Breeding: Advanced authorisation and API in PHP -

Wednesday, 15 May 2013

Advanced authorisation and API in PHP -

what want accomplish have application consume own api. more changing architecture hmvc this:

clients     model         model files     controllers         api.php              -option consume api  straight json         clients.php               - consumes   info  straight api              - same if had called model      view

with controller getting info 'api' section straight - avoiding 2 major hurdles:

a) passing json encoded info api controller controller (just save on minor over-head of encoding/decoding it)

b) more importantly not having check access token on every request ensure application allowed access information.

i have next scenarios:

a user logged scheme , wants consume api - send valid access token

a user logged scheme - navigates api page not provide access token should redirected controller section / 404 page.

a user not logged in our scheme has authorisation token can utilize api.

a user / isnt logged in provide wrong access token should receive invalid token message.

the solution have ended works fine seems 'spaghetti' code!

i have extended authorisation (ion_auth) class follows:

class authentication extends ion_auth { public $application = false; }

and in controllers have

$this->authentication->application = true;

in __construct:

finally within api controller have:

private $application = false;  public function __construct()    {     $this->token = $this->input->get_post('token');         parent::__construct();          if($this->authentication->application == true){              $this->application = true;         }                  //api should have token set before can happen, every request                 if($this->token){                     //check token valid                     if (!$this->checktoken($this->token)){                         $this->error('token did not match');                     }                     //all clear if here - token matched                   }else{ //no token found                      //ok have no token - user logged in? if not trying  utilize api haven't set token in request.                     if (!$this->authentication->logged_in()){                         $this->error('no token sent');                     }else{                          //user logged in , might have gone page  error                          if(!$this->application){                           echo "you shouldn't here"; //this replaced redirect                             exit;                                                         }                      }                  }                   //all cases passed , application can  go on - have flag of $this->application set  allow decide whether 'return'   info array / object or (if false i.e. api) json encode   info consumption.    }

with function:

private function sendit($data){     if($this->application){          homecoming $data;     }else{         $this->output             ->set_content_type('application/json');             echo json_encode($data);         exit;     }  }

that used in lieu of 'return' ensure info used application used in right format, whereas api info json encoded.

usage:

return $this->sendit($clients);

this functions fine said not seem succinct. can offer suggestions how can i.e. fit rules above without having set variable within each controller?

for clarity folder construction follows:

clients     models     controllers         - client         - api     views jobs     models     controllers         - jobs         - api     views

the thought beingness navigating site/clients results in info beingness pulled api page straight without needing access token - navigating 'site/clients/api' results in either redirect (if logged in) 'no token' error (if not logged in) or 'wrong token' error if either logged in or not logged in wrong token has been passed.

i stuck here , have 600 hundred controllers don't want have more once!

final points

i cannot utilize class name nor url identify api beingness called straight don't want have set rule on each page different, current solution @ to the lowest degree offer cutting , paste solution!

edit

thanks halfer - couldn't reply in comments here edit address comments , add together clarity them

$this->authentication->application

is trigger see if request internal - should '$is_application'.

it boolean set false within authentication module (which runs before controllers)

it set false within authentication module.

then if controller within application calls api controller module (which consuming within own application) sets flag true

i utilize 'flag' 2 things:

set output type -> 'return' if application requests info or 'json' if requested  straight api page.  decide if access token api needs  nowadays - if application requests info api internally no access token required - if accessed  straight url access token required.

i have ammended construction @ top improve explain how modules layed out.

navigating site/clients automatically looks clients.php file within controller.

navigating site/clients/api navigates clients controller folder - api file.

the controller @ sites/clients consumers info , sends info site/clients/api - , api communicated database.

i going turn separate function controller not messy - magic going happen utimately - , playing!

hope adds clarity , 1 time 1 time again give thanks 1 takes time point!!!!

php api

Breeding

Wednesday, 15 May 2013

Advanced authorisation and API in PHP -

No comments:

Post a Comment