]> git.defcon.no Git - hermes/blob - api/auth.php
Forgot to add structure changes
[hermes] / api / auth.php
1 <?php
2 require_once('config.php');
3 require_once('lib/auth_base.php');
4 require_once('lib/common_functions.php');
5 require_once('lib/db_functions.php');
6 require_once('lib/domain_functions.php');
7
8 $config = get_config();
9
10 $config['sql_link'] = @mysql_connect(
11 $config['sql_server'],
12 $config['sql_username'],
13 $config['sql_password']
14 );
15 if ( !$config['sql_link'] )
16 {
17 print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database connection failed.'));
18 exit;
19 }
20
21 //*************************************************************************************
22 switch ( $_SERVER['PATH_INFO'] )
23 {
24 case "/login":
25 // Allow login using username and password, or API key.
26 // On successful login, a named session should be started,
27 // some data related to the session should be stored,
28 // and the name of the session provided to the user
29 // in the result.
30 $type = false;
31 $authid = false;
32
33 if ( array_key_exists('username', $_GET)
34 && array_key_exists('password', $_GET) )
35 {
36 if ( 1 == authuser_verify( sql_clean($_GET['username']), sql_clean($_GET['password'])))
37 {
38 $type = "user";
39 $authid = $_GET['username'];
40 }
41 else
42 {
43 print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Login failed') );
44 exit;
45 }
46 }
47 else if ( array_key_exists('api_key', $_GET) )
48 {
49 if ( apikey_verify( sql_clean( $_GET['api_key'] ) ) == 1 )
50 {
51 $type = "key";
52 $authid = $_GET['api_key'];
53 }
54 else
55 {
56 print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Login failed') );
57 exit;
58 }
59 }
60 else
61 {
62 print json_encode ( array( 'response' => 'invalid') );
63 break;
64 }
65 $session_name = set_credentials( $authid, $type );
66 $auth_key = update_authkey( $session_name, $authid );
67 print json_encode( array( 'response' => 'ok', 'session' => $session_name, 'auth_key' => $auth_key ));
68 break;
69 case "/ping":
70 // API clients are required to periodically ping the server
71 // The time between pings (interval) is 5 minutes?
72 // A ping call refreshes cookie lifetimes, then
73 // generates and stores a new auth_key
74 // The ping required a valid session...
75 // A successful ping returns a 'response' => 'pong'
76 // along with the new auth_key.
77 token_auth();
78 $session_name = $_GET['session'];
79 $authid = $_SESSION['authid'];
80 $auth_key = update_authkey( $session_name, $authid );
81 print json_encode( array( 'response' => 'pong', 'auth_key' => $auth_key ));
82 break;
83 case "/logout":
84 // De-authenticate/deauthorize the ongoing session.
85 // I.e. destroy session data, remove session cookies.
86 $session_name = "";
87 if ( array_key_exists('session', $_GET ) )
88 $session_name = $_GET['session'];
89 session_name($session_name);
90 session_start();
91 clear_credentials($session_name);
92
93 if ( $_SESSION )
94 print json_encode ( array( 'response' => 'wtffailed?') );
95 else
96 print json_encode ( array( 'response' => 'ok') );
97 break;
98 case "/list_users":
99 // List valid API user-acounts.
100 // Fail with notauthorized if current authentication
101 // does not have write access.
102 // Should not return users from backend,
103 // but should only return users with authorization.
104 case "/authorize_user":
105 // Add or update a valid back-end user in authorization
106 // if the current authentication has write access.
107 // Since the user exists in backend, the only
108 // needed parameters should be username and access level
109 // If the authorization does not exist, add it.
110 // If the user is already authorized, replace access level.
111 case "/add_user":
112 // Add user to backend if backend is read-write and
113 // the current authentication has write access.
114 case "/update_user":
115 // Update the given user in the backend, if the backend
116 // is read-write, and the current authentication has
117 // write access.
118 case "/remove_user":
119 // Delete user from backend if backend is read-write
120 // and the current authentication has write access.
121 case "/list_apikeys":
122 // List valid API keys.
123 // Fail is current authorization does not have write access.
124 case "/new_apikey":
125 // If the current authorization has write access, create
126 // a new API key with requested access (ro/rw).
127 case "/remove_apikey":
128 // If the current authorization has write access,
129 // remove the given API key.
130 print json_encode ( array( 'response' => 'notimplemented') );
131 break;
132 default:
133 print json_encode ( array( 'response' => 'invalid') );
134 }
135 //*************************************************************************************
136 mysql_close( $config['sql_link'] );
137 ?>