Yii Framework Forum: [Extension] Restful Api - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

[Extension] Restful Api Rate Topic: -----

#1 User is offline   ivolovikov 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 15-October 12

Posted 16 October 2012 - 04:49 AM

Hi,

I want to introduce Yii RESTful API extension, which was written for our project.

Key Features
  • integration in existing project - you can use single action to display html page or returning API response
  • model render rule - rule can be simply added to default rules list
  • support application and model errors render
  • support auth adapters - defult is HTTP Basic Auth
  • support renderer adapters - defult is JSON and XML


GitHub repo: https://github.com/paysio/yii-rest-api
Smail docs: https://github.com/p...aster/README.md

I'll be glad to answer to all of yours questions!
3

#2 User is offline   PrplHaz4 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 108
  • Joined: 28-September 09
  • Location:Boston, MA

Posted 16 October 2012 - 01:14 PM

Are there any examples of this extension implemented with the token auth scheme described below? Or perhaps an example of an auth adapter?
http://docs.amazonwe...QueryStringAuth


0

#3 User is offline   ivolovikov 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 3
  • Joined: 15-October 12

Posted 16 October 2012 - 05:37 PM

View PostPrplHaz4, on 16 October 2012 - 01:14 PM, said:

Are there any examples of this extension implemented with the token auth scheme described below? Or perhaps an example of an auth adapter?


Extension have one default Auth adapter, which can be rewrited or extended - https://github.com/p...pters/Basic.php

Your auth scheme can use adapter something like this
namespace rest\service\auth\adapters;

use rest\service\auth\AdapterInterface;

class AccessKey implements AdapterInterface
{
    /**
     * @var string
     */
    public $identityClass = 'application.components.UserIdentity';

    /**
     * @throws \CHttpException
     */
    public function authenticate()
    {
        if (!isset($_GET['AccessKeyId']) || !($key = $_GET['AccessKeyId'])) {
            throw new \CHttpException(401, \Yii::t('ext', 'Undefined AccessKeyId'));
        }
        if (!isset($_GET['Expires']) || !($expires = $_GET['Expires'])) {
            throw new \CHttpException(401, \Yii::t('ext', 'Undefined Expires'));
        }
        if (!isset($_GET['Signature']) || !($sign = $_GET['Signature'])) {
            throw new \CHttpException(401, \Yii::t('ext', 'Undefined Signature'));
        }

        $user = $this->getUserByAccessKey($key); // some logic matching user by AccessKeyId
        if (!$user) {
            throw new \CHttpException(401, \Yii::t('ext', 'AccessKeyId not found'));
        }
        
        $secretKey = $user->secretAccessKeyID; // user should have own secretAccessKeyID
        $validSign = sha1($secretKey . '.' . $_SERVER['REQUEST_URI'] . '.' .  $expires); // it's not AWS algo - just for example
        if ($sign != $validSign) {
            throw new \CHttpException(401, \Yii::t('ext', 'Wrong Signature'));
        }
        
        if ($expires > time()) {
            throw new \CHttpException(401, \Yii::t('ext', 'AccessKeyId Expired'));
        }

        // Authenticate \Yii::app()->user
        $identityClass = \Yii::import($this->identityClass);
        $identity = new $identityClass($user->name, $user->password);
        $identity->authenticate();
        \Yii::app()->user->login($identity);
    }

    public function getUserByAccessKey($key)
    {
        // not implemented
    }
}


Be careful, it's is just simple example! I'm not tested it.
Method getUserByAccessKey and user object not written, because it is the implementation details.

Thank you for your interest, I hope I was able to help.
0

#4 User is offline   rpagyc 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 06-December 10

Posted 31 January 2013 - 10:08 PM

Hi, thanks for great extension. I'd like to know if it's possible to control the auth process. may I exclude authentication for user creation for example? auth is done in Service onBeginRequest, so for each request user/pass should be sent.
0

#5 User is offline   Trejder 

  • Master Member
  • PipPipPipPip
  • Yii
  • Group: Members
  • Posts: 1,197
  • Joined: 06-October 10
  • Location:Southern Poland

Posted 25 October 2013 - 08:08 AM

Thanks for a great stuff. However, you gave us only links to GitHub:

View Postivolovikov, on 16 October 2012 - 04:49 AM, said:


Is this extension hosted among other Yii extensions in Yii extensions repository or is it available only on GitHub?
Proud Cookbook author, though still learning powerful Yii! :] See my generic profile for more information. Cheers!
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users