ivolovikov
(Ivolovikov)
October 16, 2012, 9:49am
1
Hi,
I want to introduce Yii RESTful API extension, which was written for our project.
Key Features
integration in existing project - you can use single action to display html page or returning API response
model render rule - rule can be simply added to default rules list
support application and model errors render
support auth adapters - defult is HTTP Basic Auth
support renderer adapters - defult is JSON and XML
GitHub repo: https://github.com/paysio/yii-rest-api
Smail docs: https://github.com/paysio/yii-rest-api/blob/master/README.md
I’ll be glad to answer to all of yours questions!
PrplHaz4
(Jjhayesiii)
October 16, 2012, 6:14pm
2
Are there any examples of this extension implemented with the token auth scheme described below? Or perhaps an example of an auth adapter?
[color=#222222][font=Arial, sans-serif][size=4]http://docs.amazonwebservices.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth[/size][/font][/color]
[color=#222222][font=Arial, sans-serif][size=4]
[/size][/font][/color]
ivolovikov
(Ivolovikov)
October 16, 2012, 10:37pm
3
Extension have one default Auth adapter, which can be rewrited or extended - https://github.com/paysio/yii-rest-api/blob/master/library/rest/service/auth/adapters/Basic.php
Your auth scheme can use adapter something like this
namespace rest\service\auth\adapters;
use rest\service\auth\AdapterInterface;
class AccessKey implements AdapterInterface
{
/**
* @var string
*/
public $identityClass = 'application.components.UserIdentity';
/**
* @throws \CHttpException
*/
public function authenticate()
{
if (!isset($_GET['AccessKeyId']) || !($key = $_GET['AccessKeyId'])) {
throw new \CHttpException(401, \Yii::t('ext', 'Undefined AccessKeyId'));
}
if (!isset($_GET['Expires']) || !($expires = $_GET['Expires'])) {
throw new \CHttpException(401, \Yii::t('ext', 'Undefined Expires'));
}
if (!isset($_GET['Signature']) || !($sign = $_GET['Signature'])) {
throw new \CHttpException(401, \Yii::t('ext', 'Undefined Signature'));
}
$user = $this->getUserByAccessKey($key); // some logic matching user by AccessKeyId
if (!$user) {
throw new \CHttpException(401, \Yii::t('ext', 'AccessKeyId not found'));
}
$secretKey = $user->secretAccessKeyID; // user should have own secretAccessKeyID
$validSign = sha1($secretKey . '.' . $_SERVER['REQUEST_URI'] . '.' . $expires); // it's not AWS algo - just for example
if ($sign != $validSign) {
throw new \CHttpException(401, \Yii::t('ext', 'Wrong Signature'));
}
if ($expires > time()) {
throw new \CHttpException(401, \Yii::t('ext', 'AccessKeyId Expired'));
}
// Authenticate \Yii::app()->user
$identityClass = \Yii::import($this->identityClass);
$identity = new $identityClass($user->name, $user->password);
$identity->authenticate();
\Yii::app()->user->login($identity);
}
public function getUserByAccessKey($key)
{
// not implemented
}
}
Be careful, it’s is just simple example! I’m not tested it.
Method getUserByAccessKey and user object not written, because it is the implementation details.
Thank you for your interest, I hope I was able to help.
rpagyc
(Rpagyc)
February 1, 2013, 3:08am
4
Hi, thanks for great extension. I’d like to know if it’s possible to control the auth process. may I exclude authentication for user creation for example? auth is done in Service onBeginRequest, so for each request user/pass should be sent.
trejder
(Tomasz)
October 25, 2013, 1:08pm
5
Thanks for a great stuff. However, you gave us only links to GitHub:
[/size]
[size=2]Is this extension hosted among other Yii extensions in [/size]Yii extensions repository[size=2] or is it available only on GitHub?[/size]