- See the article - - http://net.tutsplus.com/tutorials/php/working-with-restful-services-in-codeigniter-2/ - -
- -- The master project repository is - - https://github.com/chriskacerguis/codeigniter-restserver - -
- -- Click on the links to check whether the REST server is working. -
- -The page you are looking at is being generated dynamically by CodeIgniter.
- -If you would like to edit this page you'll find it located at:
-application/views/welcome_message.php
-
- The corresponding controller for this page is found at:
-application/controllers/Welcome.php
-
-
- If you are exploring CodeIgniter for the very first time, you should start by reading the User Guide.
- -The requested page could not be found.
-You have probably clicked on a link that is outdated and points to a page that does not exist any more or you have made an typing error in the address.
-To continue please try to find requested page in the menu, or use search field on the top.
-This is an example of a few basic user interaction methods you could use -all done with a hardcoded array
-
- REST_Controller
-
-
-
-
-Example
-
-
-
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- __destruct(),
- _auth_override_check(),
- _check_access(),
- _check_blacklist_auth(),
- _check_limit(),
- _check_login(),
- _check_php_session(),
- _check_whitelist_auth(),
- _detect_api_key(),
- _detect_input_format(),
- _detect_lang(),
- _detect_method(),
- _detect_output_format(),
- _force_login(),
- _log_access_time(),
- _log_request(),
- _log_response_code(),
- _parse_delete(),
- _parse_get(),
- _parse_head(),
- _parse_options(),
- _parse_patch(),
- _parse_post(),
- _parse_put(),
- _parse_query(),
- _perform_ldap_auth(),
- _perform_library_auth(),
- _prepare_basic_auth(),
- _prepare_digest_auth(),
- _remap(),
- _xss_clean(),
- delete(),
- early_checks(),
- get(),
- head(),
- options(),
- patch(),
- post(),
- put(),
- query(),
- response(),
- set_response(),
- validation_errors()
- |
-
- $_allow,
- $_apiuser,
- $_args,
- $_delete_args,
- $_enable_xss,
- $_end_rtime,
- $_get_args,
- $_head_args,
- $_insert_id,
- $_options_args,
- $_patch_args,
- $_post_args,
- $_put_args,
- $_query_args,
- $_start_rtime,
- $_supported_formats,
- $_user_ldap_dn,
- $allowed_http_methods,
- $http_status_codes,
- $methods,
- $request,
- $response,
- $rest,
- $rest_format
- |
-
Format class -Help convert between various formats such as XML, JSON, CSV, etc.
-
- public
-
-
-
-
- |
-
-
- #
- __construct( null $data = NULL, null $from_type = NULL )
-
-
-
-
-
- DO NOT CALL THIS DIRECTLY, USE factory() - |
-
- public
-
- object
-
-
- |
-
- - |
- public
-
- array
-
-
- |
-
- - |
- public
-
- mixed
-
-
- |
-
- - |
- public
-
- mixed
-
-
- |
-
- - |
- public
-
- string
-
-
- |
-
- - |
- public
-
- string
-
-
- |
-
- - |
- public
-
- string
-
-
- |
-
- - |
- public
-
- mixed
-
-
- |
-
- - |
- protected
-
- SimpleXMLElement
-
-
- |
-
- - |
- protected
-
- array
-
-
- |
-
- - |
- protected
-
- mixed
-
-
- |
-
- - |
- protected
-
- mixed
-
-
- |
-
- - |
- protected
-
- string
-
-
- |
-
- - |
string |
-
-
- ARRAY_FORMAT
-
-
-
-
-
-
- Array output format - |
-
-
- #
-
- 'array'
- |
-
string |
-
-
- CSV_FORMAT
-
-
-
-
-
-
- Comma Separated Value (CSV) output format - |
-
-
- #
-
- 'csv'
- |
-
string |
-
-
- JSON_FORMAT
-
-
-
-
-
-
- Json output format - |
-
-
- #
-
- 'json'
- |
-
string |
-
-
- HTML_FORMAT
-
-
-
-
-
-
- HTML output format - |
-
-
- #
-
- 'html'
- |
-
string |
-
-
- PHP_FORMAT
-
-
-
-
-
-
- PHP output format - |
-
-
- #
-
- 'php'
- |
-
string |
-
-
- SERIALIZED_FORMAT
-
-
-
-
-
-
- Serialized output format - |
-
-
- #
-
- 'serialized'
- |
-
string |
-
-
- XML_FORMAT
-
-
-
-
-
-
- XML output format - |
-
-
- #
-
- 'xml'
- |
-
string |
-
-
- DEFAULT_FORMAT
-
-
-
-
-
-
- Default format of this class - |
-
-
- #
-
- |
-
- protected
- mixed
- |
-
-
- $_data
-
-
-
-
-
- Data to parse - |
-
-
- #
-
- []
- |
-
- protected
- string
- |
-
-
- $_from_type
-
-
-
-
-
- Type to convert from - |
-
-
- #
-
- NULL
- |
-
Keys Controller -This is a basic Key Management REST controller to make and delete keys
-
- REST_Controller
-
-
-
-
-Key
-
-
-
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- __construct(),
- __destruct(),
- _auth_override_check(),
- _check_access(),
- _check_blacklist_auth(),
- _check_limit(),
- _check_login(),
- _check_php_session(),
- _check_whitelist_auth(),
- _detect_api_key(),
- _detect_input_format(),
- _detect_lang(),
- _detect_method(),
- _detect_output_format(),
- _force_login(),
- _log_access_time(),
- _log_request(),
- _log_response_code(),
- _parse_delete(),
- _parse_get(),
- _parse_head(),
- _parse_options(),
- _parse_patch(),
- _parse_post(),
- _parse_put(),
- _parse_query(),
- _perform_ldap_auth(),
- _perform_library_auth(),
- _prepare_basic_auth(),
- _prepare_digest_auth(),
- _remap(),
- _xss_clean(),
- delete(),
- early_checks(),
- get(),
- head(),
- options(),
- patch(),
- post(),
- put(),
- query(),
- response(),
- set_response(),
- validation_errors()
- |
-
- protected
- array
- |
-
-
- $methods
-
-
-
-
-
- Defines the list of method properties such as limit, log and level - |
-
-
- #
-
- [
- 'index_put' => ['level' => 10, 'limit' => 10],
- 'index_delete' => ['level' => 10],
- 'level_post' => ['level' => 10],
- 'regenerate_post' => ['level' => 10],
- ]
- |
-
- $_allow,
- $_apiuser,
- $_args,
- $_delete_args,
- $_enable_xss,
- $_end_rtime,
- $_get_args,
- $_head_args,
- $_insert_id,
- $_options_args,
- $_patch_args,
- $_post_args,
- $_put_args,
- $_query_args,
- $_start_rtime,
- $_supported_formats,
- $_user_ldap_dn,
- $allowed_http_methods,
- $http_status_codes,
- $request,
- $response,
- $rest,
- $rest_format
- |
-
CodeIgniter Rest Controller -A fully RESTful server implementation for CodeIgniter using one library, one config file and one controller.
-
-REST_Controller
-
-
-
- protected
-
-
-
-
- |
-
-
- #
- early_checks( )
-
-
-
-
-
- Extend this function to apply additional checking early on in the process - |
-
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
- - |
- public
-
-
-
-
- |
-
-
- #
- set_response( array|null $data = NULL, integer|null $http_code = NULL )
-
-
-
-
-
- Takes mixed data and optionally a status code, then creates the response -within the buffers of the Output class. The response is sent to the client -lately by the framework, after the current controller's method termination. -All the hooks after the controller's method termination are executable. - |
-
- protected
-
- string|null
-
-
- |
-
- - |
- protected
-
- mixed|null|string
-
-
- |
-
- - |
- protected
-
- string|null
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
- - |
- protected
-
- string|null
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
-
- #
- _check_limit( string $controller_method )
-
-
-
-
-
- Check if the requests to a controller method exceed a limit - |
-
- protected
-
- boolean
-
-
- |
-
-
- #
- _auth_override_check( )
-
-
-
-
-
- Check if there is a specific auth type set for the current class/method/HTTP-method being called - |
-
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- public
-
- array|string|null
-
-
- |
-
- - |
- protected
-
- string
-
-
- |
-
-
- #
- _xss_clean( string $value, boolean $xss_clean )
-
-
-
-
-
- Sanitizes data so that Cross Site Scripting Hacks can be -prevented. - |
-
- public
-
- array
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
-
- #
- _perform_ldap_auth( string $username = '', string $password = NULL )
-
-
-
-
-
- Perform LDAP Authentication - |
-
- protected
-
- boolean
-
-
- |
-
-
- #
- _perform_library_auth( string $username = '', string $password = NULL )
-
-
-
-
-
- Perform Library Authentication - Override this function to change the way the library is called - |
-
- protected
-
- boolean
-
-
- |
-
-
- #
- _check_login( string $username = NULL, boolean|string $password = FALSE )
-
-
-
-
-
- Check if the user is logged in - |
-
- protected
-
-
-
-
- |
-
-
- #
- _check_php_session( )
-
-
-
-
-
- Check to see if the user is logged in with a PHP session key - |
-
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
- - |
- protected
-
-
-
-
- |
-
-
- #
- _check_blacklist_auth( )
-
-
-
-
-
- Checks if the client's ip is in the 'rest_ip_blacklist' config and generates a 401 response - |
-
- protected
-
-
-
-
- |
-
-
- #
- _check_whitelist_auth( )
-
-
-
-
-
- Check if the client's ip is in the 'rest_ip_whitelist' config and generates a 401 response - |
-
- protected
-
-
-
-
- |
-
-
- #
- _force_login( string $nonce = '' )
-
-
-
-
-
- Force logging in by setting the WWW-Authenticate header - |
-
- protected
-
- boolean
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
- - |
- protected
-
- boolean
-
-
- |
-
-
- #
- _check_access( )
-
-
-
-
-
- Check to see if the API key has access to the controller and methods - |
-
integer |
-
-
- HTTP_CONTINUE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 100
- |
-
integer |
-
-
- HTTP_SWITCHING_PROTOCOLS
-
-
-
-
-
-
-
- |
-
-
- #
-
- 101
- |
-
integer |
-
-
- HTTP_PROCESSING
-
-
-
-
-
-
-
- |
-
-
- #
-
- 102
- |
-
integer |
-
-
- HTTP_OK
-
-
-
-
-
-
- The request has succeeded - |
-
-
- #
-
- 200
- |
-
integer |
-
-
- HTTP_CREATED
-
-
-
-
-
-
- The server successfully created a new resource - |
-
-
- #
-
- 201
- |
-
integer |
-
-
- HTTP_ACCEPTED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 202
- |
-
integer |
-
-
- HTTP_NON_AUTHORITATIVE_INFORMATION
-
-
-
-
-
-
-
- |
-
-
- #
-
- 203
- |
-
integer |
-
-
- HTTP_NO_CONTENT
-
-
-
-
-
-
- The server successfully processed the request, though no content is returned - |
-
-
- #
-
- 204
- |
-
integer |
-
-
- HTTP_RESET_CONTENT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 205
- |
-
integer |
-
-
- HTTP_PARTIAL_CONTENT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 206
- |
-
integer |
-
-
- HTTP_MULTI_STATUS
-
-
-
-
-
-
-
- |
-
-
- #
-
- 207
- |
-
integer |
-
-
- HTTP_ALREADY_REPORTED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 208
- |
-
integer |
-
-
- HTTP_IM_USED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 226
- |
-
integer |
-
-
- HTTP_MULTIPLE_CHOICES
-
-
-
-
-
-
-
- |
-
-
- #
-
- 300
- |
-
integer |
-
-
- HTTP_MOVED_PERMANENTLY
-
-
-
-
-
-
-
- |
-
-
- #
-
- 301
- |
-
integer |
-
-
- HTTP_FOUND
-
-
-
-
-
-
-
- |
-
-
- #
-
- 302
- |
-
integer |
-
-
- HTTP_SEE_OTHER
-
-
-
-
-
-
-
- |
-
-
- #
-
- 303
- |
-
integer |
-
-
- HTTP_NOT_MODIFIED
-
-
-
-
-
-
- The resource has not been modified since the last request - |
-
-
- #
-
- 304
- |
-
integer |
-
-
- HTTP_USE_PROXY
-
-
-
-
-
-
-
- |
-
-
- #
-
- 305
- |
-
integer |
-
-
- HTTP_RESERVED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 306
- |
-
integer |
-
-
- HTTP_TEMPORARY_REDIRECT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 307
- |
-
integer |
-
-
- HTTP_PERMANENTLY_REDIRECT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 308
- |
-
integer |
-
-
- HTTP_BAD_REQUEST
-
-
-
-
-
-
- The request cannot be fulfilled due to multiple errors - |
-
-
- #
-
- 400
- |
-
integer |
-
-
- HTTP_UNAUTHORIZED
-
-
-
-
-
-
- The user is unauthorized to access the requested resource - |
-
-
- #
-
- 401
- |
-
integer |
-
-
- HTTP_PAYMENT_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 402
- |
-
integer |
-
-
- HTTP_FORBIDDEN
-
-
-
-
-
-
- The requested resource is unavailable at this present time - |
-
-
- #
-
- 403
- |
-
integer |
-
-
- HTTP_NOT_FOUND
-
-
-
-
-
-
- The requested resource could not be found - |
-
-
- #
-
- 404
- |
-
integer |
-
-
- HTTP_METHOD_NOT_ALLOWED
-
-
-
-
-
-
- The request method is not supported by the following resource - |
-
-
- #
-
- 405
- |
-
integer |
-
-
- HTTP_NOT_ACCEPTABLE
-
-
-
-
-
-
- The request was not acceptable - |
-
-
- #
-
- 406
- |
-
integer |
-
-
- HTTP_PROXY_AUTHENTICATION_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 407
- |
-
integer |
-
-
- HTTP_REQUEST_TIMEOUT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 408
- |
-
integer |
-
-
- HTTP_CONFLICT
-
-
-
-
-
-
- The request could not be completed due to a conflict with the current state -of the resource - |
-
-
- #
-
- 409
- |
-
integer |
-
-
- HTTP_GONE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 410
- |
-
integer |
-
-
- HTTP_LENGTH_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 411
- |
-
integer |
-
-
- HTTP_PRECONDITION_FAILED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 412
- |
-
integer |
-
-
- HTTP_REQUEST_ENTITY_TOO_LARGE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 413
- |
-
integer |
-
-
- HTTP_REQUEST_URI_TOO_LONG
-
-
-
-
-
-
-
- |
-
-
- #
-
- 414
- |
-
integer |
-
-
- HTTP_UNSUPPORTED_MEDIA_TYPE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 415
- |
-
integer |
-
-
- HTTP_REQUESTED_RANGE_NOT_SATISFIABLE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 416
- |
-
integer |
-
-
- HTTP_EXPECTATION_FAILED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 417
- |
-
integer |
-
-
- HTTP_I_AM_A_TEAPOT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 418
- |
-
integer |
-
-
- HTTP_UNPROCESSABLE_ENTITY
-
-
-
-
-
-
-
- |
-
-
- #
-
- 422
- |
-
integer |
-
-
- HTTP_LOCKED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 423
- |
-
integer |
-
-
- HTTP_FAILED_DEPENDENCY
-
-
-
-
-
-
-
- |
-
-
- #
-
- 424
- |
-
integer |
-
-
- HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL
-
-
-
-
-
-
-
- |
-
-
- #
-
- 425
- |
-
integer |
-
-
- HTTP_UPGRADE_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 426
- |
-
integer |
-
-
- HTTP_PRECONDITION_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 428
- |
-
integer |
-
-
- HTTP_TOO_MANY_REQUESTS
-
-
-
-
-
-
-
- |
-
-
- #
-
- 429
- |
-
integer |
-
-
- HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 431
- |
-
integer |
-
-
- HTTP_INTERNAL_SERVER_ERROR
-
-
-
-
-
-
- The server encountered an unexpected error - |
-
-
- #
-
- 500
- |
-
integer |
-
-
- HTTP_NOT_IMPLEMENTED
-
-
-
-
-
-
- The server does not recognise the request method - |
-
-
- #
-
- 501
- |
-
integer |
-
-
- HTTP_BAD_GATEWAY
-
-
-
-
-
-
-
- |
-
-
- #
-
- 502
- |
-
integer |
-
-
- HTTP_SERVICE_UNAVAILABLE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 503
- |
-
integer |
-
-
- HTTP_GATEWAY_TIMEOUT
-
-
-
-
-
-
-
- |
-
-
- #
-
- 504
- |
-
integer |
-
-
- HTTP_VERSION_NOT_SUPPORTED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 505
- |
-
integer |
-
-
- HTTP_VARIANT_ALSO_NEGOTIATES_EXPERIMENTAL
-
-
-
-
-
-
-
- |
-
-
- #
-
- 506
- |
-
integer |
-
-
- HTTP_INSUFFICIENT_STORAGE
-
-
-
-
-
-
-
- |
-
-
- #
-
- 507
- |
-
integer |
-
-
- HTTP_LOOP_DETECTED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 508
- |
-
integer |
-
-
- HTTP_NOT_EXTENDED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 510
- |
-
integer |
-
-
- HTTP_NETWORK_AUTHENTICATION_REQUIRED
-
-
-
-
-
-
-
- |
-
-
- #
-
- 511
- |
-
- protected
- string|null
- |
-
-
- $rest_format
-
-
-
-
-
- This defines the rest format. -Must be overridden it in a controller so that it is set. - |
-
-
- #
-
- NULL
- |
-
- protected
- array
- |
-
-
- $methods
-
-
-
-
-
- Defines the list of method properties such as limit, log and level - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $allowed_http_methods
-
-
-
-
-
- List of allowed HTTP methods - |
-
-
- #
-
- ['get', 'delete', 'post', 'put', 'options', 'patch', 'head']
- |
-
- protected
- object
- |
-
-
- $request
-
-
-
-
-
- Contains details about the request -Fields: body, format, method, ssl -Note: This is a dynamic object (stdClass) - |
-
-
- #
-
- NULL
- |
-
- protected
- object
- |
-
-
- $response
-
-
-
-
-
- Contains details about the response -Fields: format, lang -Note: This is a dynamic object (stdClass) - |
-
-
- #
-
- NULL
- |
-
- protected
- object
- |
-
-
- $rest
-
-
-
-
-
- Contains details about the REST API -Fields: db, ignore_limits, key, level, user_id -Note: This is a dynamic object (stdClass) - |
-
-
- #
-
- NULL
- |
-
- protected
- array
- |
-
-
- $_get_args
-
-
-
-
-
- The arguments for the GET request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_post_args
-
-
-
-
-
- The arguments for the POST request method - |
-
-
- #
-
- []
- |
-
- protected
- string
- |
-
-
- $_insert_id
-
-
-
-
-
- The insert_id of the log entry (if we have one) - |
-
-
- #
-
- ''
- |
-
- protected
- array
- |
-
-
- $_put_args
-
-
-
-
-
- The arguments for the PUT request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_delete_args
-
-
-
-
-
- The arguments for the DELETE request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_patch_args
-
-
-
-
-
- The arguments for the PATCH request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_head_args
-
-
-
-
-
- The arguments for the HEAD request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_options_args
-
-
-
-
-
- The arguments for the OPTIONS request method - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_query_args
-
-
-
-
-
- The arguments for the query parameters - |
-
-
- #
-
- []
- |
-
- protected
- array
- |
-
-
- $_args
-
-
-
-
-
- The arguments from GET, POST, PUT, DELETE, PATCH, HEAD and OPTIONS request methods combined - |
-
-
- #
-
- []
- |
-
- protected
- boolean
- |
-
-
- $_allow
-
-
-
-
-
- If the request is allowed based on the API key provided. - |
-
-
- #
-
- TRUE
- |
-
- protected
- string
- |
-
-
- $_user_ldap_dn
-
-
-
-
-
- The LDAP Distinguished Name of the User post authentication - |
-
-
- #
-
- ''
- |
-
- protected
- string
- |
-
-
- $_start_rtime
-
-
-
-
-
- The start of the response time from the server - |
-
-
- #
-
- ''
- |
-
- protected
- string
- |
-
-
- $_end_rtime
-
-
-
-
-
- The end of the response time from the server - |
-
-
- #
-
- ''
- |
-
- protected
- array
- |
-
-
- $_supported_formats
-
-
-
-
-
- List all supported methods, the first will be the default format - |
-
-
- #
-
- [
- 'json' => 'application/json',
- 'array' => 'application/json',
- 'csv' => 'application/csv',
- 'html' => 'text/html',
- 'jsonp' => 'application/javascript',
- 'php' => 'text/plain',
- 'serialized' => 'application/vnd.php.serialized',
- 'xml' => 'application/xml'
- ]
- |
-
- protected
- object
- |
-
-
- $_apiuser
-
-
-
-
-
- Information about the current API user - |
-
-
- #
-
- |
-
- protected
- boolean
- |
-
-
- $_enable_xss
-
-
-
-
-
- Enable XSS flag -Determines whether the XSS filter is always active when -GET, OPTIONS, HEAD, POST, PUT, DELETE and PATCH data is encountered. -Set automatically based on config setting. - |
-
-
- #
-
- FALSE
- |
-
- protected
- array
- |
-
-
- $http_status_codes
-
-
-
-
-
- HTTP status codes and their respective description -Note: Only the widely used HTTP status codes are used - |
-
-
- #
-
- [
- self::HTTP_OK => 'OK',
- self::HTTP_CREATED => 'CREATED',
- self::HTTP_NO_CONTENT => 'NO CONTENT',
- self::HTTP_NOT_MODIFIED => 'NOT MODIFIED',
- self::HTTP_BAD_REQUEST => 'BAD REQUEST',
- self::HTTP_UNAUTHORIZED => 'UNAUTHORIZED',
- self::HTTP_FORBIDDEN => 'FORBIDDEN',
- self::HTTP_NOT_FOUND => 'NOT FOUND',
- self::HTTP_METHOD_NOT_ALLOWED => 'METHOD NOT ALLOWED',
- self::HTTP_NOT_ACCEPTABLE => 'NOT ACCEPTABLE',
- self::HTTP_CONFLICT => 'CONFLICT',
- self::HTTP_INTERNAL_SERVER_ERROR => 'INTERNAL SERVER ERROR',
- self::HTTP_NOT_IMPLEMENTED => 'NOT IMPLEMENTED'
-]
- |
-
-Rest_server
-
-
-
- public
-
-
-
-
- |
-
- - |
-Welcome
-
-
-
- public
-
-
-
-
- |
-
- - |
| - CodeIgniter - | -
| - CodeIgniter\Libraries - | -
| - CodeIgniter\Rest - | -
| - None - | -
| REST_Controller | -CodeIgniter Rest Controller -A fully RESTful server implementation for CodeIgniter using one library, one config file and one controller. |
-
| Example | -This is an example of a few basic user interaction methods you could use -all done with a hardcoded array |
-
| Key | -Keys Controller -This is a basic Key Management REST controller to make and delete keys |
-
| CodeIgniter\Libraries | -
| CodeIgniter\Rest | -
| Format | -Format class -Help convert between various formats such as XML, JSON, CSV, etc. |
-
| Rest_server | -- |
| Welcome | -- |
| t |
| 's parent ( |
| itself.
- */
-jQuery.fn.sortElements = (function(){
-
- var sort = [].sort;
-
- return function(comparator, getSortable) {
-
- getSortable = getSortable || function(){return this;};
-
- var placements = this.map(function(){
-
- var sortElement = getSortable.call(this),
- parentNode = sortElement.parentNode,
-
- // Since the element itself will change position, we have
- // to have some way of storing it's original position in
- // the DOM. The easiest way is to have a 'flag' node:
- nextSibling = parentNode.insertBefore(
- document.createTextNode(''),
- sortElement.nextSibling
- );
-
- return function() {
-
- if (parentNode === this) {
- throw new Error(
- "You can't sort elements if any one is a descendant of another."
- );
- }
-
- // Insert before flag:
- parentNode.insertBefore(this, nextSibling);
- // Remove flag:
- parentNode.removeChild(nextSibling);
-
- };
-
- });
-
- return sort.call(this, comparator).each(function(i){
- placements[i].call(getSortable.call(this));
- });
-
- };
-
-})();
- $(window).load(function() {
- var $document = $(document);
- var $left = $('#left');
- var $right = $('#right');
- var $rightInner = $('#rightInner');
- var $splitter = $('#splitter');
- var $groups = $('#groups');
- var $content = $('#content');
-
- // Menu
-
- // Hide deep packages and namespaces
- $('ul span', $groups).click(function(event) {
- event.preventDefault();
- event.stopPropagation();
- $(this)
- .toggleClass('collapsed')
- .parent()
- .next('ul')
- .toggleClass('collapsed');
- }).click();
-
- $active = $('ul li.active', $groups);
- if ($active.length > 0) {
- // Open active
- $('> a > span', $active).click();
- } else {
- $main = $('> ul > li.main', $groups);
- if ($main.length > 0) {
- // Open first level of the main project
- $('> a > span', $main).click();
- } else {
- // Open first level of all
- $('> ul > li > a > span', $groups).click();
- }
- }
-
- // Content
-
- // Search autocompletion
- var autocompleteFound = false;
- var autocompleteFiles = {'c': 'class', 'co': 'constant', 'f': 'function', 'm': 'class', 'mm': 'class', 'p': 'class', 'mp': 'class', 'cc': 'class'};
- var $search = $('#search input[name=q]');
- $search
- .autocomplete(ApiGen.elements, {
- matchContains: true,
- scrollHeight: 200,
- max: 20,
- noRecord: '',
- highlight: function(value, term) {
- var term = term.toUpperCase().replace(/([\^\$\(\)\[\]\{\}\*\.\+\?\|\\])/gi, "\\$1").replace(/[A-Z0-9]/g, function(m, offset) {
- return offset === 0 ? '(?:' + m + '|^' + m.toLowerCase() + ')' : '(?:(?:[^<>]|<[^<>]*>)*' + m + '|' + m.toLowerCase() + ')';
- });
- return value.replace(new RegExp("(?![^&;]+;)(?!<[^<>]*)(" + term + ")(?![^<>]*>)(?![^&;]+;)"), "$1");
- },
- formatItem: function(data) {
- return data.length > 1 ? data[1].replace(/^(.+\\)(.+)$/, '$1$2') : data[0];
- },
- formatMatch: function(data) {
- return data[1];
- },
- formatResult: function(data) {
- return data[1];
- },
- show: function($list) {
- var $items = $('li span', $list);
- var maxWidth = Math.max.apply(null, $items.map(function() {
- return $(this).width();
- }));
- // 10px padding
- $list
- .width(Math.max(maxWidth + 10, $search.innerWidth()))
- .css('left', $search.offset().left + $search.outerWidth() - $list.outerWidth());
- }
- }).result(function(event, data) {
- autocompleteFound = true;
- var location = window.location.href.split('/');
- location.pop();
- var parts = data[1].split(/::|$/);
- var file = $.sprintf(ApiGen.config.templates[autocompleteFiles[data[0]]].filename, parts[0].replace(/\(\)/, '').replace(/[^\w]/g, '.'));
- if (parts[1]) {
- file += '#' + ('mm' === data[0] || 'mp' === data[0] ? 'm' : '') + parts[1].replace(/([\w]+)\(\)/, '_$1');
- }
- location.push(file);
- window.location = location.join('/');
-
- // Workaround for Opera bug
- $(this).closest('form').attr('action', location.join('/'));
- }).closest('form')
- .submit(function() {
- var query = $search.val();
- if ('' === query) {
- return false;
- }
- return !autocompleteFound && '' !== $('#search input[name=cx]').val();
- });
-
- // Save natural order
- $('table.summary tr[data-order]', $content).each(function(index) {
- do {
- index = '0' + index;
- } while (index.length < 3);
- $(this).attr('data-order-natural', index);
- });
-
- // Switch between natural and alphabetical order
- var $caption = $('table.summary', $content)
- .filter(':has(tr[data-order])')
- .find('caption');
- $caption
- .click(function() {
- var $this = $(this);
- var order = $this.data('order') || 'natural';
- order = 'natural' === order ? 'alphabetical' : 'natural';
- $this.data('order', order);
- $.cookie('order', order, {expires: 365});
- var attr = 'alphabetical' === order ? 'data-order' : 'data-order-natural';
- $this
- .closest('table')
- .find('tr').sortElements(function(a, b) {
- return $(a).attr(attr) > $(b).attr(attr) ? 1 : -1;
- });
- return false;
- })
- .addClass('switchable')
- .attr('title', 'Switch between natural and alphabetical order');
- if ((null === $.cookie('order') && 'alphabetical' === ApiGen.config.options.elementsOrder) || 'alphabetical' === $.cookie('order')) {
- $caption.click();
- }
-
- // Open details
- if (ApiGen.config.options.elementDetailsCollapsed) {
- $('tr', $content).filter(':has(.detailed)')
- .click(function() {
- var $this = $(this);
- $('.short', $this).hide();
- $('.detailed', $this).show();
- });
- }
-
- // Splitter
- var splitterWidth = $splitter.width();
- var splitterPosition = $.cookie('splitter') ? parseInt($.cookie('splitter')) : null;
- var splitterPositionBackup = $.cookie('splitterBackup') ? parseInt($.cookie('splitterBackup')) : null;
- function setSplitterPosition(position)
- {
- splitterPosition = position;
-
- $left.width(position);
- $right.css('margin-left', position + splitterWidth);
- $splitter.css('left', position);
- }
- function setContentWidth()
- {
- var width = $rightInner.width();
- $rightInner
- .toggleClass('medium', width <= 960)
- .toggleClass('small', width <= 650);
- }
- $splitter.mousedown(function() {
- $splitter.addClass('active');
-
- $document.mousemove(function(event) {
- if (event.pageX >= 230 && $document.width() - event.pageX >= 600 + splitterWidth) {
- setSplitterPosition(event.pageX);
- setContentWidth();
- }
- });
-
- $()
- .add($splitter)
- .add($document)
- .mouseup(function() {
- $splitter
- .removeClass('active')
- .unbind('mouseup');
- $document
- .unbind('mousemove')
- .unbind('mouseup');
-
- $.cookie('splitter', splitterPosition, {expires: 365});
- });
-
- return false;
- });
- $splitter.dblclick(function() {
- if (splitterPosition) {
- splitterPositionBackup = $left.width();
- setSplitterPosition(0);
- } else {
- setSplitterPosition(splitterPositionBackup);
- splitterPositionBackup = null;
- }
-
- setContentWidth();
-
- $.cookie('splitter', splitterPosition, {expires: 365});
- $.cookie('splitterBackup', splitterPositionBackup, {expires: 365});
- });
- if (null !== splitterPosition) {
- setSplitterPosition(splitterPosition);
- }
- setContentWidth();
- $(window).resize(setContentWidth);
-
- // Select selected lines
- var matches = window.location.hash.substr(1).match(/^\d+(?:-\d+)?(?:,\d+(?:-\d+)?)*$/);
- if (null !== matches) {
- var lists = matches[0].split(',');
- for (var i = 0; i < lists.length; i++) {
- var lines = lists[i].split('-');
- lines[0] = parseInt(lines[0]);
- lines[1] = parseInt(lines[1] || lines[0]);
- for (var j = lines[0]; j <= lines[1]; j++) {
- $('#' + j).addClass('selected');
- }
- }
-
- var $firstLine = $('#' + parseInt(matches[0]));
- if ($firstLine.length > 0) {
- $document.scrollTop($firstLine.offset().top);
- }
- }
-
- // Save selected lines
- var lastLine;
- $('.l a').click(function(event) {
- event.preventDefault();
-
- var $selectedLine = $(this).parent();
- var selectedLine = parseInt($selectedLine.attr('id'));
-
- if (event.shiftKey) {
- if (lastLine) {
- for (var i = Math.min(selectedLine, lastLine); i <= Math.max(selectedLine, lastLine); i++) {
- $('#' + i).addClass('selected');
- }
- } else {
- $selectedLine.addClass('selected');
- }
- } else if (event.ctrlKey) {
- $selectedLine.toggleClass('selected');
- } else {
- var $selected = $('.l.selected')
- .not($selectedLine)
- .removeClass('selected');
- if ($selected.length > 0) {
- $selectedLine.addClass('selected');
- } else {
- $selectedLine.toggleClass('selected');
- }
- }
-
- lastLine = $selectedLine.hasClass('selected') ? selectedLine : null;
-
- // Update hash
- var lines = $('.l.selected')
- .map(function() {
- return parseInt($(this).attr('id'));
- })
- .get()
- .sort(function(a, b) {
- return a - b;
- });
-
- var hash = [];
- var list = [];
- for (var j = 0; j < lines.length; j++) {
- if (0 === j && j + 1 === lines.length) {
- hash.push(lines[j]);
- } else if (0 === j) {
- list[0] = lines[j];
- } else if (lines[j - 1] + 1 !== lines[j] && j + 1 === lines.length) {
- hash.push(list.join('-'));
- hash.push(lines[j]);
- } else if (lines[j - 1] + 1 !== lines[j]) {
- hash.push(list.join('-'));
- list = [lines[j]];
- } else if (j + 1 === lines.length) {
- list[1] = lines[j];
- hash.push(list.join('-'));
- } else {
- list[1] = lines[j];
- }
- }
-
- hash = hash.join(',');
- $backup = $('#' + hash).removeAttr('id');
- window.location.hash = hash;
- $backup.attr('id', hash);
- });
-});
-
diff --git a/documentation/resources/footer.png b/documentation/resources/footer.png
deleted file mode 100644
index d99890c2..00000000
Binary files a/documentation/resources/footer.png and /dev/null differ
diff --git a/documentation/resources/inherit.png b/documentation/resources/inherit.png
deleted file mode 100644
index 957079b8..00000000
Binary files a/documentation/resources/inherit.png and /dev/null differ
diff --git a/documentation/resources/resize.png b/documentation/resources/resize.png
deleted file mode 100644
index fb98a7a3..00000000
Binary files a/documentation/resources/resize.png and /dev/null differ
diff --git a/documentation/resources/sort.png b/documentation/resources/sort.png
deleted file mode 100644
index 0d0fea14..00000000
Binary files a/documentation/resources/sort.png and /dev/null differ
diff --git a/documentation/resources/style.css b/documentation/resources/style.css
deleted file mode 100644
index 0d35c212..00000000
--- a/documentation/resources/style.css
+++ /dev/null
@@ -1,614 +0,0 @@
-body {
- font: 13px/1.5 Verdana, 'Geneva CE', lucida, sans-serif;
- margin: 0;
- padding: 0;
- background: #ffffff;
- color: #333333;
-}
-
-h1, h2, h3, h4, caption {
- font-family: 'Trebuchet MS', 'Geneva CE', lucida, sans-serif;
- color: #053368;
-}
-
-h1 {
- color: #1e5eb6;
- font-size: 230%;
- font-weight: normal;
- margin: .3em 0;
-}
-
-h2 {
- color: #1e5eb6;
- font-size: 150%;
- font-weight: normal;
- margin: -.3em 0 .3em 0;
-}
-
-h3 {
- font-size: 1.6em;
- font-weight: normal;
- margin-bottom: 2px;
-}
-
-h4 {
- font-size: 100%;
- font-weight: bold;
- padding: 0;
- margin: 0;
-}
-
-caption {
- border: 1px solid #cccccc;
- background: #ecede5;
- font-weight: bold;
- font-size: 1.2em;
- padding: 3px 5px;
- text-align: left;
- margin-bottom: 0;
-}
-
-p {
- margin: .7em 0 1em;
- padding: 0;
-}
-
-hr {
- margin: 2em 0 1em;
- border: none;
- border-top: 1px solid #cccccc;
- height: 0;
-}
-
-a {
- color: #006aeb;
- padding: 3px 1px;
- text-decoration: none;
-}
-
-h1 a {
- color: #1e5eb6;
-}
-
-a:hover, a:active, a:focus, a:hover b, a:hover var {
- background-color: #006aeb;
- color: #ffffff !important;
-}
-
-code, var, pre {
- font-family: monospace;
-}
-
-var {
- font-weight: bold;
- font-style: normal;
- color: #ca8a04;
-}
-
-pre {
- margin: 0;
-}
-
-code a b {
- color: #000000;
-}
-
-.deprecated {
- text-decoration: line-through;
- opacity: .5;
-}
-
-.invalid {
- color: #e71818;
-}
-
-.hidden {
- display: none;
-}
-
-/* Left side */
-#left {
- overflow: auto;
- width: 270px;
- height: 100%;
- position: fixed;
-}
-
-/* Menu */
-#menu {
- padding: 10px;
-}
-
-#menu ul {
- list-style: none;
- padding: 0;
- margin: 0;
-}
-
-#menu ul ul {
- padding-left: 10px;
-}
-
-#menu li {
- white-space: nowrap;
- position: relative;
-}
-
-#menu a {
- display: block;
- padding: 0 2px;
-}
-
-#menu .active > a, #menu > span {
- color: #333333;
- background: none;
- font-weight: bold;
-}
-
-#menu .active > a.invalid {
- color: #e71818;
-}
-
-#menu .active > a:hover, #menu .active > a:active, #menu .active > a:focus {
- background-color: #006aeb;
-}
-
-#menu #groups span {
- position: absolute;
- top: 4px;
- right: 2px;
- cursor: pointer;
- display: block;
- width: 12px;
- height: 12px;
- background: url('http://github.com/collapsed.png') transparent 0 0 no-repeat;
-}
-
-#menu #groups span:hover {
- background-position: -12px 0;
-}
-
-#menu #groups span.collapsed {
- background-position: 0 -12px;
-}
-
-#menu #groups span.collapsed:hover {
- background-position: -12px -12px;
-}
-
-#menu #groups ul.collapsed {
- display: none;
-}
-
-/* Right side */
-#right {
- overflow: auto;
- margin-left: 275px;
- height: 100%;
- position: relative;
- left: 0;
- right: 0;
-}
-
-#rightInner {
- max-width: 1000px;
- min-width: 350px;
-}
-
-/* Search */
-#search {
- float: right;
- margin: 3px 8px;
-}
-
-#search input.text {
- padding: 3px 5px;
- width: 250px;
-}
-
-/* Autocomplete */
-.ac_results {
- padding: 0;
- border: 1px solid #cccccc;
- background-color: #ffffff;
- overflow: hidden;
- z-index: 99999;
-}
-
-.ac_results ul {
- width: 100%;
- list-style-position: outside;
- list-style: none;
- padding: 0;
- margin: 0;
-}
-
-.ac_results li {
- margin: 0;
- padding: 2px 5px;
- cursor: default;
- display: block;
- font: 12px 'Trebuchet MS', 'Geneva CE', lucida, sans-serif;
- line-height: 16px;
- overflow: hidden;
- white-space: nowrap;
-}
-
-.ac_results li strong {
- color: #000000;
-}
-
-.ac_odd {
- background-color: #eeeeee;
-}
-
-.ac_over {
- background-color: #006aeb;
- color: #ffffff;
-}
-
-.ac_results li.ac_over strong {
- color: #ffffff;
-}
-
-/* Navigation */
-#navigation {
- padding: 3px 8px;
- background-color: #f6f6f4;
- height: 26px;
-}
-
-#navigation ul {
- list-style: none;
- margin: 0 8px 4px 0;
- padding: 0;
- overflow: hidden;
- float: left;
-}
-
-#navigation ul + ul {
- border-left: 1px solid #000000;
- padding-left: 8px;
-}
-
-#navigation ul li {
- float: left;
- margin: 2px;
- padding: 0 3px;
- font-family: Verdana, 'Geneva CE', lucida, sans-serif;
- color: #808080;
-}
-
-#navigation ul li.active {
- background-color: #053368;
- color: #ffffff;
- font-weight: bold;
-}
-
-#navigation ul li a {
- color: #000000;
- font-weight: bold;
- padding: 0;
-}
-
-#navigation ul li span {
- float: left;
- padding: 0 3px;
-}
-
-#navigation ul li a:hover span, #navigation ul li a:active span, #navigation ul li a:focus span {
- background-color: #006aeb;
-}
-
-/* Content */
-#content {
- clear: both;
- padding: 5px 15px;
-}
-
-.description pre {
- padding: .6em;
- background: #fcfcf7;
-}
-
-#content > .description {
- background: #ecede5;
- padding: 1px 8px;
- margin: 1.2em 0;
-}
-
-#content > .description pre {
- margin: .5em 0;
-}
-
-dl.tree {
- margin: 1.2em 0;
-}
-
-dl.tree dd {
- margin: 0;
- padding: 0;
-}
-
-.info {
- margin: 1.2em 0;
-}
-
-.summary {
- border: 1px solid #cccccc;
- border-collapse: collapse;
- font-size: 1em;
- width: 100%;
- margin: 1.2em 0 2.4em;
-}
-
-.summary caption {
- border-width: 1px 1px 0;
-}
-
-.summary caption.switchable {
- background: #ecede5 url('http://github.com/sort.png') no-repeat center right;
- cursor: pointer;
-}
-
-.summary td {
- border: 1px solid #cccccc;
- margin: 0;
- padding: 3px 10px;
- font-size: 1em;
- vertical-align: top;
-}
-
-.summary td:first-child {
- text-align: right;
-}
-
-.summary td hr {
- margin: 3px -10px;
-}
-
-#packages.summary td:first-child, #namespaces.summary td:first-child, .inherited.summary td:first-child, .used.summary td:first-child {
- text-align: left;
-}
-
-.summary tr:hover td {
- background: #f6f6f4;
-}
-
-.summary .description pre {
- border: .5em solid #ecede5;
-}
-
-.summary .description p {
- margin: 0;
-}
-
-.summary .description p + p, .summary .description ul {
- margin: 3px 0 0 0;
-}
-
-.summary .description.detailed h4 {
- margin-top: 3px;
-}
-
-.summary dl {
- margin: 0;
-}
-
-.summary dd {
- margin: 0 0 0 25px;
-}
-
-.name, .attributes {
- white-space: nowrap;
-}
-
-.value code {
- white-space: pre-wrap;
-}
-
-td.name, td.attributes {
- width: 1%;
-}
-
-td.attributes {
- width: 1%;
-}
-
-.class .methods .name, .class .properties .name, .class .constants .name {
- width: auto;
- white-space: normal;
-}
-
-.class .methods .name > div > code {
- white-space: pre-wrap;
-}
-
-.class .methods .name > div > code span, .function .value > code {
- white-space: nowrap;
-}
-
-.class .methods td.name > div, .class td.value > div {
- position: relative;
- padding-right: 1em;
-}
-
-.anchor {
- position: absolute;
- top: 0;
- right: 0;
- line-height: 1;
- font-size: 85%;
- margin: 0;
- color: #006aeb !important;
-}
-
-.list {
- margin: 0 0 5px 25px;
-}
-
-div.invalid {
- background-color: #fae4e0;
- padding: 10px;
-}
-
-/* Splitter */
-#splitter {
- position: fixed;
- height: 100%;
- width: 5px;
- left: 270px;
- background: #1e5eb6 url('http://github.com/resize.png') left center no-repeat;
- cursor: e-resize;
-}
-
-#splitter.active {
- opacity: .5;
-}
-
-/* Footer */
-#footer {
- border-top: 1px solid #e9eeef;
- clear: both;
- color: #a7a7a7;
- font-size: 8pt;
- text-align: center;
- padding: 20px 0 0;
- margin: 3em 0 0;
- height: 90px;
- background: #ffffff url('http://github.com/footer.png') no-repeat center top;
-}
-
-/* Tree */
-div.tree ul {
- list-style: none;
- background: url('http://github.com/tree-vertical.png') left repeat-y;
- padding: 0;
- margin-left: 20px;
-}
-
-div.tree li {
- margin: 0;
- padding: 0;
-}
-
-div.tree div {
- padding-left: 30px;
-}
-
-div.tree div.notlast {
- background: url('http://github.com/tree-hasnext.png') left 10px no-repeat;
-}
-
-div.tree div.last {
- background: url('http://github.com/tree-last.png') left -240px no-repeat;
-}
-
-div.tree li.last {
- background: url('http://github.com/tree-cleaner.png') left center repeat-y;
-}
-
-div.tree span.padding {
- padding-left: 15px;
-}
-
-/* Source code */
-.php-keyword1 {
- color: #e71818;
- font-weight: bold;
-}
-
-.php-keyword2 {
- font-weight: bold;
-}
-
-.php-var {
- color: #d59401;
- font-weight: bold;
-}
-
-.php-num {
- color: #cd0673;
-}
-
-.php-quote {
- color: #008000;
-}
-
-.php-comment {
- color: #929292;
-}
-
-.xlang {
- color: #ff0000;
- font-weight: bold;
-}
-
-span.l {
- display: block;
-}
-
-span.l.selected {
- background: #f6f6f4;
-}
-
-span.l a {
- color: #333333;
-}
-
-span.l a:hover, div.l a:active, div.l a:focus {
- background: transparent;
- color: #333333 !important;
-}
-
-span.l .php-var a {
- color: #d59401;
-}
-
-span.l .php-var a:hover, span.l .php-var a:active, span.l .php-var a:focus {
- color: #d59401 !important;
-}
-
-span.l a.l {
- padding-left: 2px;
- color: #c0c0c0;
-}
-
-span.l a.l:hover, span.l a.l:active, span.l a.l:focus {
- background: transparent;
- color: #c0c0c0 !important;
-}
-
-#rightInner.medium #navigation {
- height: 52px;
-}
-
-#rightInner.medium #navigation ul:first-child + ul {
- clear: left;
- border: none;
- padding: 0;
-}
-
-#rightInner.medium .name, #rightInner.medium .attributes {
- white-space: normal;
-}
-
-#rightInner.small #search {
- float: left;
-}
-
-#rightInner.small #navigation {
- height: 78px;
-}
-
-#rightInner.small #navigation ul:first-child {
- clear: both;
-}
-
-/* global style */
-.left, .summary td.left {
- text-align: left;
-}
-.right, .summary td.right {
- text-align: right;
-}
diff --git a/documentation/resources/tree-cleaner.png b/documentation/resources/tree-cleaner.png
deleted file mode 100644
index 2eb9085b..00000000
Binary files a/documentation/resources/tree-cleaner.png and /dev/null differ
diff --git a/documentation/resources/tree-hasnext.png b/documentation/resources/tree-hasnext.png
deleted file mode 100644
index 91d6b79a..00000000
Binary files a/documentation/resources/tree-hasnext.png and /dev/null differ
diff --git a/documentation/resources/tree-last.png b/documentation/resources/tree-last.png
deleted file mode 100644
index 7f319f8f..00000000
Binary files a/documentation/resources/tree-last.png and /dev/null differ
diff --git a/documentation/resources/tree-vertical.png b/documentation/resources/tree-vertical.png
deleted file mode 100644
index 384908b2..00000000
Binary files a/documentation/resources/tree-vertical.png and /dev/null differ
diff --git a/documentation/source-class-Example.html b/documentation/source-class-Example.html
deleted file mode 100644
index 9544bae6..00000000
--- a/documentation/source-class-Example.html
+++ /dev/null
@@ -1,242 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/documentation/source-class-Format.html b/documentation/source-class-Format.html
deleted file mode 100644
index 050cbd84..00000000
--- a/documentation/source-class-Format.html
+++ /dev/null
@@ -1,636 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/documentation/source-class-Key.html b/documentation/source-class-Key.html
deleted file mode 100644
index 0d0e86e9..00000000
--- a/documentation/source-class-Key.html
+++ /dev/null
@@ -1,377 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/documentation/source-class-REST_Controller.html b/documentation/source-class-REST_Controller.html
deleted file mode 100644
index 5d6c6497..00000000
--- a/documentation/source-class-REST_Controller.html
+++ /dev/null
@@ -1,2215 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/documentation/source-class-Rest_server.html b/documentation/source-class-Rest_server.html
deleted file mode 100644
index 4a18ebd3..00000000
--- a/documentation/source-class-Rest_server.html
+++ /dev/null
@@ -1,118 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/documentation/source-class-Welcome.html b/documentation/source-class-Welcome.html
deleted file mode 100644
index 53bf7995..00000000
--- a/documentation/source-class-Welcome.html
+++ /dev/null
@@ -1,132 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/application/config/index.html b/language/bulgarian/index.html
similarity index 100%
rename from application/config/index.html
rename to language/bulgarian/index.html
diff --git a/language/bulgarian/rest_controller_lang.php b/language/bulgarian/rest_controller_lang.php
new file mode 100644
index 00000000..4ba134d8
--- /dev/null
+++ b/language/bulgarian/rest_controller_lang.php
@@ -0,0 +1,18 @@
+
+
+
+
-
-
-
-
-
-Directory access is forbidden. + + + diff --git a/language/italian/rest_controller_lang.php b/language/italian/rest_controller_lang.php new file mode 100644 index 00000000..783f16ab --- /dev/null +++ b/language/italian/rest_controller_lang.php @@ -0,0 +1,16 @@ + + + +Directory access is forbidden. + + + diff --git a/language/korean/rest_controller_lang.php b/language/korean/rest_controller_lang.php new file mode 100644 index 00000000..fd2fb483 --- /dev/null +++ b/language/korean/rest_controller_lang.php @@ -0,0 +1,16 @@ + + + +Directory access is forbidden. + + + diff --git a/language/portuguese-brazilian/rest_controller_lang.php b/language/portuguese-brazilian/rest_controller_lang.php new file mode 100644 index 00000000..10c164c6 --- /dev/null +++ b/language/portuguese-brazilian/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/romanian/rest_controller_lang.php b/language/romanian/rest_controller_lang.php new file mode 100644 index 00000000..3231a7c5 --- /dev/null +++ b/language/romanian/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/serbian_cyr/rest_controller_lang.php b/language/serbian_cyr/rest_controller_lang.php new file mode 100644 index 00000000..c828cc0a --- /dev/null +++ b/language/serbian_cyr/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/serbian_lat/rest_controller_lang.php b/language/serbian_lat/rest_controller_lang.php new file mode 100644 index 00000000..6046788d --- /dev/null +++ b/language/serbian_lat/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/simplified-chinese/rest_controller_lang.php b/language/simplified-chinese/rest_controller_lang.php new file mode 100644 index 00000000..9e762973 --- /dev/null +++ b/language/simplified-chinese/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/spanish/rest_controller_lang.php b/language/spanish/rest_controller_lang.php new file mode 100644 index 00000000..f98078fb --- /dev/null +++ b/language/spanish/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/traditional-chinese/rest_controller_lang.php b/language/traditional-chinese/rest_controller_lang.php new file mode 100644 index 00000000..a8450f2b --- /dev/null +++ b/language/traditional-chinese/rest_controller_lang.php @@ -0,0 +1,18 @@ + + + +Directory access is forbidden. + + + diff --git a/language/turkish/rest_controller_lang.php b/language/turkish/rest_controller_lang.php new file mode 100644 index 00000000..589b28cc --- /dev/null +++ b/language/turkish/rest_controller_lang.php @@ -0,0 +1,18 @@ +_ci = &get_instance(); + $this->_CI = &get_instance(); // Load the inflector helper - $this->_ci->load->helper('inflector'); + $this->_CI->load->helper('inflector'); // If the provided data is already formatted we should probably convert it to an array - if ($from_type !== NULL) - { - if (method_exists($this, '_from_' . $from_type)) - { - $data = call_user_func([$this, '_from_' . $from_type], $data); - } - else - { - throw new Exception('Format class does not support conversion from "' . $from_type . '".'); + if ($from_type !== null) { + if (method_exists($this, '_from_'.$from_type)) { + $data = call_user_func([$this, '_from_'.$from_type], $data); + } else { + throw new Exception('Format class does not support conversion from "'.$from_type.'".'); } } @@ -107,14 +107,14 @@ public function __construct($data = NULL, $from_type = NULL) /** * Create an instance of the format class - * e.g: echo $this->format->factory(['foo' => 'bar'])->to_csv(); + * e.g: echo $this->format->factory(['foo' => 'bar'])->to_csv();. * - * @param mixed $data Data to convert/parse + * @param mixed $data Data to convert/parse * @param string $from_type Type to convert from e.g. json, csv, html * * @return object Instance of the format class */ - public function factory($data, $from_type = NULL) + public static function factory($data, $from_type = null) { // $class = __CLASS__; // return new $class(); @@ -125,36 +125,31 @@ public function factory($data, $from_type = NULL) // FORMATTING OUTPUT --------------------------------------------------------- /** - * Format data as an array + * Format data as an array. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor * @return array Data parsed as an array; otherwise, an empty array */ - public function to_array($data = NULL) + public function to_array($data = null) { // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } // Cast as an array if not already - if (is_array($data) === FALSE) - { + if (is_array($data) === false) { $data = (array) $data; } $array = []; - foreach ((array) $data as $key => $value) - { - if (is_object($value) === TRUE || is_array($value) === TRUE) - { + foreach ((array) $data as $key => $value) { + if (is_object($value) === true || is_array($value) === true) { $array[$key] = $this->to_array($value); - } - else - { + } else { $array[$key] = $value; } } @@ -163,50 +158,38 @@ public function to_array($data = NULL) } /** - * Format data as XML + * Format data as XML. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor + * @param null $structure + * @param string $basenode * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor - * @param NULL $structure - * @param string $basenode * @return mixed */ - public function to_xml($data = NULL, $structure = NULL, $basenode = 'xml') + public function to_xml($data = null, $structure = null, $basenode = 'xml') { - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } - // turn off compatibility mode as simple xml throws a wobbly if you don't. - if (ini_get('zend.ze1_compatibility_mode') == 1) - { - ini_set('zend.ze1_compatibility_mode', 0); - } - - if ($structure === NULL) - { + if ($structure === null) { $structure = simplexml_load_string("<$basenode />"); } // Force it to be something useful - if (is_array($data) === FALSE && is_object($data) === FALSE) - { + if (is_array($data) === false && is_object($data) === false) { $data = (array) $data; } - foreach ($data as $key => $value) - { - + foreach ($data as $key => $value) { //change false/true to 0/1 - if (is_bool($value)) - { + if (is_bool($value)) { $value = (int) $value; } // no numeric keys in our xml please! - if (is_numeric($key)) - { + if (is_numeric($key)) { // make string key... $key = (singular($basenode) != $basenode) ? singular($basenode) : 'item'; } @@ -214,31 +197,25 @@ public function to_xml($data = NULL, $structure = NULL, $basenode = 'xml') // replace anything not alpha numeric $key = preg_replace('/[^a-z_\-0-9]/i', '', $key); - if ($key === '_attributes' && (is_array($value) || is_object($value))) - { + if ($key === '_attributes' && (is_array($value) || is_object($value))) { $attributes = $value; - if (is_object($attributes)) - { + if (is_object($attributes)) { $attributes = get_object_vars($attributes); } - foreach ($attributes as $attribute_name => $attribute_value) - { + foreach ($attributes as $attribute_name => $attribute_value) { $structure->addAttribute($attribute_name, $attribute_value); } } // if there is another array found recursively call this function - elseif (is_array($value) || is_object($value)) - { + elseif (is_array($value) || is_object($value)) { $node = $structure->addChild($key); // recursive call. $this->to_xml($value, $node, $key); - } - else - { + } else { // add single node. - $value = htmlspecialchars(html_entity_decode($value, ENT_QUOTES, 'UTF-8'), ENT_QUOTES, 'UTF-8'); + $value = htmlspecialchars(html_entity_decode($value ?? '', ENT_QUOTES, 'UTF-8'), ENT_QUOTES, 'UTF-8'); $structure->addChild($key, $value); } @@ -248,109 +225,98 @@ public function to_xml($data = NULL, $structure = NULL, $basenode = 'xml') } /** - * Format data as HTML + * Format data as HTML. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor * @return mixed */ - public function to_html($data = NULL) + public function to_html($data = null) { // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } // Cast as an array if not already - if (is_array($data) === FALSE) - { + if (is_array($data) === false) { $data = (array) $data; } // Check if it's a multi-dimensional array - if (isset($data[0]) && count($data) !== count($data, COUNT_RECURSIVE)) - { + if (isset($data[0]) && count($data) !== count($data, COUNT_RECURSIVE)) { // Multi-dimensional array $headings = array_keys($data[0]); - } - else - { + } else { // Single array $headings = array_keys($data); $data = [$data]; } // Load the table library - $this->_ci->load->library('table'); + $this->_CI->load->library('table'); - $this->_ci->table->set_heading($headings); + $this->_CI->table->set_heading($headings); - foreach ($data as $row) - { - // Suppressing the "array to string conversion" notice. - // Keep the "evil" @ here. - $row = @ array_map('strval', $row); + foreach ($data as $row) { + // Suppressing the "array to string conversion" notice + // Keep the "evil" @ here + $row = @array_map('strval', $row); - $this->_ci->table->add_row($row); + $this->_CI->table->add_row($row); } - return $this->_ci->table->generate(); + return $this->_CI->table->generate(); } /** * @link http://www.metashock.de/2014/02/create-csv-file-in-memory-php/ - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor - * @param string $delimiter The optional delimiter parameter sets the field - * delimiter (one character only). NULL will use the default value (,) - * @param string $enclosure The optional enclosure parameter sets the field - * enclosure (one character only). NULL will use the default value (") + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor + * @param string $delimiter The optional delimiter parameter sets the field + * delimiter (one character only). NULL will use the default value (,) + * @param string $enclosure The optional enclosure parameter sets the field + * enclosure (one character only). NULL will use the default value (") + * * @return string A csv string */ - public function to_csv($data = NULL, $delimiter = ',', $enclosure = '"') + public function to_csv($data = null, $delimiter = ',', $enclosure = '"') { // Use a threshold of 1 MB (1024 * 1024) $handle = fopen('php://temp/maxmemory:1048576', 'w'); - if ($handle === FALSE) - { - return NULL; + if ($handle === false) { + return; } // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } // If NULL, then set as the default delimiter - if ($delimiter === NULL) - { + if ($delimiter === null) { $delimiter = ','; } // If NULL, then set as the default enclosure - if ($enclosure === NULL) - { + if ($enclosure === null) { $enclosure = '"'; } // Cast as an array if not already - if (is_array($data) === FALSE) - { + if (is_array($data) === false) { $data = (array) $data; } // Check if it's a multi-dimensional array - if (isset($data[0]) && count($data) !== count($data, COUNT_RECURSIVE)) - { + if (isset($data[0]) && count($data) !== count($data, COUNT_RECURSIVE)) { // Multi-dimensional array $headings = array_keys($data[0]); - } - else - { + } else { // Single array $headings = array_keys($data); $data = [$data]; @@ -359,18 +325,16 @@ public function to_csv($data = NULL, $delimiter = ',', $enclosure = '"') // Apply the headings fputcsv($handle, $headings, $delimiter, $enclosure); - foreach ($data as $record) - { + foreach ($data as $record) { // If the record is not an array, then break. This is because the 2nd param of // fputcsv() should be an array - if (is_array($record) === FALSE) - { + if (is_array($record) === false) { break; } // Suppressing the "array to string conversion" notice. // Keep the "evil" @ here. - $record = @ array_map('strval', $record); + $record = @array_map('strval', $record); // Returns the length of the string written or FALSE fputcsv($handle, $record, $delimiter, $enclosure); @@ -385,60 +349,61 @@ public function to_csv($data = NULL, $delimiter = ',', $enclosure = '"') // Close the handle fclose($handle); + // Convert UTF-8 encoding to UTF-16LE which is supported by MS Excel + $csv = mb_convert_encoding($csv, 'UTF-16LE', 'UTF-8'); + return $csv; } /** - * Encode data as json + * Encode data as json. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor * @return string Json representation of a value */ - public function to_json($data = NULL) + public function to_json($data = null) { // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } // Get the callback parameter (if set) - $callback = $this->_ci->input->get('callback'); + $callback = $this->_CI->input->get('callback'); - if (empty($callback) === TRUE) - { - return json_encode($data); + if (empty($callback) === true) { + return json_encode($data, JSON_UNESCAPED_UNICODE); } // We only honour a jsonp callback which are valid javascript identifiers - elseif (preg_match('/^[a-z_\$][a-z0-9\$_]*(\.[a-z_\$][a-z0-9\$_]*)*$/i', $callback)) - { + elseif (preg_match('/^[a-z_\$][a-z0-9\$_]*(\.[a-z_\$][a-z0-9\$_]*)*$/i', $callback)) { // Return the data as encoded json with a callback - return $callback . '(' . json_encode($data) . ');'; + return $callback.'('.json_encode($data, JSON_UNESCAPED_UNICODE).');'; } // An invalid jsonp callback function provided. // Though I don't believe this should be hardcoded here - $data['warning'] = 'INVALID JSONP CALLBACK: ' . $callback; + $data['warning'] = 'INVALID JSONP CALLBACK: '.$callback; - return json_encode($data); + return json_encode($data, JSON_UNESCAPED_UNICODE); } /** - * Encode data as a serialized array + * Encode data as a serialized array. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor * @return string Serialized data */ - public function to_serialized($data = NULL) + public function to_serialized($data = null) { // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } @@ -446,29 +411,30 @@ public function to_serialized($data = NULL) } /** - * Format data using a PHP structure + * Format data using a PHP structure. + * + * @param mixed|null $data Optional data to pass, so as to override the data passed + * to the constructor * - * @param mixed|NULL $data Optional data to pass, so as to override the data passed - * to the constructor * @return mixed String representation of a variable */ - public function to_php($data = NULL) + public function to_php($data = null) { // If no data is passed as a parameter, then use the data passed // via the constructor - if ($data === NULL && func_num_args() === 0) - { + if ($data === null && func_num_args() === 0) { $data = $this->_data; } - return var_export($data, TRUE); + return var_export($data, true); } // INTERNAL FUNCTIONS /** - * @param $data XML string - * @return SimpleXMLElement XML element object; otherwise, empty array + * @param string $data XML string + * + * @return array XML element object; otherwise, empty array */ protected function _from_xml($data) { @@ -476,25 +442,24 @@ protected function _from_xml($data) } /** - * @param string $data CSV string + * @param string $data CSV string * @param string $delimiter The optional delimiter parameter sets the field - * delimiter (one character only). NULL will use the default value (,) + * delimiter (one character only). NULL will use the default value (,) * @param string $enclosure The optional enclosure parameter sets the field - * enclosure (one character only). NULL will use the default value (") + * enclosure (one character only). NULL will use the default value (") + * * @return array A multi-dimensional array with the outer array being the number of rows - * and the inner arrays the individual fields + * and the inner arrays the individual fields */ protected function _from_csv($data, $delimiter = ',', $enclosure = '"') { // If NULL, then set as the default delimiter - if ($delimiter === NULL) - { + if ($delimiter === null) { $delimiter = ','; } // If NULL, then set as the default enclosure - if ($enclosure === NULL) - { + if ($enclosure === null) { $enclosure = '"'; } @@ -502,7 +467,8 @@ protected function _from_csv($data, $delimiter = ',', $enclosure = '"') } /** - * @param $data Encoded json string + * @param string $data Encoded json string + * * @return mixed Decoded json string with leading and trailing whitespace removed */ protected function _from_json($data) @@ -511,7 +477,8 @@ protected function _from_json($data) } /** - * @param string Data to unserialized + * @param string $data Data to unserialize + * * @return mixed Unserialized data */ protected function _from_serialize($data) @@ -520,12 +487,12 @@ protected function _from_serialize($data) } /** - * @param $data Data to trim leading and trailing whitespace + * @param string $data Data to trim leading and trailing whitespace + * * @return string Data with leading and trailing whitespace removed */ protected function _from_php($data) { return trim($data); } - } diff --git a/src/RestController.php b/src/RestController.php new file mode 100644 index 00000000..7f292a98 --- /dev/null +++ b/src/RestController.php @@ -0,0 +1,2051 @@ + 'application/json', + 'array' => 'application/json', + 'csv' => 'application/csv', + 'html' => 'text/html', + 'jsonp' => 'application/javascript', + 'php' => 'text/plain', + 'serialized' => 'application/vnd.php.serialized', + 'xml' => 'application/xml', + ]; + + /** + * Information about the current API user. + * + * @var object + */ + protected $_apiuser; + + /** + * Whether or not to perform a CORS check and apply CORS headers to the request. + * + * @var bool + */ + protected $check_cors = null; + + /** + * Enable XSS flag + * Determines whether the XSS filter is always active when + * GET, OPTIONS, HEAD, POST, PUT, DELETE and PATCH data is encountered + * Set automatically based on config setting. + * + * @var bool + */ + protected $_enable_xss = false; + + private $is_valid_request = true; + + /** + * Common HTTP status codes and their respective description. + * + * @link http://www.restapitutorial.com/httpstatuscodes.html + */ + const HTTP_OK = 200; + const HTTP_CREATED = 201; + const HTTP_NOT_MODIFIED = 304; + const HTTP_BAD_REQUEST = 400; + const HTTP_UNAUTHORIZED = 401; + const HTTP_FORBIDDEN = 403; + const HTTP_NOT_FOUND = 404; + const HTTP_METHOD_NOT_ALLOWED = 405; + const HTTP_NOT_ACCEPTABLE = 406; + const HTTP_INTERNAL_ERROR = 500; + + /** + * @var Format + */ + protected $format; + + /** + * @var bool + */ + protected $auth_override; + + /** + * Extend this function to apply additional checking early on in the process. + * + * @return void + */ + protected function early_checks() + { + } + + /** + * Constructor for the REST API. + * + * @param string $config Configuration filename minus the file extension + * e.g: my_rest.php is passed as 'my_rest' + */ + public function __construct($config = 'rest') + { + parent::__construct(); + + // Set the default value of global xss filtering. Same approach as CodeIgniter 3 + $this->_enable_xss = ($this->config->item('global_xss_filtering') === true); + + // Don't try to parse template variables like {elapsed_time} and {memory_usage} + // when output is displayed for not damaging data accidentally + $this->output->parse_exec_vars = false; + + // Load the rest.php configuration file + $this->get_local_config($config); + + // Log the loading time to the log table + if ($this->config->item('rest_enable_logging') === true) { + // Start the timer for how long the request takes + $this->_start_rtime = microtime(true); + } + + // Determine supported output formats from configuration + $supported_formats = $this->config->item('rest_supported_formats'); + + // Validate the configuration setting output formats + if (empty($supported_formats)) { + $supported_formats = []; + } + + if (!is_array($supported_formats)) { + $supported_formats = [$supported_formats]; + } + + // Add silently the default output format if it is missing + $default_format = $this->_get_default_output_format(); + if (!in_array($default_format, $supported_formats)) { + $supported_formats[] = $default_format; + } + + // Now update $this->_supported_formats + $this->_supported_formats = array_intersect_key($this->_supported_formats, array_flip($supported_formats)); + + // Get the language + $language = $this->config->item('rest_language'); + if ($language === null) { + $language = 'english'; + } + + // Load the language file + $this->lang->load('rest_controller', $language, false, true, __DIR__.'/../'); + + // Initialise the response, request and rest objects + $this->request = new stdClass(); + $this->response = new stdClass(); + $this->rest = new stdClass(); + + // Check to see if the current IP address is blacklisted + if ($this->config->item('rest_ip_blacklist_enabled') === true) { + $this->_check_blacklist_auth(); + } + + // Determine whether the connection is HTTPS + $this->request->ssl = is_https(); + + // How is this request being made? GET, POST, PATCH, DELETE, INSERT, PUT, HEAD or OPTIONS + $this->request->method = $this->_detect_method(); + + // Check for CORS access request + $check_cors = $this->config->item('check_cors'); + if ($check_cors === true) { + $this->_check_cors(); + } + + // Create an argument container if it doesn't exist e.g. _get_args + if (isset($this->{'_'.$this->request->method.'_args'}) === false) { + $this->{'_'.$this->request->method.'_args'} = []; + } + + // Set up the query parameters + $this->_parse_query(); + + // Set up the GET variables + $this->_get_args = array_merge($this->_get_args, $this->uri->ruri_to_assoc()); + + // Try to find a format for the request (means we have a request body) + $this->request->format = $this->_detect_input_format(); + + // Not all methods have a body attached with them + $this->request->body = null; + + $this->{'_parse_'.$this->request->method}(); + + // Fix parse method return arguments null + if ($this->{'_'.$this->request->method.'_args'} === null) { + $this->{'_'.$this->request->method.'_args'} = []; + } + + // Which format should the data be returned in? + $this->response->format = $this->_detect_output_format(); + + // Which language should the data be returned in? + $this->response->lang = $this->_detect_lang(); + + // Now we know all about our request, let's try and parse the body if it exists + if ($this->request->format && $this->request->body) { + $this->request->body = Format::factory($this->request->body, $this->request->format)->to_array(); + + // Assign payload arguments to proper method container + $this->{'_'.$this->request->method.'_args'} = $this->request->body; + } + + //get header vars + $this->_head_args = $this->input->request_headers(); + + // Merge both for one mega-args variable + $this->_args = array_merge( + $this->_get_args, + $this->_options_args, + $this->_patch_args, + $this->_head_args, + $this->_put_args, + $this->_post_args, + $this->_delete_args, + $this->{'_'.$this->request->method.'_args'} + ); + + // Extend this function to apply additional checking early on in the process + $this->early_checks(); + + // Load DB if its enabled + if ($this->config->item('rest_database_group') && ($this->config->item('rest_enable_keys') || $this->config->item('rest_enable_logging'))) { + $this->rest->db = $this->load->database($this->config->item('rest_database_group'), true); + } + + // Use whatever database is in use (isset returns FALSE) + elseif (property_exists($this, 'db')) { + $this->rest->db = $this->db; + } + + // Check if there is a specific auth type for the current class/method + // _auth_override_check could exit so we need $this->rest->db initialized before + $this->auth_override = $this->_auth_override_check(); + + // Checking for keys? GET TO WorK! + // Skip keys test for $config['auth_override_class_method']['class'['method'] = 'none' + if ($this->config->item('rest_enable_keys') && $this->auth_override !== true) { + $this->_allow = $this->_detect_api_key(); + } + + // Only allow ajax requests + if ($this->input->is_ajax_request() === false && $this->config->item('rest_ajax_only')) { + // Display an error response + $this->response([ + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ajax_only'), + ], self::HTTP_NOT_ACCEPTABLE); + } + + // When there is no specific override for the current class/method, use the default auth value set in the config + if ($this->auth_override === false && + (!($this->config->item('rest_enable_keys') && $this->_allow === true) || + ($this->config->item('allow_auth_and_keys') === true && $this->_allow === true))) { + $rest_auth = strtolower($this->config->item('rest_auth')); + switch ($rest_auth) { + case 'basic': + $this->_prepare_basic_auth(); + break; + case 'digest': + $this->_prepare_digest_auth(); + break; + case 'session': + $this->_check_php_session(); + break; + } + } + } + + /** + * Does the auth stuff. + */ + private function do_auth($method = false) + { + // If we don't want to do auth, then just return true + if ($method === false) { + return true; + } + + if (file_exists(__DIR__.'/auth/'.$method.'.php')) { + include __DIR__.'/auth/'.$method.'.php'; + } + } + + /** + * @param $config_file + */ + private function get_local_config($config_file) + { + if (file_exists(APPPATH.'config/'.$config_file.'.php')) { + $this->load->config($config_file, false); + } else { + if (file_exists(__DIR__.'/'.$config_file.'.php')) { + $config = []; + include __DIR__.'/'.$config_file.'.php'; + foreach ($config as $key => $value) { + $this->config->set_item($key, $value); + } + } + } + } + + /** + * De-constructor. + * + * @author Chris Kacerguis + * + * @return void + */ + public function __destruct() + { + // Log the loading time to the log table + if ($this->config->item('rest_enable_logging') === true) { + // Get the current timestamp + $this->_end_rtime = microtime(true); + + $this->_log_access_time(); + } + } + + /** + * Requests are not made to methods directly, the request will be for + * an "object". This simply maps the object and method to the correct + * Controller method. + * + * @param string $object_called + * @param array $arguments The arguments passed to the controller method + * + * @throws Exception + */ + public function _remap($object_called, $arguments = []) + { + // Should we answer if not over SSL? + if ($this->config->item('force_https') && $this->request->ssl === false) { + $this->response([ + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unsupported'), + ], self::HTTP_FORBIDDEN); + } + + // Remove the supported format from the function name e.g. index.json => index + $object_called = preg_replace('/^(.*)\.(?:'.implode('|', array_keys($this->_supported_formats)).')$/', '$1', $object_called); + + $controller_method = $object_called.'_'.$this->request->method; + // Does this method exist? If not, try executing an index method + if (!method_exists($this, $controller_method)) { + $controller_method = 'index_'.$this->request->method; + array_unshift($arguments, $object_called); + } + + // Do we want to log this method (if allowed by config)? + $log_method = !(isset($this->methods[$controller_method]['log']) && $this->methods[$controller_method]['log'] === false); + + // Use keys for this method? + $use_key = !(isset($this->methods[$controller_method]['key']) && $this->methods[$controller_method]['key'] === false); + + // They provided a key, but it wasn't valid, so get them out of here + if ($this->config->item('rest_enable_keys') && $use_key && $this->_allow === false) { + if ($this->config->item('rest_enable_logging') && $log_method) { + $this->_log_request(); + } + + // fix cross site to option request error + if ($this->request->method == 'options') { + exit; + } + + $this->response([ + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => sprintf($this->lang->line('text_rest_invalid_api_key'), $this->rest->key), + ], self::HTTP_FORBIDDEN); + } + + // Check to see if this key has access to the requested controller + if ($this->config->item('rest_enable_keys') && $use_key && empty($this->rest->key) === false && $this->_check_access() === false) { + if ($this->config->item('rest_enable_logging') && $log_method) { + $this->_log_request(); + } + + $this->response([ + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_unauthorized'), + ], self::HTTP_UNAUTHORIZED); + } + + // Sure it exists, but can they do anything with it? + if (!method_exists($this, $controller_method)) { + $this->response([ + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unknown_method'), + ], self::HTTP_METHOD_NOT_ALLOWED); + } + + // Doing key related stuff? Can only do it if they have a key right? + if ($this->config->item('rest_enable_keys') && empty($this->rest->key) === false) { + // Check the limit + if ($this->config->item('rest_enable_limits') && $this->_check_limit($controller_method) === false) { + $response = [$this->config->item('rest_status_field_name') => false, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_time_limit')]; + $this->response($response, self::HTTP_UNAUTHORIZED); + } + + // If no level is set use 0, they probably aren't using permissions + $level = isset($this->methods[$controller_method]['level']) ? $this->methods[$controller_method]['level'] : 0; + + // If no level is set, or it is lower than/equal to the key's level + $authorized = $level <= $this->rest->level; + // IM TELLIN! + if ($this->config->item('rest_enable_logging') && $log_method) { + $this->_log_request($authorized); + } + if ($authorized === false) { + // They don't have good enough perms + $response = [$this->config->item('rest_status_field_name') => false, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_permissions')]; + $this->response($response, self::HTTP_UNAUTHORIZED); + } + } + + //check request limit by ip without login + elseif ($this->config->item('rest_limits_method') == 'IP_ADDRESS' && $this->config->item('rest_enable_limits') && $this->_check_limit($controller_method) === false) { + $response = [$this->config->item('rest_status_field_name') => false, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ip_address_time_limit')]; + $this->response($response, self::HTTP_UNAUTHORIZED); + } + + // No key stuff, but record that stuff is happening + elseif ($this->config->item('rest_enable_logging') && $log_method) { + $this->_log_request($authorized = true); + } + + // Call the controller method and passed arguments + try { + if ($this->is_valid_request) { + call_user_func_array([$this, $controller_method], $arguments); + } + } catch (Exception $ex) { + if ($this->config->item('rest_handle_exceptions') === false) { + throw $ex; + } + + // If the method doesn't exist, then the error will be caught and an error response shown + $_error = &load_class('Exceptions', 'core'); + $_error->show_exception($ex); + } + } + + /** + * Takes mixed data and optionally a status code, then creates the response. + * + * @param array|null $data Data to output to the user + * @param int|null $http_code HTTP status code + * @param bool $continue TRUE to flush the response to the client and continue + * running the script; otherwise, exit + */ + public function response($data = null, $http_code = null, $continue = false) + { + //if profiling enabled then print profiling data + $isProfilingEnabled = $this->config->item('enable_profiling'); + if (!$isProfilingEnabled) { + ob_start(); + // If the HTTP status is not NULL, then cast as an integer + if ($http_code !== null) { + // So as to be safe later on in the process + $http_code = (int) $http_code; + } + + // Set the output as NULL by default + $output = null; + + // If data is NULL and no HTTP status code provided, then display, error and exit + if ($data === null && $http_code === null) { + $http_code = self::HTTP_NOT_FOUND; + } + + // If data is not NULL and a HTTP status code provided, then continue + elseif ($data !== null) { + // If the format method exists, call and return the output in that format + $formatter = null; + if ($this->format && method_exists($this->format, 'to_'.$this->response->format)) { + $formatter = $this->format::factory($data); + } elseif (method_exists(Format::class, 'to_'.$this->response->format)) { + $formatter = Format::factory($data); + } + + if ($formatter !== null) { + // CORB protection + // First, get the output content. + $output = $formatter->{'to_'.$this->response->format}(); + + // Set the format header + // Then, check if the client asked for a callback, and if the output contains this callback : + if (isset($this->_get_args['callback']) && $this->response->format == 'json' && preg_match('/^'.$this->_get_args['callback'].'/', $output)) { + $this->output->set_content_type($this->_supported_formats['jsonp'], strtolower($this->config->item('charset'))); + } else { + $this->output->set_content_type($this->_supported_formats[$this->response->format], strtolower($this->config->item('charset'))); + } + + // An array must be parsed as a string, so as not to cause an array to string error + // Json is the most appropriate form for such a data type + if ($this->response->format === 'array') { + $output = Format::factory($output)->{'to_json'}(); + } + } else { + // If an array or object, then parse as a json, so as to be a 'string' + if (is_array($data) || is_object($data)) { + $data = Format::factory($data)->{'to_json'}(); + } + + // Format is not supported, so output the raw data as a string + $output = $data; + } + } + + // If not greater than zero, then set the HTTP status code as 200 by default + // Though perhaps 500 should be set instead, for the developer not passing a + // correct HTTP status code + $http_code > 0 || $http_code = self::HTTP_OK; + + $this->output->set_status_header($http_code); + + // JC: Log response code only if rest logging enabled + if ($this->config->item('rest_enable_logging') === true) { + $this->_log_response_code($http_code); + } + + // Output the data + $this->output->set_output($output); + + if ($continue === false) { + // Display the data and exit execution + $this->output->_display(); + exit; + } else { + if (is_callable('fastcgi_finish_request')) { + // Terminates connection and returns response to client on PHP-FPM. + $this->output->_display(); + ob_end_flush(); + fastcgi_finish_request(); + ignore_user_abort(true); + } else { + // Legacy compatibility. + ob_end_flush(); + } + } + ob_end_flush(); + // Otherwise dump the output automatically + } else { + echo json_encode($data); + } + } + + /** + * Takes mixed data and optionally a status code, then creates the response + * within the buffers of the Output class. The response is sent to the client + * lately by the framework, after the current controller's method termination. + * All the hooks after the controller's method termination are executable. + * + * @param array|null $data Data to output to the user + * @param int|null $http_code HTTP status code + */ + public function set_response($data = null, $http_code = null) + { + $this->response($data, $http_code, true); + } + + /** + * Get the input format e.g. json or xml. + * + * @return string|null Supported input format; otherwise, NULL + */ + protected function _detect_input_format() + { + // Get the CONTENT-TYPE value from the SERVER variable + $content_type = $this->input->server('CONTENT_TYPE'); + + if (empty($content_type) === false) { + // If a semi-colon exists in the string, then explode by ; and get the value of where + // the current array pointer resides. This will generally be the first element of the array + $content_type = (strpos($content_type, ';') !== false ? current(explode(';', $content_type)) : $content_type); + + // Check all formats against the CONTENT-TYPE header + foreach ($this->_supported_formats as $type => $mime) { + // $type = format e.g. csv + // $mime = mime type e.g. application/csv + + // If both the mime types match, then return the format + if ($content_type === $mime) { + return $type; + } + } + } + } + + /** + * Gets the default format from the configuration. Fallbacks to 'json' + * if the corresponding configuration option $config['rest_default_format'] + * is missing or is empty. + * + * @return string The default supported input format + */ + protected function _get_default_output_format() + { + $default_format = (string) $this->config->item('rest_default_format'); + + return $default_format === '' ? 'json' : $default_format; + } + + /** + * Detect which format should be used to output the data. + * + * @return mixed|null|string Output format + */ + protected function _detect_output_format() + { + // Concatenate formats to a regex pattern e.g. \.(csv|json|xml) + $pattern = '/\.('.implode('|', array_keys($this->_supported_formats)).')($|\/)/'; + $matches = []; + + // Check if a file extension is used e.g. http://example.com/api/index.json?param1=param2 + if (preg_match($pattern, $this->uri->uri_string(), $matches)) { + return $matches[1]; + } + + // Get the format parameter named as 'format' + if (isset($this->_get_args['format'])) { + $format = strtolower($this->_get_args['format']); + + if (isset($this->_supported_formats[$format]) === true) { + return $format; + } + } + + // Get the HTTP_ACCEPT server variable + $http_accept = $this->input->server('HTTP_ACCEPT'); + + // Otherwise, check the HTTP_ACCEPT server variable + if ($this->config->item('rest_ignore_http_accept') === false && $http_accept !== null) { + // Check all formats against the HTTP_ACCEPT header + foreach (array_keys($this->_supported_formats) as $format) { + // Has this format been requested? + if (strpos($http_accept, $format) !== false) { + if ($format !== 'html' && $format !== 'xml') { + // If not HTML or XML assume it's correct + return $format; + } elseif ($format === 'html' && strpos($http_accept, 'xml') === false) { + // HTML or XML have shown up as a match + // If it is truly HTML, it wont want any XML + return $format; + } elseif ($format === 'xml' && strpos($http_accept, 'html') === false) { + // If it is truly XML, it wont want any HTML + return $format; + } + } + } + } + + // Check if the controller has a default format + if (empty($this->rest_format) === false) { + return $this->rest_format; + } + + // Obtain the default format from the configuration + return $this->_get_default_output_format(); + } + + /** + * Get the HTTP request string e.g. get or post. + * + * @return string|null Supported request method as a lowercase string; otherwise, NULL if not supported + */ + protected function _detect_method() + { + // Declare a variable to store the method + $method = null; + + // Determine whether the 'enable_emulate_request' setting is enabled + if ($this->config->item('enable_emulate_request') === true) { + $method = $this->input->post('_method'); + if ($method === null) { + $method = $this->input->server('HTTP_X_HTTP_METHOD_OVERRIDE'); + } + + if ($method !== null) { + $method = strtolower($method); + } + } + + if (empty($method)) { + // Get the request method as a lowercase string + $method = $this->input->method(); + } + + return in_array($method, $this->allowed_http_methods) && method_exists($this, '_parse_'.$method) ? $method : 'get'; + } + + /** + * See if the user has provided an API key. + * + * @return bool + */ + protected function _detect_api_key() + { + // Get the api key name variable set in the rest config file + $api_key_variable = $this->config->item('rest_key_name'); + + // Work out the name of the SERVER entry based on config + $key_name = 'HTTP_'.strtoupper(str_replace('-', '_', $api_key_variable)); + + $this->rest->key = null; + $this->rest->level = null; + $this->rest->user_id = null; + $this->rest->ignore_limits = false; + + // Find the key from server or arguments + if ($key = isset($this->_args[$api_key_variable]) ? $this->_args[$api_key_variable] : $this->input->server($key_name)) { + $this->rest->key = $key; + + if (!($row = $this->rest->db->where($this->config->item('rest_key_column'), $key)->get($this->config->item('rest_keys_table'))->row())) { + return false; + } + + if ($this->config->item('rest_keys_expire') === true && $row->{$this->config->item('rest_keys_expiry_column')} < time()) { + return false; + } + + isset($row->user_id) && $this->rest->user_id = $row->user_id; + isset($row->level) && $this->rest->level = $row->level; + isset($row->ignore_limits) && $this->rest->ignore_limits = $row->ignore_limits; + + $this->_apiuser = $row; + + /* + * If "is private key" is enabled, compare the ip address with the list + * of valid ip addresses stored in the database + */ + if (empty($row->is_private_key) === false) { + // Check for a list of valid ip addresses + if (isset($row->ip_addresses)) { + // multiple ip addresses must be separated using a comma, explode and loop + $list_ip_addresses = explode(',', $row->ip_addresses); + $ip_address = $this->input->ip_address(); + $found_address = false; + + foreach ($list_ip_addresses as $list_ip) { + if ($ip_address === trim($list_ip)) { + // there is a match, set the the value to TRUE and break out of the loop + $found_address = true; + break; + } + } + + return $found_address; + } else { + // There should be at least one IP address for this private key + return false; + } + } + + return true; + } + + // No key has been sent + return false; + } + + /** + * Preferred return language. + * + * @return string|null|array The language code + */ + protected function _detect_lang() + { + $lang = $this->input->server('HTTP_ACCEPT_LANGUAGE'); + if ($lang === null) { + return; + } + + // It appears more than one language has been sent using a comma delimiter + if (strpos($lang, ',') !== false) { + $langs = explode(',', $lang); + + $return_langs = []; + foreach ($langs as $lang) { + // Remove weight and trim leading and trailing whitespace + list($lang) = explode(';', $lang); + $return_langs[] = trim($lang); + } + + return $return_langs; + } + + // Otherwise simply return as a string + return $lang; + } + + /** + * Add the request to the log table. + * + * @param bool $authorized TRUE the user is authorized; otherwise, FALSE + * + * @return bool TRUE the data was inserted; otherwise, FALSE + */ + protected function _log_request($authorized = false) + { + // Insert the request into the log table + $is_inserted = $this->rest->db + ->insert( + $this->config->item('rest_logs_table'), + [ + 'uri' => $this->uri->uri_string(), + 'method' => $this->request->method, + 'params' => $this->_args ? ($this->config->item('rest_logs_json_params') === true ? json_encode($this->_args) : serialize($this->_args)) : null, + 'api_key' => isset($this->rest->key) ? $this->rest->key : '', + 'ip_address' => $this->input->ip_address(), + 'time' => time(), + 'authorized' => $authorized, + ] + ); + + // Get the last insert id to update at a later stage of the request + $this->_insert_id = $this->rest->db->insert_id(); + + return $is_inserted; + } + + /** + * Check if the requests to a controller method exceed a limit. + * + * @param string $controller_method The method being called + * + * @return bool TRUE the call limit is below the threshold; otherwise, FALSE + */ + protected function _check_limit($controller_method) + { + // They are special, or it might not even have a limit + if (empty($this->rest->ignore_limits) === false) { + // Everything is fine + return true; + } + + $api_key = isset($this->rest->key) ? $this->rest->key : ''; + + switch ($this->config->item('rest_limits_method')) { + case 'IP_ADDRESS': + $api_key = $this->input->ip_address(); + $limited_uri = 'ip-address:'.$api_key; + break; + + case 'API_KEY': + $limited_uri = 'api-key:'.$api_key; + break; + + case 'METHOD_NAME': + $limited_uri = 'method-name:'.$controller_method; + break; + + case 'ROUTED_URL': + default: + $limited_uri = $this->uri->ruri_string(); + if (strpos(strrev($limited_uri), strrev($this->response->format)) === 0) { + $limited_uri = substr($limited_uri, 0, -strlen($this->response->format) - 1); + } + $limited_uri = 'uri:'.$limited_uri.':'.$this->request->method; // It's good to differentiate GET from PUT + break; + } + + if (isset($this->methods[$controller_method]['limit']) === false) { + // Everything is fine + return true; + } + + // How many times can you get to this method in a defined time_limit (default: 1 hour)? + $limit = $this->methods[$controller_method]['limit']; + + $time_limit = (isset($this->methods[$controller_method]['time']) ? $this->methods[$controller_method]['time'] : 3600); // 3600 = 60 * 60 + + // Get data about a keys' usage and limit to one row + $result = $this->rest->db + ->where('uri', $limited_uri) + ->where('api_key', $api_key) + ->get($this->config->item('rest_limits_table')) + ->row(); + + // No calls have been made for this key + if ($result === null) { + // Create a new row for the following key + $this->rest->db->insert($this->config->item('rest_limits_table'), [ + 'uri' => $limited_uri, + 'api_key' => $api_key, + 'count' => 1, + 'hour_started' => time(), + ]); + } + + // Been a time limit (or by default an hour) since they called + elseif ($result->hour_started < (time() - $time_limit)) { + // Reset the started period and count + $this->rest->db + ->where('uri', $limited_uri) + ->where('api_key', $api_key) + ->set('hour_started', time()) + ->set('count', 1) + ->update($this->config->item('rest_limits_table')); + } + + // They have called within the hour, so lets update + else { + // The limit has been exceeded + if ($result->count >= $limit) { + return false; + } + + // Increase the count by one + $this->rest->db + ->where('uri', $limited_uri) + ->where('api_key', $api_key) + ->set('count', 'count + 1', false) + ->update($this->config->item('rest_limits_table')); + } + + return true; + } + + /** + * Check if there is a specific auth type set for the current class/method/HTTP-method being called. + * + * @return bool + */ + protected function _auth_override_check() + { + // Assign the class/method auth type override array from the config + $auth_override_class_method = $this->config->item('auth_override_class_method'); + + // Check to see if the override array is even populated + if (!empty($auth_override_class_method)) { + // Check for wildcard flag for rules for classes + if (!empty($auth_override_class_method[$this->router->class]['*'])) { // Check for class overrides + // No auth override found, prepare nothing but send back a TRUE override flag + if ($auth_override_class_method[$this->router->class]['*'] === 'none') { + return true; + } + + // Basic auth override found, prepare basic + if ($auth_override_class_method[$this->router->class]['*'] === 'basic') { + $this->_prepare_basic_auth(); + + return true; + } + + // Digest auth override found, prepare digest + if ($auth_override_class_method[$this->router->class]['*'] === 'digest') { + $this->_prepare_digest_auth(); + + return true; + } + + // Session auth override found, check session + if ($auth_override_class_method[$this->router->class]['*'] === 'session') { + $this->_check_php_session(); + + return true; + } + + // Whitelist auth override found, check client's ip against config whitelist + if ($auth_override_class_method[$this->router->class]['*'] === 'whitelist') { + $this->_check_whitelist_auth(); + + return true; + } + } + + // Check to see if there's an override value set for the current class/method being called + if (!empty($auth_override_class_method[$this->router->class][$this->router->method])) { + // None auth override found, prepare nothing but send back a TRUE override flag + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'none') { + return true; + } + + // Basic auth override found, prepare basic + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'basic') { + $this->_prepare_basic_auth(); + + return true; + } + + // Digest auth override found, prepare digest + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'digest') { + $this->_prepare_digest_auth(); + + return true; + } + + // Session auth override found, check session + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'session') { + $this->_check_php_session(); + + return true; + } + + // Whitelist auth override found, check client's ip against config whitelist + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'whitelist') { + $this->_check_whitelist_auth(); + + return true; + } + } + } + + // Assign the class/method/HTTP-method auth type override array from the config + $auth_override_class_method_http = $this->config->item('auth_override_class_method_http'); + + // Check to see if the override array is even populated + if (!empty($auth_override_class_method_http)) { + // check for wildcard flag for rules for classes + if (!empty($auth_override_class_method_http[$this->router->class]['*'][$this->request->method])) { + // None auth override found, prepare nothing but send back a TRUE override flag + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'none') { + return true; + } + + // Basic auth override found, prepare basic + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'basic') { + $this->_prepare_basic_auth(); + + return true; + } + + // Digest auth override found, prepare digest + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'digest') { + $this->_prepare_digest_auth(); + + return true; + } + + // Session auth override found, check session + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'session') { + $this->_check_php_session(); + + return true; + } + + // Whitelist auth override found, check client's ip against config whitelist + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'whitelist') { + $this->_check_whitelist_auth(); + + return true; + } + } + + // Check to see if there's an override value set for the current class/method/HTTP-method being called + if (!empty($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method])) { + // None auth override found, prepare nothing but send back a TRUE override flag + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'none') { + return true; + } + + // Basic auth override found, prepare basic + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'basic') { + $this->_prepare_basic_auth(); + + return true; + } + + // Digest auth override found, prepare digest + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'digest') { + $this->_prepare_digest_auth(); + + return true; + } + + // Session auth override found, check session + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'session') { + $this->_check_php_session(); + + return true; + } + + // Whitelist auth override found, check client's ip against config whitelist + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'whitelist') { + $this->_check_whitelist_auth(); + + return true; + } + } + } + + return false; + } + + /** + * Parse the GET request arguments. + * + * @return void + */ + protected function _parse_get() + { + // Merge both the URI segments and query parameters + $this->_get_args = array_merge($this->_get_args, $this->_query_args); + } + + /** + * Parse the POST request arguments. + * + * @return void + */ + protected function _parse_post() + { + $this->_post_args = $_POST; + + if ($this->request->format) { + $this->request->body = $this->input->raw_input_stream; + } + } + + /** + * Parse the PUT request arguments. + * + * @return void + */ + protected function _parse_put() + { + if ($this->request->format) { + $this->request->body = $this->input->raw_input_stream; + if ($this->request->format === 'json') { + $this->_put_args = json_decode($this->input->raw_input_stream); + } + } elseif ($this->input->method() === 'put') { + // If no file type is provided, then there are probably just arguments + $this->_put_args = $this->input->input_stream(); + } + } + + /** + * Parse the HEAD request arguments. + * + * @return void + */ + protected function _parse_head() + { + // Parse the HEAD variables + parse_str(parse_url(http://github.com/$this-%3Einput-%3Eserver('REQUEST_URI'), PHP_URL_QUERY), $head); + + // Merge both the URI segments and HEAD params + $this->_head_args = array_merge($this->_head_args, $head); + } + + /** + * Parse the OPTIONS request arguments. + * + * @return void + */ + protected function _parse_options() + { + // Parse the OPTIONS variables + parse_str(parse_url(http://github.com/$this-%3Einput-%3Eserver('REQUEST_URI'), PHP_URL_QUERY), $options); + + // Merge both the URI segments and OPTIONS params + $this->_options_args = array_merge($this->_options_args, $options); + } + + /** + * Parse the PATCH request arguments. + * + * @return void + */ + protected function _parse_patch() + { + // It might be a HTTP body + if ($this->request->format) { + $this->request->body = $this->input->raw_input_stream; + } elseif ($this->input->method() === 'patch') { + // If no file type is provided, then there are probably just arguments + $this->_patch_args = $this->input->input_stream(); + } + } + + /** + * Parse the DELETE request arguments. + * + * @return void + */ + protected function _parse_delete() + { + // These should exist if a DELETE request + if ($this->input->method() === 'delete') { + $this->_delete_args = $this->input->input_stream(); + } + } + + /** + * Parse the query parameters. + * + * @return void + */ + protected function _parse_query() + { + $this->_query_args = $this->input->get(); + } + + // INPUT FUNCTION -------------------------------------------------------------- + + /** + * Retrieve a value from a GET request. + * + * @param null $key Key to retrieve from the GET request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the GET request; otherwise, NULL + */ + public function get($key = null, $xss_clean = null) + { + if ($key === null) { + return $this->_get_args; + } + + return isset($this->_get_args[$key]) ? $this->_xss_clean($this->_get_args[$key], $xss_clean) : null; + } + + /** + * Retrieve a value from a OPTIONS request. + * + * @param null $key Key to retrieve from the OPTIONS request. + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the OPTIONS request; otherwise, NULL + */ + public function options($key = null, $xss_clean = null) + { + if ($key === null) { + return $this->_options_args; + } + + return isset($this->_options_args[$key]) ? $this->_xss_clean($this->_options_args[$key], $xss_clean) : null; + } + + /** + * Retrieve a value from a HEAD request. + * + * @param null $key Key to retrieve from the HEAD request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the HEAD request; otherwise, NULL + */ + public function head($key = null, $xss_clean = null) + { + if ($key === null) { + return $this->_head_args; + } + + return isset($this->_head_args[$key]) ? $this->_xss_clean($this->_head_args[$key], $xss_clean) : null; + } + + /** + * Retrieve a value from a POST request. + * + * @param null $key Key to retrieve from the POST request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the POST request; otherwise, NULL + */ + public function post($key = null, $xss_clean = null) + { + if ($key === null) { + foreach (new RecursiveIteratorIterator(new RecursiveArrayIterator($this->_post_args), RecursiveIteratorIterator::CATCH_GET_CHILD) as $key => $value) { + $this->_post_args[$key] = $this->_xss_clean($this->_post_args[$key], $xss_clean); + } + + return $this->_post_args; + } + + return isset($this->_post_args[$key]) ? $this->_xss_clean($this->_post_args[$key], $xss_clean) : null; + } + + /** + * Retrieve a value from a PUT request. + * + * @param null $key Key to retrieve from the PUT request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the PUT request; otherwise, NULL + */ + public function put($key = null, $xss_clean = null) + { + if ($key === null) { + return $this->_put_args; + } + + return isset($this->_put_args[$key]) ? $this->_xss_clean($this->_put_args[$key], $xss_clean) : null; + } + + /** + * Retrieve a value from a DELETE request. + * + * @param null $key Key to retrieve from the DELETE request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the DELETE request; otherwise, NULL + */ + public function delete($key = null, $xss_clean = null) + { + if ($key === null) { + return $this->_delete_args; + } + + return isset($this->_delete_args[$key]) ? $this->_xss_clean($this->_delete_args[$key], $xss_clean) : null; + } + + /** + * Retrieve a value from a PATCH request. + * + * @param null $key Key to retrieve from the PATCH request + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the PATCH request; otherwise, NULL + */ + public function patch($key = null, $xss_clean = null) + { + if ($key === null) { + return $this->_patch_args; + } + + return isset($this->_patch_args[$key]) ? $this->_xss_clean($this->_patch_args[$key], $xss_clean) : null; + } + + /** + * Retrieve a value from the query parameters. + * + * @param null $key Key to retrieve from the query parameters + * If NULL an array of arguments is returned + * @param null $xss_clean Whether to apply XSS filtering + * + * @return array|string|null Value from the query parameters; otherwise, NULL + */ + public function query($key = null, $xss_clean = null) + { + if ($key === null) { + return $this->_query_args; + } + + return isset($this->_query_args[$key]) ? $this->_xss_clean($this->_query_args[$key], $xss_clean) : null; + } + + /** + * Sanitizes data so that Cross Site Scripting Hacks can be + * prevented. + * + * @param string $value Input data + * @param bool $xss_clean Whether to apply XSS filtering + * + * @return string + */ + protected function _xss_clean($value, $xss_clean) + { + is_bool($xss_clean) || $xss_clean = $this->_enable_xss; + + return $xss_clean === true ? $this->security->xss_clean($value) : $value; + } + + /** + * Retrieve the validation errors. + * + * @return array + */ + public function validation_errors() + { + $string = strip_tags($this->form_validation->error_string()); + + return explode(PHP_EOL, trim($string, PHP_EOL)); + } + + // SECURITY FUNCTIONS --------------------------------------------------------- + + /** + * Perform LDAP Authentication. + * + * @param string $username The username to validate + * @param string $password The password to validate + * + * @return bool + */ + protected function _perform_ldap_auth($username = '', $password = null) + { + if (empty($username)) { + log_message('debug', 'LDAP Auth: failure, empty username'); + + return false; + } + + log_message('debug', 'LDAP Auth: Loading configuration'); + + $this->config->load('ldap', true); + + $ldap = [ + 'timeout' => $this->config->item('timeout', 'ldap'), + 'host' => $this->config->item('server', 'ldap'), + 'port' => $this->config->item('port', 'ldap'), + 'rdn' => $this->config->item('binduser', 'ldap'), + 'pass' => $this->config->item('bindpw', 'ldap'), + 'basedn' => $this->config->item('basedn', 'ldap'), + ]; + + log_message('debug', 'LDAP Auth: Connect to '.(isset($ldap['host']) ? $ldap['host'] : '[ldap not configured]')); + + // Connect to the ldap server + $ldapconn = ldap_connect($ldap['host'], $ldap['port']); + if ($ldapconn) { + log_message('debug', 'Setting timeout to '.$ldap['timeout'].' seconds'); + + ldap_set_option($ldapconn, LDAP_OPT_NETWORK_TIMEOUT, $ldap['timeout']); + + log_message('debug', 'LDAP Auth: Binding to '.$ldap['host'].' with dn '.$ldap['rdn']); + + // Binding to the ldap server + $ldapbind = ldap_bind($ldapconn, $ldap['rdn'], $ldap['pass']); + + // Verify the binding + if ($ldapbind === false) { + log_message('error', 'LDAP Auth: bind was unsuccessful'); + + return false; + } + + log_message('debug', 'LDAP Auth: bind successful'); + } + + // Search for user + if (($res_id = ldap_search($ldapconn, $ldap['basedn'], "uid=$username")) === false) { + log_message('error', 'LDAP Auth: User '.$username.' not found in search'); + + return false; + } + + if (ldap_count_entries($ldapconn, $res_id) !== 1) { + log_message('error', 'LDAP Auth: Failure, username '.$username.'found more than once'); + + return false; + } + + if (($entry_id = ldap_first_entry($ldapconn, $res_id)) === false) { + log_message('error', 'LDAP Auth: Failure, entry of search result could not be fetched'); + + return false; + } + + if (($user_dn = ldap_get_dn($ldapconn, $entry_id)) === false) { + log_message('error', 'LDAP Auth: Failure, user-dn could not be fetched'); + + return false; + } + + // User found, could not authenticate as user + if (($link_id = ldap_bind($ldapconn, $user_dn, $password)) === false) { + log_message('error', 'LDAP Auth: Failure, username/password did not match: '.$user_dn); + + return false; + } + + log_message('debug', 'LDAP Auth: Success '.$user_dn.' authenticated successfully'); + + $this->_user_ldap_dn = $user_dn; + + ldap_close($ldapconn); + + return true; + } + + /** + * Perform Library Authentication - Override this function to change the way the library is called. + * + * @param string $username The username to validate + * @param string $password The password to validate + * + * @return bool + */ + protected function _perform_library_auth($username = '', $password = null) + { + if (empty($username)) { + log_message('error', 'Library Auth: Failure, empty username'); + + return false; + } + + $auth_library_class = strtolower($this->config->item('auth_library_class')); + $auth_library_function = strtolower($this->config->item('auth_library_function')); + + if (empty($auth_library_class)) { + log_message('debug', 'Library Auth: Failure, empty auth_library_class'); + + return false; + } + + if (empty($auth_library_function)) { + log_message('debug', 'Library Auth: Failure, empty auth_library_function'); + + return false; + } + + if (is_callable([$auth_library_class, $auth_library_function]) === false) { + $this->load->library($auth_library_class); + } + + return $this->{$auth_library_class}->$auth_library_function($username, $password); + } + + /** + * Check if the user is logged in. + * + * @param string $username The user's name + * @param bool|string $password The user's password + * + * @return bool + */ + protected function _check_login($username = null, $password = false) + { + if (empty($username)) { + return false; + } + + $auth_source = strtolower($this->config->item('auth_source')); + $rest_auth = strtolower($this->config->item('rest_auth')); + $valid_logins = $this->config->item('rest_valid_logins'); + + if (!$this->config->item('auth_source') && $rest_auth === 'digest') { + // For digest we do not have a password passed as argument + return md5($username.':'.$this->config->item('rest_realm').':'.(isset($valid_logins[$username]) ? $valid_logins[$username] : '')); + } + + if ($password === false) { + return false; + } + + if ($auth_source === 'ldap') { + log_message('debug', "Performing LDAP authentication for $username"); + + return $this->_perform_ldap_auth($username, $password); + } + + if ($auth_source === 'library') { + log_message('debug', "Performing Library authentication for $username"); + + return $this->_perform_library_auth($username, $password); + } + + if (array_key_exists($username, $valid_logins) === false) { + return false; + } + + if ($valid_logins[$username] !== $password) { + return false; + } + + return true; + } + + /** + * Check to see if the user is logged in with a PHP session key. + * + * @return void + */ + protected function _check_php_session() + { + // If whitelist is enabled it has the first chance to kick them out + if ($this->config->item('rest_ip_whitelist_enabled')) { + $this->_check_whitelist_auth(); + } + + // Load library session of CodeIgniter + $this->load->library('session'); + + // Get the auth_source config item + $key = $this->config->item('auth_source'); + + // If false, then the user isn't logged in + if (!$this->session->userdata($key)) { + // Display an error response + $this->response([ + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unauthorized'), + ], self::HTTP_UNAUTHORIZED); + } + } + + /** + * Prepares for basic authentication. + * + * @return void + */ + protected function _prepare_basic_auth() + { + // If whitelist is enabled it has the first chance to kick them out + if ($this->config->item('rest_ip_whitelist_enabled')) { + $this->_check_whitelist_auth(); + } + + // Returns NULL if the SERVER variables PHP_AUTH_USER and HTTP_AUTHENTICATION don't exist + $username = $this->input->server('PHP_AUTH_USER'); + $http_auth = $this->input->server('HTTP_AUTHENTICATION') ?: $this->input->server('HTTP_AUTHORIZATION'); + + $password = null; + if ($username !== null) { + $password = $this->input->server('PHP_AUTH_PW'); + } elseif ($http_auth !== null) { + // If the authentication header is set as basic, then extract the username and password from + // HTTP_AUTHORIZATION e.g. my_username:my_password. This is passed in the .htaccess file + if (strpos(strtolower($http_auth), 'basic') === 0) { + // Search online for HTTP_AUTHORIZATION workaround to explain what this is doing + list($username, $password) = explode(':', base64_decode(substr($this->input->server('HTTP_AUTHORIZATION'), 6))); + } + } + + // Check if the user is logged into the system + if ($this->_check_login($username, $password) === false) { + $this->_force_login(); + } + } + + /** + * Prepares for digest authentication. + * + * @return void + */ + protected function _prepare_digest_auth() + { + // If whitelist is enabled it has the first chance to kick them out + if ($this->config->item('rest_ip_whitelist_enabled')) { + $this->_check_whitelist_auth(); + } + + // We need to test which server authentication variable to use, + // because the PHP ISAPI module in IIS acts different from CGI + $digest_string = $this->input->server('PHP_AUTH_DIGEST'); + if ($digest_string === null) { + $digest_string = $this->input->server('HTTP_AUTHORIZATION'); + } + + $unique_id = uniqid(); + + // The $_SESSION['error_prompted'] variable is used to ask the password + // again if none given or if the user enters wrong auth information + if (empty($digest_string)) { + $this->_force_login($unique_id); + } + + // We need to retrieve authentication data from the $digest_string variable + $matches = []; + preg_match_all('@(username|nonce|uri|nc|cnonce|qop|response)=[\'"]?([^\'",]+)@', $digest_string, $matches); + $digest = (empty($matches[1]) || empty($matches[2])) ? [] : array_combine($matches[1], $matches[2]); + + // For digest authentication the library function should return already stored md5(username:restrealm:password) for that username see rest.php::auth_library_function config + $username = $this->_check_login($digest['username'], true); + if (isset($digest['username']) === false || $username === false) { + $this->_force_login($unique_id); + } + + $md5 = md5(strtoupper($this->request->method).':'.$digest['uri']); + $valid_response = md5($username.':'.$digest['nonce'].':'.$digest['nc'].':'.$digest['cnonce'].':'.$digest['qop'].':'.$md5); + + // Check if the string don't compare (case-insensitive) + if (strcasecmp($digest['response'], $valid_response) !== 0) { + // Display an error response + $this->response([ + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_invalid_credentials'), + ], self::HTTP_UNAUTHORIZED); + } + } + + /** + * Checks if the client's ip is in the 'rest_ip_blacklist' config and generates a 401 response. + * + * @return void + */ + protected function _check_blacklist_auth() + { + // Match an ip address in a blacklist e.g. 127.0.0.0, 0.0.0.0 + $pattern = sprintf('/(?:,\s*|^)\Q%s\E(?=,\s*|$)/m', $this->input->ip_address()); + + // Returns 1, 0 or FALSE (on error only). Therefore implicitly convert 1 to TRUE + if (preg_match($pattern, $this->config->item('rest_ip_blacklist'))) { + // Display an error response + $this->response([ + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ip_denied'), + ], self::HTTP_UNAUTHORIZED); + } + } + + /** + * Check if the client's ip is in the 'rest_ip_whitelist' config and generates a 401 response. + * + * @return void + */ + protected function _check_whitelist_auth() + { + $whitelist = explode(',', $this->config->item('rest_ip_whitelist')); + + array_push($whitelist, '127.0.0.1', '0.0.0.0'); + + foreach ($whitelist as &$ip) { + // As $ip is a reference, trim leading and trailing whitespace, then store the new value + // using the reference + $ip = trim($ip); + } + + if (in_array($this->input->ip_address(), $whitelist) === false) { + $this->response([ + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ip_unauthorized'), + ], self::HTTP_UNAUTHORIZED); + } + } + + /** + * Force logging in by setting the WWW-Authenticate header. + * + * @param string $nonce A server-specified data string which should be uniquely generated + * each time + * + * @return void + */ + protected function _force_login($nonce = '') + { + $rest_auth = strtolower($this->config->item('rest_auth')); + $rest_realm = $this->config->item('rest_realm'); + if ($rest_auth === 'basic') { + // See http://tools.ietf.org/html/rfc2617#page-5 + header('WWW-Authenticate: Basic realm="'.$rest_realm.'"'); + } elseif ($rest_auth === 'digest') { + // See http://tools.ietf.org/html/rfc2617#page-18 + header( + 'WWW-Authenticate: Digest realm="'.$rest_realm + .'", qop="auth", nonce="'.$nonce + .'", opaque="'.md5($rest_realm).'"' + ); + } + + if ($this->config->item('strict_api_and_auth') === true) { + $this->is_valid_request = false; + } + + // Display an error response + $this->response([ + $this->config->item('rest_status_field_name') => false, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unauthorized'), + ], self::HTTP_UNAUTHORIZED); + } + + /** + * Updates the log table with the total access time. + * + * @author Chris Kacerguis + * + * @return bool TRUE log table updated; otherwise, FALSE + */ + protected function _log_access_time() + { + if ($this->_insert_id == '') { + return false; + } + + $payload['rtime'] = $this->_end_rtime - $this->_start_rtime; + + return $this->rest->db->update( + $this->config->item('rest_logs_table'), + $payload, + [ + 'id' => $this->_insert_id, + ] + ); + } + + /** + * Updates the log table with HTTP response code. + * + * @author Justin Chen + * + * @param $http_code int HTTP status code + * + * @return bool TRUE log table updated; otherwise, FALSE + */ + protected function _log_response_code($http_code) + { + if ($this->_insert_id == '') { + return false; + } + + $payload['response_code'] = $http_code; + + return $this->rest->db->update( + $this->config->item('rest_logs_table'), + $payload, + [ + 'id' => $this->_insert_id, + ] + ); + } + + /** + * Check to see if the API key has access to the controller and methods. + * + * @return bool TRUE the API key has access; otherwise, FALSE + */ + protected function _check_access() + { + // If we don't want to check access, just return TRUE + if ($this->config->item('rest_enable_access') === false) { + return true; + } + + // Fetch controller based on path and controller name + $controller = implode( + '/', + [ + $this->router->directory, + $this->router->class, + ] + ); + + // Remove any double slashes for safety + $controller = str_replace('//', '/', $controller); + + //check if the key has all_access + $accessRow = $this->rest->db + ->where('key', $this->rest->key) + ->where('controller', $controller) + ->get($this->config->item('rest_access_table'))->row_array(); + + if (!empty($accessRow) && !empty($accessRow['all_access'])) { + return true; + } + + return false; + } + + /** + * Checks allowed domains, and adds appropriate headers for HTTP access control (CORS). + * + * @return void + */ + protected function _check_cors() + { + // Convert the config items into strings + $allowed_headers = implode(', ', $this->config->item('allowed_cors_headers')); + $allowed_methods = implode(', ', $this->config->item('allowed_cors_methods')); + + // If we want to allow any domain to access the API + if ($this->config->item('allow_any_cors_domain') === true) { + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Allow-Headers: '.$allowed_headers); + header('Access-Control-Allow-Methods: '.$allowed_methods); + } else { + // We're going to allow only certain domains access + // Store the HTTP Origin header + $origin = $this->input->server('HTTP_ORIGIN'); + if ($origin === null) { + $origin = ''; + } + + // If the origin domain is in the allowed_cors_origins list, then add the Access Control headers + if (in_array($origin, $this->config->item('allowed_cors_origins'))) { + header('Access-Control-Allow-Origin: '.$origin); + header('Access-Control-Allow-Headers: '.$allowed_headers); + header('Access-Control-Allow-Methods: '.$allowed_methods); + } + } + + // If there are headers that should be forced in the CORS check, add them now + if (is_array($this->config->item('forced_cors_headers'))) { + foreach ($this->config->item('forced_cors_headers') as $header => $value) { + header($header.': '.$value); + } + } + + // If the request HTTP method is 'OPTIONS', kill the response and send it to the client + if ($this->input->method() === 'options') { + // Load DB if needed for logging + if (!isset($this->rest->db) && $this->config->item('rest_enable_logging')) { + $this->rest->db = $this->load->database($this->config->item('rest_database_group'), true); + } + exit; + } + } +} diff --git a/src/auth/apikey.php b/src/auth/apikey.php new file mode 100644 index 00000000..e69de29b diff --git a/src/auth/basic.php b/src/auth/basic.php new file mode 100644 index 00000000..e69de29b diff --git a/src/auth/ldap.php b/src/auth/ldap.php new file mode 100644 index 00000000..e69de29b diff --git a/src/index.html b/src/index.html new file mode 100755 index 00000000..b702fbc3 --- /dev/null +++ b/src/index.html @@ -0,0 +1,11 @@ + + + +Directory access is forbidden. + + + diff --git a/application/config/rest.php b/src/rest.php similarity index 67% rename from application/config/rest.php rename to src/rest.php index 71704cde..7c8c4c9b 100644 --- a/application/config/rest.php +++ b/src/rest.php @@ -1,6 +1,6 @@ method['METHOD_NAME']['limit'] = [NUM_REQUESTS_PER_HOUR]; +| $this->methods['METHOD_NAME']['limit'] = [NUM_REQUESTS_PER_HOUR]; | | See application/controllers/api/example.php for examples */ -$config['rest_enable_limits'] = FALSE; +$config['rest_enable_limits'] = false; /* |-------------------------------------------------------------------------- @@ -461,7 +585,7 @@ | Only do this if you are using the $this->rest_format or /format/xml in URLs | */ -$config['rest_ignore_http_accept'] = FALSE; +$config['rest_ignore_http_accept'] = false; /* |-------------------------------------------------------------------------- @@ -476,7 +600,7 @@ | Hint: This is good for production environments | */ -$config['rest_ajax_only'] = FALSE; +$config['rest_ajax_only'] = false; /* |-------------------------------------------------------------------------- @@ -487,3 +611,93 @@ | */ $config['rest_language'] = 'english'; + +/* +|-------------------------------------------------------------------------- +| CORS Check +|-------------------------------------------------------------------------- +| +| Set to TRUE to enable Cross-Origin Resource Sharing (CORS). Useful if you +| are hosting your API on a different domain from the application that +| will access it through a browser +| +*/ +$config['check_cors'] = false; + +/* +|-------------------------------------------------------------------------- +| CORS Allowable Headers +|-------------------------------------------------------------------------- +| +| If using CORS checks, set the allowable headers here +| +*/ +$config['allowed_cors_headers'] = [ + 'Origin', + 'X-Requested-With', + 'Content-Type', + 'Accept', + 'Access-Control-Request-Method', +]; + +/* +|-------------------------------------------------------------------------- +| CORS Allowable Methods +|-------------------------------------------------------------------------- +| +| If using CORS checks, you can set the methods you want to be allowed +| +*/ +$config['allowed_cors_methods'] = [ + 'GET', + 'POST', + 'OPTIONS', + 'PUT', + 'PATCH', + 'DELETE', +]; + +/* +|-------------------------------------------------------------------------- +| CORS Allow Any Domain +|-------------------------------------------------------------------------- +| +| Set to TRUE to enable Cross-Origin Resource Sharing (CORS) from any +| source domain +| +*/ +$config['allow_any_cors_domain'] = false; + +/* +|-------------------------------------------------------------------------- +| CORS Allowable Domains +|-------------------------------------------------------------------------- +| +| Used if $config['check_cors'] is set to TRUE and $config['allow_any_cors_domain'] +| is set to FALSE. Set all the allowable domains within the array +| +| e.g. $config['allowed_origins'] = ['http://www.example.com/', 'https://spa.example.com/'] +| +*/ +$config['allowed_cors_origins'] = []; + +/* +|-------------------------------------------------------------------------- +| CORS Forced Headers +|-------------------------------------------------------------------------- +| +| If using CORS checks, always include the headers and values specified here +| in the OPTIONS client preflight. +| Example: +| $config['forced_cors_headers'] = [ +| 'Access-Control-Allow-Credentials' => 'true' +| ]; +| +| Added because of how Sencha Ext JS framework requires the header +| Access-Control-Allow-Credentials to be set to true to allow the use of +| credentials in the REST Proxy. +| See documentation here: +| http://docs.sencha.com/extjs/6.5.2/classic/Ext.data.proxy.Rest.html#cfg-withCredentials +| +*/ +$config['forced_cors_headers'] = []; |