|
1
|
|
|
<?php |
|
2
|
|
|
declare(strict_types=1); |
|
3
|
|
|
defined('BASEPATH') OR exit('No direct script access allowed'); |
|
4
|
|
|
|
|
5
|
|
|
require_once('RESTAuth.php'); |
|
6
|
|
|
require_once('RESTResponse.php'); |
|
7
|
|
|
require_once('RESTExceptions.php'); |
|
8
|
|
|
|
|
9
|
|
|
class REST |
|
10
|
|
|
{ |
|
11
|
|
|
/** |
|
12
|
|
|
* [private description] |
|
13
|
|
|
* @var [type] |
|
|
|
|
|
|
14
|
|
|
*/ |
|
15
|
|
|
private $ci; |
|
16
|
|
|
|
|
17
|
|
|
/** |
|
18
|
|
|
* [private description] |
|
19
|
|
|
* @var [type] |
|
|
|
|
|
|
20
|
|
|
*/ |
|
21
|
|
|
private $api_key_limit_column; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* [private description] |
|
25
|
|
|
* @var [type] |
|
|
|
|
|
|
26
|
|
|
*/ |
|
27
|
|
|
private $api_key_column; |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* [private description] |
|
31
|
|
|
* @var [type] |
|
|
|
|
|
|
32
|
|
|
*/ |
|
33
|
|
|
private $per_hour; |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* [private description] |
|
37
|
|
|
* @var [type] |
|
|
|
|
|
|
38
|
|
|
*/ |
|
39
|
|
|
private $ip_per_hour; |
|
40
|
|
|
|
|
41
|
|
|
/** |
|
42
|
|
|
* [private description] |
|
43
|
|
|
* @var [type] |
|
|
|
|
|
|
44
|
|
|
*/ |
|
45
|
|
|
private $show_header; |
|
46
|
|
|
|
|
47
|
|
|
/** |
|
48
|
|
|
* [private description] |
|
49
|
|
|
* @var [type] |
|
|
|
|
|
|
50
|
|
|
*/ |
|
51
|
|
|
private $whitelist; |
|
52
|
|
|
|
|
53
|
|
|
/** |
|
54
|
|
|
* [private description] |
|
55
|
|
|
* @var [type] |
|
|
|
|
|
|
56
|
|
|
*/ |
|
57
|
|
|
private $checked_rate_limit = false; |
|
58
|
|
|
|
|
59
|
|
|
/** |
|
60
|
|
|
* [private description] |
|
61
|
|
|
* @var [type] |
|
|
|
|
|
|
62
|
|
|
*/ |
|
63
|
|
|
private $header_prefix; |
|
64
|
|
|
|
|
65
|
|
|
/** |
|
66
|
|
|
* [private description] |
|
67
|
|
|
* @var [type] |
|
|
|
|
|
|
68
|
|
|
*/ |
|
69
|
|
|
private $limit_api; |
|
70
|
|
|
|
|
71
|
|
|
/** |
|
72
|
|
|
* [public description] |
|
73
|
|
|
* @var [type] |
|
|
|
|
|
|
74
|
|
|
*/ |
|
75
|
|
|
public $userId; |
|
76
|
|
|
|
|
77
|
|
|
/** |
|
78
|
|
|
* [public description] |
|
79
|
|
|
* @var [type] |
|
|
|
|
|
|
80
|
|
|
*/ |
|
81
|
|
|
public $apiKey; |
|
82
|
|
|
|
|
83
|
|
|
/** |
|
84
|
|
|
* [public description] |
|
85
|
|
|
* @var [type] |
|
|
|
|
|
|
86
|
|
|
*/ |
|
87
|
|
|
public $apiKeyHeader; |
|
88
|
|
|
|
|
89
|
|
|
/** |
|
90
|
|
|
* [public description] |
|
91
|
|
|
* @var [type] |
|
|
|
|
|
|
92
|
|
|
*/ |
|
93
|
|
|
public $token; |
|
94
|
|
|
|
|
95
|
|
|
/** |
|
96
|
|
|
* [public description] |
|
97
|
|
|
* @var [type] |
|
|
|
|
|
|
98
|
|
|
*/ |
|
99
|
|
|
public $allowedIps; |
|
100
|
|
|
|
|
101
|
|
|
/** |
|
102
|
|
|
* [public description] |
|
103
|
|
|
* @var [type] |
|
|
|
|
|
|
104
|
|
|
*/ |
|
105
|
|
|
public $config; |
|
106
|
|
|
|
|
107
|
|
|
/** |
|
108
|
|
|
* [public description] |
|
109
|
|
|
* @var [type] |
|
|
|
|
|
|
110
|
|
|
*/ |
|
111
|
|
|
public $authPreempted = false; |
|
112
|
|
|
|
|
113
|
|
|
/** |
|
114
|
|
|
* [PACKAGE description] |
|
115
|
|
|
* @var string |
|
116
|
|
|
*/ |
|
117
|
|
|
const PACKAGE = "francis94c/ci-rest"; |
|
118
|
|
|
|
|
119
|
|
|
/** |
|
120
|
|
|
* [RATE_LIMIT description] |
|
121
|
|
|
* @var string |
|
122
|
|
|
*/ |
|
123
|
|
|
const RATE_LIMIT = "RateLimit"; |
|
124
|
|
|
|
|
125
|
|
|
/** |
|
126
|
|
|
* [AUTH_GRAVITY description] |
|
127
|
|
|
* @var integer |
|
128
|
|
|
*/ |
|
129
|
|
|
const AUTH_GRAVITY = 0b100; |
|
130
|
|
|
const AUTH_PASSIVE = 0b010; |
|
131
|
|
|
const AUTH_FINAL = 0b001; |
|
132
|
|
|
|
|
133
|
|
|
/** |
|
134
|
|
|
* [__construct This is the part of the code that takes care of all |
|
135
|
|
|
* authentiations. allowing you to focus on building wonderful things at REST. |
|
136
|
|
|
* pun intended ;-)] |
|
137
|
|
|
* @param array|null $params Initialization parameters from the Slint system. |
|
138
|
|
|
* There's no use for this arg yet. |
|
139
|
|
|
*/ |
|
140
|
|
|
function __construct(?array $params=null) |
|
141
|
|
|
{ |
|
142
|
|
|
$this->ci =& get_instance(); |
|
|
|
|
|
|
143
|
|
|
|
|
144
|
|
|
if ($this->ci->input->is_cli_request()) return; |
|
145
|
|
|
|
|
146
|
|
|
// Load Config If Exists. |
|
147
|
|
|
//$this->ci->config->load('rest', true, true); |
|
148
|
|
|
if (is_file(APPPATH . 'config/rest.php')) { |
|
|
|
|
|
|
149
|
|
|
include APPPATH . 'config/rest.php'; |
|
150
|
|
|
} else { |
|
151
|
|
|
$config = []; |
|
152
|
|
|
} |
|
153
|
|
|
|
|
154
|
|
|
$this->config = $config; |
|
|
|
|
|
|
155
|
|
|
|
|
156
|
|
|
// Load Database. |
|
157
|
|
|
$this->ci->load->database(); |
|
158
|
|
|
|
|
159
|
|
|
// load URL Helper |
|
160
|
|
|
$this->ci->load->helper('url'); |
|
161
|
|
|
|
|
162
|
|
|
// Load REST Helper. |
|
163
|
|
|
$this->ci->load->splint(self::PACKAGE, '%rest'); |
|
164
|
|
|
|
|
165
|
|
|
// Load Model. |
|
166
|
|
|
$this->ci->load->splint(self::PACKAGE, '*RESTModel', 'rest_model'); |
|
167
|
|
|
$this->rest_model =& $this->ci->rest_model; |
|
|
|
|
|
|
168
|
|
|
|
|
169
|
|
|
$this->rest_model->init([ |
|
170
|
|
|
'users_table' => $config['basic_auth']['users_table'] ?? null, |
|
171
|
|
|
'users_id_column' => $config['basic_auth']['id_column'] ?? null, |
|
172
|
|
|
'users_username_column' => $config['basic_auth']['username_column'] ?? null, |
|
173
|
|
|
'users_email_column' => $config['basic_auth']['email_column'] ?? null, |
|
174
|
|
|
'users_password_column' => $config['basic_auth']['password_column'] ?? null, |
|
175
|
|
|
'api_key_table' => $config['api_key_auth']['api_key_table'] ?? null, |
|
176
|
|
|
'api_key_column' => $config['api_key_auth']['api_key_column'] ?? null, |
|
177
|
|
|
'api_key_limit_column' => $config['api_key_auth']['api_key_limit_column'] ?? null |
|
178
|
|
|
]); |
|
179
|
|
|
|
|
180
|
|
|
// Load Variable(s) from Config. |
|
181
|
|
|
$this->allowedIps = $config['allowed_ips'] ?? ['127.0.0.1', '[::1]']; |
|
182
|
|
|
$this->apiKeyHeader = $config['api_key_header'] ?? 'X-API-KEY'; |
|
183
|
|
|
$this->api_key_limit_column = $config['api_key_auth']['api_key_limit_column'] ?? null; |
|
184
|
|
|
$this->api_key_column = $config['api_key_auth']['api_key_column'] ?? null; |
|
185
|
|
|
$this->limit_api = $config['api_limiter']['api_limiter'] ?? false; |
|
186
|
|
|
$this->per_hour = $config['api_limiter']['per_hour'] ?? 100; |
|
187
|
|
|
$this->ip_per_hour = $config['api_limiter']['ip_per_hour'] ?? 50; |
|
188
|
|
|
$this->show_header = $config['api_limiter']['show_header'] ?? null; |
|
189
|
|
|
$this->whitelist = $config['api_limiter']['whitelist'] ?? []; |
|
190
|
|
|
$this->header_prefix = $config['api_limiter']['header_prefix'] ?? 'X-RateLimit-'; |
|
191
|
|
|
|
|
192
|
|
|
// Limit Only? |
|
193
|
|
|
//if ($this->config['api_limiter']['api_limit_only'] ?? false) { |
|
194
|
|
|
//return; |
|
195
|
|
|
//} |
|
196
|
|
|
|
|
197
|
|
|
// Authenticate |
|
198
|
|
|
if ($this->ci->uri->total_segments() > 0) { |
|
199
|
|
|
$this->authenticate(); |
|
200
|
|
|
} |
|
201
|
|
|
|
|
202
|
|
|
// Generic Rate Limiter. |
|
203
|
|
|
if ($this->limit_api && !$this->checked_rate_limit && |
|
204
|
|
|
($config['api_limiter']['limit_by_ip'] ?? false)) { |
|
205
|
|
|
$this->api_rest_limit_by_ip_address(); |
|
206
|
|
|
} |
|
207
|
|
|
|
|
208
|
|
|
log_message('debug', 'REST Request Authenticated and REST Library Initialized.'); |
|
|
|
|
|
|
209
|
|
|
} |
|
210
|
|
|
|
|
211
|
|
|
/** |
|
212
|
|
|
* [authenticate description] |
|
213
|
|
|
* @date 2020-01-30 |
|
214
|
|
|
*/ |
|
215
|
|
|
private function authenticate():void |
|
216
|
|
|
{ |
|
217
|
|
|
$auths = null; |
|
|
|
|
|
|
218
|
|
|
$auths = $this->config['auth'] ?? null; |
|
219
|
|
|
if ($auths) $auths = is_array($auths) ? $auths : [$auths]; |
|
220
|
|
|
|
|
221
|
|
|
if (!$auths) return; // No authentication(s) to carry out. |
|
222
|
|
|
|
|
223
|
|
|
/** |
|
224
|
|
|
* $this->process_auth() terminates the script if authentication fails |
|
225
|
|
|
* It will call the callable in the rest.php config file under |
|
226
|
|
|
* response_callbacks which matches the necesarry RESTResponse constant |
|
227
|
|
|
* before exiting. Which callable is called in any situation is documented |
|
228
|
|
|
* in README.md |
|
229
|
|
|
*/ |
|
230
|
|
|
|
|
231
|
|
|
foreach ($auths as $key => $auth) { |
|
232
|
|
|
if ($this->authPreempted) break; |
|
233
|
|
|
if (is_numeric($key)) { |
|
234
|
|
|
$this->process_auth($auth, self::AUTH_GRAVITY); |
|
235
|
|
|
} else { |
|
236
|
|
|
$this->process_auth($key, $auth); |
|
237
|
|
|
} |
|
238
|
|
|
} |
|
239
|
|
|
} |
|
240
|
|
|
|
|
241
|
|
|
/** |
|
242
|
|
|
* [process_auth description] |
|
243
|
|
|
* @date 2020-04-07 |
|
244
|
|
|
* @param string $auth [description] |
|
245
|
|
|
* @param int $flags [description] |
|
246
|
|
|
*/ |
|
247
|
|
|
private function process_auth(string &$auth, int $flags):void |
|
248
|
|
|
{ |
|
249
|
|
|
switch ($auth) { |
|
250
|
|
|
case RESTAuth::IP: $this->ip_auth($flags); break; |
|
251
|
|
|
case RESTAuth::BASIC: $this->basic_auth($flags); break; |
|
252
|
|
|
case RESTAuth::API_KEY: $this->api_key_auth($flags); break; |
|
253
|
|
|
case RESTAuth::OAUTH2: $this->bearer_auth(RESTAuth::OAUTH2, $flags); break; |
|
254
|
|
|
case RESTAuth::BEARER: $this->bearer_auth(RESTAuth::BEARER, $flags); break; |
|
255
|
|
|
case RESTAuth::SECRET: $this->bearer_auth(RESTAuth::SECRET, $flags); break; |
|
256
|
|
|
default: $this->custom_auth($auth, $flags); |
|
|
|
|
|
|
257
|
|
|
} |
|
258
|
|
|
} |
|
259
|
|
|
|
|
260
|
|
|
/** |
|
261
|
|
|
* [auth_proceed description] |
|
262
|
|
|
* @date 2020-04-07 |
|
263
|
|
|
* @param bool $success [description] |
|
264
|
|
|
* @param int $flags [description] |
|
265
|
|
|
* @return bool [description] |
|
266
|
|
|
*/ |
|
267
|
|
|
private function auth_proceed(bool $success, int $flags):bool |
|
268
|
|
|
{ |
|
269
|
|
|
if ($flags & self::AUTH_GRAVITY) return $success; |
|
270
|
|
|
if ($success) { |
|
271
|
|
|
if ($flags & self::AUTH_FINAL) { |
|
272
|
|
|
$this->authPreempted = true; |
|
273
|
|
|
return true; |
|
274
|
|
|
} |
|
|
|
|
|
|
275
|
|
|
} else { |
|
276
|
|
|
return $flags & self::AUTH_PASSIVE ? true : false; |
|
277
|
|
|
} |
|
278
|
|
|
} |
|
279
|
|
|
|
|
280
|
|
|
/** |
|
281
|
|
|
* [ip_auth description] |
|
282
|
|
|
* @date 2020-04-07 |
|
283
|
|
|
* @param int $flags [description] |
|
284
|
|
|
*/ |
|
285
|
|
|
private function ip_auth(int $flags):void |
|
286
|
|
|
{ |
|
287
|
|
|
if (!$this->auth_proceed(in_array($this->ci->input->ip_address(), $this->allowedIps), $flags)) { |
|
288
|
|
|
$this->handle_response(RESTResponse::UN_AUTHORIZED, RESTAuth::IP); // Exits. |
|
289
|
|
|
} |
|
290
|
|
|
} |
|
291
|
|
|
|
|
292
|
|
|
/** |
|
293
|
|
|
* [bearer_auth description] |
|
294
|
|
|
* @date 2020-04-07 |
|
295
|
|
|
* @param string $auth [description] |
|
296
|
|
|
* @param int $flags [description] |
|
297
|
|
|
*/ |
|
298
|
|
|
private function bearer_auth(string $auth, int $flags):void |
|
299
|
|
|
{ |
|
300
|
|
|
$authorization = $this->get_authorization_header(); |
|
301
|
|
|
$shouldProceed = $this->auth_proceed(false, $flags); |
|
302
|
|
|
if ($authorization == null || substr_count($authorization, ' ') != 1) { |
|
|
|
|
|
|
303
|
|
|
if ($shouldProceed) return; |
|
304
|
|
|
$this->handle_response(RESTResponse::BAD_REQUEST, $auth, 'Bad Request'); // Exits. |
|
305
|
|
|
} |
|
306
|
|
|
$token = explode(" ", $authorization); |
|
307
|
|
|
if ($token[0] != $auth) { |
|
308
|
|
|
if ($shouldProceed) return; |
|
309
|
|
|
$this->handle_response(RESTResponse::BAD_REQUEST, $auth, 'Bad Request'); // Exits. |
|
310
|
|
|
} |
|
311
|
|
|
$this->token = $token[1]; |
|
312
|
|
|
// Call Up Custom Implemented Bearer/Token Authorization. |
|
313
|
|
|
// Callback Check. |
|
314
|
|
|
if (!isset($this->config['auth_callbacks'][$auth])) { |
|
315
|
|
|
$this->handle_response(RESTResponse::NOT_IMPLEMENTED, $auth); // Exits. |
|
316
|
|
|
} |
|
317
|
|
|
// Authorization. |
|
318
|
|
|
if (!$this->auth_proceed($this->config['auth_callbacks'][$auth]($this, $this->token), $flags)) { |
|
319
|
|
|
$this->handle_response(RESTResponse::UN_AUTHORIZED, $auth); // Exits. |
|
320
|
|
|
} |
|
321
|
|
|
} |
|
322
|
|
|
|
|
323
|
|
|
/** |
|
324
|
|
|
* [basic_auth description] |
|
325
|
|
|
* @date 2020-04-07 |
|
326
|
|
|
* @param int $flags [description] |
|
327
|
|
|
*/ |
|
328
|
|
|
private function basic_auth(int $flags):void |
|
329
|
|
|
{ |
|
330
|
|
|
$username = $_SERVER['PHP_AUTH_USER'] ?? null; |
|
331
|
|
|
$password = $_SERVER['PHP_AUTH_PW'] ?? null; |
|
332
|
|
|
if (!$this->auth_proceed(!$username || !$password, $flags)) $this->handle_response(RESTResponse::BAD_REQUEST, RESTAuth::BASIC); // Exits. |
|
333
|
|
|
if (!$this->auth_proceed($this->rest_model->basicAuth($this, $username, $password), $flags)) $this->handle_response(RESTResponse::UN_AUTHORIZED, RESTAuth::BASIC); // Exits. |
|
334
|
|
|
} |
|
335
|
|
|
/** |
|
336
|
|
|
* [api_key_auth description] |
|
337
|
|
|
*/ |
|
338
|
|
|
private function api_key_auth(int $flags=self::AUTH_GRAVITY):void |
|
339
|
|
|
{ |
|
340
|
|
|
if (uri_string() == '') return; |
|
|
|
|
|
|
341
|
|
|
$shouldProceed = $this->auth_proceed(false, $flags); |
|
342
|
|
|
|
|
343
|
|
|
if (!$this->ci->input->get_request_header($this->apiKeyHeader, true) && !$shouldProceed) { |
|
344
|
|
|
// if (!isset($_SERVER['HTTP_' . str_replace("-", "_", $this->apiKeyHeader)])) { |
|
345
|
|
|
$this->handle_response(RESTResponse::BAD_REQUEST, RESTAuth::API_KEY); // Exits. |
|
346
|
|
|
} |
|
347
|
|
|
|
|
348
|
|
|
$apiKey = $this->rest_model->getAPIKeyData( |
|
349
|
|
|
$this->ci->input->get_request_header($this->apiKeyHeader, true) |
|
350
|
|
|
); |
|
351
|
|
|
|
|
352
|
|
|
if ($apiKey == null && !$shouldProceed) { |
|
353
|
|
|
$this->handle_response(RESTResponse::UN_AUTHORIZED, RESTAuth::API_KEY); // Exits. |
|
354
|
|
|
} |
|
355
|
|
|
|
|
356
|
|
|
$this->apiKey = $apiKey; |
|
357
|
|
|
|
|
358
|
|
|
if (!$this->auth_proceed(true, $flags)) return; |
|
359
|
|
|
|
|
360
|
|
|
// ==== API KEY Auth Passed ==== // |
|
361
|
|
|
|
|
362
|
|
|
if ($this->limit_api && $this->api_key_limit_column != null && $apiKey->{$this->api_key_limit_column} == 1) { |
|
363
|
|
|
$this->limitAPIKey($apiKey->{$this->api_key_column}); |
|
364
|
|
|
} |
|
365
|
|
|
|
|
366
|
|
|
$this->checked_rate_limit = true; // Ignore Limit By IP. |
|
367
|
|
|
} |
|
368
|
|
|
|
|
369
|
|
|
/** |
|
370
|
|
|
* [limitAPIKey description] |
|
371
|
|
|
* @date 2020-04-08 |
|
372
|
|
|
* @param string $apiKey [description] |
|
373
|
|
|
*/ |
|
374
|
|
|
public function limitAPIKey(string $apiKey):void |
|
375
|
|
|
{ |
|
376
|
|
|
// Trunctate Rate Limit Data. |
|
377
|
|
|
$this->rest_model->truncateRatelimitData(); |
|
378
|
|
|
// Check Whitelist. |
|
379
|
|
|
if (in_array($this->ci->input->ip_address(), $this->whitelist)) { |
|
380
|
|
|
$this->checked_rate_limit = true; // Ignore Limit By IP. |
|
381
|
|
|
return; |
|
382
|
|
|
} |
|
383
|
|
|
// Should we acyually Limit? |
|
384
|
|
|
if ($this->per_hour > 0) { |
|
385
|
|
|
$client = hash('md5', $this->ci->input->ip_address() . "%" . $apiKey); |
|
386
|
|
|
$limitData = $this->rest_model->getLimitData($client, '_api_keyed_user'); |
|
387
|
|
|
if ($limitData == null) { |
|
388
|
|
|
$limitData = []; |
|
389
|
|
|
$limitData['count'] = 0; |
|
390
|
|
|
$limitData['reset_epoch'] = gmdate('d M Y H:i:s', time() + (60 * 60)); |
|
391
|
|
|
$limitData['start'] = date('d M Y H:i:s'); |
|
392
|
|
|
} |
|
393
|
|
|
if ($this->per_hour - $limitData['count'] > 0) { |
|
394
|
|
|
if (!$this->rest_model->insertLimitData($client, '_api_keyed_user')) { |
|
395
|
|
|
$this->handle_response(RESTResponse::INTERNAL_SERVER_ERROR, self::RATE_LIMIT); // Exits. |
|
396
|
|
|
} |
|
397
|
|
|
++$limitData['count']; |
|
398
|
|
|
if ($this->show_header) { |
|
399
|
|
|
header($this->header_prefix.'Limit: '.$this->per_hour); |
|
400
|
|
|
header($this->header_prefix.'Remaining: '.($this->per_hour - $limitData['count'])); |
|
401
|
|
|
header($this->header_prefix.'Reset: '.strtotime($limitData['reset_epoch'])); |
|
402
|
|
|
} |
|
403
|
|
|
} else { |
|
404
|
|
|
header('Retry-After: '.(strtotime($limitData['reset_epoch']) - strtotime(gmdate('d M Y H:i:s')))); |
|
405
|
|
|
$this->handle_response(RESTResponse::TOO_MANY_REQUESTS, self::RATE_LIMIT); // Exits. |
|
406
|
|
|
} |
|
407
|
|
|
} |
|
408
|
|
|
} |
|
409
|
|
|
|
|
410
|
|
|
/** |
|
411
|
|
|
* [api_rest_limit_by_ip_address description] |
|
412
|
|
|
* TODO: Implement. |
|
413
|
|
|
*/ |
|
414
|
|
|
private function api_rest_limit_by_ip_address():void |
|
415
|
|
|
{ |
|
416
|
|
|
// Trunctate Rate Limit Data. |
|
417
|
|
|
$this->rest_model->truncateRatelimitData(); |
|
418
|
|
|
// Check Whitelist. |
|
419
|
|
|
if (in_array($this->ci->input->ip_address(), $this->whitelist)) return; |
|
420
|
|
|
// Should we acyually Limit? |
|
421
|
|
|
if ($this->ip_per_hour > 0) { |
|
422
|
|
|
$client = hash('md5', $this->ci->input->ip_address()); |
|
423
|
|
|
$limitData = $this->rest_model->getLimitData($client, '_ip_address'); |
|
424
|
|
|
if ($limitData == null) { |
|
425
|
|
|
$limitData = []; |
|
426
|
|
|
$limitData['count'] = 0; |
|
427
|
|
|
$limitData['reset_epoch'] = gmdate('d M Y H:i:s', time() + (60 * 60)); |
|
428
|
|
|
$limitData['start'] = date('d M Y H:i:s'); |
|
429
|
|
|
} |
|
430
|
|
|
if ($this->ip_per_hour - $limitData['count'] > 0) { |
|
431
|
|
|
if (!$this->rest_model->insertLimitData($client, '_ip_address')) { |
|
432
|
|
|
$this->handle_response(RESTResponse::INTERNAL_SERVER_ERROR, self::RATE_LIMIT); // Exits. |
|
433
|
|
|
} |
|
434
|
|
|
++$limitData['count']; |
|
435
|
|
|
if ($this->show_header) { |
|
436
|
|
|
header($this->header_prefix.'Limit: '.$this->ip_per_hour); |
|
437
|
|
|
header($this->header_prefix.'Remaining: '.($this->ip_per_hour - $limitData['count'])); |
|
438
|
|
|
header($this->header_prefix.'Reset: '.strtotime($limitData['reset_epoch'])); |
|
439
|
|
|
} |
|
440
|
|
|
} else { |
|
441
|
|
|
header('Retry-After: '.(strtotime($limitData['reset_epoch']) - strtotime(gmdate('d M Y H:i:s')))); |
|
442
|
|
|
$this->handle_response(RESTResponse::TOO_MANY_REQUESTS, self::RATE_LIMIT); // Exits. |
|
443
|
|
|
} |
|
444
|
|
|
} |
|
445
|
|
|
} |
|
446
|
|
|
/** |
|
447
|
|
|
* [custom_auth description] |
|
448
|
|
|
* @param string $auth [description] |
|
449
|
|
|
*/ |
|
450
|
|
|
private function custom_auth(string &$auth):void |
|
451
|
|
|
{ |
|
452
|
|
|
// Header Check. |
|
453
|
|
|
if (!isset($_SERVER[$auth])) { |
|
454
|
|
|
$this->handle_response(RESTResponse::BAD_REQUEST, $auth); |
|
455
|
|
|
} |
|
456
|
|
|
// Callback Check. |
|
457
|
|
|
if (!isset($this->config['auth_callbacks'][$auth])) { |
|
458
|
|
|
$this->handle_response(RESTResponse::NOT_IMPLEMENTED, $auth); // Exits. |
|
459
|
|
|
} |
|
460
|
|
|
// Authentication. |
|
461
|
|
|
if (!$this->config['auth_callbacks'][$auth]($this, $this->ci->security->xss_clean($_SERVER[$auth]))) { |
|
462
|
|
|
$this->handle_response(RESTResponse::UN_AUTHORIZED, $auth); // Exits. |
|
463
|
|
|
} |
|
464
|
|
|
} |
|
465
|
|
|
/** |
|
466
|
|
|
* [get_authorization_header description] |
|
467
|
|
|
* @return [type] [description] |
|
|
|
|
|
|
468
|
|
|
*/ |
|
469
|
|
|
private function get_authorization_header():?string |
|
470
|
|
|
{ |
|
471
|
|
|
if (isset($_SERVER['Authorization'])) { |
|
472
|
|
|
return trim($_SERVER["Authorization"]); |
|
473
|
|
|
} else if (isset($_SERVER['HTTP_AUTHORIZATION'])) { //Nginx or fast CGI |
|
474
|
|
|
return trim($_SERVER["HTTP_AUTHORIZATION"]); |
|
475
|
|
|
} elseif (function_exists('apache_request_headers')) { |
|
476
|
|
|
$requestHeaders = apache_request_headers(); |
|
477
|
|
|
|
|
478
|
|
|
// Avoid Surprises. |
|
479
|
|
|
$requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders)); |
|
|
|
|
|
|
480
|
|
|
|
|
481
|
|
|
if (isset($requestHeaders['Authorization'])) { |
|
482
|
|
|
return trim($requestHeaders['Authorization']); |
|
483
|
|
|
} |
|
484
|
|
|
} |
|
485
|
|
|
return null; |
|
486
|
|
|
} |
|
487
|
|
|
|
|
488
|
|
|
/** |
|
489
|
|
|
* [handle_response description] |
|
490
|
|
|
* @param int $code [description] |
|
491
|
|
|
*/ |
|
492
|
|
|
private function handle_response(int $code, $auth=null, ?string $errorReason=null):void |
|
493
|
|
|
{ |
|
494
|
|
|
http_response_code($code); |
|
495
|
|
|
header("Content-Type: application/json"); |
|
496
|
|
|
if (isset($this->config['response_callbacks'][$code])) { |
|
497
|
|
|
$this->config['response_callbacks'][$code]($auth, $errorReason); |
|
498
|
|
|
} |
|
499
|
|
|
if (ENVIRONMENT != 'testing') exit($code); |
|
|
|
|
|
|
500
|
|
|
throw new Exception("Error $code in $auth", $code); |
|
501
|
|
|
} |
|
502
|
|
|
} |
|
503
|
|
|
?> |
|
|
|
|
|
|
504
|
|
|
|
francis94c /
ci-rest
Loading history...