From 9dc5dbe3b6eacae5ea8dc335304edf7007d2ab57 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Sun, 5 Jan 2014 19:33:52 +0100 Subject: cookie-0005-API-add-getApiKey.patch --- includes/controller/api.php | 127 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 103 insertions(+), 24 deletions(-) (limited to 'includes/controller/api.php') diff --git a/includes/controller/api.php b/includes/controller/api.php index 07a389b1..0e77f5a0 100644 --- a/includes/controller/api.php +++ b/includes/controller/api.php @@ -16,16 +16,27 @@ Testing API calls (using curl): $ curl -d '{"key":"","cmd":"getVersion"}' '
/?p=api' -Methods: --------- +Methods without key: +-------------------- getVersion Description: Returns API version. Parameters: nothing Return Example: - {"version": "1"} + {"status":"success","version": "1"} + +getApiKey + Description: + Returns API Key version. + Parameters: + user (string) + pw (string) + Return Example: + {"status":"success","Key":"1234567890123456789012"} +Methods with Key: +----------------- getRoom Description: Returns a list of all Rooms (no id set) or details of a single Room (requested id) @@ -66,7 +77,9 @@ getShift 3 occupied and free Return Example: [{"SID":"1"},{"SID":"2"},{"SID":"3"}] - {"SID":"1","start":"1388185200","end":"1388199600","RID":"1","name":"Shift 1","URL":null,"PSID":null} + {"SID":"10","start":"1388264400","end":"1388271600","RID":"1","name":"Shift 1","URL":null,"PSID":null,\ + "ShiftEntry":[{"TID":"8","UID":"4","freeloaded":"0"}], + "NeedAngels":[{"TID":"8","count":"1","restricted":"0","taken":1},{"TID":"9","count":"2","restricted":"0","taken":0}]} getMessage Description: @@ -87,37 +100,51 @@ getMessage function api_controller() { global $DataJson, $_REQUEST; + header("Content-Type: application/json; charset=utf-8"); + // decode JSON request $input = file_get_contents("php://input"); $input = json_decode($input, true); $_REQUEST = $input; + // get command + $cmd=''; + if (isset($_REQUEST['cmd']) ) + $cmd = strtolower( $_REQUEST['cmd']); + + // decode commands, without key + switch( $cmd) { + case 'getversion': + getVersion(); + die( json_encode($DataJson)); + break; + case 'getapikey': + getApiKey(); + die( json_encode($DataJson)); + break; + } + // get API KEY if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}$/", $_REQUEST['key'])) $key = $_REQUEST['key']; else - die("Missing key."); - + die( json_encode( array ( + 'status' => 'failed', + 'error' => 'Missing parameter "key".' ))); + // check API key $user = User_by_api_key($key); if ($user === false) - die("Unable to find user."); + die( json_encode( array ( + 'status' => 'failed', + 'error' => 'Unable to find user' ))); if ($user == null) - die("Key invalid."); - - // get command - $cmd=''; - if (isset($_REQUEST['cmd']) ) - $cmd = strtolower( $_REQUEST['cmd']); + die( json_encode( array ( + 'status' => 'failed', + 'error' => 'Key invalid.' ))); // decode command switch( $cmd) { - case 'echo': - $DataJson = $input; - break; - case 'getversion': - getVersion(); - break; case 'getroom': getRoom(); break; @@ -134,11 +161,18 @@ function api_controller() { getMessage(); break; default: - die("Unknown Command (". $cmd. ")"); + $DataJson = array ( + 'status' => 'failed', + 'error' => 'Unknown Command "'. $cmd. '"' ); + } + + // check + if( $DataJson === false) { + $DataJson = array ( + 'status' => 'failed', + 'error' => 'DataJson === false' ); } - - header("Content-Type: application/json; charset=utf-8"); echo json_encode($DataJson); die(); } @@ -148,9 +182,54 @@ function api_controller() { */ function getVersion(){ global $DataJson; - $DataJson['Version'] = 1; + + $DataJson = array( + 'status' => 'success', + 'Version' => 1); } + +/** + * Get API Key + */ +function getApiKey(){ + global $DataJson, $_REQUEST; + + if (!isset($_REQUEST['user']) ) { + $DataJson = array ( + 'status' => 'failed', + 'error' => 'Missing parameter "user".' ); + } + elseif (!isset($_REQUEST['pw']) ) { + $DataJson = array ( + 'status' => 'failed', + 'error' => 'Missing parameter "pw".' ); + } else { + $Erg = sql_select( "SELECT `UID`, `Passwort`, `api_key` FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST['user']) . "'"); + + if (count($Erg) == 1) { + $Erg = $Erg[0]; + if (verify_password( $_REQUEST['pw'], $Erg["Passwort"], $Erg["UID"])) { + $key = $Erg["api_key"]; + $DataJson = array( + 'status' => 'success', + 'Key' => $key); + } else { + $DataJson = array ( + 'status' => 'failed', + 'error' => 'PW wrong' ); + } + } else { + $DataJson = array ( + 'status' => 'failed', + 'error' => 'User not found.' ); + } + } + + sleep(1); +} + + /** * Get Room */ @@ -216,4 +295,4 @@ function getMessage(){ } } -?> +?> \ No newline at end of file -- cgit v1.2.3-54-g00ecf