ComunicAPI/index.php

<?php
/**
 * Comunic Rest API
 *
 * Serves the data for users
 *
 * @author Pierre HUBERT
 */

/**
 * Page initiator
 */
include(__DIR__."/init.php");

//Include RestControllers
foreach(glob(PROJECT_PATH."RestControllers/*.php") as $restControllerFile){
	require_once $restControllerFile;
}

//Include RestServer library
require PROJECT_PATH."3rdparty/RestServer/RestServer.php";

//By default return format is json
if(!isset($_GET["format"]))
	$_GET['format'] = "json";

//Specify we are on Comunic API Server
header("Technology: Official Comunic API Server");

//Check client tokens
if(!$cs->clients->checkClientRequestTokens())
	Rest_fatal_error(401, "Please check your client tokens!");

//Check for remote requests limit
if(defined("APIServiceDomain")){

	//First, limit requests
	header("Access-Control-Allow-Origin: https://".APIServiceDomain);

	//Then check for referer
	if(!isset($_SERVER["HTTP_REFERER"]))
		Rest_fatal_error(401, "Access from direct requests denied with this client token !");

	//Check the referer
	if(get_url_domain($_SERVER["HTTP_REFERER"]) !== APIServiceDomain)
		Rest_fatal_error(401, "Access denied from this domain with this client token !");
}
else {
	//Allow remote requests from anywhere
	header("Access-Control-Allow-Origin: *");
}

//Check if login tokens where specified
if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){
	//Try to login user
	$userID = $cs->components->account->getUserIDfromToken(APIServiceID, array(
		$_POST['userToken1'],
		$_POST['userToken2']
	));

	if($userID < 1){
		Rest_fatal_error(412, "Please check your login tokens!");
	}

	//Else save userID
	define("userID", $userID);
}
else {
	//Defined userID is number 0
	define("userID", 0);
}

/**
 * Handle Rest requests
 */
$server = new \Jacwright\RestServer\RestServer($cs->config->get("site_mode"));

//Include controllers
foreach(get_included_files() as $filePath){
	if(preg_match("<RestControllers>", $filePath)){
		$className = strstr($filePath, "RestControllers/");
		$className = str_replace(array("RestControllers/", ".php"), "", $className);
		$server->addClass($className);
	}
}

//Hanlde
$server->handle();
Initial commit 2017-05-17 11:48:24 +00:00			`<?php`
			`/**`
			`* Comunic Rest API`
			`*`
			`* Serves the data for users`
			`*`
			`* @author Pierre HUBERT`
			`*/`

			`/**`
			`* Page initiator`
			`*/`
			`include(__DIR__."/init.php");`

Implemented RestServer controller 2017-05-17 12:05:23 +00:00			`//Include RestControllers`
			`foreach(glob(PROJECT_PATH."RestControllers/*.php") as $restControllerFile){`
Changed user login strategy 2017-05-19 16:07:52 +00:00			`require_once $restControllerFile;`
Implemented RestServer controller 2017-05-17 12:05:23 +00:00			`}`

			`//Include RestServer library`
			`require PROJECT_PATH."3rdparty/RestServer/RestServer.php";`

Created components class & default userID 2017-05-26 07:36:20 +00:00			`//By default return format is json`
Implemented RestServer controller 2017-05-17 12:05:23 +00:00			`if(!isset($_GET["format"]))`
Changed user login strategy 2017-05-19 16:07:52 +00:00			`$_GET['format'] = "json";`
Implemented RestServer controller 2017-05-17 12:05:23 +00:00
Follow state of a conversation can be updated 2017-06-18 08:07:52 +00:00			`//Specify we are on Comunic API Server`
			`header("Technology: Official Comunic API Server");`

Enforced API security 2017-06-13 09:01:36 +00:00			`//Check client tokens`
Can create clients from shell 2018-05-07 16:50:50 +00:00			`if(!$cs->clients->checkClientRequestTokens())`
Changed user login strategy 2017-05-19 16:07:52 +00:00			`Rest_fatal_error(401, "Please check your client tokens!");`

Enforced API security 2017-06-13 09:01:36 +00:00			`//Check for remote requests limit`
			`if(defined("APIServiceDomain")){`

			`//First, limit requests`
Clients with domains must make their request from https connection 2018-05-20 12:54:55 +00:00			`header("Access-Control-Allow-Origin: https://".APIServiceDomain);`
Enforced API security 2017-06-13 09:01:36 +00:00
			`//Then check for referer`
			`if(!isset($_SERVER["HTTP_REFERER"]))`
Improved API auth failure error message 2017-06-13 09:02:39 +00:00			`Rest_fatal_error(401, "Access from direct requests denied with this client token !");`
Enforced API security 2017-06-13 09:01:36 +00:00
			`//Check the referer`
			`if(get_url_domain($_SERVER["HTTP_REFERER"]) !== APIServiceDomain)`
			`Rest_fatal_error(401, "Access denied from this domain with this client token !");`
			`}`
			`else {`
			`//Allow remote requests from anywhere`
			`header("Access-Control-Allow-Origin: *");`
			`}`

Changed user login strategy 2017-05-19 16:07:52 +00:00			`//Check if login tokens where specified`
			`if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){`
			`//Try to login user`
Created account component 2018-04-11 08:45:22 +00:00			`$userID = $cs->components->account->getUserIDfromToken(APIServiceID, array(`
Changed user login strategy 2017-05-19 16:07:52 +00:00			`$_POST['userToken1'],`
			`$_POST['userToken2']`
			`));`

			`if($userID < 1){`
API returns specific error code in case of invalid login tokens 2018-05-20 12:58:35 +00:00			`Rest_fatal_error(412, "Please check your login tokens!");`
Changed user login strategy 2017-05-19 16:07:52 +00:00			`}`

			`//Else save userID`
			`define("userID", $userID);`
			`}`
Created components class & default userID 2017-05-26 07:36:20 +00:00			`else {`
			`//Defined userID is number 0`
			`define("userID", 0);`
			`}`
Handles user login and logout 2017-05-17 12:43:12 +00:00
Implemented RestServer controller 2017-05-17 12:05:23 +00:00			`/**`
			`* Handle Rest requests`
			`*/`
			`$server = new \Jacwright\RestServer\RestServer($cs->config->get("site_mode"));`

			`//Include controllers`
			`foreach(get_included_files() as $filePath){`
Changed user login strategy 2017-05-19 16:07:52 +00:00			`if(preg_match("<RestControllers>", $filePath)){`
			`$className = strstr($filePath, "RestControllers/");`
			`$className = str_replace(array("RestControllers/", ".php"), "", $className);`
			`$server->addClass($className);`
			`}`
Implemented RestServer controller 2017-05-17 12:05:23 +00:00			`}`

			`//Hanlde`
			`$server->handle();`