Rename the backing table from rest_keys to user_access_tokens

Implement an api to format the errors and success messages Removed the custom routing... urls are now /rest/<module_name>/<resource>
2026-06-09 21:19:11 -04:00 · 2009-12-08 09:19:48 -08:00
parent b0de1fe1d9
commit fa0663d7df
7 changed files with 116 additions and 77 deletions
--- a/modules/rest/config/routes.php
+++ b/modules/rest/config/routes.php
@@ -1,23 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-
-// Redirect module REST requests to the REST Controller
-$config["^(\w+)/rest/(.*)$"] = "rest/$1/$2";
-
--- a/modules/rest/controllers/rest.php
+++ b/modules/rest/controllers/rest.php
@@ -20,21 +20,21 @@ class Rest_Controller extends Controller {
  public function access_key() {
    $request = json_decode($this->input->post("request"));
    if (empty($request->user) || empty($request->password)) {
-      print json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed")));
+      print rest::forbidden("No user or password supplied");
      return;
    }

    $user = identity::lookup_user_by_name($request->user);
    if (empty($user)) {
-      print json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed")));
+      print rest::forbidden("User '{$request->user}' not found");
      return;
    }

    if (!identity::is_correct_password($user, $request->password)) {
-      print json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed")));
+      print rest::forbidden("Invalid password for '{$request->user}'.");
      return;
    }
-    $key = ORM::factory("rest_key")
+    $key = ORM::factory("user_access_token")
      ->where("user_id", $user->id)
      ->find();
    if (!$key->loaded) {
@@ -43,7 +43,7 @@ class Rest_Controller extends Controller {
      $key->save();
      Kohana::log("alert",  Kohana::debug($key->as_array()));
    }
-    print json_encode(array("status" => "OK", "token" => $key->access_key));
+    print rest::success(array("token" => $key->access_key));
  }

  public function __call($function, $args) {
@@ -51,41 +51,37 @@ class Rest_Controller extends Controller {
    $request = $this->input->post("request", null);

    if (empty($access_token)) {
-      print json_encode(array("status" => "ERROR",
-                              "message" => (string)t("Authorization failed")));
+      print rest::forbidden("No access token supplied.");
      return;
    }

-    if (!empty($request)) {
-      $method = strtolower($this->input->server("HTTP_X_HTTP_METHOD_OVERRIDE", "POST"));
-      $request = json_decode($request);
-    } else {
-        print json_encode(array("status" => "ERROR",
-                                "message" => (string)t("Authorization failed")));
-        return;
-    }
-
    try {
-      $key = ORM::factory("rest_key")
+      $key = ORM::factory("user_access_token")
        ->where("access_key", $access_token)
        ->find();

      if (!$key->loaded) {
-        print json_encode(array("status" => "ERROR",
-                                "message" => (string)t("Authorization failed")));
+        print rest::forbidden("Invalid key: $access_token");
        return;
      }

      $user = identity::lookup_user($key->user_id);
      if (empty($user)) {
-        print json_encode(array("status" => "ERROR",
-                                "message" => (string)t("Authorization failed")));
+        print rest::forbidden("User not found: {$key->user_id}");
        return;
      }

+      if (!empty($request)) {
+        $method = strtolower($this->input->server("HTTP_X_HTTP_METHOD_OVERRIDE", "POST"));
+        $request = json_decode($request);
+      } else {
+        print rest::invalid_request("Empty Request");
+        return;
+      }
+
+
      if (empty($args[0])) {
-        print json_encode(array("status" => "ERROR",
-                                "message" => (string)t("Invalid request parameters")));
+        print rest::invalid_request("Resource not supplied");
        return;
      }

@@ -93,18 +89,15 @@ class Rest_Controller extends Controller {
      $handler_method = "{$method}_{$args[0]}";

      if (!method_exists($handler_class, $handler_method)) {
-        Kohana::log("error", "$handler_class::$handler_method is not implemented");
-        print json_encode(array("status" => "ERROR",
-                                "message" => (string)t("Service not implemented")));
+        print rest::not_implemented("$handler_class::$handler_method is not implemented");
        return;
      }

-      $response = call_user_func(array($handler_class, $handler_method), $request);
+      identity::set_active_user($user);

-      print json_encode($response);
+      print call_user_func(array($handler_class, $handler_method), $request);
    } catch (Exception $e) {
-      Kohana::log("error", $e->__toString());
-      print json_encode(array("status" => "ERROR", "message" => (string)t("Internal error")));
+      print rest::internal_error($e);
    }
  }

--- a/modules/rest/helpers/rest.php
+++ b/modules/rest/helpers/rest.php
@@ -0,0 +1,69 @@
+<?php defined("SYSPATH") or die("No direct script access.");/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class rest_Core {
+  /**
+   * Authorization Failure
+   */
+  static function forbidden($log_message=null) {
+    return self::_format_response(t("Authorization failed"), $log_message);
+  }
+
+  /**
+   * Invalid Failure
+   */
+  static function invalid_request($log_message=null) {
+    return self::_format_response(t("Invalid request"), $log_message);
+  }
+
+  /**
+   * Not implemented
+   */
+  static function not_implemented($log_message=null) {
+    return self::_format_response(t("Service not implemented"), $log_message);
+  }
+
+  /**
+   * Internal Error
+   */
+  static function internal_error($log_message=null) {
+    return self::_format_response(t("Internal error"), $log_message);
+  }
+
+  /**
+   * Not implemented
+   */
+  static function success($response_data, $message=null) {
+    $response = array("status" => "OK");
+    if (!empty($message)) {
+      $response["message"] = (string)$message;
+    }
+    // We don't need to save the session for this request
+    Session::abort_save();
+    return json_encode(array_merge($response, $response_data));
+  }
+
+  private static function _format_response($message, $log_message) {
+    if (!empty($log_message)) {
+      Kohana::log("info", $log_message);
+    }
+    // We don't need to save the session for this request
+    Session::abort_save();
+    return json_encode(array("status" => "ERROR", "message" => (string)$message));
+  }
+}
--- a/modules/rest/helpers/rest_event.php
+++ b/modules/rest/helpers/rest_event.php
@@ -22,7 +22,7 @@ class rest_event {
   * the user_homes directory.
   */
  static function user_before_delete($user) {
-     ORM::factory("rest_key")
+     ORM::factory("user_access_token")
      ->where("id", $user->id)
      ->delete_all();
  }
@@ -32,7 +32,7 @@ class rest_event {
   * on every add.
   */
  static function user_add_form_admin_completed($user, $form) {
-    $key = ORM::factory("rest_key");
+    $key = ORM::factory("user_access_token");
    $key->user_id = $user->id;
    $key->access_key = md5($user->name . rand());
    $key->save();
@@ -56,7 +56,7 @@ class rest_event {
   * Get the form fields for user edit
   */
  static function _get_access_key_form($user, $form) {
-    $key = ORM::factory("rest_key")
+    $key = ORM::factory("user_access_token")
      ->where("user_id", $user->id)
      ->find();

@@ -66,7 +66,7 @@ class rest_event {
      $key->save();
    }

-    $form->edit_user->input("access_key")
+    $form->edit_user->input("user_access_token")
      ->value($key->access_key)
      ->readonly("readonly")
      ->class("g-form-static")
--- a/modules/rest/helpers/rest_installer.php
+++ b/modules/rest/helpers/rest_installer.php
@@ -20,7 +20,7 @@
 class rest_installer {
  static function install() {
    Database::instance()
-      ->query("CREATE TABLE {rest_keys} (
+      ->query("CREATE TABLE {user_access_tokens} (
                `id` int(9) NOT NULL auto_increment,
                `user_id` int(9) NOT NULL,
                `access_key` char(32) NOT NULL,
@@ -32,6 +32,6 @@ class rest_installer {
  }

  static function uninstall() {
-    Database::instance()->query("DROP TABLE IF EXISTS {rest_keys}");
+    Database::instance()->query("DROP TABLE IF EXISTS {user_access_tokens}");
  }
 }
--- a/modules/rest/models/user_access_token.php
+++ b/modules/rest/models/user_access_token.php
@@ -17,5 +17,5 @@
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
 */
-class Rest_Key_Model extends ORM {
+class User_Access_Token_Model extends ORM {
 }
--- a/modules/rest/tests/Rest_Controller_Test.php
+++ b/modules/rest/tests/Rest_Controller_Test.php
@@ -21,7 +21,7 @@ class Rest_Controller_Test extends Unit_Test_Case {
  public function setup() {
    $this->_save = array($_GET, $_POST, $_SERVER);
    $this->_user = identity::create_user("access_test", "Access Test", "password");
-    $key = ORM::factory("rest_key");
+    $key = ORM::factory("user_access_token");
    $this->_access_key = $key->access_key = md5($this->_user->name . rand());
    $key->user_id = $this->_user->id;
    $key->save();
@@ -59,7 +59,7 @@ class Rest_Controller_Test extends Unit_Test_Case {
  }

  public function rest_access_key_generated_test() {
-    ORM::factory("rest_key")
+    ORM::factory("user_access_token")
      ->where("access_key", $this->_access_key)
      ->delete();
    $_SERVER["REQUEST_METHOD"] = "POST";
@@ -97,46 +97,46 @@ class Rest_Controller_Test extends Unit_Test_Case {
      $this->_call_controller());
  }

-  public function rest_get_album_no_request_key_test() {
+  public function rest_get_resource_no_request_key_test() {
    $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";

    $_SERVER["REQUEST_METHOD"] = "POST";
-    $_POST["request"] = json_encode(array("path" => "/test_album"));
+    $_POST["request"] = json_encode(array("path" => $this->_path));

    $this->assert_equal(
      json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
      $this->_call_controller("rest"));
  }

-  public function rest_get_album_no_request_content_test() {
+  public function rest_get_resource_no_request_content_test() {
    $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";

    $_SERVER["REQUEST_METHOD"] = "POST";
    $_GET["request_key"] = $this->_access_key;

    $this->assert_equal(
-      json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
+      json_encode(array("status" => "ERROR", "message" => (string)t("Invalid request"))),
      $this->_call_controller("rest"));
  }

-  public function rest_get_album_invalid_key_test() {
+  public function rest_get_resource_invalid_key_test() {
    $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";

    $_SERVER["REQUEST_METHOD"] = "POST";
    $_GET["request_key"] = md5($this->_access_key); // screw up the access key
-    $_POST["request"] = json_encode(array("path" => "/test_album"));
+    $_POST["request"] = json_encode(array("path" => $this->_path));

    $this->assert_equal(
      json_encode(array("status" => "ERROR", "message" => (string)t("Authorization failed"))),
      $this->_call_controller());
  }

-  public function rest_get_album_no_user_for_key_test() {
+  public function rest_get_resource_no_user_for_key_test() {
    $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
    $_SERVER["REQUEST_METHOD"] = "POST";

    $_GET["request_key"] = $this->_access_key;
-    $_POST["request"] = json_encode(array("path" => "/test_album"));
+    $_POST["request"] = json_encode(array("path" => $this->_path));

    $this->_user->delete();
    unset($this->_user);
@@ -146,31 +146,31 @@ class Rest_Controller_Test extends Unit_Test_Case {
      $this->_call_controller("rest"));
  }

-  public function rest_get_album_no_resource_test() {
+  public function rest_get_resource_no_resource_test() {
    $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
    $_SERVER["REQUEST_METHOD"] = "POST";

    $_GET["request_key"] = $this->_access_key;
-    $_POST["request"] = json_encode(array("path" => "/test_album"));
+    $_POST["request"] = json_encode(array("path" => $this->_path));

    $this->assert_equal(
-      json_encode(array("status" => "ERROR", "message" => (string)t("Invalid request parameters"))),
+      json_encode(array("status" => "ERROR", "message" => (string)t("Invalid request"))),
      $this->_call_controller("rest"));
  }

-  public function rest_get_album_no_handler_test() {
+  public function rest_get_resource_no_handler_test() {
    $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
    $_SERVER["REQUEST_METHOD"] = "POST";

    $_GET["request_key"] = $this->_access_key;
-    $_POST["request"] = json_encode(array("path" => "/test_album"));
+    $_POST["request"] = json_encode(array("path" => $this->_path));

    $this->assert_equal(
      json_encode(array("status" => "ERROR", "message" => (string)t("Service not implemented"))),
      $this->_call_controller("rest", "album"));
  }

-  public function rest_get_album_test() {
+  public function rest_get_resource_test() {
    $_SERVER["HTTP_X_HTTP_METHOD_OVERRIDE"] = "GET";
    $_SERVER["REQUEST_METHOD"] = "POST";

@@ -214,7 +214,7 @@ class rest_rest {
    $response["description"] = $item->description;
    $response["internet_address"] = $item->slug;
    $response["type"] = $item->type;
-    return array("status" => "OK", "message" => (string)t("Processed"), "item" => $response);
+    return rest::success(array("item" => $response), t("Processed"));
  }

 }