aboutsummaryrefslogtreecommitdiff
path: root/engine/lib/api.php
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib/api.php')
-rw-r--r--engine/lib/api.php89
1 files changed, 79 insertions, 10 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 176ca1f8b..4b8052dfc 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -175,6 +175,83 @@
return new ErrorResult($message, $code, $exception);
}
}
+
+ // Caching of HMACs ///////////////////////////////////////////////////////////////////////
+
+ /**
+ * ElggHMACCache
+ * Store cached data in a temporary database, only used by the HMAC stuff.
+ *
+ * @author Curverider Ltd <info@elgg.com>
+ * @package Elgg
+ * @subpackage API
+ */
+ class ElggHMACCache extends ElggCache
+ {
+ /**
+ * Set the Elgg cache.
+ *
+ * @param int $max_age Maximum age in seconds, 0 if no limit.
+ */
+ function __construct($max_age = 0)
+ {
+ $this->set_variable("max_age", $max_age);
+ }
+
+ /**
+ * Save a key
+ *
+ * @param string $key
+ * @param string $data
+ * @return boolean
+ */
+ public function save($key, $data)
+ {
+ global $CONFIG;
+
+ $key = sanitise_string($key);
+ $time = time();
+
+ return insert_data("INSERT into {$CONFIG->dbprefix}hmac_cache (hmac, ts) VALUES ('$key', '$time')");
+ }
+
+ /**
+ * Load a key
+ *
+ * @param string $key
+ * @param int $offset
+ * @param int $limit
+ * @return string
+ */
+ public function load($key, $offset = 0, $limit = null)
+ {
+ global $CONFIG;
+
+ $key = sanitise_string($key);
+
+ $row = get_data_row("SELECT * from {$CONFIG->dbprefix}hmac_cache where hmac='$key'");
+ if ($row)
+ return $row->hmac;
+
+ return false;
+ }
+
+ /**
+ * Clean out old stuff.
+ *
+ */
+ public function __destruct()
+ {
+ global $CONFIG;
+
+ $time = time();
+ $age = (int)$this->get_variable("max_age");
+
+ $expires = $time-$age;
+
+ delete_data("DELETE from {$CONFIG->dbprefix}hmac_cache where ts<$expires");
+ }
+ }
// API Call functions /////////////////////////////////////////////////////////////////////
@@ -552,22 +629,14 @@
* This function will do two things. Firstly it verifys that a $hmac hasn't been seen before, and
* secondly it will add the given hmac to the cache.
*
- * TODO : REWRITE TO NOT USE ZEND
- *
* @param $hmac The hmac string.
* @return bool True if replay detected, false if not.
*/
function cache_hmac_check_replay($hmac)
{
- global $CONFIG;
-
- $cache_dir = $CONFIG->cache_path;
- if (!$cache_dir)
- throw new ConfigurationException(elgg_echo('ConfigurationException:CacheDirNotSet'));
-
- $cache = new ElggFileCache($cache_dir, 90000); // cache lifetime is 25 hours (see time window in get_and_validate_api_headers() )
+ $cache = new ElggHMACCache(90000); // cache lifetime is 25 hours (see time window in get_and_validate_api_headers() )
- if (!$result = $cache->load($hmac))
+ if (!$cache->load($hmac))
{
$cache->save($hmac, $hmac);