PageRenderTime 101ms CodeModel.GetById 25ms RepoModel.GetById 0ms app.codeStats 0ms

/application/config/rest.php

https://gitlab.com/bandana/Astro-Veda
PHP | 461 lines | 31 code | 36 blank | 394 comment | 0 complexity | 65677efe156185f5e2105760d3e2b699 MD5 | raw file
  1. <?php defined('BASEPATH') OR exit('No direct script access allowed');
  2. /*
  3. |--------------------------------------------------------------------------
  4. | HTTP protocol
  5. |--------------------------------------------------------------------------
  6. |
  7. | Should the service accept only HTTPS requests or not?
  8. |
  9. | Default: FALSE
  10. |
  11. */
  12. $config['force_https'] = FALSE;
  13. /*
  14. |--------------------------------------------------------------------------
  15. | REST Format
  16. |--------------------------------------------------------------------------
  17. |
  18. | What format should the data be returned in by default?
  19. |
  20. | Default: xml
  21. |
  22. */
  23. $config['rest_default_format'] = 'xml';
  24. /*
  25. |--------------------------------------------------------------------------
  26. | REST Status field name
  27. |--------------------------------------------------------------------------
  28. |
  29. | The field name for the status of the response
  30. |
  31. | 'status'
  32. |
  33. */
  34. $config['rest_status_field_name'] = 'status';
  35. /*
  36. |--------------------------------------------------------------------------
  37. | REST message field name
  38. |--------------------------------------------------------------------------
  39. |
  40. | The field name for the message inside the response
  41. |
  42. | 'error'
  43. |
  44. */
  45. $config['rest_message_field_name'] = 'error';
  46. /*
  47. |--------------------------------------------------------------------------
  48. | Enable emulate request
  49. |--------------------------------------------------------------------------
  50. |
  51. | Should we enable emulation of the request (e.g. used in Mootools request)?
  52. |
  53. | Default: TRUE
  54. |
  55. */
  56. $config['enable_emulate_request'] = TRUE;
  57. /*
  58. |--------------------------------------------------------------------------
  59. | REST Realm
  60. |--------------------------------------------------------------------------
  61. |
  62. | Name for the password protected REST API displayed on login dialogs
  63. |
  64. | E.g: My Secret REST API
  65. |
  66. */
  67. $config['rest_realm'] = 'REST API';
  68. /*
  69. |--------------------------------------------------------------------------
  70. | REST Login
  71. |--------------------------------------------------------------------------
  72. |
  73. | Is login required and if so, which type of login?
  74. |
  75. | '' = no login required, 'basic' = unsecure login, 'digest' = more secure login,
  76. | 'session' = check for PHP session variable. Set variable name below.
  77. |
  78. */
  79. $config['rest_auth'] = false;
  80. /*
  81. |--------------------------------------------------------------------------
  82. | REST Login
  83. |--------------------------------------------------------------------------
  84. |
  85. | Is login required and if so, which user store do we use?
  86. |
  87. | '' = use config based users, 'ldap' = use LDAP authencation, 'library' = use a authentication library
  88. | If 'rest_auth' is 'session' then set 'auth_source' to the name of the session variable to check for.
  89. |
  90. */
  91. //change this to '' for wildcard unit test
  92. $config['auth_source'] = 'ldap';
  93. /*
  94. |--------------------------------------------------------------------------
  95. | REST Login
  96. |--------------------------------------------------------------------------
  97. |
  98. | If library authentication is used define the class and function name here
  99. |
  100. | The function should accept two parameters: class->function($username, $password)
  101. | In other cases override the function _perform_library_auth in your controller
  102. |
  103. | For digest authentication the library function should return already stored md5(username:restrealm:password) for that username
  104. | E.g: md5('admin:REST API:1234') = '1e957ebc35631ab22d5bd6526bd14ea2'
  105. |
  106. */
  107. $config['auth_library_class'] = '';
  108. $config['auth_library_function'] = '';
  109. /*
  110. |--------------------------------------------------------------------------
  111. | Override auth types for specific class/method
  112. |--------------------------------------------------------------------------
  113. |
  114. | Set specific authentication types for methods within a class (controller)
  115. |
  116. | Set as many config entries as needed. Any methods not set will use the default 'rest_auth' config value.
  117. |
  118. | example:
  119. |
  120. | $config['auth_override_class_method']['deals']['view'] = 'none';
  121. | $config['auth_override_class_method']['deals']['insert'] = 'digest';
  122. | $config['auth_override_class_method']['accounts']['user'] = 'basic';
  123. | $config['auth_override_class_method']['dashboard']['*'] = 'none|digest|basic';
  124. |
  125. | Here 'deals', 'accounts' and 'dashboard' are controller names, 'view', 'insert' and 'user' are methods within. An asterisk may also be used to specify an authentication method for an entire classes methods. Ex: $config['auth_override_class_method']['dashboard']['*'] = 'basic'; (NOTE: leave off the '_get' or '_post' from the end of the method name)
  126. | Acceptable values are; 'none', 'digest' and 'basic'.
  127. |
  128. */
  129. // $config['auth_override_class_method']['deals']['view'] = 'none';
  130. // $config['auth_override_class_method']['deals']['insert'] = 'digest';
  131. // $config['auth_override_class_method']['accounts']['user'] = 'basic';
  132. // $config['auth_override_class_method']['dashboard']['*'] = 'basic';
  133. //---Uncomment list line for the wildard unit test
  134. //$config['auth_override_class_method']['wildcard_test_cases']['*'] = 'basic';
  135. /*
  136. |--------------------------------------------------------------------------
  137. | REST Login usernames
  138. |--------------------------------------------------------------------------
  139. |
  140. | Array of usernames and passwords for login, if ldap is configured this is ignored
  141. |
  142. | array('admin' => '1234')
  143. |
  144. */
  145. $config['rest_valid_logins'] = array('admin' => '1234');
  146. /*
  147. |--------------------------------------------------------------------------
  148. | Global IP Whitelisting
  149. |--------------------------------------------------------------------------
  150. |
  151. | Limit connections to your REST server to whitelisted IP addresses.
  152. |
  153. | Usage:
  154. | 1. Set to true *and* select an auth option for extreme security (client's IP
  155. | address must be in whitelist and they must also log in)
  156. | 2. Set to true with auth set to false to allow whitelisted IPs access with no login.
  157. | 3. Set to false here but set 'auth_override_class_method' to 'whitelist' to
  158. | restrict certain methods to IPs in your whitelist
  159. |
  160. */
  161. $config['rest_ip_whitelist_enabled'] = false;
  162. /*
  163. |--------------------------------------------------------------------------
  164. | REST IP Whitelist
  165. |--------------------------------------------------------------------------
  166. |
  167. | Limit connections to your REST server to a comma separated
  168. | list of IP addresses
  169. |
  170. | Example: $config['rest_ip_whitelist'] = '123.456.789.0, 987.654.32.1';
  171. |
  172. | 127.0.0.1 and 0.0.0.0 are allowed by default.
  173. |
  174. */
  175. $config['rest_ip_whitelist'] = '';
  176. /*
  177. |--------------------------------------------------------------------------
  178. | Global IP Blacklisting
  179. |--------------------------------------------------------------------------
  180. |
  181. | Prevent connections to your REST server from blacklisted IP addresses.
  182. |
  183. | Usage:
  184. | 1. Set to true *and* add any IP address to "rest_ip_blacklist" option
  185. |
  186. */
  187. $config['rest_ip_blacklist_enabled'] = false;
  188. /*
  189. |--------------------------------------------------------------------------
  190. | REST IP Blacklist
  191. |--------------------------------------------------------------------------
  192. |
  193. | Block connections from these IP addresses.
  194. |
  195. | Example: $config['rest_ip_blacklist'] = '123.456.789.0, 987.654.32.1';
  196. |
  197. |
  198. */
  199. $config['rest_ip_blacklist'] = '';
  200. /*
  201. |--------------------------------------------------------------------------
  202. | REST Database Group
  203. |--------------------------------------------------------------------------
  204. |
  205. | Connect to a database group for keys, logging, etc. It will only connect
  206. | if you have any of these features enabled.
  207. |
  208. | 'default'
  209. |
  210. */
  211. $config['rest_database_group'] = 'default';
  212. /*
  213. |--------------------------------------------------------------------------
  214. | REST API Keys Table Name
  215. |--------------------------------------------------------------------------
  216. |
  217. | The table name in your database that stores API Keys.
  218. |
  219. | 'keys'
  220. |
  221. */
  222. $config['rest_keys_table'] = 'keys';
  223. /*
  224. |--------------------------------------------------------------------------
  225. | REST Enable Keys
  226. |--------------------------------------------------------------------------
  227. |
  228. | When set to true REST_Controller will look for a key and match it to the DB.
  229. | If no key is provided, the request will return an error.
  230. |
  231. | FALSE
  232. CREATE TABLE `keys` (
  233. `id` int(11) NOT NULL AUTO_INCREMENT,
  234. `key` varchar(40) NOT NULL,
  235. `level` int(2) NOT NULL,
  236. `ignore_limits` tinyint(1) NOT NULL DEFAULT '0',
  237. `is_private_key` tinyint(1) NOT NULL DEFAULT '0',
  238. `ip_addresses` TEXT NULL DEFAULT NULL,
  239. `date_created` int(11) NOT NULL,
  240. PRIMARY KEY (`id`)
  241. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  242. |
  243. */
  244. $config['rest_enable_keys'] = FALSE;
  245. /*
  246. |--------------------------------------------------------------------------
  247. | REST Table Key Column Name
  248. |--------------------------------------------------------------------------
  249. |
  250. | If you are not using the default table schema as shown above, what is the
  251. | name of the db column that holds the api key value?
  252. |
  253. */
  254. $config['rest_key_column'] = 'key';
  255. /*
  256. |--------------------------------------------------------------------------
  257. | REST Key Length
  258. |--------------------------------------------------------------------------
  259. |
  260. | How long should created keys be? Double check this in your db schema.
  261. |
  262. | Default: 32
  263. | Max: 40
  264. |
  265. */
  266. $config['rest_key_length'] = 40;
  267. /*
  268. |--------------------------------------------------------------------------
  269. | REST API Key Variable
  270. |--------------------------------------------------------------------------
  271. |
  272. | Which variable will provide us the API Key
  273. |
  274. | Default: X-API-KEY
  275. |
  276. */
  277. $config['rest_key_name'] = 'X-API-KEY';
  278. /*
  279. |--------------------------------------------------------------------------
  280. | REST API Logs Table Name
  281. |--------------------------------------------------------------------------
  282. |
  283. | The table name in your database that stores logs.
  284. |
  285. | 'logs'
  286. |
  287. */
  288. $config['rest_logs_table'] = 'logs';
  289. /*
  290. |--------------------------------------------------------------------------
  291. | REST Enable Logging
  292. |--------------------------------------------------------------------------
  293. |
  294. | When set to true REST_Controller will log actions based on key, date,
  295. | time and IP address. This is a general rule that can be overridden in the
  296. | $this->method array in each controller.
  297. |
  298. | FALSE
  299. |
  300. CREATE TABLE `logs` (
  301. `id` int(11) NOT NULL AUTO_INCREMENT,
  302. `uri` varchar(255) NOT NULL,
  303. `method` varchar(6) NOT NULL,
  304. `params` text DEFAULT NULL,
  305. `api_key` varchar(40) NOT NULL,
  306. `ip_address` varchar(45) NOT NULL,
  307. `time` int(11) NOT NULL,
  308. `rtime` float DEFAULT NULL,
  309. `authorized` tinyint(1) NOT NULL,
  310. PRIMARY KEY (`id`)
  311. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  312. |
  313. */
  314. $config['rest_enable_logging'] = FALSE;
  315. /*
  316. |--------------------------------------------------------------------------
  317. | REST API Access Table Name
  318. |--------------------------------------------------------------------------
  319. |
  320. | The table name in your database that stores the access controls.
  321. |
  322. | 'access'
  323. |
  324. */
  325. $config['rest_access_table'] = 'access';
  326. /*
  327. |--------------------------------------------------------------------------
  328. | REST Method Access Control
  329. |--------------------------------------------------------------------------
  330. |
  331. | When set to true REST_Controller will check the access table to see if
  332. | the API KEY can access that controller. rest_enable_keys *must* be enabled
  333. | to use this.
  334. |
  335. | FALSE
  336. |
  337. CREATE TABLE `access` (
  338. `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  339. `key` varchar(40) NOT NULL DEFAULT '',
  340. `controller` varchar(50) NOT NULL DEFAULT '',
  341. `date_created` datetime DEFAULT NULL,
  342. `date_modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  343. PRIMARY KEY (`id`)
  344. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  345. |
  346. */
  347. $config['rest_enable_access'] = FALSE;
  348. /*
  349. |--------------------------------------------------------------------------
  350. | REST API Param Log Format
  351. |--------------------------------------------------------------------------
  352. |
  353. | When set to true API log params will be stored in the database as JSON,
  354. | when false they will be php serialized.
  355. |
  356. */
  357. $config['rest_logs_json_params'] = FALSE;
  358. /*
  359. |--------------------------------------------------------------------------
  360. | REST API Limits Table Name
  361. |--------------------------------------------------------------------------
  362. |
  363. | The table name in your database that stores limits.
  364. |
  365. | 'limits'
  366. |
  367. */
  368. $config['rest_limits_table'] = 'limits';
  369. /*
  370. |--------------------------------------------------------------------------
  371. | REST Enable Limits
  372. |--------------------------------------------------------------------------
  373. |
  374. | When set to true REST_Controller will count the number of uses of each method
  375. | by an API key each hour. This is a general rule that can be overridden in the
  376. | $this->method array in each controller.
  377. |
  378. | FALSE
  379. |
  380. CREATE TABLE `limits` (
  381. `id` int(11) NOT NULL AUTO_INCREMENT,
  382. `uri` varchar(255) NOT NULL,
  383. `count` int(10) NOT NULL,
  384. `hour_started` int(11) NOT NULL,
  385. `api_key` varchar(40) NOT NULL,
  386. PRIMARY KEY (`id`)
  387. ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  388. |
  389. | To specify limits, within your Controller __construct() method add per-method
  390. | limits with:
  391. $this->method['METHOD_NAME']['limit'] = [NUM_REQUESTS_PER_HOUR];
  392. | See application/controllers/api/example.php for examples.
  393. */
  394. $config['rest_enable_limits'] = FALSE;
  395. /*
  396. |--------------------------------------------------------------------------
  397. | REST Ignore HTTP Accept
  398. |--------------------------------------------------------------------------
  399. |
  400. | Set to TRUE to ignore the HTTP Accept and speed up each request a little.
  401. | Only do this if you are using the $this->rest_format or /format/xml in URLs
  402. |
  403. | FALSE
  404. |
  405. */
  406. $config['rest_ignore_http_accept'] = FALSE;
  407. /*
  408. |--------------------------------------------------------------------------
  409. | REST AJAX Only
  410. |--------------------------------------------------------------------------
  411. |
  412. | Set to TRUE to only allow AJAX requests. If TRUE and the request is not
  413. | coming from AJAX, a 505 response with the error message "Only AJAX
  414. | requests are accepted." will be returned. This is good for production
  415. | environments. Set to FALSE to also accept HTTP requests.
  416. |
  417. | FALSE
  418. |
  419. */
  420. $config['rest_ajax_only'] = FALSE;
  421. /* End of file config.php */
  422. /* Location: ./system/application/config/rest.php */