Welcome Guest, Not a member yet? Register   Sign In
Phil Surgeon REST server library and how to work with keys for some requests only
#1

[eluser]Madoc[/eluser]
Hello,

I am currently working with Phil Sturgeon's REST server library and I got as far as handling requests and responses using the very useful "key" system for security.

Now I need to be able to handle some of the requests as public and some with the key protection. I can not find my way around doing that.

The key configuration settings are given on the rest.php config file of the library:

Code:
$config['rest_enable_keys'] = TRUE;

But I can not get my head around bypassing this for certain requests (i.e controller/method).

I tried to use the means available on the auth types:

Code:
$config['auth_override_class_method']['server']['persons'] = 'none';

but this did not work as I am guessing that the key system has nothing to do with http authentication.

Anyone have any idea ?
#2

[eluser]Madoc[/eluser]
Ok as nobody seemed to be able to help I managed to modify the REST server library a bit to bypass to key system for specified methods. Here is how I did it.

On the REST_Controller.php class, modify the if statement on line 129 to:

Code:
// Checking for keys? GET TO WORK!
if (config_item('rest_enable_keys'))
{
   $controller_name = $this->router->fetch_class();
   $method_name = $this->router->fetch_method();
   $item = $controller_name . '/' . $method_name;
            
   if (!in_array($item,$this->config->item('key_override')))
   {
      $this->_allow = $this->_detect_api_key();
   }    
}

and add the following config variable to the rest.php config file:
Code:
/*
|--------------------------------------------------------------------------
| REST Bypass key system
|--------------------------------------------------------------------------
|
| If the keys are enabled you can specify the methods you want to keep public
| within a class (controller)
|
| Set as many config entries as needed.  Any methods not set will use the default 'rest_enable_keys' config value.
|
| array('controller/method1','controller/method2')
|
*/
$config['key_override'] = array ();

Now there is probably a better way of doing this but it is working fine for me so far. What this does is allow you to specify which methods you want to keep public (i.e no key required on the http request).

NB: the name of the method should not include the type of request at the end as required by the library. For instance, if you have a "person" method on a "server" controller:
Code:
public function person_put()
{
   $this->response(array('name' => 'madoc'), 200);
}

then the config variable would look like
Code:
$config['key_override'] = array ('server/person');

this means that the key system will be bypassed for every type of "person" request.

I hope this makes sense !




Theme © iAndrew 2016 - Forum software by © MyBB