PageRenderTime 31ms CodeModel.GetById 12ms RepoModel.GetById 0ms app.codeStats 0ms

/application/config/rest.php

https://gitlab.com/bandana/Astro-Veda
PHP | 461 lines | 31 code | 36 blank | 394 comment | 0 complexity | 65677efe156185f5e2105760d3e2b699 MD5 | raw file
    

  1. <?php defined('BASEPATH') OR exit('No direct script access allowed');
    2. 

  2. 

  3. /*
    4. 

  4. |--------------------------------------------------------------------------
    5. 

  5. | HTTP protocol
    6. 

  6. |--------------------------------------------------------------------------
    7. 

  7. |
    8. 

  8. | Should the service accept only HTTPS requests or not?
    9. 

  9. |
    10. 

  10. |	Default: FALSE
    11. 

  11. |
    12. 

  12. */
    13. 

  13. $config['force_https'] = FALSE;
    14. 

  14. 

  15. /*
    16. 

  16. |--------------------------------------------------------------------------
    17. 

  17. | REST Format
    18. 

  18. |--------------------------------------------------------------------------
    19. 

  19. |
    20. 

  20. | What format should the data be returned in by default?
    21. 

  21. |
    22. 

  22. |	Default: xml
    23. 

  23. |
    24. 

  24. */
    25. 

  25. $config['rest_default_format'] = 'xml';
    26. 

  26. 

  27. /*
    28. 

  28. |--------------------------------------------------------------------------
    29. 

  29. | REST Status field name
    30. 

  30. |--------------------------------------------------------------------------
    31. 

  31. |
    32. 

  32. | The field name for the status of the response
    33. 

  33. |
    34. 

  34. |	'status'
    35. 

  35. |
    36. 

  36. */
    37. 

  37. $config['rest_status_field_name'] = 'status';
    38. 

  38. 

  39. /*
    40. 

  40. |--------------------------------------------------------------------------
    41. 

  41. | REST message field name
    42. 

  42. |--------------------------------------------------------------------------
    43. 

  43. |
    44. 

  44. | The field name for the message inside the response
    45. 

  45. |
    46. 

  46. |	'error'
    47. 

  47. |
    48. 

  48. */
    49. 

  49. $config['rest_message_field_name'] = 'error';
    50. 

  50. 

  51. /*
    52. 

  52. |--------------------------------------------------------------------------
    53. 

  53. | Enable emulate request
    54. 

  54. |--------------------------------------------------------------------------
    55. 

  55. |
    56. 

  56. | Should we enable emulation of the request (e.g. used in Mootools request)?
    57. 

  57. |
    58. 

  58. |	Default: TRUE
    59. 

  59. |
    60. 

  60. */
    61. 

  61. $config['enable_emulate_request'] = TRUE;
    62. 

  62. 

  63. 

  64. /*
    65. 

  65. |--------------------------------------------------------------------------
    66. 

  66. | REST Realm
    67. 

  67. |--------------------------------------------------------------------------
    68. 

  68. |
    69. 

  69. | Name for the password protected REST API displayed on login dialogs
    70. 

  70. |
    71. 

  71. |	E.g: My Secret REST API
    72. 

  72. |
    73. 

  73. */
    74. 

  74. $config['rest_realm'] = 'REST API';
    75. 

  75. 

  76. /*
    77. 

  77. |--------------------------------------------------------------------------
    78. 

  78. | REST Login
    79. 

  79. |--------------------------------------------------------------------------
    80. 

  80. |
    81. 

  81. | Is login required and if so, which type of login?
    82. 

  82. |
    83. 

  83. |	'' = no login required, 'basic' = unsecure login, 'digest' = more secure login,
    84. 

  84. |	'session' = check for PHP session variable. Set variable name below.
    85. 

  85. |
    86. 

  86. */
    87. 

  87. $config['rest_auth'] = false;
    88. 

  88. 

  89. /*
    90. 

  90. |--------------------------------------------------------------------------
    91. 

  91. | REST Login
    92. 

  92. |--------------------------------------------------------------------------
    93. 

  93. |
    94. 

  94. | Is login required and if so, which user store do we use?
    95. 

  95. |
    96. 

  96. |	'' = use config based users, 'ldap' = use LDAP authencation, 'library' = use a authentication library
    97. 

  97. |	If 'rest_auth' is 'session' then set 'auth_source' to the name of the session variable to check for.
    98. 

  98. |
    99. 

  99. */
    100. 

  100. 

  101. //change this to '' for wildcard unit test
    102. 

  102. $config['auth_source'] = 'ldap';
    103. 

  103. 

  104. /*
    105. 

  105. |--------------------------------------------------------------------------
    106. 

  106. | REST Login
    107. 

  107. |--------------------------------------------------------------------------
    108. 

  108. |
    109. 

  109. | If library authentication is used define the class and function name here
    110. 

  110. |
    111. 

  111. | The function should accept two parameters: class->function($username, $password)
    112. 

  112. | In other cases override the function _perform_library_auth in your controller
    113. 

  113. |
    114. 

  114. | For digest authentication the library function should return already stored md5(username:restrealm:password) for that username
    115. 

  115. |	E.g: md5('admin:REST API:1234') = '1e957ebc35631ab22d5bd6526bd14ea2'
    116. 

  116. |
    117. 

  117. */
    118. 

  118. $config['auth_library_class'] = '';
    119. 

  119. $config['auth_library_function'] = '';
    120. 

  120. 

  121. /*
    122. 

  122. |--------------------------------------------------------------------------
    123. 

  123. | Override auth types for specific class/method
    124. 

  124. |--------------------------------------------------------------------------
    125. 

  125. |
    126. 

  126. | Set specific authentication types for methods within a class (controller)
    127. 

  127. |
    128. 

  128. | Set as many config entries as needed.  Any methods not set will use the default 'rest_auth' config value.
    129. 

  129. |
    130. 

  130. | example:
    131. 

  131. |
    132. 

  132. |			$config['auth_override_class_method']['deals']['view'] = 'none';
    133. 

  133. |			$config['auth_override_class_method']['deals']['insert'] = 'digest';
    134. 

  134. |			$config['auth_override_class_method']['accounts']['user'] = 'basic';
    135. 

  135. |			$config['auth_override_class_method']['dashboard']['*'] = 'none|digest|basic';
    136. 

  136. |
    137. 

  137. | Here 'deals', 'accounts' and 'dashboard' are controller names, 'view', 'insert' and 'user' are methods within. An asterisk may also be used to specify an authentication method for an entire classes methods. Ex: $config['auth_override_class_method']['dashboard']['*'] = 'basic'; (NOTE: leave off the '_get' or '_post' from the end of the method name)
    138. 

  138. | Acceptable values are; 'none', 'digest' and 'basic'.
    139. 

  139. |
    140. 

  140. */
    141. 

  141. // $config['auth_override_class_method']['deals']['view'] = 'none';
    142. 

  142. // $config['auth_override_class_method']['deals']['insert'] = 'digest';
    143. 

  143. // $config['auth_override_class_method']['accounts']['user'] = 'basic';
    144. 

  144. // $config['auth_override_class_method']['dashboard']['*'] = 'basic';
    145. 

  145. 

  146. 

  147. //---Uncomment list line for the wildard unit test
    148. 

  148. //$config['auth_override_class_method']['wildcard_test_cases']['*'] = 'basic';
    149. 

  149. /*
    150. 

  150. |--------------------------------------------------------------------------
    151. 

  151. | REST Login usernames
    152. 

  152. |--------------------------------------------------------------------------
    153. 

  153. |
    154. 

  154. | Array of usernames and passwords for login, if ldap is configured this is ignored
    155. 

  155. |
    156. 

  156. |	array('admin' => '1234')
    157. 

  157. |
    158. 

  158. */
    159. 

  159. $config['rest_valid_logins'] = array('admin' => '1234');
    160. 

  160. 

  161. /*
    162. 

  162. |--------------------------------------------------------------------------
    163. 

  163. | Global IP Whitelisting
    164. 

  164. |--------------------------------------------------------------------------
    165. 

  165. |
    166. 

  166. | Limit connections to your REST server to whitelisted IP addresses.
    167. 

  167. |
    168. 

  168. | Usage:
    169. 

  169. | 1. Set to true *and* select an auth option for extreme security (client's IP
    170. 

  170. |	 address must be in whitelist and they must also log in)
    171. 

  171. | 2. Set to true with auth set to false to allow whitelisted IPs access with no login.
    172. 

  172. | 3. Set to false here but set 'auth_override_class_method' to 'whitelist' to
    173. 

  173. |	 restrict certain methods to IPs in your whitelist
    174. 

  174. |
    175. 

  175. */
    176. 

  176. $config['rest_ip_whitelist_enabled'] = false;
    177. 

  177. 

  178. /*
    179. 

  179. |--------------------------------------------------------------------------
    180. 

  180. | REST IP Whitelist
    181. 

  181. |--------------------------------------------------------------------------
    182. 

  182. |
    183. 

  183. | Limit connections to your REST server to a comma separated
    184. 

  184. | list of IP addresses
    185. 

  185. |
    186. 

  186. | Example: $config['rest_ip_whitelist'] = '123.456.789.0, 987.654.32.1';
    187. 

  187. |
    188. 

  188. | 127.0.0.1 and 0.0.0.0 are allowed by default.
    189. 

  189. |
    190. 

  190. */
    191. 

  191. $config['rest_ip_whitelist'] = '';
    192. 

  192. 

  193. /*
    194. 

  194. |--------------------------------------------------------------------------
    195. 

  195. | Global IP Blacklisting
    196. 

  196. |--------------------------------------------------------------------------
    197. 

  197. |
    198. 

  198. | Prevent connections to your REST server from blacklisted IP addresses.
    199. 

  199. |
    200. 

  200. | Usage:
    201. 

  201. | 1. Set to true *and* add any IP address to "rest_ip_blacklist" option
    202. 

  202. |
    203. 

  203. */
    204. 

  204. $config['rest_ip_blacklist_enabled'] = false;
    205. 

  205. 

  206. /*
    207. 

  207. |--------------------------------------------------------------------------
    208. 

  208. | REST IP Blacklist
    209. 

  209. |--------------------------------------------------------------------------
    210. 

  210. |
    211. 

  211. | Block connections from these IP addresses.
    212. 

  212. |
    213. 

  213. | Example: $config['rest_ip_blacklist'] = '123.456.789.0, 987.654.32.1';
    214. 

  214. |
    215. 

  215. |
    216. 

  216. */
    217. 

  217. $config['rest_ip_blacklist'] = '';
    218. 

  218. 

  219. /*
    220. 

  220. |--------------------------------------------------------------------------
    221. 

  221. | REST Database Group
    222. 

  222. |--------------------------------------------------------------------------
    223. 

  223. |
    224. 

  224. | Connect to a database group for keys, logging, etc. It will only connect
    225. 

  225. | if you have any of these features enabled.
    226. 

  226. |
    227. 

  227. |	'default'
    228. 

  228. |
    229. 

  229. */
    230. 

  230. $config['rest_database_group'] = 'default';
    231. 

  231. 

  232. /*
    233. 

  233. |--------------------------------------------------------------------------
    234. 

  234. | REST API Keys Table Name
    235. 

  235. |--------------------------------------------------------------------------
    236. 

  236. |
    237. 

  237. | The table name in your database that stores API Keys.
    238. 

  238. |
    239. 

  239. |	'keys'
    240. 

  240. |
    241. 

  241. */
    242. 

  242. $config['rest_keys_table'] = 'keys';
    243. 

  243. 

  244. /*
    245. 

  245. |--------------------------------------------------------------------------
    246. 

  246. | REST Enable Keys
    247. 

  247. |--------------------------------------------------------------------------
    248. 

  248. |
    249. 

  249. | When set to true REST_Controller will look for a key and match it to the DB.
    250. 

  250. | If no key is provided, the request will return an error.
    251. 

  251. |
    252. 

  252. |	FALSE
    253. 

    254. 

  254. 	CREATE TABLE `keys` (
    255. 

  255. 	  `id` int(11) NOT NULL AUTO_INCREMENT,
    256. 

  256. 	  `key` varchar(40) NOT NULL,
    257. 

  257. 	  `level` int(2) NOT NULL,
    258. 

  258. 	  `ignore_limits` tinyint(1) NOT NULL DEFAULT '0',
    259. 

  259. 	  `is_private_key` tinyint(1)  NOT NULL DEFAULT '0',
    260. 

  260. 	  `ip_addresses` TEXT NULL DEFAULT NULL,
    261. 

  261. 	  `date_created` int(11) NOT NULL,
    262. 

  262. 	  PRIMARY KEY (`id`)
    263. 

  263. 	) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    264. 

  264. |
    265. 

  265. */
    266. 

  266. $config['rest_enable_keys'] = FALSE;
    267. 

  267. 

  268. /*
    269. 

  269. |--------------------------------------------------------------------------
    270. 

  270. | REST Table Key Column Name
    271. 

  271. |--------------------------------------------------------------------------
    272. 

  272. |
    273. 

  273. | If you are not using the default table schema as shown above, what is the
    274. 

  274. | name of the db column that holds the api key value?
    275. 

  275. |
    276. 

  276. */
    277. 

  277. $config['rest_key_column'] = 'key';
    278. 

  278. 

  279. /*
    280. 

  280. |--------------------------------------------------------------------------
    281. 

  281. | REST Key Length
    282. 

  282. |--------------------------------------------------------------------------
    283. 

  283. |
    284. 

  284. | How long should created keys be? Double check this in your db schema.
    285. 

  285. |
    286. 

  286. |	Default: 32
    287. 

  287. |	Max: 40
    288. 

  288. |
    289. 

  289. */
    290. 

  290. $config['rest_key_length'] = 40;
    291. 

  291. 

  292. /*
    293. 

  293. |--------------------------------------------------------------------------
    294. 

  294. | REST API Key Variable
    295. 

  295. |--------------------------------------------------------------------------
    296. 

  296. |
    297. 

  297. | Which variable will provide us the API Key
    298. 

  298. |
    299. 

  299. | Default: X-API-KEY
    300. 

  300. |
    301. 

  301. */
    302. 

  302. $config['rest_key_name'] = 'X-API-KEY';
    303. 

  303. 

  304. /*
    305. 

  305. |--------------------------------------------------------------------------
    306. 

  306. | REST API Logs Table Name
    307. 

  307. |--------------------------------------------------------------------------
    308. 

  308. |
    309. 

  309. | The table name in your database that stores logs.
    310. 

  310. |
    311. 

  311. |	'logs'
    312. 

  312. |
    313. 

  313. */
    314. 

  314. $config['rest_logs_table'] = 'logs';
    315. 

  315. 

  316. /*
    317. 

  317. |--------------------------------------------------------------------------
    318. 

  318. | REST Enable Logging
    319. 

  319. |--------------------------------------------------------------------------
    320. 

  320. |
    321. 

  321. | When set to true REST_Controller will log actions based on key, date,
    322. 

  322. | time and IP address. This is a general rule that can be overridden in the
    323. 

  323. | $this->method array in each controller.
    324. 

  324. |
    325. 

  325. |	FALSE
    326. 

  326. |
    327. 

  327. 	CREATE TABLE `logs` (
    328. 

  328. 	  `id` int(11) NOT NULL AUTO_INCREMENT,
    329. 

  329. 	  `uri` varchar(255) NOT NULL,
    330. 

  330. 	  `method` varchar(6) NOT NULL,
    331. 

  331. 	  `params` text DEFAULT NULL,
    332. 

  332. 	  `api_key` varchar(40) NOT NULL,
    333. 

  333. 	  `ip_address` varchar(45) NOT NULL,
    334. 

  334. 	  `time` int(11) NOT NULL,
    335. 

  335. 	  `rtime` float DEFAULT NULL,
    336. 

  336. 	  `authorized` tinyint(1) NOT NULL,
    337. 

  337. 	  PRIMARY KEY (`id`)
    338. 

  338. 	) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    339. 

  339. |
    340. 

  340. */
    341. 

  341. $config['rest_enable_logging'] = FALSE;
    342. 

  342. 

  343. 

  344. /*
    345. 

  345. |--------------------------------------------------------------------------
    346. 

  346. | REST API Access Table Name
    347. 

  347. |--------------------------------------------------------------------------
    348. 

  348. |
    349. 

  349. | The table name in your database that stores the access controls.
    350. 

  350. |
    351. 

  351. |	'access'
    352. 

  352. |
    353. 

  353. */
    354. 

  354. $config['rest_access_table'] = 'access';
    355. 

  355. 

  356. /*
    357. 

  357. |--------------------------------------------------------------------------
    358. 

  358. | REST Method Access Control 
    359. 

  359. |--------------------------------------------------------------------------
    360. 

  360. |
    361. 

  361. | When set to true REST_Controller will check the access table to see if 
    362. 

  362. | the API KEY can access that controller.  rest_enable_keys *must* be enabled
    363. 

  363. | to use this. 
    364. 

  364. |
    365. 

  365. |	FALSE
    366. 

  366. |
    367. 

  367. CREATE TABLE `access` (
    368. 

  368.   `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
    369. 

  369.   `key` varchar(40) NOT NULL DEFAULT '',
    370. 

  370.   `controller` varchar(50) NOT NULL DEFAULT '',
    371. 

  371.   `date_created` datetime DEFAULT NULL,
    372. 

  372.   `date_modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
    373. 

  373.   PRIMARY KEY (`id`)
    374. 

  374. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    375. 

  375. |
    376. 

  376. */
    377. 

  377. $config['rest_enable_access'] = FALSE;
    378. 

  378. 

  379. 

  380. /*
    381. 

  381. |--------------------------------------------------------------------------
    382. 

  382. | REST API Param Log Format
    383. 

  383. |--------------------------------------------------------------------------
    384. 

  384. |
    385. 

  385. | When set to true API log params will be stored in the database as JSON,
    386. 

  386. | when false they will be php serialized.
    387. 

  387. |
    388. 

  388. */
    389. 

  389. $config['rest_logs_json_params'] = FALSE;
    390. 

  390. 

  391. /*
    392. 

  392. |--------------------------------------------------------------------------
    393. 

  393. | REST API Limits Table Name
    394. 

  394. |--------------------------------------------------------------------------
    395. 

  395. |
    396. 

  396. | The table name in your database that stores limits.
    397. 

  397. |
    398. 

  398. |	'limits'
    399. 

  399. |
    400. 

  400. */
    401. 

  401. $config['rest_limits_table'] = 'limits';
    402. 

  402. 

  403. /*
    404. 

  404. |--------------------------------------------------------------------------
    405. 

  405. | REST Enable Limits
    406. 

  406. |--------------------------------------------------------------------------
    407. 

  407. |
    408. 

  408. | When set to true REST_Controller will count the number of uses of each method
    409. 

  409. | by an API key each hour. This is a general rule that can be overridden in the
    410. 

  410. | $this->method array in each controller.
    411. 

  411. |
    412. 

  412. |	FALSE
    413. 

  413. |
    414. 

  414. 	CREATE TABLE `limits` (
    415. 

  415. 	  `id` int(11) NOT NULL AUTO_INCREMENT,
    416. 

  416. 	  `uri` varchar(255) NOT NULL,
    417. 

  417. 	  `count` int(10) NOT NULL,
    418. 

  418. 	  `hour_started` int(11) NOT NULL,
    419. 

  419. 	  `api_key` varchar(40) NOT NULL,
    420. 

  420. 	  PRIMARY KEY (`id`)
    421. 

  421. 	) ENGINE=InnoDB DEFAULT CHARSET=utf8;
    422. 

  422. |
    423. 

  423. | To specify limits, within your Controller __construct() method add per-method 
    424. 

  424. | limits with:
    425. 

    426. 

  426.  $this->method['METHOD_NAME']['limit'] = [NUM_REQUESTS_PER_HOUR];
    427. 

  427.  
    428. 

  428. | See application/controllers/api/example.php for examples. 
    429. 

  429. */
    430. 

  430. $config['rest_enable_limits'] = FALSE;
    431. 

  431. 

  432. /*
    433. 

  433. |--------------------------------------------------------------------------
    434. 

  434. | REST Ignore HTTP Accept
    435. 

  435. |--------------------------------------------------------------------------
    436. 

  436. |
    437. 

  437. | Set to TRUE to ignore the HTTP Accept and speed up each request a little.
    438. 

  438. | Only do this if you are using the $this->rest_format or /format/xml in URLs
    439. 

  439. |
    440. 

  440. |	FALSE
    441. 

  441. |
    442. 

  442. */
    443. 

  443. $config['rest_ignore_http_accept'] = FALSE;
    444. 

  444. 

  445. /*
    446. 

  446. |--------------------------------------------------------------------------
    447. 

  447. | REST AJAX Only
    448. 

  448. |--------------------------------------------------------------------------
    449. 

  449. |
    450. 

  450. | Set to TRUE to only allow AJAX requests. If TRUE and the request is not
    451. 

  451. | coming from AJAX, a 505 response with the error message "Only AJAX
    452. 

  452. | requests are accepted." will be returned. This is good for production
    453. 

  453. | environments. Set to FALSE to also accept HTTP requests.
    454. 

  454. |
    455. 

  455. |	FALSE
    456. 

  456. |
    457. 

  457. */
    458. 

  458. $config['rest_ajax_only'] = FALSE;
    459. 

  459. 

  460. /* End of file config.php */
    461. 

  461. /* Location: ./system/application/config/rest.php */
    462. 

  462.