• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Phil Surgeon REST server library and how to work with keys for some requests only


I am currently working with Phil Sturgeon's REST server library and I got as far as handling requests and responses using the very useful "key" system for security.

Now I need to be able to handle some of the requests as public and some with the key protection. I can not find my way around doing that.

The key configuration settings are given on the rest.php config file of the library:

$config['rest_enable_keys'] = TRUE;

But I can not get my head around bypassing this for certain requests (i.e controller/method).

I tried to use the means available on the auth types:

$config['auth_override_class_method']['server']['persons'] = 'none';

but this did not work as I am guessing that the key system has nothing to do with http authentication.

Anyone have any idea ?

Ok as nobody seemed to be able to help I managed to modify the REST server library a bit to bypass to key system for specified methods. Here is how I did it.

On the REST_Controller.php class, modify the if statement on line 129 to:

// Checking for keys? GET TO WORK!
if (config_item('rest_enable_keys'))
   $controller_name = $this->router->fetch_class();
   $method_name = $this->router->fetch_method();
   $item = $controller_name . '/' . $method_name;
   if (!in_array($item,$this->config->item('key_override')))
      $this->_allow = $this->_detect_api_key();

and add the following config variable to the rest.php config file:
| REST Bypass key system
| If the keys are enabled you can specify the methods you want to keep public
| within a class (controller)
| Set as many config entries as needed.  Any methods not set will use the default 'rest_enable_keys' config value.
| array('controller/method1','controller/method2')
$config['key_override'] = array ();

Now there is probably a better way of doing this but it is working fine for me so far. What this does is allow you to specify which methods you want to keep public (i.e no key required on the http request).

NB: the name of the method should not include the type of request at the end as required by the library. For instance, if you have a "person" method on a "server" controller:
public function person_put()
   $this->response(array('name' => 'madoc'), 200);

then the config variable would look like
$config['key_override'] = array ('server/person');

this means that the key system will be bypassed for every type of "person" request.

I hope this makes sense !

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  

  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.