diff options
Diffstat (limited to 'modules/rest/helpers')
| -rw-r--r-- | modules/rest/helpers/registry_rest.php | 30 | ||||
| -rw-r--r-- | modules/rest/helpers/rest.php | 191 | ||||
| -rw-r--r-- | modules/rest/helpers/rest_event.php | 102 | ||||
| -rw-r--r-- | modules/rest/helpers/rest_installer.php | 52 |
4 files changed, 375 insertions, 0 deletions
diff --git a/modules/rest/helpers/registry_rest.php b/modules/rest/helpers/registry_rest.php new file mode 100644 index 0000000..2b4087a --- /dev/null +++ b/modules/rest/helpers/registry_rest.php @@ -0,0 +1,30 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class registry_rest_Core { + static function get($request) { + $results = array(); + foreach (module::active() as $module) { + foreach (glob(MODPATH . "{$module->name}/helpers/*_rest.php") as $filename) { + $results[] = str_replace("_rest.php", "", basename($filename)); + } + } + return array_unique($results); + } +} diff --git a/modules/rest/helpers/rest.php b/modules/rest/helpers/rest.php new file mode 100644 index 0000000..c6be1e1 --- /dev/null +++ b/modules/rest/helpers/rest.php @@ -0,0 +1,191 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class rest_Core { + const API_VERSION = "3.0"; + + static function reply($data=array()) { + Session::instance()->abort_save(); + + header("X-Gallery-API-Version: " . rest::API_VERSION); + switch (Input::instance()->get("output", "json")) { + case "json": + json::reply($data); + break; + + case "jsonp": + if (!($callback = Input::instance()->get("callback", ""))) { + throw new Rest_Exception( + "Bad Request", 400, array("errors" => array("callback" => "missing"))); + } + + if (preg_match('/^[$A-Za-z_][0-9A-Za-z_]*$/', $callback) == 1) { + header("Content-type: application/javascript; charset=UTF-8"); + print "$callback(" . json_encode($data) . ")"; + } else { + throw new Rest_Exception( + "Bad Request", 400, array("errors" => array("callback" => "invalid"))); + } + break; + + case "html": + header("Content-type: text/html; charset=UTF-8"); + if ($data) { + $html = preg_replace( + "#([\w]+?://[\w]+[^ \'\"\n\r\t<]*)#ise", "'<a href=\"\\1\" >\\1</a>'", + var_export($data, 1)); + } else { + $html = t("Empty response"); + } + print "<pre>$html</pre>"; + if (gallery::show_profiler()) { + Profiler::enable(); + $profiler = new Profiler(); + $profiler->render(); + } + break; + + default: + throw new Rest_Exception("Bad Request", 400); + } + } + + static function set_active_user($access_key) { + if (empty($access_key)) { + if (module::get_var("rest", "allow_guest_access")) { + identity::set_active_user(identity::guest()); + return; + } else { + throw new Rest_Exception("Forbidden", 403); + } + } + + $key = ORM::factory("user_access_key") + ->where("access_key", "=", $access_key) + ->find(); + + if (!$key->loaded()) { + throw new Rest_Exception("Forbidden", 403); + } + + $user = identity::lookup_user($key->user_id); + if (empty($user)) { + throw new Rest_Exception("Forbidden", 403); + } + + identity::set_active_user($user); + } + + static function reset_access_key() { + $key = ORM::factory("user_access_key") + ->where("user_id", "=", identity::active_user()->id) + ->find(); + if ($key->loaded()) { + $key->delete(); + } + return rest::access_key(); + } + + static function access_key() { + $key = ORM::factory("user_access_key") + ->where("user_id", "=", identity::active_user()->id) + ->find(); + + if (!$key->loaded()) { + $key->user_id = identity::active_user()->id; + $key->access_key = md5(random::hash() . access::private_key()); + $key->save(); + } + + return $key->access_key; + } + + /** + * Convert a REST url into an object. + * Eg: + * http://example.com/gallery3/index.php/rest/item/35 -> Item_Model + * http://example.com/gallery3/index.php/rest/tag/16 -> Tag_Model + * http://example.com/gallery3/index.php/rest/tagged_item/1,16 -> [Tag_Model, Item_Model] + * + * @param string the fully qualified REST url + * @return mixed the corresponding object (usually a model of some kind) + */ + static function resolve($url) { + if ($suffix = Kohana::config('core.url_suffix')) { + $relative_url = substr($url, strlen(url::abs_site("rest")) - strlen($suffix)); + } else { + $relative_url = substr($url, strlen(url::abs_site("rest"))); + } + + $path = parse_url($relative_url, PHP_URL_PATH); + $components = explode("/", $path, 3); + + if (count($components) != 3) { + throw new Kohana_404_Exception($url); + } + + $class = "$components[1]_rest"; + if (!class_exists($class) || !method_exists($class, "resolve")) { + throw new Kohana_404_Exception($url); + } + + return call_user_func(array($class, "resolve"), !empty($components[2]) ? $components[2] : null); + } + + /** + * Return an absolute url used for REST resource location. + * @param string resource type (eg, "item", "tag") + * @param object resource + */ + static function url() { + $args = func_get_args(); + $resource_type = array_shift($args); + + $class = "{$resource_type}_rest"; + if (!class_exists($class) || !method_exists($class, "url")) { + throw new Rest_Exception("Bad Request", 400); + } + + $url = call_user_func_array(array($class, "url"), $args); + if (Input::instance()->get("output") == "html") { + if (strpos($url, "?") === false) { + $url .= "?output=html"; + } else { + $url .= "&output=html"; + } + } + return $url; + } + + static function relationships($resource_type, $resource) { + $results = array(); + foreach (module::active() as $module) { + foreach (glob(MODPATH . "{$module->name}/helpers/*_rest.php") as $filename) { + $class = str_replace(".php", "", basename($filename)); + if (class_exists($class) && method_exists($class, "relationships")) { + if ($tmp = call_user_func(array($class, "relationships"), $resource_type, $resource)) { + $results = array_merge($results, $tmp); + } + } + } + } + + return $results; + } +} diff --git a/modules/rest/helpers/rest_event.php b/modules/rest/helpers/rest_event.php new file mode 100644 index 0000000..991e2b6 --- /dev/null +++ b/modules/rest/helpers/rest_event.php @@ -0,0 +1,102 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class rest_event { + /** + * Called just before a user is deleted. This will remove the user from + * the user_homes directory. + */ + static function user_before_delete($user) { + db::build() + ->delete("user_access_keys") + ->where("id", "=", $user->id) + ->execute(); + } + + + static function change_provider($new_provider) { + db::build() + ->delete("user_access_keys") + ->execute(); + } + + /** + * Called after a user has been added. Just add a remote access key + * on every add. + */ + static function user_add_form_admin_completed($user, $form) { + $key = ORM::factory("user_access_key"); + $key->user_id = $user->id; + $key->access_key = random::hash(); + $key->save(); + } + + /** + * Called when admin is editing a user + */ + static function user_edit_form_admin($user, $form) { + self::_get_access_key_form($user, $form); + } + + /** + * Get the form fields for user edit + */ + static function _get_access_key_form($user, $form) { + $key = ORM::factory("user_access_key") + ->where("user_id", "=", $user->id) + ->find(); + + if (!$key->loaded()) { + $key->user_id = $user->id; + $key->access_key = random::hash(); + $key->save(); + } + + $form->edit_user->input("user_access_key") + ->value($key->access_key) + ->readonly("readonly") + ->class("g-form-static") + ->label(t("Remote access key")); + } + + static function show_user_profile($data) { + // Guests can't see a REST key + if (identity::active_user()->guest) { + return; + } + + // Only logged in users can see their own REST key + if (identity::active_user()->id != $data->user->id) { + return; + } + + $view = new View("user_profile_rest.html"); + $key = ORM::factory("user_access_key") + ->where("user_id", "=", $data->user->id) + ->find(); + + if (!$key->loaded()) { + $key->user_id = $data->user->id; + $key->access_key = random::hash(); + $key->save(); + } + $view->rest_key = $key->access_key; + $data->content[] = (object)array("title" => t("REST API"), "view" => $view); + } +} diff --git a/modules/rest/helpers/rest_installer.php b/modules/rest/helpers/rest_installer.php new file mode 100644 index 0000000..96f8acf --- /dev/null +++ b/modules/rest/helpers/rest_installer.php @@ -0,0 +1,52 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2013 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class rest_installer { + static function install() { + Database::instance() + ->query("CREATE TABLE {user_access_keys} ( + `id` int(9) NOT NULL auto_increment, + `user_id` int(9) NOT NULL, + `access_key` char(32) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY(`access_key`), + UNIQUE KEY(`user_id`)) + DEFAULT CHARSET=utf8;"); + module::set_var("rest", "allow_guest_access", false); + } + + static function upgrade($version) { + $db = Database::instance(); + if ($version == 1) { + if (in_array("user_access_tokens", Database::instance()->list_tables())) { + $db->query("RENAME TABLE {user_access_tokens} TO {user_access_keys}"); + } + module::set_version("rest", $version = 2); + } + + if ($version == 2) { + module::set_var("rest", "allow_guest_access", false); + module::set_version("rest", $version = 3); + } + } + + static function uninstall() { + Database::instance()->query("DROP TABLE IF EXISTS {user_access_keys}"); + } +} |