hazza/Phraseanet
1
0
Fork 0
mirror of https://github.com/alchemy-fr/Phraseanet.git synced 2025-10-11 03:53:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

add api authentication in route middleware

Browse Source
This commit is contained in:
Nicolas Le Goff
2012-04-24 17:44:44 +02:00
parent 04c6b93775
commit 2486769d29
1 changed files with 637 additions and 643 deletions
Download Patch File Download Diff File Expand all files Collapse all files

140
lib/Alchemy/Phrasea/Application/Api.php
View File

@@ -45,6 +45,49 @@ return call_user_func(function()
return new \API_V1_adapter(false, $app["appbox"], $app["Core"]);
};
/** *********************************************************
* oAuth token verification process
* @ throws \API_V1_exception_unauthorized
* ********************************************************* */
$mustBeLogged = function($request) use ($app)
{
$session = $app["appbox"]->get_session();
$oauth2_adapter = new \API_OAuth2_Adapter($app["appbox"]);
$oauth2_adapter->verifyAccessToken();
$user = \User_Adapter::getInstance($oauth2_adapter->get_usr_id(), $app["appbox"]);
$app['token'] = \API_OAuth2_Token::load_by_oauth_token($app["appbox"], $oauth2_adapter->getToken());
if ($session->is_authenticated())
{
return;
}
if ($oauth2_adapter->has_ses_id())
{
try
{
$session->restore($user, $oauth2_adapter->get_ses_id());
return;
}
catch (\Exception $e)
{
}
}
$auth = new \Session_Authentication_None($user);
$session->authenticate($auth);
$oauth2_adapter->remember_this_ses_id($session->get_ses_id());
return;
};
/* *********************************************************
* oAUth log process
* ******************************************************* */
$parseRoute = function ($route, Response $response)
{
$ressource = $general = $aspect = $action = null;
@@ -96,55 +139,12 @@ return call_user_func(function()
return array('ressource' => $ressource, 'general' => $general, 'aspect' => $aspect, 'action' => $action);
};
/**
* oAuth verification process
*/
$app->before(function($request) use ($app)
{
$session = $app["appbox"]->get_session();
$oauth2_adapter = new \API_OAuth2_Adapter($app["appbox"]);
$oauth2_adapter->verifyAccessToken();
$user = \User_Adapter::getInstance($oauth2_adapter->get_usr_id(), $app["appbox"]);
$app['token'] = \API_OAuth2_Token::load_by_oauth_token($app["appbox"], $oauth2_adapter->getToken());
if ($session->is_authenticated())
{
return;
}
if ($oauth2_adapter->has_ses_id())
{
try
{
$session->restore($user, $oauth2_adapter->get_ses_id());
return;
}
catch (\Exception $e)
{
}
}
$auth = new \Session_Authentication_None($user);
$session->authenticate($auth);
$oauth2_adapter->remember_this_ses_id($session->get_ses_id());
return;
});
/**
* oAUth log process
*/
$app->after(function (Request $request, Response $response) use ($app, $parseRoute)
{
$account = $app['token']->get_account();
$pathInfo = $request->getPathInfo();
$route = $parseRoute($pathInfo, $response);
$log = \API_V1_Log::create(
\API_V1_Log::create(
$app["appbox"]
, $account
, $request->getMethod() . " " . $pathInfo
@@ -180,7 +180,7 @@ return call_user_func(function()
{
return $app['api']->get_databoxes($app['request'])->get_response();
}
);
)->middleware($mustBeLogged);
/**
* *******************************************************************
@@ -200,7 +200,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+');
$app->get('/databoxes/{any_id}/collections/', $bad_request_exception);
@@ -223,7 +223,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+');
$app->get('/databoxes/{any_id}/status/', $bad_request_exception);
@@ -243,7 +243,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+');
$app->get('/databoxes/{any_id}/metadatas/', $bad_request_exception);
@@ -263,14 +263,11 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+');
$app->get('/databoxes/{any_id}/termsOfUse/', $bad_request_exception);
/**
* Route : /records/search/FORMAT/
*
@@ -295,7 +292,7 @@ return call_user_func(function()
return $result->get_response();
}
);
)->middleware($mustBeLogged);
$route = '/records/{databox_id}/{record_id}/caption/';
@@ -306,7 +303,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+')->assert('record_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+')->assert('record_id', '\d+');
$app->get('/records/{any_id}/{anyother_id}/caption/', $bad_request_exception);
@@ -329,7 +326,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+')->assert('record_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+')->assert('record_id', '\d+');
$app->get('/records/{any_id}/{anyother_id}/metadatas/', $bad_request_exception);
@@ -351,7 +348,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+')->assert('record_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+')->assert('record_id', '\d+');
$app->get('/records/{any_id}/{anyother_id}/status/', $bad_request_exception);
@@ -373,7 +370,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+')->assert('record_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+')->assert('record_id', '\d+');
$app->get('/records/{any_id}/{anyother_id}/related/', $bad_request_exception);
@@ -395,7 +392,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+')->assert('record_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+')->assert('record_id', '\d+');
$app->get('/records/{any_id}/{anyother_id}/embed/', $bad_request_exception);
@@ -417,7 +414,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+')->assert('record_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+')->assert('record_id', '\d+');
$app->post('/records/{any_id}/{anyother_id}/setmetadatas/', $bad_request_exception);
@@ -439,7 +436,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+')->assert('record_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+')->assert('record_id', '\d+');
$app->post('/records/{any_id}/{anyother_id}/setstatus/', $bad_request_exception);
@@ -462,7 +459,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('databox_id', '\d+')->assert('record_id', '\d+');
)->middleware($mustBeLogged)->assert('databox_id', '\d+')->assert('record_id', '\d+');
$app->post('/records/{wrong_databox_id}/{wrong_record_id}/setcollection/', $bad_request_exception);
@@ -472,7 +469,7 @@ return call_user_func(function()
$result = $app['api']->get_record($app['request'], $databox_id, $record_id);
return $result->get_response();
})->assert('databox_id', '\d+')->assert('record_id', '\d+');
})->middleware($mustBeLogged)->assert('databox_id', '\d+')->assert('record_id', '\d+');
$app->get('/records/{any_id}/{anyother_id}/', $bad_request_exception);
/**
@@ -491,7 +488,7 @@ return call_user_func(function()
return $result->get_response();
}
);
)->middleware($mustBeLogged);
/**
@@ -510,7 +507,7 @@ return call_user_func(function()
return $result->get_response();
}
);
)->middleware($mustBeLogged);
@@ -531,7 +528,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('basket_id', '\d+');
)->middleware($mustBeLogged)->assert('basket_id', '\d+');
$app->get('/baskets/{wrong_basket_id}/content/', $bad_request_exception);
@@ -552,7 +549,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('basket_id', '\d+');
)->middleware($mustBeLogged)->assert('basket_id', '\d+');
$app->post('/baskets/{wrong_basket_id}/setname/', $bad_request_exception);
@@ -573,7 +570,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('basket_id', '\d+');
)->middleware($mustBeLogged)->assert('basket_id', '\d+');
$app->post('/baskets/{wrong_basket_id}/setdescription/', $bad_request_exception);
/**
@@ -593,7 +590,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('basket_id', '\d+');
)->middleware($mustBeLogged)->assert('basket_id', '\d+');
$app->post('/baskets/{wrong_basket_id}/delete/', $bad_request_exception);
@@ -616,7 +613,7 @@ return call_user_func(function()
return $result->get_response();
}
);
)->middleware($mustBeLogged);
/**
* Route : /feeds/PUBLICATION_ID/content/FORMAT/
@@ -637,7 +634,7 @@ return call_user_func(function()
return $result->get_response();
}
)->assert('feed_id', '\d+');
)->middleware($mustBeLogged)->assert('feed_id', '\d+');
$app->get('/feeds/{wrong_feed_id}/content/', $bad_request_exception);
/**
@@ -661,8 +658,6 @@ return call_user_func(function()
$code = \API_V1_result::ERROR_UNAUTHORIZED;
elseif ($e instanceof \API_V1_exception_internalservererror)
$code = \API_V1_result::ERROR_INTERNALSERVERERROR;
// elseif ($e instanceof API_V1_exception_notfound)
// $code = API_V1_result::ERROR_NOTFOUND;
elseif ($e instanceof \Exception_NotFound)
$code = \API_V1_result::ERROR_NOTFOUND;
elseif ($e instanceof Exception\NotFoundHttpException)
@@ -674,7 +669,6 @@ return call_user_func(function()
return $result->get_response();
});
//// public function get_version();
////
////
//// /**