From 722a221e638a43aba0f1a10a940ab5cbd8af0049 Mon Sep 17 00:00:00 2001 From: softwarespot Date: Thu, 29 Oct 2015 21:22:31 +0200 Subject: [PATCH 001/189] Fixed typo and styling --- application/libraries/REST_Controller.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php index c528d5e5..a487c1ae 100644 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -322,7 +322,7 @@ abstract class REST_Controller extends CI_Controller { /** * Enable XSS flag * Determines whether the XSS filter is always active when - * GET, OPTIONS, HEAD, POST, PUT, DELETE and PATCH data is encountered. + * GET, OPTIONS, HEAD, POST, PUT, DELETE and PATCH data is encountered * Set automatically based on config setting * * @var bool @@ -406,7 +406,7 @@ public function __construct($config = 'rest') // At present the library is bundled with REST_Controller 2.5+, but will eventually be part of CodeIgniter (no citation) $this->load->library('format'); - // Determine supported output formats from configiguration. + // Determine supported output formats from configuration $supported_formats = $this->config->item('rest_supported_formats'); // Validate the configuration setting output formats @@ -420,7 +420,7 @@ public function __construct($config = 'rest') $supported_formats = [$supported_formats]; } - // Add silently the default output format if it is missing. + // Add silently the default output format if it is missing $default_format = $this->_get_default_output_format(); if (!in_array($default_format, $supported_formats)) { @@ -833,9 +833,9 @@ protected function _detect_input_format() } /** - * Gets the default format from the configuration. Fallbacks to 'json'. + * Gets the default format from the configuration. Fallbacks to 'json' * if the corresponding configuration option $config['rest_default_format'] - * is missing or is empty. + * is missing or is empty * * @access protected * @return string The default supported input format From 0ee30d89c082f0c6c2fb184491a4c2a1a1ee43d7 Mon Sep 17 00:00:00 2001 From: ecowed Date: Wed, 2 Dec 2015 16:02:14 +0000 Subject: [PATCH 002/189] Update rest.php Add the ability to use both authentication and API Keys --- application/config/rest.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/application/config/rest.php b/application/config/rest.php index 15af4ed7..f86544a0 100644 --- a/application/config/rest.php +++ b/application/config/rest.php @@ -128,6 +128,17 @@ */ $config['auth_source'] = 'ldap'; +/* +|-------------------------------------------------------------------------- +| Allow Authentication and API Keys +|-------------------------------------------------------------------------- +| +| Where you wish to have Basic, Digest or Session login, but also want to use API Keys (for limiting +| requests etc), set to TRUE; +| +*/ +$config['allow_auth_and_keys'] = TRUE; + /* |-------------------------------------------------------------------------- | REST Login Class and Function From bb3216c003650e1c435327dae69593817d1cfa4f Mon Sep 17 00:00:00 2001 From: ecowed Date: Wed, 2 Dec 2015 16:08:14 +0000 Subject: [PATCH 003/189] Update rest.php Add to if statement on line 543 to allow both authentication and API Keys using a config item --- application/libraries/REST_Controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php index c528d5e5..32c094eb 100644 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -540,7 +540,7 @@ public function __construct($config = 'rest') } // When there is no specific override for the current class/method, use the default auth value set in the config - if ($this->auth_override === FALSE && !($this->config->item('rest_enable_keys') && $this->_allow === TRUE)) + if ($this->auth_override === FALSE && !($this->config->item('rest_enable_keys') && $this->_allow === TRUE) || ($this->config->item('allow_auth_and_keys') === TRUE && $this->_allow === TRUE)) { $rest_auth = strtolower($this->config->item('rest_auth')); switch ($rest_auth) From 1db7161d0202ec2165e209f250f67afbd91f71f1 Mon Sep 17 00:00:00 2001 From: Ivan Tcholakov Date: Fri, 11 Dec 2015 19:10:08 +0200 Subject: [PATCH 004/189] PHP7 compatibility: Make the extended signature of the _remap() method to match to that in the CodeIgniter's user guide. --- application/libraries/REST_Controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php index c528d5e5..4857c761 100644 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -590,7 +590,7 @@ public function __destruct() * @param string $object_called * @param array $arguments The arguments passed to the controller method */ - public function _remap($object_called, $arguments) + public function _remap($object_called, $arguments = []) { // Should we answer if not over SSL? if ($this->config->item('force_https') && $this->request->ssl === FALSE) From afd41c3ad06b18ea390c740365eebbde4d37a94e Mon Sep 17 00:00:00 2001 From: amtesistemas777 Date: Wed, 16 Dec 2015 11:52:37 -0500 Subject: [PATCH 005/189] Create spanish Spanish messages --- application/language/spanish | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 application/language/spanish diff --git a/application/language/spanish b/application/language/spanish new file mode 100644 index 00000000..962376c7 --- /dev/null +++ b/application/language/spanish @@ -0,0 +1,17 @@ + Date: Mon, 21 Dec 2015 15:42:10 -0700 Subject: [PATCH 006/189] Set the CORS configs in the rest.php config file --- application/config/rest.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/application/config/rest.php b/application/config/rest.php index 15af4ed7..ff5a62ec 100644 --- a/application/config/rest.php +++ b/application/config/rest.php @@ -510,3 +510,19 @@ | */ $config['rest_language'] = 'english'; + +/* +|-------------------------------------------------------------------------- +| CORS Check +|-------------------------------------------------------------------------- +| +| Set to true to enable Cross-Origin Resource Sharing (CORS). Useful if you +| are hosting your API on a different domain from the appolication that +| will access it through a browser. If true, set all the allowable domains +| within the array. +| +| e.g. $config['allowed_origins'] = ['www.example.com', 'mobile.example.com'] +| +*/ +$config['check_cors'] = false; +$config['allowed_origins'] = []; From e21dee0f61c9a97c30e707a27a68db8a09d2264c Mon Sep 17 00:00:00 2001 From: Craine Runton Date: Mon, 21 Dec 2015 15:43:14 -0700 Subject: [PATCH 007/189] Create the _check_cors function to send the appropriate CORS headers --- application/libraries/REST_Controller.php | 25 +++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php index c528d5e5..d159f4d8 100644 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -2148,4 +2148,29 @@ protected function _check_access() ->num_rows() > 0; } + /** + * Check to see if presented user_id and API key match + * + * @access protected + * @return void + */ + protected function _check_cors() + { + // Store the HTTP Origin header, + $origin = (isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : ''); + + // If the origin domain is in the allowed_origins list, then add the Access Control headers + if (in_array($origin, $this->config->item('allowed_origins'))) { + header('Access-Control-Allow-Origin: '.$origin); + header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method'); + header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE'); + } + + // If the request HTTP method is 'OPTIONS', kill the response and send it to the client + $method = $_SERVER['REQUEST_METHOD']; + if($method == "OPTIONS") { + die(); + } + } + } From 3bddbb5f2aa4d4fa8598a3cacba36e04962d186e Mon Sep 17 00:00:00 2001 From: Craine Runton Date: Mon, 21 Dec 2015 15:44:25 -0700 Subject: [PATCH 008/189] Call the _check_cors function during construction if the config is set to true --- application/libraries/REST_Controller.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php index d159f4d8..1a385780 100644 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -319,6 +319,13 @@ abstract class REST_Controller extends CI_Controller { */ protected $_apiuser; + /** + * Whether or not to perform a CORS check and apply CORS headers to the request + * + * @var bool + */ + protected $check_cors = NULL; + /** * Enable XSS flag * Determines whether the XSS filter is always active when @@ -457,6 +464,12 @@ public function __construct($config = 'rest') // How is this request being made? GET, POST, PATCH, DELETE, INSERT, PUT, HEAD or OPTIONS $this->request->method = $this->_detect_method(); + // Check for CORS access request + $check_cors = $this->config->item('check_cors'); + if ($check_cors === true) { + $this->_check_cors(); + } + // Create an argument container if it doesn't exist e.g. _get_args if (isset($this->{'_' . $this->request->method . '_args'}) === FALSE) { From e7cfb45cddfd1da0485ea257d68af860bd7fbf37 Mon Sep 17 00:00:00 2001 From: Craine Runton Date: Mon, 21 Dec 2015 15:56:05 -0700 Subject: [PATCH 009/189] Change config item name to make its purpose clearer --- application/config/rest.php | 2 +- application/libraries/REST_Controller.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/application/config/rest.php b/application/config/rest.php index ff5a62ec..ab808b63 100644 --- a/application/config/rest.php +++ b/application/config/rest.php @@ -525,4 +525,4 @@ | */ $config['check_cors'] = false; -$config['allowed_origins'] = []; +$config['allowed_cors_origins'] = []; diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php index 1a385780..2cfefaa8 100644 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -2172,8 +2172,8 @@ protected function _check_cors() // Store the HTTP Origin header, $origin = (isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : ''); - // If the origin domain is in the allowed_origins list, then add the Access Control headers - if (in_array($origin, $this->config->item('allowed_origins'))) { + // If the origin domain is in the allowed_cors_origins list, then add the Access Control headers + if (in_array($origin, $this->config->item('allowed_cors_origins'))) { header('Access-Control-Allow-Origin: '.$origin); header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method'); header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE'); From 07cd8f9fe5de5d99fb0079c93130f31f9a9fcaa5 Mon Sep 17 00:00:00 2001 From: Craine Runton Date: Mon, 21 Dec 2015 16:14:04 -0700 Subject: [PATCH 010/189] Separate the CORS config settings into their own blocks --- application/config/rest.php | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/application/config/rest.php b/application/config/rest.php index ab808b63..e321d429 100644 --- a/application/config/rest.php +++ b/application/config/rest.php @@ -518,11 +518,22 @@ | | Set to true to enable Cross-Origin Resource Sharing (CORS). Useful if you | are hosting your API on a different domain from the appolication that -| will access it through a browser. If true, set all the allowable domains -| within the array. +| will access it through a browser. +| +*/ +$config['check_cors'] = false; + + +/* +|-------------------------------------------------------------------------- +| CORS Allowable Domains +|-------------------------------------------------------------------------- +| +| Used if $config['check_cors'] is set to true and +| $config['allow_any_cors_domain'] is set to false. Set all the allowable +| domains within the array. | | e.g. $config['allowed_origins'] = ['www.example.com', 'mobile.example.com'] | */ -$config['check_cors'] = false; $config['allowed_cors_origins'] = []; From 66d50d03c7b25f96743cd7c29e21e7b8c6efb9da Mon Sep 17 00:00:00 2001 From: Craine Runton Date: Mon, 21 Dec 2015 16:14:32 -0700 Subject: [PATCH 011/189] Add a config to allow CORS from any source domain --- application/config/rest.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/application/config/rest.php b/application/config/rest.php index e321d429..ff239f0f 100644 --- a/application/config/rest.php +++ b/application/config/rest.php @@ -523,6 +523,16 @@ */ $config['check_cors'] = false; +/* +|-------------------------------------------------------------------------- +| CORS Allow Any Domain +|-------------------------------------------------------------------------- +| +| Set to true to enable Cross-Origin Resource Sharing (CORS) from any +| source domain +| +*/ +$config['allow_any_cors_domain'] = false; /* |-------------------------------------------------------------------------- From 5eb88d9a2167ad5b80f55dd6c3d080aba40ba8b0 Mon Sep 17 00:00:00 2001 From: Craine Runton Date: Mon, 21 Dec 2015 16:15:30 -0700 Subject: [PATCH 012/189] Add a function to let the server use a wildcard in the Access-Control-Allow-Origin if the config item 'allow_any_cors_domain is set to true --- application/libraries/REST_Controller.php | 28 +++++++++++++++++------ 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php index 2cfefaa8..3ce058b9 100644 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -2169,19 +2169,33 @@ protected function _check_access() */ protected function _check_cors() { - // Store the HTTP Origin header, - $origin = (isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : ''); - - // If the origin domain is in the allowed_cors_origins list, then add the Access Control headers - if (in_array($origin, $this->config->item('allowed_cors_origins'))) { - header('Access-Control-Allow-Origin: '.$origin); + // If we want to allow any domain to access the API + if ($this->config->item('allow_any_cors_domain') === true) + { + header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method'); header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE'); + } + // We're going to allow only certain domains access + else + { + // Store the HTTP Origin header + $origin = (isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : ''); + + // If the origin domain is in the allowed_cors_origins list, then add the Access Control headers + if (in_array($origin, $this->config->item('allowed_cors_origins'))) + { + header('Access-Control-Allow-Origin: '.$origin); + header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method'); + header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE'); + } } // If the request HTTP method is 'OPTIONS', kill the response and send it to the client $method = $_SERVER['REQUEST_METHOD']; - if($method == "OPTIONS") { + + if ($method === 'OPTIONS') + { die(); } } From 595dffa5e2fdae3daf8e15b327f0bc6c40bca599 Mon Sep 17 00:00:00 2001 From: Craine Runton Date: Mon, 21 Dec 2015 21:00:16 -0700 Subject: [PATCH 013/189] Fix description and whitespace cleanup --- application/libraries/REST_Controller.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php index 3ce058b9..332eb593 100644 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -2162,23 +2162,23 @@ protected function _check_access() } /** - * Check to see if presented user_id and API key match + * Checks allowed domains, and adds appropriate headers for HTTP access control (CORS) * * @access protected * @return void */ - protected function _check_cors() + protected function _check_cors() { // If we want to allow any domain to access the API if ($this->config->item('allow_any_cors_domain') === true) - { + { header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method'); header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE'); - } + } // We're going to allow only certain domains access - else - { + else + { // Store the HTTP Origin header $origin = (isset($_SERVER['HTTP_ORIGIN']) ? $_SERVER['HTTP_ORIGIN'] : ''); From db979b16e3edf8aa5adbb48e569e80439f143e3b Mon Sep 17 00:00:00 2001 From: Craine Runton Date: Mon, 21 Dec 2015 21:02:02 -0700 Subject: [PATCH 014/189] Fix descriptions and whitespace cleanup --- application/config/rest.php | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/application/config/rest.php b/application/config/rest.php index ff239f0f..626df5b8 100644 --- a/application/config/rest.php +++ b/application/config/rest.php @@ -517,8 +517,8 @@ |-------------------------------------------------------------------------- | | Set to true to enable Cross-Origin Resource Sharing (CORS). Useful if you -| are hosting your API on a different domain from the appolication that -| will access it through a browser. +| are hosting your API on a different domain from the appolication that +| will access it through a browser. | */ $config['check_cors'] = false; @@ -529,7 +529,7 @@ |-------------------------------------------------------------------------- | | Set to true to enable Cross-Origin Resource Sharing (CORS) from any -| source domain +| source domain | */ $config['allow_any_cors_domain'] = false; @@ -539,11 +539,10 @@ | CORS Allowable Domains |-------------------------------------------------------------------------- | -| Used if $config['check_cors'] is set to true and -| $config['allow_any_cors_domain'] is set to false. Set all the allowable -| domains within the array. +| Used if $config['check_cors'] is set to true and $config['allow_any_cors_domain'] +| is set to false. Set all the allowable domains within the array. | -| e.g. $config['allowed_origins'] = ['www.example.com', 'mobile.example.com'] +| e.g. $config['allowed_origins'] = ['www.example.com', 'spa.example.com'] | */ $config['allowed_cors_origins'] = []; From a6b1f92f9cde8c323cb8425b465e634bf1412dd4 Mon Sep 17 00:00:00 2001 From: Craine Runton Date: Mon, 21 Dec 2015 22:04:02 -0700 Subject: [PATCH 015/189] Add allowable headers and methods config items, then call them to build the correct headers --- application/config/rest.php | 35 +++++++++++++++++++++++ application/libraries/REST_Controller.php | 14 +++++---- 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/application/config/rest.php b/application/config/rest.php index 626df5b8..0c2267a7 100644 --- a/application/config/rest.php +++ b/application/config/rest.php @@ -523,6 +523,40 @@ */ $config['check_cors'] = false; +/* +|-------------------------------------------------------------------------- +| CORS Allowable Headers +|-------------------------------------------------------------------------- +| +| If using CORS checks, set the allowable headers here. Add any custom headers you may +| be using in tyou application to the array +| +*/ +$config['allowed_cors_headers'] = [ + 'Origin', + 'X-Requested-With', + 'Content-Type', + 'Accept', + 'Access-Control-Request-Method' +]; + +/* +|-------------------------------------------------------------------------- +| CORS Allowable Methods +|-------------------------------------------------------------------------- +| +| If using CORS checks, you can set the methods you want to be allowed here. +| +*/ +$config['allowed_cors_methods'] = [ + 'GET', + 'POST', + 'OPTIONS', + 'PUT', + 'PATCH', + 'DELETE' +]; + /* |-------------------------------------------------------------------------- | CORS Allow Any Domain @@ -546,3 +580,4 @@ | */ $config['allowed_cors_origins'] = []; + diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php index 332eb593..e3983d40 100644 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -2169,12 +2169,16 @@ protected function _check_access() */ protected function _check_cors() { + // Convert the config items into strings + $allowed_headers = implode(' ,', $this->config->item('allowed_cors_headers')); + $allowed_methods = implode(' ,', $this->config->item('allowed_cors_methods')); + // If we want to allow any domain to access the API if ($this->config->item('allow_any_cors_domain') === true) { header('Access-Control-Allow-Origin: *'); - header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method'); - header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE'); + header('Access-Control-Allow-Headers: ' . $allowed_headers); + header('Access-Control-Allow-Methods: ' . $allowed_methods); } // We're going to allow only certain domains access else @@ -2185,9 +2189,9 @@ protected function _check_cors() // If the origin domain is in the allowed_cors_origins list, then add the Access Control headers if (in_array($origin, $this->config->item('allowed_cors_origins'))) { - header('Access-Control-Allow-Origin: '.$origin); - header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method'); - header('Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE'); + header('Access-Control-Allow-Origin: ' . $origin); + header('Access-Control-Allow-Headers: ' . $allowed_headers); + header('Access-Control-Allow-Methods: ' . $allowed_methods); } } From b70db372d5957d6af7cf5336c31a6aa97e9ffbca Mon Sep 17 00:00:00 2001 From: Craine Runton Date: Mon, 21 Dec 2015 22:09:12 -0700 Subject: [PATCH 016/189] Update config allowed_origins docblock to include protocol in example --- application/config/rest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/application/config/rest.php b/application/config/rest.php index 0c2267a7..a16efde2 100644 --- a/application/config/rest.php +++ b/application/config/rest.php @@ -576,7 +576,7 @@ | Used if $config['check_cors'] is set to true and $config['allow_any_cors_domain'] | is set to false. Set all the allowable domains within the array. | -| e.g. $config['allowed_origins'] = ['www.example.com', 'spa.example.com'] +| e.g. $config['allowed_origins'] = ['http://www.example.com/', 'https://spa.example.com/'] | */ $config['allowed_cors_origins'] = []; From 2e8217998b780563521611a2c933b48faa8904dc Mon Sep 17 00:00:00 2001 From: Mathieu Nayrolles Date: Fri, 8 Jan 2016 17:12:01 -0500 Subject: [PATCH 017/189] Add french language support I added support for the french language for codeigniter-restserver. The french version is a translation of the english one. --- application/language/french/index.html | 11 +++++++++++ .../language/french/rest_controller_lang.php | 17 +++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 application/language/french/index.html create mode 100644 application/language/french/rest_controller_lang.php diff --git a/application/language/french/index.html b/application/language/french/index.html new file mode 100644 index 00000000..b702fbc3 --- /dev/null +++ b/application/language/french/index.html @@ -0,0 +1,11 @@ + + + + 403 Forbidden + + + +

Directory access is forbidden.

+ + + diff --git a/application/language/french/rest_controller_lang.php b/application/language/french/rest_controller_lang.php new file mode 100644 index 00000000..fb5727f5 --- /dev/null +++ b/application/language/french/rest_controller_lang.php @@ -0,0 +1,17 @@ + Date: Sun, 24 Jan 2016 15:13:34 +0200 Subject: [PATCH 018/189] Config file database structure missing field. Added missing `user_id` field for `keys` database structure in rest config file. --- application/config/rest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/application/config/rest.php b/application/config/rest.php index 15af4ed7..2e644c9f 100644 --- a/application/config/rest.php +++ b/application/config/rest.php @@ -291,6 +291,7 @@ | Default table schema: | CREATE TABLE `keys` ( | `id` INT(11) NOT NULL AUTO_INCREMENT, +| `user_id` INT(11) NOT NULL, | `key` VARCHAR(40) NOT NULL, | `level` INT(2) NOT NULL, | `ignore_limits` TINYINT(1) NOT NULL DEFAULT '0', From 7ef3d345fa1a25790bb908c227f5cc2a1533e087 Mon Sep 17 00:00:00 2001 From: softwarespot Date: Sun, 31 Jan 2016 00:01:29 +0200 Subject: [PATCH 019/189] Cached global functions --- application/views/rest_server.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/application/views/rest_server.php b/application/views/rest_server.php index aab0b9d4..a6c3ce3f 100644 --- a/application/views/rest_server.php +++ b/application/views/rest_server.php @@ -124,6 +124,8 @@ // Basic rest module using an IIFE as a way of enclosing private variables App.rest = (function (window, $) { // Fields + var _alert = window.alert; + var _JSON = window.JSON; // Cache the jQuery selector var _$ajax = null; @@ -137,7 +139,7 @@ */ function _ajaxDone(data) { // The 'data' parameter is an array of objects that can be iterated over - window.alert(window.JSON.stringify(data, null, 2)); + _alert(_JSON.stringify(data, null, 2)); } /** @@ -146,7 +148,7 @@ function _ajaxDone(data) { * @return {undefined} */ function _ajaxFail() { - window.alert('Oh no! A problem with the Ajax request!'); + _alert('Oh no! A problem with the Ajax request!'); } /** @@ -196,7 +198,7 @@ function _cacheDom() { _bindEvents(); } }; - })(window, window.jQuery); + }(window, window.jQuery)); // DOM ready event $(function () { From 1afc0ce5d0c20205a0a33c0d0165a7952b5e6b38 Mon Sep 17 00:00:00 2001 From: Chris Kacerguis Date: Sat, 30 Jan 2016 16:45:04 -0600 Subject: [PATCH 020/189] fixed bad pr with the spanish langauge setup --- application/language/spanish/index.html | 11 +++++++++++ .../{spanish => spanish/rest_controller_lang.php} | 0 2 files changed, 11 insertions(+) create mode 100644 application/language/spanish/index.html rename application/language/{spanish => spanish/rest_controller_lang.php} (100%) diff --git a/application/language/spanish/index.html b/application/language/spanish/index.html new file mode 100644 index 00000000..b702fbc3 --- /dev/null +++ b/application/language/spanish/index.html @@ -0,0 +1,11 @@ + + + + 403 Forbidden + + + +

Directory access is forbidden.

+ + + diff --git a/application/language/spanish b/application/language/spanish/rest_controller_lang.php similarity index 100% rename from application/language/spanish rename to application/language/spanish/rest_controller_lang.php From 3dc075bfee26d6a0855cf5e5472ecef22c164115 Mon Sep 17 00:00:00 2001 From: softwarespot Date: Sat, 6 Feb 2016 10:52:48 +0200 Subject: [PATCH 021/189] Updated API before possible release Related #609 --- application/config/routes.php | 2 +- application/controllers/Welcome.php | 2 +- application/libraries/Format.php | 10 +- application/libraries/REST_Controller.php | 44 +- application/views/rest_server.php | 32 +- application/views/welcome_message.php | 2 +- documentation/class-Example.html | 1 + documentation/class-Key.html | 1 + documentation/class-REST_Controller.html | 224 +- documentation/class-Welcome.html | 8 +- documentation/source-class-Format.html | 32 +- documentation/source-class-Key.html | 2 +- .../source-class-REST_Controller.html | 3383 +++++++++-------- documentation/source-class-Welcome.html | 4 +- 14 files changed, 1919 insertions(+), 1828 deletions(-) diff --git a/application/config/routes.php b/application/config/routes.php index 5cbeb064..f2d051f7 100644 --- a/application/config/routes.php +++ b/application/config/routes.php @@ -19,7 +19,7 @@ | | Please see the user guide for complete details: | -| http://codeigniter.com/user_guide/general/routing.html +| https://codeigniter.com/user_guide/general/routing.html | | ------------------------------------------------------------------------- | RESERVED ROUTES diff --git a/application/controllers/Welcome.php b/application/controllers/Welcome.php index d16a4dee..59818c7f 100644 --- a/application/controllers/Welcome.php +++ b/application/controllers/Welcome.php @@ -16,7 +16,7 @@ class Welcome extends CI_Controller { * * So any other public methods not prefixed with an underscore will * map to /index.php/welcome/ - * @see http://codeigniter.com/user_guide/general/urls.html + * @see https://codeigniter.com/user_guide/general/urls.html */ public function index() { diff --git a/application/libraries/Format.php b/application/libraries/Format.php index 0d3bf773..4f058e25 100644 --- a/application/libraries/Format.php +++ b/application/libraries/Format.php @@ -91,13 +91,13 @@ public function __construct($data = NULL, $from_type = NULL) // If the provided data is already formatted we should probably convert it to an array if ($from_type !== NULL) { - if (method_exists($this, '_from_' . $from_type)) + if (method_exists($this, '_from_'.$from_type)) { - $data = call_user_func([$this, '_from_' . $from_type], $data); + $data = call_user_func([$this, '_from_'.$from_type], $data); } else { - throw new Exception('Format class does not support conversion from "' . $from_type . '".'); + throw new Exception('Format class does not support conversion from "'.$from_type.'".'); } } @@ -416,12 +416,12 @@ public function to_json($data = NULL) elseif (preg_match('/^[a-z_\$][a-z0-9\$_]*(\.[a-z_\$][a-z0-9\$_]*)*$/i', $callback)) { // Return the data as encoded json with a callback - return $callback . '(' . json_encode($data) . ');'; + return $callback.'('.json_encode($data).');'; } // An invalid jsonp callback function provided. // Though I don't believe this should be hardcoded here - $data['warning'] = 'INVALID JSONP CALLBACK: ' . $callback; + $data['warning'] = 'INVALID JSONP CALLBACK: '.$callback; return json_encode($data); } diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php index ea4bbcce..be69f2d5 100644 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -381,7 +381,7 @@ public function __construct($config = 'rest') if (is_php('5.4') === FALSE) { // CodeIgniter 3 is recommended for v5.4 or above - throw new Exception('Using PHP v' . PHP_VERSION . ', though PHP v5.4 or greater is required'); + throw new Exception('Using PHP v'.PHP_VERSION.', though PHP v5.4 or greater is required'); } // Check to see if this is CI 3.x @@ -458,9 +458,9 @@ public function __construct($config = 'rest') $this->request->method = $this->_detect_method(); // Create an argument container if it doesn't exist e.g. _get_args - if (isset($this->{'_' . $this->request->method . '_args'}) === FALSE) + if (isset($this->{'_'.$this->request->method.'_args'}) === FALSE) { - $this->{'_' . $this->request->method . '_args'} = []; + $this->{'_'.$this->request->method.'_args'} = []; } // Set up the query parameters @@ -482,7 +482,7 @@ public function __construct($config = 'rest') { $this->request->body = $this->format->factory($this->request->body, $this->request->format)->to_array(); // Assign payload arguments to proper method container - $this->{'_' . $this->request->method . '_args'} = $this->request->body; + $this->{'_'.$this->request->method.'_args'} = $this->request->body; } // Merge both for one mega-args variable @@ -494,7 +494,7 @@ public function __construct($config = 'rest') $this->_put_args, $this->_post_args, $this->_delete_args, - $this->{'_' . $this->request->method . '_args'} + $this->{'_'.$this->request->method.'_args'} ); // Which format should the data be returned in? @@ -602,9 +602,9 @@ public function _remap($object_called, $arguments = []) } // Remove the supported format from the function name e.g. index.json => index - $object_called = preg_replace('/^(.*)\.(?:' . implode('|', array_keys($this->_supported_formats)) . ')$/', '$1', $object_called); + $object_called = preg_replace('/^(.*)\.(?:'.implode('|', array_keys($this->_supported_formats)).')$/', '$1', $object_called); - $controller_method = $object_called . '_' . $this->request->method; + $controller_method = $object_called.'_'.$this->request->method; // Do we want to log this method (if allowed by config)? $log_method = !(isset($this->methods[$controller_method]['log']) && $this->methods[$controller_method]['log'] === FALSE); @@ -855,7 +855,7 @@ protected function _get_default_output_format() protected function _detect_output_format() { // Concatenate formats to a regex pattern e.g. \.(csv|json|xml) - $pattern = '/\.(' . implode('|', array_keys($this->_supported_formats)) . ')($|\/)/'; + $pattern = '/\.('.implode('|', array_keys($this->_supported_formats)).')($|\/)/'; $matches = []; // Check if a file extension is used e.g. http://example.com/api/index.json?param1=param2 @@ -1120,7 +1120,7 @@ protected function _check_limit($controller_method) { $limited_uri = substr($limited_uri,0, -strlen($this->response->format) - 1); } - $limited_uri = 'uri:' . $limited_uri . ':' . $this->request->method; // It's good to differentiate GET from PUT + $limited_uri = 'uri:'.$limited_uri.':'.$this->request->method; // It's good to differentiate GET from PUT $limited_method_name = $controller_method; break; } @@ -1722,11 +1722,11 @@ protected function _perform_ldap_auth($username = '', $password = NULL) $ldapconn = ldap_connect($ldap['host'], $ldap['port']); if ($ldapconn) { - log_message('debug', 'Setting timeout to ' . $ldap['timeout'] . ' seconds'); + log_message('debug', 'Setting timeout to '.$ldap['timeout'].' seconds'); ldap_set_option($ldapconn, LDAP_OPT_NETWORK_TIMEOUT, $ldap['timeout']); - log_message('debug', 'LDAP Auth: Binding to ' . $ldap['host'] . ' with dn ' . $ldap['rdn']); + log_message('debug', 'LDAP Auth: Binding to '.$ldap['host'].' with dn '.$ldap['rdn']); // Binding to the ldap server $ldapbind = ldap_bind($ldapconn, $ldap['rdn'], $ldap['pass']); @@ -1744,13 +1744,13 @@ protected function _perform_ldap_auth($username = '', $password = NULL) // Search for user if (($res_id = ldap_search($ldapconn, $ldap['basedn'], "uid=$username")) === FALSE) { - log_message('error', 'LDAP Auth: User ' . $username . ' not found in search'); + log_message('error', 'LDAP Auth: User '.$username.' not found in search'); return FALSE; } if (ldap_count_entries($ldapconn, $res_id) !== 1) { - log_message('error', 'LDAP Auth: Failure, username ' . $username . 'found more than once'); + log_message('error', 'LDAP Auth: Failure, username '.$username.'found more than once'); return FALSE; } @@ -1773,7 +1773,7 @@ protected function _perform_ldap_auth($username = '', $password = NULL) return FALSE; } - log_message('debug', 'LDAP Auth: Success ' . $user_dn . ' authenticated successfully'); + log_message('debug', 'LDAP Auth: Success '.$user_dn.' authenticated successfully'); $this->_user_ldap_dn = $user_dn; @@ -1843,7 +1843,7 @@ protected function _check_login($username = NULL, $password = FALSE) if (!$this->config->item('auth_source') && $rest_auth === 'digest') { // For digest we do not have a password passed as argument - return md5($username . ':' . $this->config->item('rest_realm') . ':' . (isset($valid_logins[$username]) ? $valid_logins[$username] : '')); + return md5($username.':'.$this->config->item('rest_realm').':'.(isset($valid_logins[$username]) ? $valid_logins[$username] : '')); } if ($password === FALSE) @@ -1977,15 +1977,15 @@ protected function _prepare_digest_auth() preg_match_all('@(username|nonce|uri|nc|cnonce|qop|response)=[\'"]?([^\'",]+)@', $digest_string, $matches); $digest = (empty($matches[1]) || empty($matches[2])) ? [] : array_combine($matches[1], $matches[2]); - // For digest authentication the library function should return already stored md5(username:restrealm:password) for that username @see rest.php::auth_library_function config + // For digest authentication the library function should return already stored md5(username:restrealm:password) for that username see rest.php::auth_library_function config $username = $this->_check_login($digest['username'], TRUE); if (array_key_exists('username', $digest) === FALSE || $username === FALSE) { $this->_force_login($unique_id); } - $md5 = md5(strtoupper($this->request->method) . ':' . $digest['uri']); - $valid_response = md5($username . ':' . $digest['nonce'] . ':' . $digest['nc'] . ':' . $digest['cnonce'] . ':' . $digest['qop'] . ':' . $md5); + $md5 = md5(strtoupper($this->request->method).':'.$digest['uri']); + $valid_response = md5($username.':'.$digest['nonce'].':'.$digest['nc'].':'.$digest['cnonce'].':'.$digest['qop'].':'.$md5); // Check if the string don't compare (case-insensitive) if (strcasecmp($digest['response'], $valid_response) !== 0) @@ -2063,15 +2063,15 @@ protected function _force_login($nonce = '') if (strtolower($rest_auth) === 'basic') { // See http://tools.ietf.org/html/rfc2617#page-5 - header('WWW-Authenticate: Basic realm="' . $rest_realm . '"'); + header('WWW-Authenticate: Basic realm="'.$rest_realm.'"'); } elseif (strtolower($rest_auth) === 'digest') { // See http://tools.ietf.org/html/rfc2617#page-18 header( - 'WWW-Authenticate: Digest realm="' . $rest_realm - . '", qop="auth", nonce="' . $nonce - . '", opaque="' . md5($rest_realm) . '"'); + 'WWW-Authenticate: Digest realm="'.$rest_realm + .'", qop="auth", nonce="'.$nonce + .'", opaque="' . md5($rest_realm).'"'); } // Display an error response diff --git a/application/views/rest_server.php b/application/views/rest_server.php index a6c3ce3f..5212e6da 100644 --- a/application/views/rest_server.php +++ b/application/views/rest_server.php @@ -112,17 +112,17 @@ -

Page rendered in {elapsed_time} seconds. ' . CI_VERSION . '' : '' ?>

+

Page rendered in {elapsed_time} seconds. '.CI_VERSION.'' : '' ?>

- + diff --git a/application/views/welcome_message.php b/application/views/welcome_message.php index 69acde90..7a407656 100644 --- a/application/views/welcome_message.php +++ b/application/views/welcome_message.php @@ -92,7 +92,7 @@ -

Page rendered in {elapsed_time} seconds. ' . CI_VERSION . '' : '' ?>

+

Page rendered in {elapsed_time} seconds. '.CI_VERSION.'' : '' ?>

diff --git a/documentation/class-Example.html b/documentation/class-Example.html index e8af6477..18482b73 100644 --- a/documentation/class-Example.html +++ b/documentation/class-Example.html @@ -294,6 +294,7 @@

Overrides

_detect_method(), _detect_output_format(), _force_login(), + _get_default_output_format(), _log_access_time(), _log_request(), _log_response_code(), diff --git a/documentation/class-Key.html b/documentation/class-Key.html index 540d7d3e..957df227 100644 --- a/documentation/class-Key.html +++ b/documentation/class-Key.html @@ -317,6 +317,7 @@

Class Key

_detect_method(), _detect_output_format(), _force_login(), + _get_default_output_format(), _log_access_time(), _log_request(), _log_response_code(), diff --git a/documentation/class-REST_Controller.html b/documentation/class-REST_Controller.html index fc94cfdb..34c4d2aa 100644 --- a/documentation/class-REST_Controller.html +++ b/documentation/class-REST_Controller.html @@ -137,7 +137,7 @@

Direct known subclasses

3.0.0
Link: https://github.com/chriskacerguis/codeigniter-restserver
- Located at libraries/REST_Controller.php + Located at libraries/REST_Controller.php
@@ -187,7 +187,7 @@

Direct known subclasses

# - __construct( string $config = 'rest' ) + __construct( string $config = 'rest' )

Constructor for the REST API

@@ -223,7 +223,7 @@

Parameters

# - __destruct( ) + __destruct( )

Deconstructor

@@ -257,18 +257,18 @@

Author

# - _remap( string $object_called, array $arguments ) + _remap( string $object_called, array $arguments = [] )

Requests are not made to methods directly, the request will be for an "object". This simply maps the object and method to the correct -Controller method.

+Controller method

@@ -298,7 +298,7 @@

Parameters

# - response( array|null $data = NULL, integer|null $http_code = NULL, boolean $continue = FALSE ) + response( array|null $data = NULL, integer|null $http_code = NULL, boolean $continue = FALSE )

Takes mixed data and optionally a status code, then creates the response

@@ -338,20 +338,20 @@

Parameters

# - set_response( array|null $data = NULL, integer|null $http_code = NULL ) + set_response( array|null $data = NULL, integer|null $http_code = NULL )

Takes mixed data and optionally a status code, then creates the response within the buffers of the Output class. The response is sent to the client lately by the framework, after the current controller's method termination. -All the hooks after the controller's method termination are executable.

+All the hooks after the controller's method termination are executable