application/csv', - 'html' => 'text/html', - 'jsonp' => 'application/javascript', - 'php' => 'text/plain', - 'serialized' => 'application/vnd.php.serialized', - 'xml' => 'application/xml' - ]; + 'json' => 'application/json', + 'array' => 'application/json', + 'csv' => 'application/csv', + 'html' => 'text/html', + 'jsonp' => 'application/javascript', + 'php' => 'text/plain', + 'serialized' => 'application/vnd.php.serialized', + 'xml' => 'application/xml', + ]; /** - * Information about the current API user + * Information about the current API user. * * @var object */ protected $_apiuser; + /** + * Whether or not to perform a CORS check and apply CORS headers to the request. + * + * @var bool + */ + protected $check_cors = null; + /** * Enable XSS flag * Determines whether the XSS filter is always active when - * GET, OPTIONS, HEAD, POST, PUT, DELETE and PATCH data is encountered. - * Set automatically based on config setting + * GET, OPTIONS, HEAD, POST, PUT, DELETE and PATCH data is encountered + * Set automatically based on config setting. * * @var bool */ - protected $_enable_xss = FALSE; + protected $_enable_xss = false; + + private $is_valid_request = true; /** - * HTTP status codes and their respective description - * Note: Only the widely used HTTP status codes are used + * Common HTTP status codes and their respective description. * - * @var array * @link http://www.restapitutorial.com/httpstatuscodes.html */ - protected $http_status_codes = [ - self::HTTP_OK => 'OK', - self::HTTP_CREATED => 'CREATED', - self::HTTP_NO_CONTENT => 'NO CONTENT', - self::HTTP_NOT_MODIFIED => 'NOT MODIFIED', - self::HTTP_BAD_REQUEST => 'BAD REQUEST', - self::HTTP_UNAUTHORIZED => 'UNAUTHORIZED', - self::HTTP_FORBIDDEN => 'FORBIDDEN', - self::HTTP_NOT_FOUND => 'NOT FOUND', - self::HTTP_METHOD_NOT_ALLOWED => 'METHOD NOT ALLOWED', - self::HTTP_NOT_ACCEPTABLE => 'NOT ACCEPTABLE', - self::HTTP_CONFLICT => 'CONFLICT', - self::HTTP_INTERNAL_SERVER_ERROR => 'INTERNAL SERVER ERROR', - self::HTTP_NOT_IMPLEMENTED => 'NOT IMPLEMENTED' - ]; + const HTTP_OK = 200; + const HTTP_CREATED = 201; + const HTTP_NOT_MODIFIED = 304; + const HTTP_BAD_REQUEST = 400; + const HTTP_UNAUTHORIZED = 401; + const HTTP_FORBIDDEN = 403; + const HTTP_NOT_FOUND = 404; + const HTTP_METHOD_NOT_ALLOWED = 405; + const HTTP_NOT_ACCEPTABLE = 406; + const HTTP_INTERNAL_ERROR = 500; /** - * Extend this function to apply additional checking early on in the process + * @var Format + */ + protected $format; + + /** + * @var bool + */ + protected $auth_override; + + /** + * Extend this function to apply additional checking early on in the process. * - * @access protected * @return void */ protected function early_checks() @@ -363,67 +249,46 @@ protected function early_checks() } /** - * Constructor for the REST API + * Constructor for the REST API. * - * @access public * @param string $config Configuration filename minus the file extension - * e.g: my_rest.php is passed as 'my_rest' - * @return void + * e.g: my_rest.php is passed as 'my_rest' */ public function __construct($config = 'rest') { parent::__construct(); - // Disable XML Entity (security vulnerability) - libxml_disable_entity_loader(TRUE); - - // Check to see if PHP is equal to or greater than 5.4.x - if (is_php('5.4') === FALSE) - { - // CodeIgniter 3 is recommended for v5.4 or above - throw new Exception('Using PHP v' . PHP_VERSION . ', though PHP v5.4 or greater is required'); - } - - // Check to see if this is CI 3.x - if (explode('.', CI_VERSION, 2)[0] < 3) - { - throw new Exception('REST Server requires CodeIgniter 3.x'); - } - // Set the default value of global xss filtering. Same approach as CodeIgniter 3 - $this->_enable_xss = ($this->config->item('global_xss_filtering') === TRUE); + $this->_enable_xss = ($this->config->item('global_xss_filtering') === true); // Don't try to parse template variables like {elapsed_time} and {memory_usage} // when output is displayed for not damaging data accidentally - $this->output->parse_exec_vars = FALSE; - - // Start the timer for how long the request takes - $this->_start_rtime = microtime(TRUE); + $this->output->parse_exec_vars = false; // Load the rest.php configuration file - $this->load->config($config); + $this->get_local_config($config); - // At present the library is bundled with REST_Controller 2.5+, but will eventually be part of CodeIgniter (no citation) - $this->load->library('format'); + // Log the loading time to the log table + if ($this->config->item('rest_enable_logging') === true) { + // Start the timer for how long the request takes + $this->_start_rtime = microtime(true); + } - // Determine supported output formats from configiguration. + // Determine supported output formats from configuration $supported_formats = $this->config->item('rest_supported_formats'); // Validate the configuration setting output formats - if (empty($supported_formats)) - { + if (empty($supported_formats)) { $supported_formats = []; } - if (!is_array($supported_formats)) - { + if (!is_array($supported_formats)) { $supported_formats = [$supported_formats]; } - // Add silently the default output format if it is missing. + // Add silently the default output format if it is missing $default_format = $this->_get_default_output_format(); - if (!in_array($default_format, $supported_formats)) - { + if (!in_array($default_format, $supported_formats)) { $supported_formats[] = $default_format; } @@ -432,13 +297,12 @@ public function __construct($config = 'rest') // Get the language $language = $this->config->item('rest_language'); - if ($language === NULL) - { + if ($language === null) { $language = 'english'; } // Load the language file - $this->lang->load('rest_controller', $language); + $this->lang->load('rest_controller', $language, false, true, __DIR__.'/../'); // Initialise the response, request and rest objects $this->request = new stdClass(); @@ -446,8 +310,7 @@ public function __construct($config = 'rest') $this->rest = new stdClass(); // Check to see if the current IP address is blacklisted - if ($this->config->item('rest_ip_blacklist_enabled') === TRUE) - { + if ($this->config->item('rest_ip_blacklist_enabled') === true) { $this->_check_blacklist_auth(); } @@ -457,10 +320,15 @@ public function __construct($config = 'rest') // How is this request being made? GET, POST, PATCH, DELETE, INSERT, PUT, HEAD or OPTIONS $this->request->method = $this->_detect_method(); + // Check for CORS access request + $check_cors = $this->config->item('check_cors'); + if ($check_cors === true) { + $this->_check_cors(); + } + // Create an argument container if it doesn't exist e.g. _get_args - if (isset($this->{'_' . $this->request->method . '_args'}) === FALSE) - { - $this->{'_' . $this->request->method . '_args'} = []; + if (isset($this->{'_'.$this->request->method.'_args'}) === false) { + $this->{'_'.$this->request->method.'_args'} = []; } // Set up the query parameters @@ -473,18 +341,32 @@ public function __construct($config = 'rest') $this->request->format = $this->_detect_input_format(); // Not all methods have a body attached with them - $this->request->body = NULL; + $this->request->body = null; - $this->{'_parse_' . $this->request->method}(); + $this->{'_parse_'.$this->request->method}(); + + // Fix parse method return arguments null + if ($this->{'_'.$this->request->method.'_args'} === null) { + $this->{'_'.$this->request->method.'_args'} = []; + } + + // Which format should the data be returned in? + $this->response->format = $this->_detect_output_format(); + + // Which language should the data be returned in? + $this->response->lang = $this->_detect_lang(); // Now we know all about our request, let's try and parse the body if it exists - if ($this->request->format && $this->request->body) - { - $this->request->body = $this->format->factory($this->request->body, $this->request->format)->to_array(); + if ($this->request->format && $this->request->body) { + $this->request->body = Format::factory($this->request->body, $this->request->format)->to_array(); + // Assign payload arguments to proper method container - $this->{'_' . $this->request->method . '_args'} = $this->request->body; + $this->{'_'.$this->request->method.'_args'} = $this->request->body; } + //get header vars + $this->_head_args = $this->input->request_headers(); + // Merge both for one mega-args variable $this->_args = array_merge( $this->_get_args, @@ -494,27 +376,19 @@ public function __construct($config = 'rest') $this->_put_args, $this->_post_args, $this->_delete_args, - $this->{'_' . $this->request->method . '_args'} + $this->{'_'.$this->request->method.'_args'} ); - // Which format should the data be returned in? - $this->response->format = $this->_detect_output_format(); - - // Which language should the data be returned in? - $this->response->lang = $this->_detect_lang(); - // Extend this function to apply additional checking early on in the process $this->early_checks(); // Load DB if its enabled - if ($this->config->item('rest_database_group') && ($this->config->item('rest_enable_keys') || $this->config->item('rest_enable_logging'))) - { - $this->rest->db = $this->load->database($this->config->item('rest_database_group'), TRUE); + if ($this->config->item('rest_database_group') && ($this->config->item('rest_enable_keys') || $this->config->item('rest_enable_logging'))) { + $this->rest->db = $this->load->database($this->config->item('rest_database_group'), true); } // Use whatever database is in use (isset returns FALSE) - elseif (property_exists($this, 'db')) - { + elseif (property_exists($this, 'db')) { $this->rest->db = $this->db; } @@ -524,27 +398,25 @@ public function __construct($config = 'rest') // Checking for keys? GET TO WorK! // Skip keys test for $config['auth_override_class_method']['class'['method'] = 'none' - if ($this->config->item('rest_enable_keys') && $this->auth_override !== TRUE) - { + if ($this->config->item('rest_enable_keys') && $this->auth_override !== true) { $this->_allow = $this->_detect_api_key(); } // Only allow ajax requests - if ($this->input->is_ajax_request() === FALSE && $this->config->item('rest_ajax_only')) - { + if ($this->input->is_ajax_request() === false && $this->config->item('rest_ajax_only')) { // Display an error response $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ajax_only') - ], self::HTTP_NOT_ACCEPTABLE); + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ajax_only'), + ], self::HTTP_NOT_ACCEPTABLE); } // When there is no specific override for the current class/method, use the default auth value set in the config - if ($this->auth_override === FALSE && !($this->config->item('rest_enable_keys') && $this->_allow === TRUE)) - { + if ($this->auth_override === false && + (!($this->config->item('rest_enable_keys') && $this->_allow === true) || + ($this->config->item('allow_auth_and_keys') === true && $this->_allow === true))) { $rest_auth = strtolower($this->config->item('rest_auth')); - switch ($rest_auth) - { + switch ($rest_auth) { case 'basic': $this->_prepare_basic_auth(); break; @@ -555,28 +427,56 @@ public function __construct($config = 'rest') $this->_check_php_session(); break; } - if ($this->config->item('rest_ip_whitelist_enabled') === TRUE) - { - $this->_check_whitelist_auth(); + } + } + + /** + * Does the auth stuff. + */ + private function do_auth($method = false) + { + // If we don't want to do auth, then just return true + if ($method === false) { + return true; + } + + if (file_exists(__DIR__.'/auth/'.$method.'.php')) { + include __DIR__.'/auth/'.$method.'.php'; + } + } + + /** + * @param $config_file + */ + private function get_local_config($config_file) + { + if (file_exists(APPPATH.'config/'.$config_file.'.php')) { + $this->load->config($config_file, false); + } else { + if (file_exists(__DIR__.'/'.$config_file.'.php')) { + $config = []; + include __DIR__.'/'.$config_file.'.php'; + foreach ($config as $key => $value) { + $this->config->set_item($key, $value); + } } } } /** - * Deconstructor + * De-constructor. * * @author Chris Kacerguis - * @access public + * * @return void */ public function __destruct() { - // Get the current timestamp - $this->_end_rtime = microtime(TRUE); - // Log the loading time to the log table - if ($this->config->item('rest_enable_logging') === TRUE) - { + if ($this->config->item('rest_enable_logging') === true) { + // Get the current timestamp + $this->_end_rtime = microtime(true); + $this->_log_access_time(); } } @@ -584,78 +484,81 @@ public function __destruct() /** * Requests are not made to methods directly, the request will be for * an "object". This simply maps the object and method to the correct - * Controller method + * Controller method. * - * @access public - * @param string $object_called - * @param array $arguments The arguments passed to the controller method + * @param string $object_called + * @param array $arguments The arguments passed to the controller method + * + * @throws Exception */ - public function _remap($object_called, $arguments) + public function _remap($object_called, $arguments = []) { // Should we answer if not over SSL? - if ($this->config->item('force_https') && $this->request->ssl === FALSE) - { + if ($this->config->item('force_https') && $this->request->ssl === false) { $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unsupported') - ], self::HTTP_FORBIDDEN); + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unsupported'), + ], self::HTTP_FORBIDDEN); } // Remove the supported format from the function name e.g. index.json => index - $object_called = preg_replace('/^(.*)\.(?:' . implode('|', array_keys($this->_supported_formats)) . ')$/', '$1', $object_called); + $object_called = preg_replace('/^(.*)\.(?:'.implode('|', array_keys($this->_supported_formats)).')$/', '$1', $object_called); - $controller_method = $object_called . '_' . $this->request->method; + $controller_method = $object_called.'_'.$this->request->method; + // Does this method exist? If not, try executing an index method + if (!method_exists($this, $controller_method)) { + $controller_method = 'index_'.$this->request->method; + array_unshift($arguments, $object_called); + } // Do we want to log this method (if allowed by config)? - $log_method = !(isset($this->methods[$controller_method]['log']) && $this->methods[$controller_method]['log'] === FALSE); + $log_method = !(isset($this->methods[$controller_method]['log']) && $this->methods[$controller_method]['log'] === false); // Use keys for this method? - $use_key = !(isset($this->methods[$controller_method]['key']) && $this->methods[$controller_method]['key'] === FALSE); + $use_key = !(isset($this->methods[$controller_method]['key']) && $this->methods[$controller_method]['key'] === false); // They provided a key, but it wasn't valid, so get them out of here - if ($this->config->item('rest_enable_keys') && $use_key && $this->_allow === FALSE) - { - if ($this->config->item('rest_enable_logging') && $log_method) - { + if ($this->config->item('rest_enable_keys') && $use_key && $this->_allow === false) { + if ($this->config->item('rest_enable_logging') && $log_method) { $this->_log_request(); } + // fix cross site to option request error + if ($this->request->method == 'options') { + exit; + } + $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => sprintf($this->lang->line('text_rest_invalid_api_key'), $this->rest->key) - ], self::HTTP_FORBIDDEN); + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => sprintf($this->lang->line('text_rest_invalid_api_key'), $this->rest->key), + ], self::HTTP_FORBIDDEN); } // Check to see if this key has access to the requested controller - if ($this->config->item('rest_enable_keys') && $use_key && empty($this->rest->key) === FALSE && $this->_check_access() === FALSE) - { - if ($this->config->item('rest_enable_logging') && $log_method) - { + if ($this->config->item('rest_enable_keys') && $use_key && empty($this->rest->key) === false && $this->_check_access() === false) { + if ($this->config->item('rest_enable_logging') && $log_method) { $this->_log_request(); } $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_unauthorized') - ], self::HTTP_UNAUTHORIZED); + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_unauthorized'), + ], self::HTTP_UNAUTHORIZED); } // Sure it exists, but can they do anything with it? - if (method_exists($this, $controller_method) === FALSE) - { + if (!method_exists($this, $controller_method)) { $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unknown_method') - ], self::HTTP_NOT_FOUND); + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unknown_method'), + ], self::HTTP_METHOD_NOT_ALLOWED); } // Doing key related stuff? Can only do it if they have a key right? - if ($this->config->item('rest_enable_keys') && empty($this->rest->key) === FALSE) - { + if ($this->config->item('rest_enable_keys') && empty($this->rest->key) === false) { // Check the limit - if ($this->config->item('rest_enable_limits') && $this->_check_limit($controller_method) === FALSE) - { - $response = [$this->config->item('rest_status_field_name') => FALSE, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_time_limit')]; + if ($this->config->item('rest_enable_limits') && $this->_check_limit($controller_method) === false) { + $response = [$this->config->item('rest_status_field_name') => false, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_time_limit')]; $this->response($response, self::HTTP_UNAUTHORIZED); } @@ -664,213 +567,226 @@ public function _remap($object_called, $arguments) // If no level is set, or it is lower than/equal to the key's level $authorized = $level <= $this->rest->level; - // IM TELLIN! - if ($this->config->item('rest_enable_logging') && $log_method) - { + if ($this->config->item('rest_enable_logging') && $log_method) { $this->_log_request($authorized); } + if ($authorized === false) { + // They don't have good enough perms + $response = [$this->config->item('rest_status_field_name') => false, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_permissions')]; + $this->response($response, self::HTTP_UNAUTHORIZED); + } + } - // They don't have good enough perms - $response = [$this->config->item('rest_status_field_name') => FALSE, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_permissions')]; - $authorized || $this->response($response, self::HTTP_UNAUTHORIZED); + //check request limit by ip without login + elseif ($this->config->item('rest_limits_method') == 'IP_ADDRESS' && $this->config->item('rest_enable_limits') && $this->_check_limit($controller_method) === false) { + $response = [$this->config->item('rest_status_field_name') => false, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ip_address_time_limit')]; + $this->response($response, self::HTTP_UNAUTHORIZED); } // No key stuff, but record that stuff is happening - elseif ($this->config->item('rest_enable_logging') && $log_method) - { - $this->_log_request($authorized = TRUE); + elseif ($this->config->item('rest_enable_logging') && $log_method) { + $this->_log_request($authorized = true); } // Call the controller method and passed arguments - try - { - call_user_func_array([$this, $controller_method], $arguments); - } - catch (Exception $ex) - { + try { + if ($this->is_valid_request) { + call_user_func_array([$this, $controller_method], $arguments); + } + } catch (Exception $ex) { + if ($this->config->item('rest_handle_exceptions') === false) { + throw $ex; + } + // If the method doesn't exist, then the error will be caught and an error response shown - $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => [ - 'classname' => get_class($ex), - 'message' => $ex->getMessage() - ] - ], self::HTTP_INTERNAL_SERVER_ERROR); + $_error = &load_class('Exceptions', 'core'); + $_error->show_exception($ex); } } /** - * Takes mixed data and optionally a status code, then creates the response + * Takes mixed data and optionally a status code, then creates the response. * - * @access public - * @param array|NULL $data Data to output to the user - * @param int|NULL $http_code HTTP status code - * @param bool $continue TRUE to flush the response to the client and continue - * running the script; otherwise, exit + * @param array|null $data Data to output to the user + * @param int|null $http_code HTTP status code + * @param bool $continue TRUE to flush the response to the client and continue + * running the script; otherwise, exit */ - public function response($data = NULL, $http_code = NULL, $continue = FALSE) + public function response($data = null, $http_code = null, $continue = false) { - // If the HTTP status is not NULL, then cast as an integer - if ($http_code !== NULL) - { - // So as to be safe later on in the process - $http_code = (int) $http_code; - } - - // Set the output as NULL by default - $output = NULL; - - // If data is NULL and no HTTP status code provided, then display, error and exit - if ($data === NULL && $http_code === NULL) - { - $http_code = self::HTTP_NOT_FOUND; - } - - // If data is not NULL and a HTTP status code provided, then continue - elseif ($data !== NULL) - { - // If the format method exists, call and return the output in that format - if (method_exists($this->format, 'to_' . $this->response->format)) - { - // Set the format header - $this->output->set_content_type($this->_supported_formats[$this->response->format], strtolower($this->config->item('charset'))); - $output = $this->format->factory($data)->{'to_' . $this->response->format}(); - - // An array must be parsed as a string, so as not to cause an array to string error - // Json is the most appropriate form for such a datatype - if ($this->response->format === 'array') - { - $output = $this->format->factory($output)->{'to_json'}(); - } + //if profiling enabled then print profiling data + $isProfilingEnabled = $this->config->item('enable_profiling'); + if (!$isProfilingEnabled) { + ob_start(); + // If the HTTP status is not NULL, then cast as an integer + if ($http_code !== null) { + // So as to be safe later on in the process + $http_code = (int) $http_code; } - else - { - // If an array or object, then parse as a json, so as to be a 'string' - if (is_array($data) || is_object($data)) - { - $data = $this->format->factory($data)->{'to_json'}(); - } - // Format is not supported, so output the raw data as a string - $output = $data; + // Set the output as NULL by default + $output = null; + + // If data is NULL and no HTTP status code provided, then display, error and exit + if ($data === null && $http_code === null) { + $http_code = self::HTTP_NOT_FOUND; } - } - // If not greater than zero, then set the HTTP status code as 200 by default - // Though perhaps 500 should be set instead, for the developer not passing a - // correct HTTP status code - $http_code > 0 || $http_code = self::HTTP_OK; + // If data is not NULL and a HTTP status code provided, then continue + elseif ($data !== null) { + // If the format method exists, call and return the output in that format + $formatter = null; + if ($this->format && method_exists($this->format, 'to_'.$this->response->format)) { + $formatter = $this->format::factory($data); + } elseif (method_exists(Format::class, 'to_'.$this->response->format)) { + $formatter = Format::factory($data); + } - $this->output->set_status_header($http_code); + if ($formatter !== null) { + // CORB protection + // First, get the output content. + $output = $formatter->{'to_'.$this->response->format}(); + + // Set the format header + // Then, check if the client asked for a callback, and if the output contains this callback : + if (isset($this->_get_args['callback']) && $this->response->format == 'json' && preg_match('/^'.$this->_get_args['callback'].'/', $output)) { + $this->output->set_content_type($this->_supported_formats['jsonp'], strtolower($this->config->item('charset'))); + } else { + $this->output->set_content_type($this->_supported_formats[$this->response->format], strtolower($this->config->item('charset'))); + } - // JC: Log response code only if rest logging enabled - if ($this->config->item('rest_enable_logging') === TRUE) - { - $this->_log_response_code($http_code); - } + // An array must be parsed as a string, so as not to cause an array to string error + // Json is the most appropriate form for such a data type + if ($this->response->format === 'array') { + $output = Format::factory($output)->{'to_json'}(); + } + } else { + // If an array or object, then parse as a json, so as to be a 'string' + if (is_array($data) || is_object($data)) { + $data = Format::factory($data)->{'to_json'}(); + } - // Output the data - $this->output->set_output($output); + // Format is not supported, so output the raw data as a string + $output = $data; + } + } - if ($continue === FALSE) - { - // Display the data and exit execution - $this->output->_display(); - exit; - } + // If not greater than zero, then set the HTTP status code as 200 by default + // Though perhaps 500 should be set instead, for the developer not passing a + // correct HTTP status code + $http_code > 0 || $http_code = self::HTTP_OK; + + $this->output->set_status_header($http_code); + + // JC: Log response code only if rest logging enabled + if ($this->config->item('rest_enable_logging') === true) { + $this->_log_response_code($http_code); + } + // Output the data + $this->output->set_output($output); + + if ($continue === false) { + // Display the data and exit execution + $this->output->_display(); + exit; + } else { + if (is_callable('fastcgi_finish_request')) { + // Terminates connection and returns response to client on PHP-FPM. + $this->output->_display(); + ob_end_flush(); + fastcgi_finish_request(); + ignore_user_abort(true); + } else { + // Legacy compatibility. + ob_end_flush(); + } + } + ob_end_flush(); // Otherwise dump the output automatically + } else { + echo json_encode($data); + } } /** * Takes mixed data and optionally a status code, then creates the response * within the buffers of the Output class. The response is sent to the client * lately by the framework, after the current controller's method termination. - * All the hooks after the controller's method termination are executable + * All the hooks after the controller's method termination are executable. * - * @access public - * @param array|NULL $data Data to output to the user - * @param int|NULL $http_code HTTP status code + * @param array|null $data Data to output to the user + * @param int|null $http_code HTTP status code */ - public function set_response($data = NULL, $http_code = NULL) + public function set_response($data = null, $http_code = null) { - $this->response($data, $http_code, TRUE); + $this->response($data, $http_code, true); } /** - * Get the input format e.g. json or xml + * Get the input format e.g. json or xml. * - * @access protected - * @return string|NULL Supported input format; otherwise, NULL + * @return string|null Supported input format; otherwise, NULL */ protected function _detect_input_format() { // Get the CONTENT-TYPE value from the SERVER variable $content_type = $this->input->server('CONTENT_TYPE'); - if (empty($content_type) === FALSE) - { - // Check all formats against the HTTP_ACCEPT header - foreach ($this->_supported_formats as $key => $value) - { - // $key = format e.g. csv - // $value = mime type e.g. application/csv + if (empty($content_type) === false) { + // If a semi-colon exists in the string, then explode by ; and get the value of where + // the current array pointer resides. This will generally be the first element of the array + $content_type = (strpos($content_type, ';') !== false ? current(explode(';', $content_type)) : $content_type); - // If a semi-colon exists in the string, then explode by ; and get the value of where - // the current array pointer resides. This will generally be the first element of the array - $content_type = (strpos($content_type, ';') !== FALSE ? current(explode(';', $content_type)) : $content_type); + // Check all formats against the CONTENT-TYPE header + foreach ($this->_supported_formats as $type => $mime) { + // $type = format e.g. csv + // $mime = mime type e.g. application/csv // If both the mime types match, then return the format - if ($content_type === $value) - { - return $key; + if ($content_type === $mime) { + return $type; } } } - - return NULL; } /** - * Gets the default format from the configuration. Fallbacks to 'json'. + * Gets the default format from the configuration. Fallbacks to 'json' * if the corresponding configuration option $config['rest_default_format'] * is missing or is empty. * - * @access protected * @return string The default supported input format */ protected function _get_default_output_format() { $default_format = (string) $this->config->item('rest_default_format'); + return $default_format === '' ? 'json' : $default_format; } /** - * Detect which format should be used to output the data + * Detect which format should be used to output the data. * - * @access protected - * @return mixed|NULL|string Output format + * @return mixed|null|string Output format */ protected function _detect_output_format() { // Concatenate formats to a regex pattern e.g. \.(csv|json|xml) - $pattern = '/\.(' . implode('|', array_keys($this->_supported_formats)) . ')($|\/)/'; + $pattern = '/\.('.implode('|', array_keys($this->_supported_formats)).')($|\/)/'; $matches = []; // Check if a file extension is used e.g. http://example.com/api/index.json?param1=param2 - if (preg_match($pattern, $this->uri->uri_string(), $matches)) - { + if (preg_match($pattern, $this->uri->uri_string(), $matches)) { return $matches[1]; } // Get the format parameter named as 'format' - if (isset($this->_get_args['format'])) - { + if (isset($this->_get_args['format'])) { $format = strtolower($this->_get_args['format']); - if (isset($this->_supported_formats[$format]) === TRUE) - { + if (isset($this->_supported_formats[$format]) === true) { return $format; } } @@ -879,27 +795,19 @@ protected function _detect_output_format() $http_accept = $this->input->server('HTTP_ACCEPT'); // Otherwise, check the HTTP_ACCEPT server variable - if ($this->config->item('rest_ignore_http_accept') === FALSE && $http_accept !== NULL) - { + if ($this->config->item('rest_ignore_http_accept') === false && $http_accept !== null) { // Check all formats against the HTTP_ACCEPT header - foreach (array_keys($this->_supported_formats) as $format) - { + foreach (array_keys($this->_supported_formats) as $format) { // Has this format been requested? - if (strpos($http_accept, $format) !== FALSE) - { - if ($format !== 'html' && $format !== 'xml') - { + if (strpos($http_accept, $format) !== false) { + if ($format !== 'html' && $format !== 'xml') { // If not HTML or XML assume it's correct return $format; - } - elseif ($format === 'html' && strpos($http_accept, 'xml') === FALSE) - { + } elseif ($format === 'html' && strpos($http_accept, 'xml') === false) { // HTML or XML have shown up as a match // If it is truly HTML, it wont want any XML return $format; - } - else if ($format === 'xml' && strpos($http_accept, 'html') === FALSE) - { + } elseif ($format === 'xml' && strpos($http_accept, 'html') === false) { // If it is truly XML, it wont want any HTML return $format; } @@ -908,8 +816,7 @@ protected function _detect_output_format() } // Check if the controller has a default format - if (empty($this->rest_format) === FALSE) - { + if (empty($this->rest_format) === false) { return $this->rest_format; } @@ -918,41 +825,38 @@ protected function _detect_output_format() } /** - * Get the HTTP request string e.g. get or post + * Get the HTTP request string e.g. get or post. * - * @access protected - * @return string|NULL Supported request method as a lowercase string; otherwise, NULL if not supported + * @return string|null Supported request method as a lowercase string; otherwise, NULL if not supported */ protected function _detect_method() { // Declare a variable to store the method - $method = NULL; + $method = null; // Determine whether the 'enable_emulate_request' setting is enabled - if ($this->config->item('enable_emulate_request') === TRUE) - { + if ($this->config->item('enable_emulate_request') === true) { $method = $this->input->post('_method'); - if ($method === NULL) - { + if ($method === null) { $method = $this->input->server('HTTP_X_HTTP_METHOD_OVERRIDE'); } - $method = strtolower($method); + if ($method !== null) { + $method = strtolower($method); + } } - if (empty($method)) - { + if (empty($method)) { // Get the request method as a lowercase string $method = $this->input->method(); } - return in_array($method, $this->allowed_http_methods) && method_exists($this, '_parse_' . $method) ? $method : 'get'; + return in_array($method, $this->allowed_http_methods) && method_exists($this, '_parse_'.$method) ? $method : 'get'; } /** - * See if the user has provided an API key + * See if the user has provided an API key. * - * @access protected * @return bool */ protected function _detect_api_key() @@ -961,22 +865,24 @@ protected function _detect_api_key() $api_key_variable = $this->config->item('rest_key_name'); // Work out the name of the SERVER entry based on config - $key_name = 'HTTP_' . strtoupper(str_replace('-', '_', $api_key_variable)); + $key_name = 'HTTP_'.strtoupper(str_replace('-', '_', $api_key_variable)); - $this->rest->key = NULL; - $this->rest->level = NULL; - $this->rest->user_id = NULL; - $this->rest->ignore_limits = FALSE; + $this->rest->key = null; + $this->rest->level = null; + $this->rest->user_id = null; + $this->rest->ignore_limits = false; // Find the key from server or arguments - if (($key = isset($this->_args[$api_key_variable]) ? $this->_args[$api_key_variable] : $this->input->server($key_name))) - { - if (!($row = $this->rest->db->where($this->config->item('rest_key_column'), $key)->get($this->config->item('rest_keys_table'))->row())) - { - return FALSE; + if ($key = isset($this->_args[$api_key_variable]) ? $this->_args[$api_key_variable] : $this->input->server($key_name)) { + $this->rest->key = $key; + + if (!($row = $this->rest->db->where($this->config->item('rest_key_column'), $key)->get($this->config->item('rest_keys_table'))->row())) { + return false; } - $this->rest->key = $row->{$this->config->item('rest_key_column')}; + if ($this->config->item('rest_keys_expire') === true && $row->{$this->config->item('rest_keys_expiry_column')} < time()) { + return false; + } isset($row->user_id) && $this->rest->user_id = $row->user_id; isset($row->level) && $this->rest->level = $row->level; @@ -988,63 +894,54 @@ protected function _detect_api_key() * If "is private key" is enabled, compare the ip address with the list * of valid ip addresses stored in the database */ - if (empty($row->is_private_key) === FALSE) - { + if (empty($row->is_private_key) === false) { // Check for a list of valid ip addresses - if (isset($row->ip_addresses)) - { + if (isset($row->ip_addresses)) { // multiple ip addresses must be separated using a comma, explode and loop $list_ip_addresses = explode(',', $row->ip_addresses); - $found_address = FALSE; + $ip_address = $this->input->ip_address(); + $found_address = false; - foreach ($list_ip_addresses as $ip_address) - { - if ($this->input->ip_address() === trim($ip_address)) - { + foreach ($list_ip_addresses as $list_ip) { + if ($ip_address === trim($list_ip)) { // there is a match, set the the value to TRUE and break out of the loop - $found_address = TRUE; + $found_address = true; break; } } return $found_address; - } - else - { + } else { // There should be at least one IP address for this private key - return FALSE; + return false; } } - return TRUE; + return true; } // No key has been sent - return FALSE; + return false; } /** - * Preferred return language + * Preferred return language. * - * @access protected - * @return string|NULL The language code + * @return string|null|array The language code */ protected function _detect_lang() { $lang = $this->input->server('HTTP_ACCEPT_LANGUAGE'); - if ($lang === NULL) - { - return NULL; + if ($lang === null) { + return; } // It appears more than one language has been sent using a comma delimiter - if (strpos($lang, ',') !== FALSE) - { + if (strpos($lang, ',') !== false) { $langs = explode(',', $lang); $return_langs = []; - foreach ($langs as $lang) - { + foreach ($langs as $lang) { // Remove weight and trim leading and trailing whitespace list($lang) = explode(';', $lang); $return_langs[] = trim($lang); @@ -1058,26 +955,28 @@ protected function _detect_lang() } /** - * Add the request to the log table + * Add the request to the log table. * - * @access protected * @param bool $authorized TRUE the user is authorized; otherwise, FALSE + * * @return bool TRUE the data was inserted; otherwise, FALSE */ - protected function _log_request($authorized = FALSE) + protected function _log_request($authorized = false) { // Insert the request into the log table $is_inserted = $this->rest->db ->insert( - $this->config->item('rest_logs_table'), [ - 'uri' => $this->uri->uri_string(), - 'method' => $this->request->method, - 'params' => $this->_args ? ($this->config->item('rest_logs_json_params') === TRUE ? json_encode($this->_args) : serialize($this->_args)) : NULL, - 'api_key' => isset($this->rest->key) ? $this->rest->key : '', - 'ip_address' => $this->input->ip_address(), - 'time' => time(), - 'authorized' => $authorized - ]); + $this->config->item('rest_logs_table'), + [ + 'uri' => $this->uri->uri_string(), + 'method' => $this->request->method, + 'params' => $this->_args ? ($this->config->item('rest_logs_json_params') === true ? json_encode($this->_args) : serialize($this->_args)) : null, + 'api_key' => isset($this->rest->key) ? $this->rest->key : '', + 'ip_address' => $this->input->ip_address(), + 'time' => time(), + 'authorized' => $authorized, + ] + ); // Get the last insert id to update at a later stage of the request $this->_insert_id = $this->rest->db->insert_id(); @@ -1086,111 +985,106 @@ protected function _log_request($authorized = FALSE) } /** - * Check if the requests to a controller method exceed a limit + * Check if the requests to a controller method exceed a limit. + * + * @param string $controller_method The method being called * - * @access protected - * @param string $controller_method The method being called * @return bool TRUE the call limit is below the threshold; otherwise, FALSE */ protected function _check_limit($controller_method) { // They are special, or it might not even have a limit - if (empty($this->rest->ignore_limits) === FALSE) - { + if (empty($this->rest->ignore_limits) === false) { // Everything is fine - return TRUE; - } - - switch ($this->config->item('rest_limits_method')) - { - case 'API_KEY': - $limited_uri = 'api-key:' . (isset($this->rest->key) ? $this->rest->key : ''); - $limited_method_name = isset($this->rest->key) ? $this->rest->key : ''; - break; - - case 'METHOD_NAME': - $limited_uri = 'method-name:' . $controller_method; - $limited_method_name = $controller_method; - break; - - case 'ROUTED_URL': - default: - $limited_uri = $this->uri->ruri_string(); - if (strpos(strrev($limited_uri), strrev($this->response->format)) === 0) - { - $limited_uri = substr($limited_uri,0, -strlen($this->response->format) - 1); - } - $limited_uri = 'uri:' . $limited_uri . ':' . $this->request->method; // It's good to differentiate GET from PUT - $limited_method_name = $controller_method; - break; + return true; } - if (isset($this->methods[$limited_method_name]['limit']) === FALSE ) - { + $api_key = isset($this->rest->key) ? $this->rest->key : ''; + + switch ($this->config->item('rest_limits_method')) { + case 'IP_ADDRESS': + $api_key = $this->input->ip_address(); + $limited_uri = 'ip-address:'.$api_key; + break; + + case 'API_KEY': + $limited_uri = 'api-key:'.$api_key; + break; + + case 'METHOD_NAME': + $limited_uri = 'method-name:'.$controller_method; + break; + + case 'ROUTED_URL': + default: + $limited_uri = $this->uri->ruri_string(); + if (strpos(strrev($limited_uri), strrev($this->response->format)) === 0) { + $limited_uri = substr($limited_uri, 0, -strlen($this->response->format) - 1); + } + $limited_uri = 'uri:'.$limited_uri.':'.$this->request->method; // It's good to differentiate GET from PUT + break; + } + + if (isset($this->methods[$controller_method]['limit']) === false) { // Everything is fine - return TRUE; + return true; } // How many times can you get to this method in a defined time_limit (default: 1 hour)? - $limit = $this->methods[$limited_method_name]['limit']; + $limit = $this->methods[$controller_method]['limit']; - $time_limit = (isset($this->methods[$limited_method_name]['time']) ? $this->methods[$limited_method_name]['time'] : 3600); // 3600 = 60 * 60 + $time_limit = (isset($this->methods[$controller_method]['time']) ? $this->methods[$controller_method]['time'] : 3600); // 3600 = 60 * 60 // Get data about a keys' usage and limit to one row $result = $this->rest->db ->where('uri', $limited_uri) - ->where('api_key', $this->rest->key) + ->where('api_key', $api_key) ->get($this->config->item('rest_limits_table')) ->row(); // No calls have been made for this key - if ($result === NULL) - { + if ($result === null) { // Create a new row for the following key $this->rest->db->insert($this->config->item('rest_limits_table'), [ - 'uri' => $limited_uri, - 'api_key' => isset($this->rest->key) ? $this->rest->key : '', - 'count' => 1, - 'hour_started' => time() + 'uri' => $limited_uri, + 'api_key' => $api_key, + 'count' => 1, + 'hour_started' => time(), ]); } // Been a time limit (or by default an hour) since they called - elseif ($result->hour_started < (time() - $time_limit)) - { + elseif ($result->hour_started < (time() - $time_limit)) { // Reset the started period and count $this->rest->db ->where('uri', $limited_uri) - ->where('api_key', isset($this->rest->key) ? $this->rest->key : '') + ->where('api_key', $api_key) ->set('hour_started', time()) ->set('count', 1) ->update($this->config->item('rest_limits_table')); } // They have called within the hour, so lets update - else - { + else { // The limit has been exceeded - if ($result->count >= $limit) - { - return FALSE; + if ($result->count >= $limit) { + return false; } // Increase the count by one $this->rest->db ->where('uri', $limited_uri) - ->where('api_key', $this->rest->key) - ->set('count', 'count + 1', FALSE) + ->where('api_key', $api_key) + ->set('count', 'count + 1', false) ->update($this->config->item('rest_limits_table')); } - return TRUE; + return true; } /** - * Check if there is a specific auth type set for the current class/method/HTTP-method being called + * Check if there is a specific auth type set for the current class/method/HTTP-method being called. * - * @access protected * @return bool */ protected function _auth_override_check() @@ -1199,89 +1093,76 @@ protected function _auth_override_check() $auth_override_class_method = $this->config->item('auth_override_class_method'); // Check to see if the override array is even populated - if (!empty($auth_override_class_method)) - { - // check for wildcard flag for rules for classes - if (!empty($auth_override_class_method[$this->router->class]['*'])) // Check for class overrides - { - // None auth override found, prepare nothing but send back a TRUE override flag - if ($auth_override_class_method[$this->router->class]['*'] === 'none') - { - return TRUE; + if (!empty($auth_override_class_method)) { + // Check for wildcard flag for rules for classes + if (!empty($auth_override_class_method[$this->router->class]['*'])) { // Check for class overrides + // No auth override found, prepare nothing but send back a TRUE override flag + if ($auth_override_class_method[$this->router->class]['*'] === 'none') { + return true; } // Basic auth override found, prepare basic - if ($auth_override_class_method[$this->router->class]['*'] === 'basic') - { + if ($auth_override_class_method[$this->router->class]['*'] === 'basic') { $this->_prepare_basic_auth(); - return TRUE; + return true; } // Digest auth override found, prepare digest - if ($auth_override_class_method[$this->router->class]['*'] === 'digest') - { + if ($auth_override_class_method[$this->router->class]['*'] === 'digest') { $this->_prepare_digest_auth(); - return TRUE; + return true; } // Session auth override found, check session - if ($auth_override_class_method[$this->router->class]['*'] === 'session') - { + if ($auth_override_class_method[$this->router->class]['*'] === 'session') { $this->_check_php_session(); - return TRUE; + return true; } // Whitelist auth override found, check client's ip against config whitelist - if ($auth_override_class_method[$this->router->class]['*'] === 'whitelist') - { + if ($auth_override_class_method[$this->router->class]['*'] === 'whitelist') { $this->_check_whitelist_auth(); - return TRUE; + return true; } } // Check to see if there's an override value set for the current class/method being called - if (!empty($auth_override_class_method[$this->router->class][$this->router->method])) - { + if (!empty($auth_override_class_method[$this->router->class][$this->router->method])) { // None auth override found, prepare nothing but send back a TRUE override flag - if ($auth_override_class_method[$this->router->class][$this->router->method] === 'none') - { - return TRUE; + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'none') { + return true; } // Basic auth override found, prepare basic - if ($auth_override_class_method[$this->router->class][$this->router->method] === 'basic') - { + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'basic') { $this->_prepare_basic_auth(); - return TRUE; + return true; } // Digest auth override found, prepare digest - if ($auth_override_class_method[$this->router->class][$this->router->method] === 'digest') - { + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'digest') { $this->_prepare_digest_auth(); - return TRUE; + return true; } // Session auth override found, check session - if ($auth_override_class_method[$this->router->class][$this->router->method] === 'session') - { + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'session') { $this->_check_php_session(); - return TRUE; + return true; } // Whitelist auth override found, check client's ip against config whitelist - if ($auth_override_class_method[$this->router->class][$this->router->method] === 'whitelist') - { + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'whitelist') { $this->_check_whitelist_auth(); - return TRUE; + return true; } } } @@ -1290,99 +1171,86 @@ protected function _auth_override_check() $auth_override_class_method_http = $this->config->item('auth_override_class_method_http'); // Check to see if the override array is even populated - if (!empty($auth_override_class_method_http)) - { + if (!empty($auth_override_class_method_http)) { // check for wildcard flag for rules for classes - if(!empty($auth_override_class_method_http[$this->router->class]['*'][$this->request->method])) - { + if (!empty($auth_override_class_method_http[$this->router->class]['*'][$this->request->method])) { // None auth override found, prepare nothing but send back a TRUE override flag - if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'none') - { - return TRUE; + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'none') { + return true; } // Basic auth override found, prepare basic - if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'basic') - { + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'basic') { $this->_prepare_basic_auth(); - return TRUE; + return true; } // Digest auth override found, prepare digest - if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'digest') - { + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'digest') { $this->_prepare_digest_auth(); - return TRUE; + return true; } // Session auth override found, check session - if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'session') - { + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'session') { $this->_check_php_session(); - return TRUE; + return true; } // Whitelist auth override found, check client's ip against config whitelist - if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'whitelist') - { + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'whitelist') { $this->_check_whitelist_auth(); - return TRUE; + return true; } } // Check to see if there's an override value set for the current class/method/HTTP-method being called - if(!empty($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method])) - { + if (!empty($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method])) { // None auth override found, prepare nothing but send back a TRUE override flag - if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'none') - { - return TRUE; + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'none') { + return true; } // Basic auth override found, prepare basic - if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'basic') - { + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'basic') { $this->_prepare_basic_auth(); - return TRUE; + return true; } // Digest auth override found, prepare digest - if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'digest') - { + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'digest') { $this->_prepare_digest_auth(); - return TRUE; + return true; } // Session auth override found, check session - if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'session') - { + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'session') { $this->_check_php_session(); - return TRUE; + return true; } // Whitelist auth override found, check client's ip against config whitelist - if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'whitelist') - { + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'whitelist') { $this->_check_whitelist_auth(); - return TRUE; + return true; } } } - return FALSE; + + return false; } /** - * Parse the GET request arguments + * Parse the GET request arguments. * - * @access protected * @return void */ protected function _parse_get() @@ -1392,44 +1260,40 @@ protected function _parse_get() } /** - * Parse the POST request arguments + * Parse the POST request arguments. * - * @access protected * @return void */ protected function _parse_post() { $this->_post_args = $_POST; - if ($this->request->format) - { + if ($this->request->format) { $this->request->body = $this->input->raw_input_stream; } } /** - * Parse the PUT request arguments + * Parse the PUT request arguments. * - * @access protected * @return void */ protected function _parse_put() { - if ($this->request->format) - { + if ($this->request->format) { $this->request->body = $this->input->raw_input_stream; - } - else if ($this->input->method() === 'put') - { - // If no filetype is provided, then there are probably just arguments - $this->_put_args = $this->input->input_stream(); + if ($this->request->format === 'json') { + $this->_put_args = json_decode($this->input->raw_input_stream); + } + } elseif ($this->input->method() === 'put') { + // If no file type is provided, then there are probably just arguments + $this->_put_args = $this->input->input_stream(); } } /** - * Parse the HEAD request arguments + * Parse the HEAD request arguments. * - * @access protected * @return void */ protected function _parse_head() @@ -1442,9 +1306,8 @@ protected function _parse_head() } /** - * Parse the OPTIONS request arguments + * Parse the OPTIONS request arguments. * - * @access protected * @return void */ protected function _parse_options() @@ -1457,44 +1320,37 @@ protected function _parse_options() } /** - * Parse the PATCH request arguments + * Parse the PATCH request arguments. * - * @access protected * @return void */ protected function _parse_patch() { // It might be a HTTP body - if ($this->request->format) - { + if ($this->request->format) { $this->request->body = $this->input->raw_input_stream; - } - else if ($this->input->method() === 'patch') - { - // If no filetype is provided, then there are probably just arguments + } elseif ($this->input->method() === 'patch') { + // If no file type is provided, then there are probably just arguments $this->_patch_args = $this->input->input_stream(); } } /** - * Parse the DELETE request arguments + * Parse the DELETE request arguments. * - * @access protected * @return void */ protected function _parse_delete() { // These should exist if a DELETE request - if ($this->input->method() === 'delete') - { + if ($this->input->method() === 'delete') { $this->_delete_args = $this->input->input_stream(); } } /** - * Parse the query parameters + * Parse the query parameters. * - * @access protected * @return void */ protected function _parse_query() @@ -1505,177 +1361,172 @@ protected function _parse_query() // INPUT FUNCTION -------------------------------------------------------------- /** - * Retrieve a value from a GET request + * Retrieve a value from a GET request. * - * @access public - * @param NULL $key Key to retrieve from the GET request - * If NULL an array of arguments is returned - * @param NULL $xss_clean Whether to apply XSS filtering - * @return array|string|NULL Value from the GET request; otherwise, NULL + * @param null $key Key to retrieve from the GET request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the GET request; otherwise, NULL */ - public function get($key = NULL, $xss_clean = NULL) + public function get($key = null, $xss_clean = null) { - if ($key === NULL) - { + if ($key === null) { return $this->_get_args; } - return isset($this->_get_args[$key]) ? $this->_xss_clean($this->_get_args[$key], $xss_clean) : NULL; + return isset($this->_get_args[$key]) ? $this->_xss_clean($this->_get_args[$key], $xss_clean) : null; } /** - * Retrieve a value from a OPTIONS request + * Retrieve a value from a OPTIONS request. + * + * @param null $key Key to retrieve from the OPTIONS request. + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering * - * @access public - * @param NULL $key Key to retrieve from the OPTIONS request. - * If NULL an array of arguments is returned - * @param NULL $xss_clean Whether to apply XSS filtering - * @return array|string|NULL Value from the OPTIONS request; otherwise, NULL + * @return array|string|null Value from the OPTIONS request; otherwise, NULL */ - public function options($key = NULL, $xss_clean = NULL) + public function options($key = null, $xss_clean = null) { - if ($key === NULL) - { + if ($key === null) { return $this->_options_args; } - return isset($this->_options_args[$key]) ? $this->_xss_clean($this->_options_args[$key], $xss_clean) : NULL; + return isset($this->_options_args[$key]) ? $this->_xss_clean($this->_options_args[$key], $xss_clean) : null; } /** - * Retrieve a value from a HEAD request + * Retrieve a value from a HEAD request. * - * @access public - * @param NULL $key Key to retrieve from the HEAD request - * If NULL an array of arguments is returned - * @param NULL $xss_clean Whether to apply XSS filtering - * @return array|string|NULL Value from the HEAD request; otherwise, NULL + * @param null $key Key to retrieve from the HEAD request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the HEAD request; otherwise, NULL */ - public function head($key = NULL, $xss_clean = NULL) + public function head($key = null, $xss_clean = null) { - if ($key === NULL) - { + if ($key === null) { return $this->_head_args; } - return isset($this->_head_args[$key]) ? $this->_xss_clean($this->_head_args[$key], $xss_clean) : NULL; + return isset($this->_head_args[$key]) ? $this->_xss_clean($this->_head_args[$key], $xss_clean) : null; } /** - * Retrieve a value from a POST request + * Retrieve a value from a POST request. + * + * @param null $key Key to retrieve from the POST request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering * - * @access public - * @param NULL $key Key to retrieve from the POST request - * If NULL an array of arguments is returned - * @param NULL $xss_clean Whether to apply XSS filtering - * @return array|string|NULL Value from the POST request; otherwise, NULL + * @return array|string|null Value from the POST request; otherwise, NULL */ - public function post($key = NULL, $xss_clean = NULL) + public function post($key = null, $xss_clean = null) { - if ($key === NULL) - { + if ($key === null) { + foreach (new RecursiveIteratorIterator(new RecursiveArrayIterator($this->_post_args), RecursiveIteratorIterator::CATCH_GET_CHILD) as $key => $value) { + $this->_post_args[$key] = $this->_xss_clean($this->_post_args[$key], $xss_clean); + } + return $this->_post_args; } - return isset($this->_post_args[$key]) ? $this->_xss_clean($this->_post_args[$key], $xss_clean) : NULL; + return isset($this->_post_args[$key]) ? $this->_xss_clean($this->_post_args[$key], $xss_clean) : null; } /** - * Retrieve a value from a PUT request + * Retrieve a value from a PUT request. + * + * @param null $key Key to retrieve from the PUT request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering * - * @access public - * @param NULL $key Key to retrieve from the PUT request - * If NULL an array of arguments is returned - * @param NULL $xss_clean Whether to apply XSS filtering - * @return array|string|NULL Value from the PUT request; otherwise, NULL + * @return array|string|null Value from the PUT request; otherwise, NULL */ - public function put($key = NULL, $xss_clean = NULL) + public function put($key = null, $xss_clean = null) { - if ($key === NULL) - { + if ($key === null) { return $this->_put_args; } - return isset($this->_put_args[$key]) ? $this->_xss_clean($this->_put_args[$key], $xss_clean) : NULL; + return isset($this->_put_args[$key]) ? $this->_xss_clean($this->_put_args[$key], $xss_clean) : null; } /** - * Retrieve a value from a DELETE request + * Retrieve a value from a DELETE request. * - * @access public - * @param NULL $key Key to retrieve from the DELETE request - * If NULL an array of arguments is returned - * @param NULL $xss_clean Whether to apply XSS filtering - * @return array|string|NULL Value from the DELETE request; otherwise, NULL + * @param null $key Key to retrieve from the DELETE request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the DELETE request; otherwise, NULL */ - public function delete($key = NULL, $xss_clean = NULL) + public function delete($key = null, $xss_clean = null) { - if ($key === NULL) - { + if ($key === null) { return $this->_delete_args; } - return isset($this->_delete_args[$key]) ? $this->_xss_clean($this->_delete_args[$key], $xss_clean) : NULL; + return isset($this->_delete_args[$key]) ? $this->_xss_clean($this->_delete_args[$key], $xss_clean) : null; } /** - * Retrieve a value from a PATCH request + * Retrieve a value from a PATCH request. + * + * @param null $key Key to retrieve from the PATCH request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering * - * @access public - * @param NULL $key Key to retrieve from the PATCH request - * If NULL an array of arguments is returned - * @param NULL $xss_clean Whether to apply XSS filtering - * @return array|string|NULL Value from the PATCH request; otherwise, NULL + * @return array|string|null Value from the PATCH request; otherwise, NULL */ - public function patch($key = NULL, $xss_clean = NULL) + public function patch($key = null, $xss_clean = null) { - if ($key === NULL) - { + if ($key === null) { return $this->_patch_args; } - return isset($this->_patch_args[$key]) ? $this->_xss_clean($this->_patch_args[$key], $xss_clean) : NULL; + return isset($this->_patch_args[$key]) ? $this->_xss_clean($this->_patch_args[$key], $xss_clean) : null; } /** - * Retrieve a value from the query parameters + * Retrieve a value from the query parameters. * - * @access public - * @param NULL $key Key to retrieve from the query parameters - * If NULL an array of arguments is returned - * @param NULL $xss_clean Whether to apply XSS filtering - * @return array|string|NULL Value from the query parameters; otherwise, NULL + * @param null $key Key to retrieve from the query parameters + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the query parameters; otherwise, NULL */ - public function query($key = NULL, $xss_clean = NULL) + public function query($key = null, $xss_clean = null) { - if ($key === NULL) - { + if ($key === null) { return $this->_query_args; } - return isset($this->_query_args[$key]) ? $this->_xss_clean($this->_query_args[$key], $xss_clean) : NULL; + return isset($this->_query_args[$key]) ? $this->_xss_clean($this->_query_args[$key], $xss_clean) : null; } /** * Sanitizes data so that Cross Site Scripting Hacks can be - * prevented + * prevented. + * + * @param string $value Input data + * @param bool $xss_clean Whether to apply XSS filtering * - * @access protected - * @param string $value Input data - * @param bool $xss_clean Whether to apply XSS filtering * @return string */ protected function _xss_clean($value, $xss_clean) { is_bool($xss_clean) || $xss_clean = $this->_enable_xss; - return $xss_clean === TRUE ? $this->security->xss_clean($value) : $value; + return $xss_clean === true ? $this->security->xss_clean($value) : $value; } /** - * Retrieve the validation errors + * Retrieve the validation errors. * - * @access public * @return array */ public function validation_errors() @@ -1688,133 +1539,131 @@ public function validation_errors() // SECURITY FUNCTIONS --------------------------------------------------------- /** - * Perform LDAP Authentication + * Perform LDAP Authentication. + * + * @param string $username The username to validate + * @param string $password The password to validate * - * @access protected - * @param string $username The username to validate - * @param string $password The password to validate * @return bool */ - protected function _perform_ldap_auth($username = '', $password = NULL) + protected function _perform_ldap_auth($username = '', $password = null) { - if (empty($username)) - { + if (empty($username)) { log_message('debug', 'LDAP Auth: failure, empty username'); - return FALSE; + + return false; } log_message('debug', 'LDAP Auth: Loading configuration'); - $this->config->load('ldap.php', TRUE); + $this->config->load('ldap', true); $ldap = [ 'timeout' => $this->config->item('timeout', 'ldap'), - 'host' => $this->config->item('server', 'ldap'), - 'port' => $this->config->item('port', 'ldap'), - 'rdn' => $this->config->item('binduser', 'ldap'), - 'pass' => $this->config->item('bindpw', 'ldap'), - 'basedn' => $this->config->item('basedn', 'ldap'), + 'host' => $this->config->item('server', 'ldap'), + 'port' => $this->config->item('port', 'ldap'), + 'rdn' => $this->config->item('binduser', 'ldap'), + 'pass' => $this->config->item('bindpw', 'ldap'), + 'basedn' => $this->config->item('basedn', 'ldap'), ]; - log_message('debug', 'LDAP Auth: Connect to ' . (isset($ldaphost) ? $ldaphost : '[ldap not configured]')); + log_message('debug', 'LDAP Auth: Connect to '.(isset($ldap['host']) ? $ldap['host'] : '[ldap not configured]')); // Connect to the ldap server $ldapconn = ldap_connect($ldap['host'], $ldap['port']); - if ($ldapconn) - { - log_message('debug', 'Setting timeout to ' . $ldap['timeout'] . ' seconds'); + if ($ldapconn) { + log_message('debug', 'Setting timeout to '.$ldap['timeout'].' seconds'); ldap_set_option($ldapconn, LDAP_OPT_NETWORK_TIMEOUT, $ldap['timeout']); - log_message('debug', 'LDAP Auth: Binding to ' . $ldap['host'] . ' with dn ' . $ldap['rdn']); + log_message('debug', 'LDAP Auth: Binding to '.$ldap['host'].' with dn '.$ldap['rdn']); // Binding to the ldap server $ldapbind = ldap_bind($ldapconn, $ldap['rdn'], $ldap['pass']); // Verify the binding - if ($ldapbind === FALSE) - { + if ($ldapbind === false) { log_message('error', 'LDAP Auth: bind was unsuccessful'); - return FALSE; + + return false; } log_message('debug', 'LDAP Auth: bind successful'); } // Search for user - if (($res_id = ldap_search($ldapconn, $ldap['basedn'], "uid=$username")) === FALSE) - { - log_message('error', 'LDAP Auth: User ' . $username . ' not found in search'); - return FALSE; + if (($res_id = ldap_search($ldapconn, $ldap['basedn'], "uid=$username")) === false) { + log_message('error', 'LDAP Auth: User '.$username.' not found in search'); + + return false; } - if (ldap_count_entries($ldapconn, $res_id) !== 1) - { - log_message('error', 'LDAP Auth: Failure, username ' . $username . 'found more than once'); - return FALSE; + if (ldap_count_entries($ldapconn, $res_id) !== 1) { + log_message('error', 'LDAP Auth: Failure, username '.$username.'found more than once'); + + return false; } - if (($entry_id = ldap_first_entry($ldapconn, $res_id)) === FALSE) - { + if (($entry_id = ldap_first_entry($ldapconn, $res_id)) === false) { log_message('error', 'LDAP Auth: Failure, entry of search result could not be fetched'); - return FALSE; + + return false; } - if (($user_dn = ldap_get_dn($ldapconn, $entry_id)) === FALSE) - { + if (($user_dn = ldap_get_dn($ldapconn, $entry_id)) === false) { log_message('error', 'LDAP Auth: Failure, user-dn could not be fetched'); - return FALSE; + + return false; } // User found, could not authenticate as user - if (($link_id = ldap_bind($ldapconn, $user_dn, $password)) === FALSE) - { - log_message('error', 'LDAP Auth: Failure, username/password did not match: ' . $user_dn); - return FALSE; + if (($link_id = ldap_bind($ldapconn, $user_dn, $password)) === false) { + log_message('error', 'LDAP Auth: Failure, username/password did not match: '.$user_dn); + + return false; } - log_message('debug', 'LDAP Auth: Success ' . $user_dn . ' authenticated successfully'); + log_message('debug', 'LDAP Auth: Success '.$user_dn.' authenticated successfully'); $this->_user_ldap_dn = $user_dn; ldap_close($ldapconn); - return TRUE; + return true; } /** - * Perform Library Authentication - Override this function to change the way the library is called + * Perform Library Authentication - Override this function to change the way the library is called. + * + * @param string $username The username to validate + * @param string $password The password to validate * - * @access protected - * @param string $username The username to validate - * @param string $password The password to validate * @return bool */ - protected function _perform_library_auth($username = '', $password = NULL) + protected function _perform_library_auth($username = '', $password = null) { - if (empty($username)) - { + if (empty($username)) { log_message('error', 'Library Auth: Failure, empty username'); - return FALSE; + + return false; } $auth_library_class = strtolower($this->config->item('auth_library_class')); $auth_library_function = strtolower($this->config->item('auth_library_function')); - if (empty($auth_library_class)) - { + if (empty($auth_library_class)) { log_message('debug', 'Library Auth: Failure, empty auth_library_class'); - return FALSE; + + return false; } - if (empty($auth_library_function)) - { + if (empty($auth_library_function)) { log_message('debug', 'Library Auth: Failure, empty auth_library_function'); - return FALSE; + + return false; } - if (is_callable([$auth_library_class, $auth_library_function]) === FALSE) - { + if (is_callable([$auth_library_class, $auth_library_function]) === false) { $this->load->library($auth_library_class); } @@ -1822,144 +1671,133 @@ protected function _perform_library_auth($username = '', $password = NULL) } /** - * Check if the user is logged in + * Check if the user is logged in. + * + * @param string $username The user's name + * @param bool|string $password The user's password * - * @access protected - * @param string $username The user's name - * @param bool|string $password The user's password * @return bool */ - protected function _check_login($username = NULL, $password = FALSE) + protected function _check_login($username = null, $password = false) { - if (empty($username)) - { - return FALSE; + if (empty($username)) { + return false; } $auth_source = strtolower($this->config->item('auth_source')); $rest_auth = strtolower($this->config->item('rest_auth')); $valid_logins = $this->config->item('rest_valid_logins'); - if (!$this->config->item('auth_source') && $rest_auth === 'digest') - { + if (!$this->config->item('auth_source') && $rest_auth === 'digest') { // For digest we do not have a password passed as argument - return md5($username . ':' . $this->config->item('rest_realm') . ':' . (isset($valid_logins[$username]) ? $valid_logins[$username] : '')); + return md5($username.':'.$this->config->item('rest_realm').':'.(isset($valid_logins[$username]) ? $valid_logins[$username] : '')); } - if ($password === FALSE) - { - return FALSE; + if ($password === false) { + return false; } - if ($auth_source === 'ldap') - { + if ($auth_source === 'ldap') { log_message('debug', "Performing LDAP authentication for $username"); return $this->_perform_ldap_auth($username, $password); } - if ($auth_source === 'library') - { + if ($auth_source === 'library') { log_message('debug', "Performing Library authentication for $username"); return $this->_perform_library_auth($username, $password); } - if (array_key_exists($username, $valid_logins) === FALSE) - { - return FALSE; + if (array_key_exists($username, $valid_logins) === false) { + return false; } - if ($valid_logins[$username] !== $password) - { - return FALSE; + if ($valid_logins[$username] !== $password) { + return false; } - return TRUE; + return true; } /** - * Check to see if the user is logged in with a PHP session key + * Check to see if the user is logged in with a PHP session key. * - * @access protected * @return void */ protected function _check_php_session() { + // If whitelist is enabled it has the first chance to kick them out + if ($this->config->item('rest_ip_whitelist_enabled')) { + $this->_check_whitelist_auth(); + } + + // Load library session of CodeIgniter + $this->load->library('session'); + // Get the auth_source config item $key = $this->config->item('auth_source'); - // If falsy, then the user isn't logged in - if (!$this->session->userdata($key)) - { + // If false, then the user isn't logged in + if (!$this->session->userdata($key)) { // Display an error response $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unauthorized') - ], self::HTTP_UNAUTHORIZED); + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unauthorized'), + ], self::HTTP_UNAUTHORIZED); } } /** - * Prepares for basic authentication + * Prepares for basic authentication. * - * @access protected * @return void */ protected function _prepare_basic_auth() { // If whitelist is enabled it has the first chance to kick them out - if ($this->config->item('rest_ip_whitelist_enabled')) - { + if ($this->config->item('rest_ip_whitelist_enabled')) { $this->_check_whitelist_auth(); } // Returns NULL if the SERVER variables PHP_AUTH_USER and HTTP_AUTHENTICATION don't exist $username = $this->input->server('PHP_AUTH_USER'); - $http_auth = $this->input->server('HTTP_AUTHENTICATION'); + $http_auth = $this->input->server('HTTP_AUTHENTICATION') ?: $this->input->server('HTTP_AUTHORIZATION'); - $password = NULL; - if ($username !== NULL) - { + $password = null; + if ($username !== null) { $password = $this->input->server('PHP_AUTH_PW'); - } - elseif ($http_auth !== NULL) - { + } elseif ($http_auth !== null) { // If the authentication header is set as basic, then extract the username and password from // HTTP_AUTHORIZATION e.g. my_username:my_password. This is passed in the .htaccess file - if (strpos(strtolower($http_auth), 'basic') === 0) - { + if (strpos(strtolower($http_auth), 'basic') === 0) { // Search online for HTTP_AUTHORIZATION workaround to explain what this is doing list($username, $password) = explode(':', base64_decode(substr($this->input->server('HTTP_AUTHORIZATION'), 6))); } } // Check if the user is logged into the system - if ($this->_check_login($username, $password) === FALSE) - { + if ($this->_check_login($username, $password) === false) { $this->_force_login(); } } /** - * Prepares for digest authentication + * Prepares for digest authentication. * - * @access protected * @return void */ protected function _prepare_digest_auth() { // If whitelist is enabled it has the first chance to kick them out - if ($this->config->item('rest_ip_whitelist_enabled')) - { + if ($this->config->item('rest_ip_whitelist_enabled')) { $this->_check_whitelist_auth(); } // We need to test which server authentication variable to use, // because the PHP ISAPI module in IIS acts different from CGI $digest_string = $this->input->server('PHP_AUTH_DIGEST'); - if ($digest_string === NULL) - { + if ($digest_string === null) { $digest_string = $this->input->server('HTTP_AUTHORIZATION'); } @@ -1967,8 +1805,7 @@ protected function _prepare_digest_auth() // The $_SESSION['error_prompted'] variable is used to ask the password // again if none given or if the user enters wrong auth information - if (empty($digest_string)) - { + if (empty($digest_string)) { $this->_force_login($unique_id); } @@ -1977,31 +1814,28 @@ protected function _prepare_digest_auth() preg_match_all('@(username|nonce|uri|nc|cnonce|qop|response)=[\'"]?([^\'",]+)@', $digest_string, $matches); $digest = (empty($matches[1]) || empty($matches[2])) ? [] : array_combine($matches[1], $matches[2]); - // For digest authentication the library function should return already stored md5(username:restrealm:password) for that username @see rest.php::auth_library_function config - $username = $this->_check_login($digest['username'], TRUE); - if (array_key_exists('username', $digest) === FALSE || $username === FALSE) - { + // For digest authentication the library function should return already stored md5(username:restrealm:password) for that username see rest.php::auth_library_function config + $username = $this->_check_login($digest['username'], true); + if (isset($digest['username']) === false || $username === false) { $this->_force_login($unique_id); } - $md5 = md5(strtoupper($this->request->method) . ':' . $digest['uri']); - $valid_response = md5($username . ':' . $digest['nonce'] . ':' . $digest['nc'] . ':' . $digest['cnonce'] . ':' . $digest['qop'] . ':' . $md5); + $md5 = md5(strtoupper($this->request->method).':'.$digest['uri']); + $valid_response = md5($username.':'.$digest['nonce'].':'.$digest['nc'].':'.$digest['cnonce'].':'.$digest['qop'].':'.$md5); // Check if the string don't compare (case-insensitive) - if (strcasecmp($digest['response'], $valid_response) !== 0) - { + if (strcasecmp($digest['response'], $valid_response) !== 0) { // Display an error response $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_invalid_credentials') - ], self::HTTP_UNAUTHORIZED); + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_invalid_credentials'), + ], self::HTTP_UNAUTHORIZED); } } /** - * Checks if the client's ip is in the 'rest_ip_blacklist' config and generates a 401 response + * Checks if the client's ip is in the 'rest_ip_blacklist' config and generates a 401 response. * - * @access protected * @return void */ protected function _check_blacklist_auth() @@ -2010,20 +1844,18 @@ protected function _check_blacklist_auth() $pattern = sprintf('/(?:,\s*|^)\Q%s\E(?=,\s*|$)/m', $this->input->ip_address()); // Returns 1, 0 or FALSE (on error only). Therefore implicitly convert 1 to TRUE - if (preg_match($pattern, $this->config->item('rest_ip_blacklist'))) - { + if (preg_match($pattern, $this->config->item('rest_ip_blacklist'))) { // Display an error response $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ip_denied') - ], self::HTTP_UNAUTHORIZED); + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ip_denied'), + ], self::HTTP_UNAUTHORIZED); } } /** - * Check if the client's ip is in the 'rest_ip_whitelist' config and generates a 401 response + * Check if the client's ip is in the 'rest_ip_whitelist' config and generates a 401 response. * - * @access protected * @return void */ protected function _check_whitelist_auth() @@ -2032,120 +1864,188 @@ protected function _check_whitelist_auth() array_push($whitelist, '127.0.0.1', '0.0.0.0'); - foreach ($whitelist as &$ip) - { + foreach ($whitelist as &$ip) { // As $ip is a reference, trim leading and trailing whitespace, then store the new value // using the reference $ip = trim($ip); } - if (in_array($this->input->ip_address(), $whitelist) === FALSE) - { + if (in_array($this->input->ip_address(), $whitelist) === false) { $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ip_unauthorized') - ], self::HTTP_UNAUTHORIZED); + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ip_unauthorized'), + ], self::HTTP_UNAUTHORIZED); } } /** - * Force logging in by setting the WWW-Authenticate header + * Force logging in by setting the WWW-Authenticate header. * - * @access protected * @param string $nonce A server-specified data string which should be uniquely generated - * each time + * each time + * * @return void */ protected function _force_login($nonce = '') { - $rest_auth = $this->config->item('rest_auth'); + $rest_auth = strtolower($this->config->item('rest_auth')); $rest_realm = $this->config->item('rest_realm'); - if (strtolower($rest_auth) === 'basic') - { + if ($rest_auth === 'basic') { // See http://tools.ietf.org/html/rfc2617#page-5 - header('WWW-Authenticate: Basic realm="' . $rest_realm . '"'); - } - elseif (strtolower($rest_auth) === 'digest') - { + header('WWW-Authenticate: Basic realm="'.$rest_realm.'"'); + } elseif ($rest_auth === 'digest') { // See http://tools.ietf.org/html/rfc2617#page-18 header( - 'WWW-Authenticate: Digest realm="' . $rest_realm - . '", qop="auth", nonce="' . $nonce - . '", opaque="' . md5($rest_realm) . '"'); + 'WWW-Authenticate: Digest realm="'.$rest_realm + .'", qop="auth", nonce="'.$nonce + .'", opaque="'.md5($rest_realm).'"' + ); + } + + if ($this->config->item('strict_api_and_auth') === true) { + $this->is_valid_request = false; } // Display an error response $this->response([ - $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unauthorized') - ], self::HTTP_UNAUTHORIZED); + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unauthorized'), + ], self::HTTP_UNAUTHORIZED); } /** - * Updates the log table with the total access time + * Updates the log table with the total access time. * - * @access protected * @author Chris Kacerguis + * * @return bool TRUE log table updated; otherwise, FALSE */ protected function _log_access_time() { + if ($this->_insert_id == '') { + return false; + } + $payload['rtime'] = $this->_end_rtime - $this->_start_rtime; return $this->rest->db->update( - $this->config->item('rest_logs_table'), $payload, [ - 'id' => $this->_insert_id - ]); + $this->config->item('rest_logs_table'), + $payload, + [ + 'id' => $this->_insert_id, + ] + ); } /** - * Updates the log table with HTTP response code + * Updates the log table with HTTP response code. * - * @access protected * @author Justin Chen + * * @param $http_code int HTTP status code + * * @return bool TRUE log table updated; otherwise, FALSE */ protected function _log_response_code($http_code) { + if ($this->_insert_id == '') { + return false; + } + $payload['response_code'] = $http_code; return $this->rest->db->update( - $this->config->item('rest_logs_table'), $payload, [ - 'id' => $this->_insert_id - ]); + $this->config->item('rest_logs_table'), + $payload, + [ + 'id' => $this->_insert_id, + ] + ); } /** - * Check to see if the API key has access to the controller and methods + * Check to see if the API key has access to the controller and methods. * - * @access protected * @return bool TRUE the API key has access; otherwise, FALSE */ protected function _check_access() { // If we don't want to check access, just return TRUE - if ($this->config->item('rest_enable_access') === FALSE) - { - return TRUE; + if ($this->config->item('rest_enable_access') === false) { + return true; } // Fetch controller based on path and controller name $controller = implode( - '/', [ - $this->router->directory, - $this->router->class - ]); + '/', + [ + $this->router->directory, + $this->router->class, + ] + ); // Remove any double slashes for safety $controller = str_replace('//', '/', $controller); - // Query the access table and get the number of results - return $this->rest->db + //check if the key has all_access + $accessRow = $this->rest->db ->where('key', $this->rest->key) ->where('controller', $controller) - ->get($this->config->item('rest_access_table')) - ->num_rows() > 0; + ->get($this->config->item('rest_access_table'))->row_array(); + + if (!empty($accessRow) && !empty($accessRow['all_access'])) { + return true; + } + + return false; } + /** + * Checks allowed domains, and adds appropriate headers for HTTP access control (CORS). + * + * @return void + */ + protected function _check_cors() + { + // Convert the config items into strings + $allowed_headers = implode(', ', $this->config->item('allowed_cors_headers')); + $allowed_methods = implode(', ', $this->config->item('allowed_cors_methods')); + + // If we want to allow any domain to access the API + if ($this->config->item('allow_any_cors_domain') === true) { + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Allow-Headers: '.$allowed_headers); + header('Access-Control-Allow-Methods: '.$allowed_methods); + } else { + // We're going to allow only certain domains access + // Store the HTTP Origin header + $origin = $this->input->server('HTTP_ORIGIN'); + if ($origin === null) { + $origin = ''; + } + + // If the origin domain is in the allowed_cors_origins list, then add the Access Control headers + if (in_array($origin, $this->config->item('allowed_cors_origins'))) { + header('Access-Control-Allow-Origin: '.$origin); + header('Access-Control-Allow-Headers: '.$allowed_headers); + header('Access-Control-Allow-Methods: '.$allowed_methods); + } + } + + // If there are headers that should be forced in the CORS check, add them now + if (is_array($this->config->item('forced_cors_headers'))) { + foreach ($this->config->item('forced_cors_headers') as $header => $value) { + header($header.': '.$value); + } + } + + // If the request HTTP method is 'OPTIONS', kill the response and send it to the client + if ($this->input->method() === 'options') { + // Load DB if needed for logging + if (!isset($this->rest->db) && $this->config->item('rest_enable_logging')) { + $this->rest->db = $this->load->database($this->config->item('rest_database_group'), true); + } + exit; + } + } } diff --git a/src/auth/apikey.php b/src/auth/apikey.php new file mode 100644 index 00000000..e69de29b diff --git a/src/auth/basic.php b/src/auth/basic.php new file mode 100644 index 00000000..e69de29b diff --git a/src/auth/ldap.php b/src/auth/ldap.php new file mode 100644 index 00000000..e69de29b diff --git a/src/index.html b/src/index.html new file mode 100755 index 00000000..b702fbc3 --- /dev/null +++ b/src/index.html @@ -0,0 +1,11 @@ + + + +Directory access is forbidden. + + + diff --git a/application/config/rest.php b/src/rest.php similarity index 69% rename from application/config/rest.php rename to src/rest.php index 15af4ed7..7c8c4c9b 100644 --- a/application/config/rest.php +++ b/src/rest.php @@ -1,6 +1,6 @@ method['METHOD_NAME']['limit'] = [NUM_REQUESTS_PER_HOUR]; +| $this->methods['METHOD_NAME']['limit'] = [NUM_REQUESTS_PER_HOUR]; | | See application/controllers/api/example.php for examples */ -$config['rest_enable_limits'] = FALSE; +$config['rest_enable_limits'] = false; /* |-------------------------------------------------------------------------- @@ -484,7 +585,7 @@ | Only do this if you are using the $this->rest_format or /format/xml in URLs | */ -$config['rest_ignore_http_accept'] = FALSE; +$config['rest_ignore_http_accept'] = false; /* |-------------------------------------------------------------------------- @@ -499,7 +600,7 @@ | Hint: This is good for production environments | */ -$config['rest_ajax_only'] = FALSE; +$config['rest_ajax_only'] = false; /* |-------------------------------------------------------------------------- @@ -510,3 +611,93 @@ | */ $config['rest_language'] = 'english'; + +/* +|-------------------------------------------------------------------------- +| CORS Check +|-------------------------------------------------------------------------- +| +| Set to TRUE to enable Cross-Origin Resource Sharing (CORS). Useful if you +| are hosting your API on a different domain from the application that +| will access it through a browser +| +*/ +$config['check_cors'] = false; + +/* +|-------------------------------------------------------------------------- +| CORS Allowable Headers +|-------------------------------------------------------------------------- +| +| If using CORS checks, set the allowable headers here +| +*/ +$config['allowed_cors_headers'] = [ + 'Origin', + 'X-Requested-With', + 'Content-Type', + 'Accept', + 'Access-Control-Request-Method', +]; + +/* +|-------------------------------------------------------------------------- +| CORS Allowable Methods +|-------------------------------------------------------------------------- +| +| If using CORS checks, you can set the methods you want to be allowed +| +*/ +$config['allowed_cors_methods'] = [ + 'GET', + 'POST', + 'OPTIONS', + 'PUT', + 'PATCH', + 'DELETE', +]; + +/* +|-------------------------------------------------------------------------- +| CORS Allow Any Domain +|-------------------------------------------------------------------------- +| +| Set to TRUE to enable Cross-Origin Resource Sharing (CORS) from any +| source domain +| +*/ +$config['allow_any_cors_domain'] = false; + +/* +|-------------------------------------------------------------------------- +| CORS Allowable Domains +|-------------------------------------------------------------------------- +| +| Used if $config['check_cors'] is set to TRUE and $config['allow_any_cors_domain'] +| is set to FALSE. Set all the allowable domains within the array +| +| e.g. $config['allowed_origins'] = ['http://www.example.com/', 'https://spa.example.com/'] +| +*/ +$config['allowed_cors_origins'] = []; + +/* +|-------------------------------------------------------------------------- +| CORS Forced Headers +|-------------------------------------------------------------------------- +| +| If using CORS checks, always include the headers and values specified here +| in the OPTIONS client preflight. +| Example: +| $config['forced_cors_headers'] = [ +| 'Access-Control-Allow-Credentials' => 'true' +| ]; +| +| Added because of how Sencha Ext JS framework requires the header +| Access-Control-Allow-Credentials to be set to true to allow the use of +| credentials in the REST Proxy. +| See documentation here: +| http://docs.sencha.com/extjs/6.5.2/classic/Ext.data.proxy.Rest.html#cfg-withCredentials +| +*/ +$config['forced_cors_headers'] = []; |