blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-21 22:19:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

RESTv1

Browse Source
This commit is contained in:
Paminger
2016-03-11 10:08:34 +01:00
parent 24756d9cf3
commit 19129266b2
19 changed files with 1153 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
application/config/autoload.php
+1 -1
View File
@@ -59,7 +59,7 @@ $autoload['packages'] = array();
| $autoload['libraries'] = array('user_agent' => 'ua');
*/
//$autoload['libraries'] = array();
$autoload['libraries'] = array('database');
$autoload['libraries'] = array('session');
/*
| -------------------------------------------------------------------
application/config/rest.php
+6 -6
View File
@@ -94,7 +94,7 @@ $config['enable_emulate_request'] = TRUE;
| e.g: My Secret REST API
|
*/
$config['rest_realm'] = 'REST API';
$config['rest_realm'] = 'FHC REST API';
/*
|--------------------------------------------------------------------------
@@ -110,7 +110,7 @@ $config['rest_realm'] = 'REST API';
| authorization key
|
*/
$config['rest_auth'] = FALSE;
$config['rest_auth'] = 'session';
/*
|--------------------------------------------------------------------------
@@ -126,7 +126,7 @@ $config['rest_auth'] = FALSE;
| Note: If 'rest_auth' is set to 'session' then change 'auth_source' to the name of the session variable
|
*/
$config['auth_source'] = 'ldap';
$config['auth_source'] = 'RestAPISession';
/*
|--------------------------------------------------------------------------
@@ -144,8 +144,8 @@ $config['auth_source'] = 'ldap';
| e.g: md5('admin:REST API:1234') = '1e957ebc35631ab22d5bd6526bd14ea2'
|
*/
$config['auth_library_class'] = '';
$config['auth_library_function'] = '';
$config['auth_library_class'] = 'FHCAuth';
$config['auth_library_function'] = 'auth';
/*
|--------------------------------------------------------------------------
@@ -353,7 +353,7 @@ $config['rest_key_length'] = 40;
| 2012/06/12. See RFC 6648 specification for more details
|
*/
$config['rest_key_name'] = 'WSP-API-KEY';
$config['rest_key_name'] = 'FHC-API-KEY';
/*
|--------------------------------------------------------------------------
application/controllers/Person.php
+1 -1
View File
@@ -1,5 +1,5 @@
<?php
class Person extends CI_Controller {
class Person extends MY_Controller {
public function __construct()
{
application/controllers/Rest_server.php
+1 -1
View File
@@ -29,7 +29,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
*
* A more detailed class description.
*/
class Rest_server extends CI_Controller {
class Rest_server extends MY_Controller {
public function index()
{
application/controllers/Vilesci.php
Executable
+44
View File
@@ -0,0 +1,44 @@
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Vilesci extends CI_Controller {
/**
* Index Page for this controller.
*
* Maps to the following URL
* http://example.com/index.php/welcome
* - or -
* http://example.com/index.php/welcome/index
* - or -
* Since this controller is set as the default controller in
* config/routes.php, it's displayed at http://example.com/
*
* So any other public methods not prefixed with an underscore will
* map to /index.php/welcome/<method_name>
* @see http://codeigniter.com/user_guide/general/urls.html
*/
public function index()
{
if ($this->dbupdate())
echo 'System-DB needs update!';
else
{
$this->load->view('templates/header');
$this->load->view('vilesci_frameset');
$this->load->view('templates/footer');
}
}
private function dbupdate()
{
// Check for update (codeigniter migration)
$this->load->library('migration');
if ($this->migration->current() === FALSE)
show_error($this->migration->error_string());
if ($this->migration->current() != $this->migration->latest())
return true;
else
return false;
}
}
application/controllers/api/Key.php
+272
View File
@@ -0,0 +1,272 @@
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
require APPPATH . '/libraries/REST_Controller.php';
/**
* Keys Controller
* This is a basic Key Management REST controller to make and delete keys
*
* @package CodeIgniter
* @subpackage Rest Server
* @category Controller
* @author Phil Sturgeon, Chris Kacerguis
* @license MIT
* @link https://github.com/chriskacerguis/codeigniter-restserver
*/
class Key extends REST_Controller {
protected $methods = [
'index_put' => ['level' => 10, 'limit' => 10],
'index_delete' => ['level' => 10],
'level_post' => ['level' => 10],
'regenerate_post' => ['level' => 10],
];
/**
* Insert a key into the database
*
* @access public
* @return void
*/
public function index_put()
{
// Build a new key
$key = $this->_generate_key();
// If no key level provided, provide a generic key
$level = $this->put('level') ? $this->put('level') : 1;
$ignore_limits = ctype_digit($this->put('ignore_limits')) ? (int) $this->put('ignore_limits') : 1;
// Insert the new key
if ($this->_insert_key($key, ['level' => $level, 'ignore_limits' => $ignore_limits]))
{
$this->response([
'status' => TRUE,
'key' => $key
], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
}
else
{
$this->response([
'status' => FALSE,
'message' => 'Could not save the key'
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
}
}
/**
* Remove a key from the database to stop it working
*
* @access public
* @return void
*/
public function index_delete()
{
$key = $this->delete('key');
// Does this key exist?
if (!$this->_key_exists($key))
{
// It doesn't appear the key exists
$this->response([
'status' => FALSE,
'message' => 'Invalid API key'
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
}
// Destroy it
$this->_delete_key($key);
// Respond that the key was destroyed
$this->response([
'status' => TRUE,
'message' => 'API key was deleted'
], REST_Controller::HTTP_NO_CONTENT); // NO_CONTENT (204) being the HTTP response code
}
/**
* Change the level
*
* @access public
* @return void
*/
public function level_post()
{
$key = $this->post('key');
$new_level = $this->post('level');
// Does this key exist?
if (!$this->_key_exists($key))
{
// It doesn't appear the key exists
$this->response([
'status' => FALSE,
'message' => 'Invalid API key'
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
}
// Update the key level
if ($this->_update_key($key, ['level' => $new_level]))
{
$this->response([
'status' => TRUE,
'message' => 'API key was updated'
], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
}
else
{
$this->response([
'status' => FALSE,
'message' => 'Could not update the key level'
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
}
}
/**
* Suspend a key
*
* @access public
* @return void
*/
public function suspend_post()
{
$key = $this->post('key');
// Does this key exist?
if (!$this->_key_exists($key))
{
// It doesn't appear the key exists
$this->response([
'status' => FALSE,
'message' => 'Invalid API key'
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
}
// Update the key level
if ($this->_update_key($key, ['level' => 0]))
{
$this->response([
'status' => TRUE,
'message' => 'Key was suspended'
], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
}
else
{
$this->response([
'status' => FALSE,
'message' => 'Could not suspend the user'
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
}
}
/**
* Regenerate a key
*
* @access public
* @return void
*/
public function regenerate_post()
{
$old_key = $this->post('key');
$key_details = $this->_get_key($old_key);
// Does this key exist?
if (!$key_details)
{
// It doesn't appear the key exists
$this->response([
'status' => FALSE,
'message' => 'Invalid API key'
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
}
// Build a new key
$new_key = $this->_generate_key();
// Insert the new key
if ($this->_insert_key($new_key, ['level' => $key_details->level, 'ignore_limits' => $key_details->ignore_limits]))
{
// Suspend old key
$this->_update_key($old_key, ['level' => 0]);
$this->response([
'status' => TRUE,
'key' => $new_key
], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
}
else
{
$this->response([
'status' => FALSE,
'message' => 'Could not save the key'
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
}
}
/* Helper Methods */
private function _generate_key()
{
do
{
// Generate a random salt
$salt = base_convert(bin2hex($this->security->get_random_bytes(64)), 16, 36);
// If an error occurred, then fall back to the previous method
if ($salt === FALSE)
{
$salt = hash('sha256', time() . mt_rand());
}
$new_key = substr($salt, 0, config_item('rest_key_length'));
}
while ($this->_key_exists($new_key));
return $new_key;
}
/* Private Data Methods */
private function _get_key($key)
{
return $this->db
->where(config_item('rest_key_column'), $key)
->get(config_item('rest_keys_table'))
->row();
}
private function _key_exists($key)
{
return $this->db
->where(config_item('rest_key_column'), $key)
->count_all_results(config_item('rest_keys_table')) > 0;
}
private function _insert_key($key, $data)
{
$data[config_item('rest_key_column')] = $key;
$data['date_created'] = function_exists('now') ? now() : time();
return $this->db
->set($data)
->insert(config_item('rest_keys_table'));
}
private function _update_key($key, $data)
{
return $this->db
->where(config_item('rest_key_column'), $key)
->update(config_item('rest_keys_table'), $data);
}
private function _delete_key($key)
{
return $this->db
->where(config_item('rest_key_column'), $key)
->delete(config_item('rest_keys_table'));
}
}
application/language/english/index.html → application/controllers/api/index.html
Executable → Regular
View File
application/controllers/api/v1/AuthAPI.php
+130
View File
@@ -0,0 +1,130 @@
<?php
/**
* Whisperocity
*
* @package Whisperocity
* @author WSP-Team
* @copyright Copyright (c) 2015, Whisperocity
* @license proprietary
* @link http://whisperocity.com/
* @since Version 1.0
* @filesource
*/
// ------------------------------------------------------------------------
defined('BASEPATH') OR exit('No direct script access allowed');
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
require APPPATH . '/libraries/REST_Controller.php';
/**
* Handles user authentication and registration process
*/
class AuthAPI extends REST_Controller {
/**
* Userauth-Controller constructor.
* A more elaborate description of the constructor.
* {@inheritdoc}
*/
function __construct()
{
// Construct the parent class
parent::__construct();
// Configure limits on our controller methods
// Ensure you have created the 'limits' table and enabled 'limits' within application/config/rest.php
$this->methods['login_get']['limit'] = 500; // 500 requests per hour per user/key
// Load helper
$this->load->helper('fhcauth');
$this->load->library('session');
}
/**
* Checks user credentials and creates a new session
* @return string JSON that indicates success/failure of login
* @example normal account: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/password/secret/device_id/abcdef123
* @example OAuth Google: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/google_token/qwert321
* @example OAuth Facebook: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/fb_token/qwert321
*/
public function login_get()
{
$payload = array();
$errormsg = "";
$httpstatus = null;
$username = urldecode($this->get('username'));
$password = urldecode($this->get('password'));
$account = auth($username,$password);
// perform login checks
if (!$account)
$errormsg = "Auth not accepted!";
if (empty($errormsg))
{
// generate new session
$this->session->sess_regenerate();
$token = session_id();
$payload = [
'success' => true,
'message' => 'User successfully logged in',
'session_id' => $token
];
$httpstatus = REST_Controller::HTTP_OK;
}
else
{
$payload = [
'success' => false,
'message' => $errormsg
];
$httpstatus = REST_Controller::HTTP_UNAUTHORIZED;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
/**
* Logs out user by destroying session
* @return string JSON that indicates success/failure of logout
* @example http://wsp.fortyseeds.at/backend/api/userauth/logout/username/foo%40bar.at/session_id/55afab8ba6f1b/device_id/abcdef123
*/
public function logout_get()
{
$payload = array();
$httpstatus = null;
$token = $this->get('session_id');
$username = urldecode($this->get('username'));
$deviceid = $this->get('device_id');
$account = $this->user_model->load($username);
// destroy session
if ($this->session_model->destroy($account, $token, $deviceid))
{
$payload = [
'success' => true,
'message' => 'user successfully logged out'
];
$httpstatus = REST_Controller::HTTP_OK;
}
else
{
$payload = [
'success' => false,
'message' => 'user could not be logged out'
];
$httpstatus = REST_Controller::HTTP_BAD_REQUEST;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
}
application/controllers/api/v1/Example.php
+140
View File
@@ -0,0 +1,140 @@
<?php
/**
* @file
* This is an example of a few basic user interaction methods you could use
* all done with a hardcoded array
*
* @package CodeIgniter
* @subpackage Rest Server
* @category Controller
* @author Phil Sturgeon, Chris Kacerguis
* @license MIT
* @link https://github.com/chriskacerguis/codeigniter-restserver
*/
defined('BASEPATH') OR exit('No direct script access allowed');
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
require APPPATH . '/libraries/REST_Controller.php';
class Example extends REST_Controller {
/**
* @copydoc REST_Controller::__construct()
*/
function __construct()
{
// Construct the parent class
parent::__construct();
// Configure limits on our controller methods
// Ensure you have created the 'limits' table and enabled 'limits' within application/config/rest.php
$this->methods['user_get']['limit'] = 500; // 500 requests per hour per user/key
$this->methods['user_post']['limit'] = 100; // 100 requests per hour per user/key
$this->methods['user_delete']['limit'] = 50; // 50 requests per hour per user/key
}
public function users_get()
{
// Users from a data store e.g. database
$users = [
['id' => 1, 'name' => 'John', 'email' => 'john@example.com', 'fact' => 'Loves coding'],
['id' => 2, 'name' => 'Jim', 'email' => 'jim@example.com', 'fact' => 'Developed on CodeIgniter'],
['id' => 3, 'name' => 'Jane', 'email' => 'jane@example.com', 'fact' => 'Lives in the USA', ['hobbies' => ['guitar', 'cycling']]],
];
$id = $this->get('id');
// If the id parameter doesn't exist return all the users
if ($id === NULL)
{
// Check if the users data store contains users (in case the database result returns NULL)
if ($users)
{
// Set the response and exit
$this->response($users, REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
}
else
{
// Set the response and exit
$this->response([
'status' => FALSE,
'message' => 'No users were found'
], REST_Controller::HTTP_NOT_FOUND); // NOT_FOUND (404) being the HTTP response code
}
}
// Find and return a single record for a particular user.
$id = (int) $id;
// Validate the id.
if ($id <= 0)
{
// Invalid id, set the response and exit.
$this->response(NULL, REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
}
// Get the user from the array, using the id as key for retreival.
// Usually a model is to be used for this.
$user = NULL;
if (!empty($users))
{
foreach ($users as $key => $value)
{
if (isset($value['id']) && $value['id'] === $id)
{
$user = $value;
}
}
}
if (!empty($user))
{
$this->set_response($user, REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
}
else
{
$this->set_response([
'status' => FALSE,
'message' => 'User could not be found'
], REST_Controller::HTTP_NOT_FOUND); // NOT_FOUND (404) being the HTTP response code
}
}
public function users_post()
{
// $this->some_model->update_user( ... );
$message = [
'id' => 100, // Automatically generated by the model
'name' => $this->post('name'),
'email' => $this->post('email'),
'message' => 'Added a resource'
];
$this->set_response($message, REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
}
public function users_delete()
{
$id = (int) $this->get('id');
// Validate the id.
if ($id <= 0)
{
// Set the response and exit
$this->response(NULL, REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
}
// $this->some_model->delete_something($id);
$message = [
'id' => $id,
'message' => 'Deleted the resource'
];
$this->set_response($message, REST_Controller::HTTP_NO_CONTENT); // NO_CONTENT (204) being the HTTP response code
}
}
application/controllers/api/v1/Person.php
+367
View File
@@ -0,0 +1,367 @@
<?php
/**
* FH-Complete
*
* @package FHC-API
* @author FHC-Team
* @copyright Copyright (c) 2016, fhcomplete.org
* @license GPLv3
* @link http://fhcomplete.org
* @since Version 1.0
* @filesource
*/
// ------------------------------------------------------------------------
defined('BASEPATH') OR exit('No direct script access allowed');
class Person extends API_Controller
{
//public $session;
/**
* Person API constructor.
*/
function __construct()
{
parent::__construct();
$this->load->model('person/person_model');
}
public function person_get()
{
//if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
// $this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
$code = $this->get('code');
if (!is_null($code))
$result = $this->person_model->getPersonByCode($code);
// var_dump($result[0]);
if (empty($result))
{
$payload = [
'success' => false,
'message' => 'Person not found'
];
$httpstatus = REST_Controller::HTTP_OK;
}
else
{
// return all available locations
$payload = [
'success' => true,
'message' => 'Person with code found',
'person_id' => $result[0]->person_id
];
$httpstatus = REST_Controller::HTTP_OK;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
/**
* Creates a new location for whisper or returns all available locations
* within a certain radius
* @return string JSON that indicates success/failure of creating location
* @example http://wsp.fortyseeds.at/backend/api/whisper/location/name/Foo/latitude/37.37888785004527/longitude/-120.333251953125/session_id/55afab8ba6f1b/device_id/abcdef123
*/
public function location_get()
{
if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
$this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
$name = urldecode($this->get('name'));
$latitude = $this->get('latitude');
$longitude = $this->get('longitude');
if (!empty($name) && !empty($latitude) && !empty($longitude))
{
// check available locations
$locsWithinRadius = $this->location_model->getLocationsWithinRadius($latitude, $longitude);
if (empty($locsWithinRadius))
{
// create new location
$locId = $this->location_model->create($name, $latitude, $longitude);
if ($locId !== false)
{
$payload = [
'success' => true,
'message' => 'location created successfully',
'location_id' => $locId
];
$httpstatus = REST_Controller::HTTP_CREATED;
}
else
{
$payload = [
'success' => false,
'message' => 'location could not be created'
];
$httpstatus = REST_Controller::HTTP_INTERNAL_SERVER_ERROR;
}
}
else
{
// return all available locations
$payload = [
'success' => true,
'message' => '1 or more locations available',
'location_id' => $locsWithinRadius
];
$httpstatus = REST_Controller::HTTP_OK;
}
}
else
{
$payload = [
'success' => false,
'message' => "name, latitude or longitude missing"
];
$httpstatus = REST_Controller::HTTP_BAD_REQUEST;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
/**
* Creates a new whisper
* @return string JSON that indicates success/failure of creating location
* @example http://wsp.fortyseeds.at/backend/api/whisper/create/session_id/55afab8ba6f1b/device_id/abcdef123
*/
public function create_post()
{
if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
$this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
$data = $this->post('whisper');
// perform checks if whisper can be created
$errormsg = "";
$notNull = array('location_id', 'name', 'type', 'description', 'scenery', 'price', 'sportiness', 'address', 'category');
foreach ($notNull as $key)
{
if (empty($data[$key]))
{
$errormsg = "missing data";
break;
}
}
if (empty($errormsg))
{
if (!empty($data['picture']))
{
// save file name in the profile
$data['picture'] = $this->_savePicture($data['picture']);
}
// add user ID to data
$session = $this->session_model->load($this->get('session_id'));
$data['user_id'] = $session->user_id;
// create new whisper
$whisperId = $this->whisper_model->create($data);
if ($whisperId !== false)
{
// check if user status change is necessary
if ($this->status_model->current($session->user_id) != 'full' &&
$this->whisper_model->count($session->user_id) >= $this->config->item('userstatus_full_whisperer'))
{
$this->status_model->set($session->user_id, 'full');
}
$payload = [
'success' => true,
'message' => 'whisper created successfully',
'whisper_id' => $whisperId
];
$httpstatus = REST_Controller::HTTP_CREATED;
}
else
{
$payload = [
'success' => false,
'message' => 'whisper could not be created'
];
$httpstatus = REST_Controller::HTTP_INTERNAL_SERVER_ERROR;
}
}
else
{
$payload = [
'success' => false,
'message' => $errormsg
];
$httpstatus = REST_Controller::HTTP_BAD_REQUEST;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
/**
* Edits a whisper
* @return string JSON that indicates success/failure of editing whisper
* @example http://wsp.fortyseeds.at/backend/api/whisper/edit/whisper_id/1/session_id/55afab8ba6f1b/device_id/abcdef123
*/
public function edit_post()
{
if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
$this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
$data = $this->post('whisper');
$whisperId = $this->get('whisper_id');
// perform checks if whisper can be edited
$errormsg = "";
$notNull = array('location_id', 'name', 'type', 'description', 'scenery', 'price', 'sportiness', 'address', 'category');
foreach ($notNull as $key)
{
if (isset($data[$key]) && empty($data[$key]))
{
$errormsg = "missing data";
break;
}
}
if (empty($errormsg))
{
if (!empty($data['picture']))
{
$data['picture'] = $this->_savePicture($data['picture']);
}
// load user session
$session = $this->session_model->load($this->get('session_id'));
// save changes
$result = $this->whisper_model->edit($whisperId, $data, $session->user_id);
if ($result === 1)
{
$payload = [
'success' => true,
'message' => 'whisper edited successfully'
];
$httpstatus = REST_Controller::HTTP_OK;
}
else
{
$payload = [
'success' => false,
'message' => 'whisper does not exist or does not belong to user'
];
$httpstatus = REST_Controller::HTTP_BAD_REQUEST;
}
}
else
{
$payload = [
'success' => false,
'message' => $errormsg
];
$httpstatus = REST_Controller::HTTP_BAD_REQUEST;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
/**
* Returns all whispers of a user
* @return string JSON with whisper data
* @example http://wsp.fortyseeds.at/backend/api/whisper/personal/session_id/55afab8ba6f1b/device_id/abcdef123
*/
public function personal_get()
{
if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
$this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
$profile = $this->profile_model->loadBySession($this->get('session_id'));
$whispers = $this->whisper_model->getByUser($profile->user_id);
$payload = [
'success' => true,
'message' => 'whispers returned successfully',
'whispers' => $whispers
];
$httpstatus = REST_Controller::HTTP_OK;
// Set the response and exit
$this->response($payload, $httpstatus);
}
/**
* Deletes a whisper
* @return string JSON that indicates success/failure of deleting whisper
* @example http://wsp.fortyseeds.at/backend/api/whisper/delete/session_id/d05434b3728bd2a525a1947c3ec4d754/device_id/abcdef123/whisper_id/7/reason/Gef%C3%A4llt%20mir%20nicht%20mehr
*/
public function delete_get()
{
if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
$this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
$whisperId = $this->get('whisper_id');
$this->get('reason') == '' ? $reason = 'null' : $reason = "'" . urldecode($this->get('reason')) . "'";
$profile = $this->profile_model->loadBySession($this->get('session_id'));
$result = $this->whisper_model->delete($whisperId, $profile->user_id, $reason);
if ($result === 0)
{
$payload = [
'success' => false,
'message' => 'whisper does not exist or does not belong to user'
];
$httpstatus = REST_Controller::HTTP_BAD_REQUEST;
}
else
{
$payload = [
'success' => true,
'message' => 'whisper deleted successfully'
];
$httpstatus = REST_Controller::HTTP_OK;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
/**
* Decodes base64 image data and saves file to disk
* @param string $base64data
* @return string path and file name of picture
*/
private function _savePicture($base64data)
{
// decode data and get file type
$imgdata = base64_decode($base64data);
$fileinfo = finfo_open();
$mimetype = finfo_buffer($fileinfo, $imgdata, FILEINFO_MIME_TYPE);
$ext = str_replace('image/', '.', $mimetype);
$tmpfname = tempnam($this->config->item('whisperpic_path'), "wsp");
$picfname = $tmpfname . $ext;
// save pic to disk
$handle = fopen($picfname, "w");
fwrite($handle, $imgdata);
fclose($handle);
// delete tmp file
if (is_file($tmpfname))
unlink($tmpfname);
// return file name
return $picfname;
}
}
application/controllers/api/v1/Ping.php
+56
View File
@@ -0,0 +1,56 @@
<?php
/**
* Whisperocity
*
* @package Whisperocity
* @author WSP-Team
* @copyright Copyright (c) 2015, Whisperocity
* @license proprietary
* @link http://whisperocity.com/
* @since Version 1.0
* @filesource
*/
// ------------------------------------------------------------------------
defined('BASEPATH') OR exit('No direct script access allowed');
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
require APPPATH . '/libraries/REST_Controller.php';
/**
* Handles ping attempts of applications
*/
class Ping extends REST_Controller {
/**
* Ping-Controller constructor.
* A more elaborate description of the constructor.
*/
function __construct()
{
// Construct the parent class
parent::__construct();
// Configure limits on our controller methods
// Ensure you have created the 'limits' table and enabled 'limits' within application/config/rest.php
$this->methods['ping_get']['limit'] = 500; // 500 requests per hour per user/key
}
/**
* Responds to ping attempts of applications
* @return string JSON which acknowledges the ping attempt
* @example http://wsp.fortyseeds.at/backend/api/ping
*/
public function index_get()
{
$payload = [
'success' => true,
'message' => 'ping received'
];
// Set the response and exit
$this->response($payload, REST_Controller::HTTP_OK);
}
}
application/core/MY_Controller.php
+17
View File
@@ -0,0 +1,17 @@
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
require APPPATH . '/libraries/REST_Controller.php';
class API_Controller extends REST_Controller
{
function __construct()
{
parent::__construct();
//$this->load->library('session'); -> autoload
//$this->load->library('database'); -> autoload
}
}
application/core/MY_Model.php
+13
View File
@@ -0,0 +1,13 @@
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class DB_Model extends CI_Model
{
function __construct()
{
parent::__construct();
$this->load->library('database');
}
}
application/helpers/fhcauth_helper.php
+51
View File
@@ -0,0 +1,51 @@
<?php
/**
* FH-Complete
*
* @package FHC-Helper
* @author FHC-Team
* @copyright Copyright (c) 2016 fhcomplete.org
* @license GPLv3
* @link https://fhcomplete.org
* @since Version 1.0.0
* @filesource
*/
defined('BASEPATH') OR exit('No direct script access allowed');
require_once 'include/authentication.class.php';
/**
* FHC-Auth Helpers
*
* @package FH-Complete
* @subpackage Helpers
* @category Helpers
* @author FHC-Team
* @link http://fhcomplete.org/user_guide/helpers/fhcauth_helper.html
*/
// ------------------------------------------------------------------------
if ( ! function_exists('auth'))
{
/**
* Auth Username, Password over FH-Complete
*
* @param string $username
* @param string $password
* @return bool
*/
function auth($username, $password)
{
$auth = new authentication();
if ($auth->checkpassword($username, $password))
{
echo 'Auth-Method-False';
return true;
}
else
{
echo 'Auth-Method-False';
return false;
}
}
}
application/language/de_AT/index.html
Executable
+11
View File
@@ -0,0 +1,11 @@
<!DOCTYPE html>
<html>
<head>
<title>403 Forbidden</title>
</head>
<body>
<p>Directory access is forbidden.</p>
</body>
</html>
application/language/de_AT/rest_controller_lang.php
+17
View File
@@ -0,0 +1,17 @@
<?php
/*
* English language
*/
$lang['text_rest_invalid_api_key'] = 'Invalid API key %s'; // %s is the REST API key
$lang['text_rest_invalid_credentials'] = 'Invalid credentials';
$lang['text_rest_ip_denied'] = 'IP denied';
$lang['text_rest_ip_unauthorized'] = 'IP unauthorized';
$lang['text_rest_unauthorized'] = 'Unauthorized';
$lang['text_rest_ajax_only'] = 'Only AJAX requests are allowed';
$lang['text_rest_api_key_unauthorized'] = 'This API key does not have access to the requested controller';
$lang['text_rest_api_key_permissions'] = 'This API key does not have enough permissions';
$lang['text_rest_api_key_time_limit'] = 'This API key has reached the time limit for this method';
$lang['text_rest_unknown_method'] = 'Unknown method';
$lang['text_rest_unsupported'] = 'Unsupported protocol';
application/language/en_US/rest_controller_lang.php
+17
View File
@@ -0,0 +1,17 @@
<?php
/*
* English language
*/
$lang['text_rest_invalid_api_key'] = 'Invalid API key %s'; // %s is the REST API key
$lang['text_rest_invalid_credentials'] = 'Invalid credentials';
$lang['text_rest_ip_denied'] = 'IP denied';
$lang['text_rest_ip_unauthorized'] = 'IP unauthorized';
$lang['text_rest_unauthorized'] = 'Unauthorized';
$lang['text_rest_ajax_only'] = 'Only AJAX requests are allowed';
$lang['text_rest_api_key_unauthorized'] = 'This API key does not have access to the requested controller';
$lang['text_rest_api_key_permissions'] = 'This API key does not have enough permissions';
$lang['text_rest_api_key_time_limit'] = 'This API key has reached the time limit for this method';
$lang['text_rest_unknown_method'] = 'Unknown method';
$lang['text_rest_unsupported'] = 'Unsupported protocol';
application/models/Studiengang_model.php → application/models/organisation/Studiengang_model.php
View File
application/models/Person_model.php → application/models/person/Person_model.php
+9 -3
View File
@@ -1,12 +1,12 @@
<?php
class Person_model extends CI_Model
class Person_model extends DB_Model
{
public function __construct()
{
$this->load->database();
parent::__construct();
}
public function get_personen($person_id = FALSE)
public function getPersonen($person_id = FALSE)
{
if ($person_id === FALSE)
{
@@ -17,4 +17,10 @@ class Person_model extends CI_Model
$query = $this->db->get_where('public.tbl_person', array('person_id' => $person_id));
return $query->row_object();
}
public function getPersonByCode($code)
{
$query = $this->db->get_where('public.tbl_person', array('zugangscode' => $code));
return $query->result_object();
}
}