Skip to content

Commit

Permalink
Lock all API entry point by default.
Browse files Browse the repository at this point in the history
  • Loading branch information
@ksubileau
ksubileau committed Dec 17, 2013
1 parent d981d23 commit 8db6b76
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 7 deletions.
19 changes: 13 additions & 6 deletions api/Routers/Router.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,20 +30,20 @@ public function setup () {
$this->app->map('/login',array($this, 'login'))->via('POST');

// Users
$this->app->map('/users',array($this, 'getUserList'))->via('GET');
$this->app->get('/user/:id', function ($id) {
$this->app->map('/users', array($this, 'checkLoginOpt'), array($this, 'getUserList'))->via('GET');
$this->app->get('/user/:id', array($this, 'checkLoginOpt'), function ($id) {
echo UserController::getUser($id);
});

// Rooms
$this->app->map('/rooms',array($this, 'getRoomList'))->via('GET');
$this->app->get('/room/:id', function ($id) {
$this->app->map('/rooms', array($this, 'checkLoginOpt'),array($this, 'getRoomList'))->via('GET');
$this->app->get('/room/:id', array($this, 'checkLoginOpt'), function ($id) {
echo RoomController::getRoom($id);
});
$this->app->get('/room/:id/users', function ($id) {
$this->app->get('/room/:id/users', array($this, 'checkLoginOpt'), function ($id) {
echo RoomController::getUsers($id);
});
$this->app->get('/room/:id/messages', function ($id) {
$this->app->get('/room/:id/messages', array($this, 'checkLoginOpt'), function ($id) {
echo RoomController::getMessages($id);
});
$this->app->get('/room/:id/enter', array($this, 'checkLogin'), function ($id) {
Expand Down Expand Up @@ -79,6 +79,13 @@ public function getRoomList () {
echo RoomController::getRoomList();
}

// Configurable login requirement.
public function checkLoginOpt() {
if(ZC_AUTH_ALWAYS_REQUIRED) {
$this->checkLogin();
}
}

public function checkLogin() {
if(!SessionController::isLogin()){
throw new ApiException(403);
Expand Down
5 changes: 4 additions & 1 deletion api/Support/default-constants.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,11 @@ function set_initial_constants( ) {
set_constant( 'ZC_AUTH_PARAM_KEY', 'auth_token' );
// ID string size
set_constant( 'ZC_ID_LENGTH', 32 );
// Authentication token key. Must be a 36-character random string.
// Authentication token symetric key. Must be a 36-character random string.
// Please change this value in config.php before use !!
set_constant( 'ZC_AUTH_TOKEN_KEY', '04b457d2b8c996fe57ae92bf779e2847' );
// If set to false, some non-critical API requests will be available without authentication.
set_constant( 'ZC_AUTH_ALWAYS_REQUIRED', true);

/************************************
* Validation constants
Expand Down

0 comments on commit 8db6b76

Please sign in to comment.