git.defcon.no Git - hermes/blob - api/auth.php

   1 <?php
   2 require_once('config.php');
   3 require_once('lib/auth_base.php');
   4 require_once('lib/common_functions.php');
   5 require_once('lib/db_functions.php');
   6 require_once('lib/domain_functions.php');
   7
   8 $config = get_config();
   9
  10 $config['sql_link'] = @mysql_connect(
  11         $config['sql_server'],
  12         $config['sql_username'],
  13         $config['sql_password']
  14 );
  15 if ( !$config['sql_link'] )
  16 {
  17         print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database connection failed.'));
  18         exit;
  19 }
  20
  21 //*************************************************************************************
  22         switch ( $_SERVER['PATH_INFO'] )
  23         {
  24                 case "/login":
  25                         // Allow login using username and password, or API key.
  26                         // On successful login, a named session should be started,
  27                         // some data related to the session should be stored,
  28                         // and the name of the session provided to the user
  29                         // in the result.
  30                         $type = false;
  31                         $authid = false;
  32
  33                         if ( array_key_exists('username', $_GET)
  34                                 && array_key_exists('password', $_GET) )
  35                         {
  36                                 if ( 1 == authuser_verify( sql_clean($_GET['username']), sql_clean($_GET['password'])))
  37                                 {
  38                                         $type = "user";
  39                                         $authid = $_GET['username'];
  40                                 }
  41                                 else
  42                                 {
  43                                         print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Login failed') );
  44                                         exit;
  45                                 }
  46                         }
  47                         else if ( array_key_exists('api_key', $_GET) )
  48                         {
  49                                 if ( apikey_verify( sql_clean( $_GET['api_key'] ) ) == 1 )
  50                                 {
  51                                         $type = "key";
  52                                         $authid = $_GET['api_key'];
  53                                 }
  54                                 else
  55                                 {
  56                                         print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Login failed') );
  57                                         exit;
  58                                 }
  59                         }
  60                         else
  61                         {
  62                                 print json_encode ( array( 'response' => 'invalid') );
  63                                 break;
  64                         }
  65                         $session_name = set_credentials( $authid, $type );
  66                         $auth_key = update_authkey( $session_name, $authid );
  67                         print json_encode( array( 'response' => 'ok', 'session' => $session_name, 'auth_key' => $auth_key ));
  68                         break;
  69                 case "/ping":
  70                         // API clients are required to periodically ping the server
  71                         // The time between pings (interval) is 5 minutes?
  72                         // A ping call refreshes cookie lifetimes, then
  73                         // generates and stores a new auth_key
  74                         // The ping required a valid session...
  75                         // A successful ping returns a 'response' => 'pong'
  76                         // along with the new auth_key.
  77                         token_auth();
  78                         $session_name = $_GET['session'];
  79                         $authid = $_SESSION['authid'];
  80                         $auth_key = update_authkey( $session_name, $authid );
  81                         print json_encode( array( 'response' => 'pong', 'auth_key' => $auth_key ));
  82                         break;
  83                 case "/logout":
  84                         // De-authenticate/deauthorize the ongoing session.
  85                         // I.e. destroy session data, remove session cookies.
  86                         $session_name = "";
  87                         if ( array_key_exists('session', $_GET ) )
  88                                 $session_name = $_GET['session'];
  89                         session_name($session_name);
  90                         session_start();
  91                         clear_credentials($session_name);
  92
  93                         if ( $_SESSION )
  94                                 print json_encode ( array( 'response' => 'wtffailed?') );
  95                         else
  96                                 print json_encode ( array( 'response' => 'ok') );
  97                         break;
  98                 case "/list_users":
  99                         // List valid API user-acounts.
 100                         // Fail with notauthorized if current authentication
 101                         // does not have write access.
 102                         // Should not return users from backend,
 103                         // but should only return users with authorization.
 104                 case "/authorize_user":
 105                         // Add or update a valid back-end user in authorization
 106                         // if the current authentication has write access.
 107                         // Since the user exists in backend, the only
 108                         // needed parameters should be username and access level
 109                         // If the authorization does not exist, add it.
 110                         // If the user is already authorized, replace access level.
 111                 case "/add_user":
 112                         // Add user to backend if backend is read-write and
 113                         // the current authentication has write access.
 114                 case "/update_user":
 115                         // Update the given user in the backend, if the backend
 116                         // is read-write, and the current authentication has
 117                         // write access.
 118                 case "/remove_user":
 119                         // Delete user from backend if backend is read-write
 120                         // and the current authentication has write access.
 121                 case "/list_apikeys":
 122                         // List valid API keys.
 123                         // Fail is current authorization does not have write access.
 124                 case "/new_apikey":
 125                         // If the current authorization has write access, create
 126                         // a new API key with requested access (ro/rw).
 127                 case "/remove_apikey":
 128                         // If the current authorization has write access,
 129                         // remove the given API key.
 130                         print json_encode ( array( 'response' => 'notimplemented') );
 131                         break;
 132                 default:
 133                         print json_encode ( array( 'response' => 'invalid') );
 134         }
 135 //*************************************************************************************
 136 mysql_close( $config['sql_link'] );
 137 ?>