]>
git.defcon.no Git - hermes/blob - api/auth.php
2 require_once('config.php');
3 require_once('lib/auth_base.php');
4 require_once('lib/common_functions.php');
5 require_once('lib/db_functions.php');
6 require_once('lib/domain_functions.php');
8 $config = get_config();
10 $config['sql_link'] = @mysql_connect
(
11 $config['sql_server'],
12 $config['sql_username'],
13 $config['sql_password']
15 if ( !$config['sql_link'] )
17 print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database connection failed.'));
21 //*************************************************************************************
22 if ( ( $_SERVER['PATH_INFO'] == "/login" ) ||
( $_SERVER['PATH_INFO'] == "/logout" ) )
24 switch ( $_SERVER['PATH_INFO'] )
27 // Allow login using username and password, or API key.
28 // On successful login, a named session should be started,
29 // some data related to the session should be stored,
30 // and the name of the session provided to the user
35 if ( array_key_exists('username', $_GET)
36 && array_key_exists('password', $_GET) )
38 if ( 1 == authuser_verify( sql_clean($_GET['username']), sql_clean($_GET['password'])))
41 $authid = $_GET['username'];
45 print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Login failed') );
49 else if ( array_key_exists('api_key', $_GET) )
51 if ( verify_apikey( sql_clean( $_GET['api_key'] ) ) == 1 )
54 $authid = $_GET['api_key'];
58 print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Login failed') );
64 print json_encode ( array( 'response' => 'invalid') );
67 $session_name = set_credentials( $authid, $type );
68 $auth_key = update_authkey( $session_name, $authid );
69 print json_encode( array( 'response' => 'ok', 'session' => $session_name, 'auth_key' => $auth_key ));
72 // De-authenticate/deauthorize the ongoing session.
73 // I.e. destroy session data, remove session cookies.
75 if ( array_key_exists('session', $_GET ) )
76 $session_name = $_GET['session'];
77 session_name($session_name);
79 clear_credentials($session_name);
82 print json_encode ( array( 'response' => 'wtffailed?') );
84 print json_encode ( array( 'response' => 'ok') );
87 print json_encode ( array( 'response' => 'invalid') );
94 switch ( $_SERVER['PATH_INFO'] )
97 // API clients are required to periodically ping the server
98 // The time between pings (interval) is 5 minutes?
99 // A ping call refreshes cookie lifetimes, then
100 // generates and stores a new auth_key
101 // The ping required a valid session...
102 // A successful ping returns a 'response' => 'pong'
103 // along with the new auth_key.
104 $session_name = $_GET['session'];
105 $authid = $_SESSION['authid'];
106 $auth_key = update_authkey( $session_name, $authid );
107 print json_encode( array( 'response' => 'pong', 'auth_key' => $auth_key ));
110 // If the current authorization has write access, create
111 // a new API key with requested access (ro/rw).
115 if ( array_key_exists('host_ip', $_GET )
116 && array_key_exists('access', $_GET ))
118 $host = $_GET['host_ip'];
119 $access = $_GET['access'];
121 if (! preg_match("/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/", $host) ||
! authlevel_value( $access ) )
123 print json_encode ( array( 'response' => 'invalid', 'cause' => 'parameters' ) );
126 $level = authlevel_value( $access );
127 $key = add_apikey( $host, $level );
130 print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
133 print json_encode( array( 'response' => 'ok', 'key' => $key, 'host' => $host, 'access' => authlevel_name( get_authorization( "key", $key ) ) ) );
136 else print json_encode ( array( 'response' => 'invalid') );
138 case "/remove_apikey":
139 // If the current authorization has write access,
140 // remove the given API key.
144 if ( array_key_exists('api_key', $_GET ) )
146 $key = sql_clean( $_GET['api_key'] );
147 // Perform a key-verification, skipping host/remote-address check.
148 if ( ! verify_apikey( $key, true ) )
150 print json_encode( array ( 'response' => 'failed', 'cause' => 'nonexistant'));
153 if ( ! remove_apikey( $key ) )
155 print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
158 print json_encode( array( 'response' => 'ok', 'key' => $key ) );
161 else print json_encode ( array( 'response' => 'invalid') );
163 case "/list_apikeys":
164 // List valid API keys.
165 // Fail is current authorization does not have write access.
168 $list = list_apikeys();
169 print json_encode( array( 'response' => 'ok', 'list' => $list ) );
171 case "/authorize_user":
172 // Add or update a valid back-end user in authorization
173 // if the current authentication has write access.
174 // Since the user exists in backend, the only
175 // needed parameters should be username and access level
176 // If the authorization does not exist, add it.
177 // If the user is already authorized, replace access level.
181 if ( array_key_exists('username', $_GET )
182 && array_key_exists('access', $_GET ))
184 $user = $_GET['username'];
185 $access = $_GET['access'];
186 $level = authlevel_value( $access );
190 print json_encode ( array( 'response' => 'invalid', 'cause' => 'parameters' ) );
193 if ( ! authuser_getinfo( $user ) )
195 print json_encode( array ( 'response' => 'failed', 'cause' => 'nonexistant'));
199 if ( ! update_authorization( "user", $user, $level ) )
201 print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
205 print json_encode( array( 'response' => 'ok', 'user' => $user, 'access' => authlevel_name( get_authorization( "user", $user ) ) ) );
208 else print json_encode ( array( 'response' => 'invalid') );
212 // If the current authentication has write access:
213 // Remove authorization for the given users.
214 // Delete user from backend if backend is read-write.
218 if ( array_key_exists('username', $_GET ))
220 $user = $_GET['username'];
222 $t_level = get_authorization( "user", $user );
224 if ( $t_level && ! remove_authorization( $user ) )
226 print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
229 if ( ! authmethod_readonly() )
231 if ( !authuser_getinfo( $user ) )
233 print json_encode( array ( 'response' => 'failed', 'cause' => 'nonexistant'));
236 if ( !authuser_delete( $user ) )
238 print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database error.'));
243 print json_encode( array( 'response' => 'ok', 'user' => $user, 'access' => authlevel_name( get_authorization( "user", $user ) ) ) );
246 else print json_encode ( array( 'response' => 'invalid') );
250 // List valid API user-acounts.
251 // Fail with notauthorized if current authentication
252 // does not have write access.
253 // Should not return users from backend,
254 // but should only return users with authorization.
257 $list = list_users();
258 print json_encode( array( 'response' => 'ok', 'list' => $list ) );
262 // Add user to backend if backend is read-write and
263 // the current authentication has write access.
264 // The created user should be added to authorizations
265 // with an access level of "limited_read (1)"
267 // Update the given user in the backend, if the backend
268 // is read-write, and the current authentication has
270 print json_encode ( array( 'response' => 'notimplemented') );
273 print json_encode ( array( 'response' => 'invalid') );
276 //*************************************************************************************
277 mysql_close( $config['sql_link'] );