unnikked · December 21, 2014 20:21
diff --git a/BaseController.php b/BaseController.php
 <?php

 namespace controller\api;

 /**
 *  Base Controller class, it provides some helper methods
 *  to his child classes.
 *
 *  You can make api calls by setting X-Auth-Token header
 *  value. All parameters all passed in x-www-urlencoded
 *  format.
 *  
 *  Example:
 *      curl -X POST \
 *          -H "X-Requested-With: XMLHttpRequest" \
 *          -H "X-Auth-Token:youapitokenhere" \
 *          --data-urlencode "params" \
 *          https://apiendpoint/
 * */

 class BaseController {
    protected $f3 = null;
    
    public function __construct() {
        $this->f3 = \Base::instance();
    }

    // TODO - make works only via SSL
    public function beforeRoute() {
        if($this->f3->get('AJAX')) { // is an Ajax Request
            if($this->f3->get('HEADERS.X-Auth-Token')) {
                if(sha1($this->f3->get('HEADERS.X-Auth-Token')) != $this->f3->get('api_token')) {
                    $this->forbidden("Invalid api token");
                }
            } else { 
                $this->forbidden("Invalid api token");
            }
        }
    }
    
    /**
     * Format a response method in JSON
     * */
    private function response($code, $status, $message, $params = []) {
        $raw = array(
            "status" => $status,
            "timestamp" => time(),
            "content" => array_merge(array(
                "message" => $message,
            ), $params)
        );

        if($this->f3->get('AJAX')) {
            $this->f3->status($code);
            if($this->f3->get('DEBUG') > 0) echo json_encode($raw, JSON_PRETTY_PRINT);
            else echo json_encode($raw);
            die();
        } else {
            return $raw;
        }
    }
    
    /**
    *   200: Request succeeded for a GET calls, and for DELETE 
    *   or PATCH calls that complete synchronously
    */
    protected function getSuccess($message, $params = []) {
        return $this->response(200, "success", $message, $params);
    }

    protected function deleteSuccess($message, $params = []) {
        return $this->getSuccess($message, $params);
    }

    protected function patchSuccess($message, $params = []) {
        return $this->getSuccess($message, $params);
    }

    /**
    *   201: Request succeeded for a POST call that completes 
    *   synchronously
    */
    protected function postSuccess($message, $params = []) {
        return $this->response(201, "success", $message, $params);
    }
    
    /**
    *   202: Request accepted for a POST, DELETE, or PATCH 
    *   call that will be processed asynchronously
    */
    protected function postSuccessAsync($message, $params = []) {
        return $this->response(202, "success", $message, $params);
    }

    protected function deleteSuccessAsync($message, $params = []) {
        return $this->postSuccessAsync($message, $params);
    }

    protected function patchSuccessAsync($message, $params = []) {
        return $this->postSuccessAsync($message, $params);
    }

    /**
    *   206: Request succeeded on GET, but only a partial 
    *   response returned: see above on ranges
    */
    protected function partialGetSuccess($message, $params = []) {
        return $this->response(206, "success", $message, $params);
    }

    /**
    *   401 Unauthorized: Request failed because user is 
    *   not authenticated
    */
    protected function unauthorized($message, $params = []) {
        return $this->response(401, "failed", $message, $params);
    }

    /**
    *   403 Forbidden: Request failed because user does not 
    *   have authorization to access a specific resource
    */
    protected function forbidden($message, $params = []) {
        return $this->response(403, "failed", $message, $params);
    }

    /**
    *   404 Resource Not Found: The resource request does
    *   not exist
    */
    protected function notFound($message, $params = []) {
        return $this->response(404, "failed", $message, $params);
    }

    /**
    *   422 Unprocessable Entity: Your request was 
    *   understood, but contained invalid parameters
    */
    protected function unprocessable($message, $params = []) {
        return $this->response(422, "failed", $message, $params);
    }

    /**
    *   429 Too Many Requests: You have been 
    *   rate-limited, retry later
    */
    protected function tooManyRequests($message, $params = []) {
        return $this->response(429, "failed", $message, $params);
    }

    /**
    *   500 Internal Server Error: Something went wrong on the 
    *   server, check status site and/or report the issue
    */
    protected function internalServerError($message, $params = []) {
        return $this->response(500, "error", $message, $params);
    }

    private function checkVars(array $vars, $type) {
        foreach ($vars as $var) {
            if(!$this->f3->exists("$type.$var")) {
                $this->unprocessable("Missing parameter: $var");
                die();
            }
        }
    }

    protected function checkPostVars(array $vars) {
        $this->checkVars($vars, "POST");
    }
    
    protected function checkGetVars(array $vars) {
        $this->checkVars($vars, "PARAMS");
    }
 }
diff --git a/LICENSE.md b/LICENSE.md
	<?php

	namespace controller\api;

	/**
	* Base Controller class, it provides some helper methods
	* to his child classes.
	*
	* You can make api calls by setting X-Auth-Token header
	* value. All parameters all passed in x-www-urlencoded
	* format.
	*
	* Example:
	* curl -X POST \
	* -H "X-Requested-With: XMLHttpRequest" \
	* -H "X-Auth-Token:youapitokenhere" \
	* --data-urlencode "params" \
	* https://apiendpoint/
	* */

	class BaseController {
	protected $f3 = null;

	public function __construct() {
	$this->f3 = \Base::instance();
	}

	// TODO - make works only via SSL
	public function beforeRoute() {
	if($this->f3->get('AJAX')) { // is an Ajax Request
	if($this->f3->get('HEADERS.X-Auth-Token')) {
	if(sha1($this->f3->get('HEADERS.X-Auth-Token')) != $this->f3->get('api_token')) {
	$this->forbidden("Invalid api token");
	}
	} else {
	$this->forbidden("Invalid api token");
	}
	}
	}

	/**
	* Format a response method in JSON
	* */
	private function response($code, $status, $message, $params = []) {
	$raw = array(
	"status" => $status,
	"timestamp" => time(),
	"content" => array_merge(array(
	"message" => $message,
	), $params)
	);

	if($this->f3->get('AJAX')) {
	$this->f3->status($code);
	if($this->f3->get('DEBUG') > 0) echo json_encode($raw, JSON_PRETTY_PRINT);
	else echo json_encode($raw);
	die();
	} else {
	return $raw;
	}
	}

	/**
	* 200: Request succeeded for a GET calls, and for DELETE
	* or PATCH calls that complete synchronously
	*/
	protected function getSuccess($message, $params = []) {
	return $this->response(200, "success", $message, $params);
	}

	protected function deleteSuccess($message, $params = []) {
	return $this->getSuccess($message, $params);
	}

	protected function patchSuccess($message, $params = []) {
	return $this->getSuccess($message, $params);
	}

	/**
	* 201: Request succeeded for a POST call that completes
	* synchronously
	*/
	protected function postSuccess($message, $params = []) {
	return $this->response(201, "success", $message, $params);
	}

	/**
	* 202: Request accepted for a POST, DELETE, or PATCH
	* call that will be processed asynchronously
	*/
	protected function postSuccessAsync($message, $params = []) {
	return $this->response(202, "success", $message, $params);
	}

	protected function deleteSuccessAsync($message, $params = []) {
	return $this->postSuccessAsync($message, $params);
	}

	protected function patchSuccessAsync($message, $params = []) {
	return $this->postSuccessAsync($message, $params);
	}

	/**
	* 206: Request succeeded on GET, but only a partial
	* response returned: see above on ranges
	*/
	protected function partialGetSuccess($message, $params = []) {
	return $this->response(206, "success", $message, $params);
	}

	/**
	* 401 Unauthorized: Request failed because user is
	* not authenticated
	*/
	protected function unauthorized($message, $params = []) {
	return $this->response(401, "failed", $message, $params);
	}

	/**
	* 403 Forbidden: Request failed because user does not
	* have authorization to access a specific resource
	*/
	protected function forbidden($message, $params = []) {
	return $this->response(403, "failed", $message, $params);
	}

	/**
	* 404 Resource Not Found: The resource request does
	* not exist
	*/
	protected function notFound($message, $params = []) {
	return $this->response(404, "failed", $message, $params);
	}

	/**
	* 422 Unprocessable Entity: Your request was
	* understood, but contained invalid parameters
	*/
	protected function unprocessable($message, $params = []) {
	return $this->response(422, "failed", $message, $params);
	}

	/**
	* 429 Too Many Requests: You have been
	* rate-limited, retry later
	*/
	protected function tooManyRequests($message, $params = []) {
	return $this->response(429, "failed", $message, $params);
	}

	/**
	* 500 Internal Server Error: Something went wrong on the
	* server, check status site and/or report the issue
	*/
	protected function internalServerError($message, $params = []) {
	return $this->response(500, "error", $message, $params);
	}

	private function checkVars(array $vars, $type) {
	foreach ($vars as $var) {
	if(!$this->f3->exists("$type.$var")) {
	$this->unprocessable("Missing parameter: $var");
	die();
	}
	}
	}

	protected function checkPostVars(array $vars) {
	$this->checkVars($vars, "POST");
	}

	protected function checkGetVars(array $vars) {
	$this->checkVars($vars, "PARAMS");
	}
	}