diff options
| -rw-r--r-- | engine/lib/web_services.php | 48 | ||||
| -rw-r--r-- | services/api/rest_api.php | 58 |
2 files changed, 44 insertions, 62 deletions
diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php index b9c87843e..e529711e1 100644 --- a/engine/lib/web_services.php +++ b/engine/lib/web_services.php @@ -1342,8 +1342,6 @@ function unregister_service_handler($handler) { } } -// REST handler - /** * REST API handler * @@ -1352,10 +1350,52 @@ function unregister_service_handler($handler) { function rest_handler() { global $CONFIG; - require $CONFIG->path . "services/api/rest_api.php"; + // Register the error handler + error_reporting(E_ALL); + set_error_handler('_php_api_error_handler'); + + // Register a default exception handler + set_exception_handler('_php_api_exception_handler'); + + // Check to see if the api is available + if ((isset($CONFIG->disable_api)) && ($CONFIG->disable_api == true)) { + throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); + } + + // plugins should return true to control what API and user authentication handlers are registered + if (elgg_trigger_plugin_hook('rest', 'init', null, false) == false) { + // for testing from a web browser, you can use the session PAM + // do not use for production sites!! + //register_pam_handler('pam_auth_session'); + + // user token can also be used for user authentication + register_pam_handler('pam_auth_usertoken'); + + // simple API key check + register_pam_handler('api_auth_key', "sufficient", "api"); + // hmac + register_pam_handler('api_auth_hmac', "sufficient", "api"); + } + + // Get parameter variables + $method = get_input('method'); + $result = null; + + // this will throw an exception if authentication fails + authenticate_method($method); + + $result = execute_method($method); + + + if (!($result instanceof GenericResult)) { + throw new APIException(elgg_echo('APIException:ApiResultUnknown')); + } + + // Output the result + echo elgg_view_page($method, elgg_view("api/output", array("result" => $result))); } -// Initialisation +// Initialization /** * Unit tests for API diff --git a/services/api/rest_api.php b/services/api/rest_api.php deleted file mode 100644 index 4cee374d6..000000000 --- a/services/api/rest_api.php +++ /dev/null @@ -1,58 +0,0 @@ -<?php -/** - * Rest endpoint. - * The API REST endpoint. - * - * @package Elgg - * @subpackage API - */ - -/** - * Start the Elgg engine - */ -require_once("../../engine/start.php"); -global $CONFIG; - -// Register the error handler -error_reporting(E_ALL); -set_error_handler('_php_api_error_handler'); - -// Register a default exception handler -set_exception_handler('_php_api_exception_handler'); - -// Check to see if the api is available -if ((isset($CONFIG->disable_api)) && ($CONFIG->disable_api == true)) { - throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); -} - -// plugins should return true to control what API and user authentication handlers are registered -if (elgg_trigger_plugin_hook('rest', 'init', null, false) == false) { - // for testing from a web browser, you can use the session PAM - // do not use for production sites!! - //register_pam_handler('pam_auth_session'); - - // user token can also be used for user authentication - register_pam_handler('pam_auth_usertoken'); - - // simple API key check - register_pam_handler('api_auth_key', "sufficient", "api"); - // hmac - register_pam_handler('api_auth_hmac', "sufficient", "api"); -} - -// Get parameter variables -$method = get_input('method'); -$result = null; - -// this will throw an exception if authentication fails -authenticate_method($method); - -$result = execute_method($method); - - -if (!($result instanceof GenericResult)) { - throw new APIException(elgg_echo('APIException:ApiResultUnknown')); -} - -// Output the result -echo elgg_view_page($method, elgg_view("api/output", array("result" => $result)));
\ No newline at end of file |