diff options
author | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-10-19 11:59:44 +0000 |
---|---|---|
committer | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-10-19 11:59:44 +0000 |
commit | 985fad83ae06027c9ba92915b6f253815e7537cc (patch) | |
tree | ed32fd8354b73c3484b4ab77cb1ebe8103631c0a /services/api | |
parent | 6ed8a8dd29c699c1ff345f9827f5f685c15e85e6 (diff) | |
download | elgg-985fad83ae06027c9ba92915b6f253815e7537cc.tar.gz elgg-985fad83ae06027c9ba92915b6f253815e7537cc.tar.bz2 |
first version of new REST api
git-svn-id: http://code.elgg.org/elgg/trunk@3562 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'services/api')
-rw-r--r-- | services/api/rest.php | 33 |
1 files changed, 15 insertions, 18 deletions
diff --git a/services/api/rest.php b/services/api/rest.php index dfa6cd3a5..a569e7e26 100644 --- a/services/api/rest.php +++ b/services/api/rest.php @@ -27,30 +27,27 @@ if ((isset($CONFIG->disable_api)) && ($CONFIG->disable_api == true)) { throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); } -// Register some default PAM methods, plugins can add their own -register_pam_handler('pam_auth_session_or_hmac'); // Command must either be authenticated by a hmac or the user is already logged in -register_pam_handler('pam_auth_usertoken', 'required'); // Either token present and valid OR method doesn't require one. -register_pam_handler('pam_auth_anonymous_method'); // Support anonymous functions +// plugins should return true to control what API and user authentication handlers are registered +if (trigger_plugin_hook('rest', 'init', null, false) == false) { + // check session - this usually means a REST call from a web browser + register_pam_handler('pam_auth_session'); + // user token can also be used for user authentication + register_pam_handler('pam_auth_usertoken'); + + // for api authentication, we default to a simple API key check + register_api_auth_handler('api_auth_key'); +} // Get parameter variables $method = get_input('method'); $result = null; -// Authenticate session -if (pam_authenticate()) { - // Authenticated somehow, now execute. - $token = ""; - $params = get_parameters_for_method($method); // Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler - if (isset($params['auth_token'])) { - $token = $params['auth_token']; - } - - $result = execute_method($method, $params, $token); -} else { - throw new SecurityException(elgg_echo('SecurityException:NoAuthMethods')); -} +// this will throw an exception if authentication fails +authenticate_method($method); + +$result = execute_method($method); + -// Finally output if (!($result instanceof GenericResult)) { throw new APIException(elgg_echo('APIException:ApiResultUnknown')); } |