PageRenderTime 41ms CodeModel.GetById 27ms app.highlight 10ms RepoModel.GetById 0ms app.codeStats 0ms

/api/includes/ringside/api/AbstractRest.php

https://github.com/jkinner/ringside
PHP | 415 lines | 191 code | 48 blank | 176 comment | 30 complexity | 734dc86dd03aadfe7908376e5870d7ff MD5 | raw file
  1<?php
  2/*******************************************************************************
  3 * Ringside Networks, Harnessing the power of social networks.
  4 *
  5 * Copyright 2008 Ringside Networks, Inc., and individual contributors as indicated
  6 * by the @authors tag or express copyright attribution
  7 * statements applied by the authors.  All third-party contributions are
  8 * distributed under license by Ringside Networks, Inc.
  9 *
 10 * This is free software; you can redistribute it and/or modify it
 11 * under the terms of the GNU Lesser General Public License as
 12 * published by the Free Software Foundation; either version 2.1 of
 13 * the License, or (at your option) any later version.
 14 *
 15 * This software is distributed in the hope that it will be useful,
 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 18 * Lesser General Public License for more details.
 19 *
 20 * You should have received a copy of the GNU Lesser General Public
 21 * License along with this software; if not, write to the Free
 22 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 23 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 24 ******************************************************************************/
 25
 26require_once ('ringside/api/db/RingsideApiDbDatabase.php');
 27require_once ('ringside/api/bo/App.php');
 28require_once ('ringside/api/OpenFBAPIException.php');
 29require_once( "ringside/api/ServiceFactory.php" );
 30
 31abstract class Api_AbstractRest
 32{
 33   // Following need to move out to a SESSION wrapper.
 34   const SESSION_ID = 'session_id';
 35   const SESSION_API_KEY = 'api_key';
 36   const SESSION_APP_ID = 'app_id';
 37   const SESSION_USER_ID = 'uid';
 38   const SESSION_NETWORK_ID = 'network_key';
 39   const SESSION_EXPIRES = 'expires';
 40   const SESSION_EXPIRES_VALUE_NEVER = 'never';
 41   const SESSION_CALL_ID = 'call_id';
 42   const SESSION_INFINITE = 'infinite';
 43
 44   // Auth related session values.
 45   const SESSION_APPROVED = 'approved';
 46   const SESSION_TYPE = 'type';
 47   const SESSION_TYPE_VALUE_AUTH = 'auth_token';
 48   const SESSION_TYPE_VALUE_SESS = 'session_key';
 49
 50   /** The paramters for this API. */
 51   private $m_apiParams = array();
 52
 53   /** Hold onto session object for this request */
 54   private $m_session = null;
 55
 56   /** Hold onto the request context */
 57   private $m_context = null;
 58
 59   /** Hold onto the SERVER object */
 60   private $m_server = null;
 61
 62   /**
 63    * Constructor
 64    */
 65   public function __construct()
 66   {
 67
 68   }
 69
 70   public function getAppId()
 71   {
 72      return $this->getSessionValue(self::SESSION_APP_ID);
 73   }
 74
 75   /**
 76    * Get the user id.
 77    *
 78    * @return unknown The user id.
 79    */
 80   public function getUserId()
 81   {
 82      return $this->getSessionValue(self::SESSION_USER_ID);
 83   }
 84
 85   /**
 86    * Get the network id.
 87    *
 88    * @return unknown The user id.
 89    */
 90   public function getNetworkId()
 91   {
 92      $nid = $this->getSessionValue(self::SESSION_NETWORK_ID);
 93      if($nid == null)
 94      {
 95         $nid = $this->m_context->getNetworkKey();
 96      }
 97      return $nid;
 98   }
 99
100   /**
101    * Lifecyle method to inject the context into the REST handler
102    *
103    * @param unknown_type $context
104    */
105   public function _setContext(Api_RequestContext &$context)
106   {
107      $this->m_context = &$context;
108      $this->m_apiParams = &$context->getParameters();
109   }
110
111   public function &getContext()
112   {
113      return $this->m_context;
114   }
115
116   /**
117    * Lifecyle method to inject session into this object.
118    *
119    * @param array $session
120    */
121   public function _setSession(&$session)
122   {
123      $this->m_session = &$session;
124   }
125
126   /**
127    * Return the session object if needed.
128    *
129    * @return SESSION
130    */
131   public function &getSession()
132   {
133      return $this->m_session;
134   }
135
136   /**
137    * Lifecyle initialization to setup the SERVER object.
138    *
139    * @param Api_Server $server
140    */
141   public function _setServer(OpenFBServer &$server)
142   {
143      $this->m_server = $server;
144   }
145
146   /**
147    * Return access to the server object.
148    *
149    * @return Api_Server
150    */
151   public function &getServer()
152   {
153      return $this->m_server;
154   }
155
156   /**
157    * Get the value of a session key for this request, null if session not in context or value not in context;
158    *
159    * @param string $key to look for
160    * @return null if session[key] not available.  value otherwise.
161    * @throws OpenFBAPIException if session is not in context
162    */
163   public function getSessionValue($key)
164   {
165      if(! isset($this->m_session))
166      {
167          return null;
168//         throw new OpenFBAPIException(FB_ERROR_MSG_BUSTED_SESSION, FB_ERROR_CODE_UNKNOWN_ERROR);
169      }else if(isset($this->m_session[$key]))
170      {
171         return $this->m_session[$key];
172      }else
173      {
174         return null;
175      }
176   }
177
178   /**
179    * Set a value in session, if session is in context.
180    *
181    * @param string $key to set
182    * @param mixed $value to set
183    * @return old value if in session already.
184    * @throws OpenFBAPIException is session not in context
185    */
186   public function setSessionValue($key, $value)
187   {
188      $oldValue = $this->getSessionValue($key);
189      $this->m_session[$key] = $value;
190      return $oldValue;
191   }
192
193   /**
194    * Get the paramters for this API.
195    * @return unknown The paramters for this API.
196    */
197   public function &getApiParams()
198   {
199      return $this->m_apiParams;
200   }
201
202   /**
203    * Return a specific param key.
204    *
205    * @param unknown_type $key
206    * @return unknown
207    */
208   public function getApiParam($key, $default = null)
209   {
210      $value = $default;
211      if ( isset($this->m_apiParams[$key]) && !$this->isEmpty($this->m_apiParams[$key])) 
212      {
213         $value = $this->m_apiParams[$key];
214      }
215      return $value;
216   }
217
218   public function getRequiredApiParam($key)
219   {
220      $this->checkRequiredParam($key);
221      return $this->getApiParam($key);
222   }
223
224   /**
225    * Load the session from the session key.
226    */
227   abstract public function loadSession();
228
229   /**
230    * Specific point by which delegation can occur.
231    */
232   abstract public function delegateRequest();
233
234   /**
235    * Validate the session is correct and not expired.
236    */
237   abstract public function validateSession();
238
239   /**
240    * Validate the API Key ([TODO] and load basic APP data?).
241    */
242   abstract public function validateApiKey();
243
244   /**
245    * Validate the SIGNATURE by build MD5 checksum.
246    */
247   abstract public function validateSig();
248
249   /**
250    * Validate the version matches.
251    */
252   abstract public function validateVersion();
253
254   /**
255    * Validate the call_is being incremented on each and every call.
256    */
257   abstract public function validateCallId();
258
259   /**
260    * Validate the request has what it needs
261    */
262   abstract public function validateRequest();
263
264   /**
265    * Execute the REST api.
266    */
267   abstract public function execute();
268
269   /**
270    * Validate that the list of required parameters are defined in the api parameters passed in on
271    * the constructor.
272    *
273    * @param array $requiredParams The list of required parameters
274    *
275    * @throws OpenFBAPIException if any of the required paramters are not set in the
276    *                              api parameters passed in on the constructor.
277    */
278   public function checkRequiredParams($requiredParams)
279   {
280      foreach($requiredParams as $param)
281      {
282         $this->checkRequiredParam($param);
283      }
284
285   }
286
287   /**
288    * Validate a given parameter is avialable and not empty.
289    *
290    * @param string $parameter
291    * @throws OpenFBAPIException if any of the required paramters are not set in the
292    *                              api parameters passed in on the constructor.
293    */
294   public function checkRequiredParam($parameter)
295   {
296      if(! isset($this->m_apiParams[$parameter]) || $this->isEmpty($this->m_apiParams[$parameter]))
297      {
298         throw new OpenFBAPIException("The " . $parameter . " must be specified.", FB_ERROR_CODE_PARAMETER_MISSING);
299      }
300
301   }
302
303   /**
304    * Validate that at least one of the requiredParamSet options is set.
305    *
306    * @param array $requiredParamSet the set of parameters, of which at least one must be provided.
307    * @return boolean whether at least one of the parameters is set; will only return true
308    * @throws OpenFBApiException if none of the required parameters is set.
309    */
310   public function checkOneOfRequiredParams($requiredParamSet)
311   {
312       foreach ( $requiredParamSet as $param )
313       {
314           if ( isset($this->m_apiParams[$param]) && ! $this->isEmpty($this->m_apiParams[$param]))
315           {
316               return true;
317           }
318       }
319       
320       throw new OpenFBAPIException("At least one of '" . join("', '", $requiredParamSet) . "' must be specified.", FB_ERROR_CODE_PARAMETER_MISSING);
321   }
322   
323   /**
324    * If this is a cross app call, one app trying to execute something on another application
325    * validate that the calling application is a DEFAULT enabled application as they should be the
326    * only ones allowed to do this.
327    *
328    * @param integer $aid
329    * @return true
330    * @throws OpenFBApiException if the calling app is not allowed to make the call.
331    */
332   public function checkDefaultApp($aid = null)
333   {
334       // TODO: SECURITY: This disables security on app-to-app requests!
335       return;
336      /*
337       * You can only cross check application information if
338       * the calling application is a default application
339       */
340      $tad = $this->getAppId();
341      
342      error_log("Invoking API as $tad against application $aid");
343      if(($aid == null) || ($aid != $tad))
344      {
345      	$appService = Api_ServiceFactory::create('AppService');
346      	if ( null != $tad ) {
347      	    // If a domain is calling this method, it should work
348          	 $callingApp = $appService->getApp($tad);
349             if (($callingApp == NULL) || (empty($callingApp)))
350             {
351                throw new OpenFBAPIException("Can not load calling application information ($aid,{ $tad })", FB_ERROR_CODE_UNKNOWN_ERROR);
352             }
353             $isDefault = $callingApp['isdefault'];
354             if($isDefault == 0)
355             {
356                 error_log("Application $tad cannot get information on application $aid");
357                throw new OpenFBAPIException(FB_ERROR_MSG_GRAPH_EXCEPTION, FB_ERROR_CODE_GRAPH_EXCEPTION);
358             }
359      	}
360      }
361
362      return true;
363   }
364
365   /**
366    * Start the session object.
367    * TODO: Think about where this really should live.
368    *
369    * @param id The ID of the product.
370    */
371   public function startSession($id = null)
372   {
373      if(! empty($id))
374      {
375         session_id($id);
376      }
377      session_start();
378//      error_log("Session is as follows:");
379//      error_log(var_export($_SESSION, true));
380      $this->m_session = &$_SESSION;
381
382   }
383
384   /**
385    * PHP empty function causes '0', 0, Array(), and FALSE to return true.  These really are not empty
386    * to us, so instead we have our own isEmpty function that only returns true if the variable is
387    * ""
388    * null
389    * !isset($var); such as var $var;  declared, but not value associated with it.
390    *
391    * @param mixed $var
392    * @return bool
393    */
394   public static function isEmpty($var)
395   {
396      if(! isset($var) || is_null($var))
397      {
398         return true;
399      }
400
401      if(is_string($var) && strlen(rtrim($var)) == 0)
402      {
403         return true;
404      }
405
406      if(is_array($var) && count($var) == 0)
407      {
408         return true;
409      }
410
411      return false;
412   }
413
414}
415?>