From 985fad83ae06027c9ba92915b6f253815e7537cc Mon Sep 17 00:00:00 2001 From: cash Date: Mon, 19 Oct 2009 11:59:44 +0000 Subject: first version of new REST api git-svn-id: http://code.elgg.org/elgg/trunk@3562 36083f99-b078-4883-b0ff-0f9b5a30f544 --- services/api/rest.php | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) (limited to 'services') diff --git a/services/api/rest.php b/services/api/rest.php index dfa6cd3a5..a569e7e26 100644 --- a/services/api/rest.php +++ b/services/api/rest.php @@ -27,30 +27,27 @@ if ((isset($CONFIG->disable_api)) && ($CONFIG->disable_api == true)) { throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); } -// Register some default PAM methods, plugins can add their own -register_pam_handler('pam_auth_session_or_hmac'); // Command must either be authenticated by a hmac or the user is already logged in -register_pam_handler('pam_auth_usertoken', 'required'); // Either token present and valid OR method doesn't require one. -register_pam_handler('pam_auth_anonymous_method'); // Support anonymous functions +// plugins should return true to control what API and user authentication handlers are registered +if (trigger_plugin_hook('rest', 'init', null, false) == false) { + // check session - this usually means a REST call from a web browser + register_pam_handler('pam_auth_session'); + // user token can also be used for user authentication + register_pam_handler('pam_auth_usertoken'); + + // for api authentication, we default to a simple API key check + register_api_auth_handler('api_auth_key'); +} // Get parameter variables $method = get_input('method'); $result = null; -// Authenticate session -if (pam_authenticate()) { - // Authenticated somehow, now execute. - $token = ""; - $params = get_parameters_for_method($method); // Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler - if (isset($params['auth_token'])) { - $token = $params['auth_token']; - } - - $result = execute_method($method, $params, $token); -} else { - throw new SecurityException(elgg_echo('SecurityException:NoAuthMethods')); -} +// this will throw an exception if authentication fails +authenticate_method($method); + +$result = execute_method($method); + -// Finally output if (!($result instanceof GenericResult)) { throw new APIException(elgg_echo('APIException:ApiResultUnknown')); } -- cgit v1.2.3