iflrandevu/application/controllers/api/v1/API_V1_Controller.php

174 lines
5.1 KiB
PHP

<?php defined('BASEPATH') or exit('No direct script access allowed');
/* ----------------------------------------------------------------------------
* Easy!Appointments - Open Source Web Scheduler
*
* @package EasyAppointments
* @author A.Tselegidis <alextselegidis@gmail.com>
* @copyright Copyright (c) 2013 - 2020, Alex Tselegidis
* @license https://opensource.org/licenses/GPL-3.0 - GPLv3
* @link https://easyappointments.org
* @since v1.2.0
* ---------------------------------------------------------------------------- */
use EA\Engine\Api\V1\Authorization;
use EA\Engine\Types\NonEmptyText;
/**
* API V1 Controller
*
* Parent controller class for the API v1 resources. Extend this class instead of the CI_Controller
* and call the parent constructor.
*
* @package Controllers
*/
class API_V1_Controller extends EA_Controller {
/**
* Class Constructor
*
* This constructor will handle the common operations of each API call.
*
* Important: Do not forget to call the this constructor from the child classes.
*
* Notice: At the time being only the basic authentication is supported. Make sure
* that you use the API through SSL/TLS for security.
*/
public function __construct()
{
try
{
parent::__construct();
$this->load->model('settings_model');
$api_token = setting('api_token');
$authorization = new Authorization($this);
if ( ! empty($api_token) && $api_token === $this->get_bearer_token())
{
return;
}
if ( ! isset($_SERVER['PHP_AUTH_USER']))
{
$this->request_authentication();
return;
}
$username = new NonEmptyText($_SERVER['PHP_AUTH_USER']);
$password = new NonEmptyText($_SERVER['PHP_AUTH_PW']);
$authorization->basic($username, $password);
}
catch (Throwable $e)
{
$this->handle_exception($exception);
exit;
}
}
/**
* Returns the bearer token value.
*
* @return string
*/
protected function get_bearer_token()
{
$headers = $this->get_authorization_header();
// HEADER: Get the access token from the header
if ( ! empty($headers))
{
if (preg_match('/Bearer\s(\S+)/', $headers, $matches))
{
return $matches[1];
}
}
return NULL;
}
/**
* Returns the authorization header.
*
* @return string
*/
protected function get_authorization_header()
{
$headers = NULL;
if (isset($_SERVER['Authorization']))
{
$headers = trim($_SERVER['Authorization']);
}
else
{
if (isset($_SERVER['HTTP_AUTHORIZATION']))
{
//Nginx or fast CGI
$headers = trim($_SERVER['HTTP_AUTHORIZATION']);
}
elseif (function_exists('apache_request_headers'))
{
$requestHeaders = apache_request_headers();
// Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care
// about capitalization for Authorization).
$requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
if (isset($requestHeaders['Authorization']))
{
$headers = trim($requestHeaders['Authorization']);
}
}
}
return $headers;
}
/**
* Sets request authentication headers.
*/
protected function request_authentication()
{
header('WWW-Authenticate: Basic realm="Easy!Appointments"');
header('HTTP/1.0 401 Unauthorized');
exit('You are not authorized to use the API.');
}
/**
* Outputs the required headers and messages for exception handling.
*
* Call this method from catch blocks of child controller callbacks.
*
* @param Exception $exception Thrown exception to be outputted.
*/
protected function handle_exception(Exception $exception)
{
$error = [
'code' => $exception->getCode() ?: 500,
'message' => $e->getMessage(),
];
$header = $exception instanceof \EA\Engine\Api\V1\Exception
? $exception->getCode() . ' ' . $exception->get_header()
: '500 Internal Server Error';
header('HTTP/1.0 ' . $header);
header('Content-Type: application/json');
$this->output
->set_content_type('application/json')
->set_output(json_encode($error, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
}
/**
* Throw an API exception stating that the requested record was not found.
*
* @throws \EA\Engine\Api\V1\Exception
*/
protected function throw_record_not_found()
{
throw new \EA\Engine\Api\V1\Exception('The requested record was not found!', 404, 'Not Found');
}
}