PHP Class REST_Controller

A fully RESTful server implementation for CodeIgniter using one library, one config file and one controller.
Author: Phil Sturgeon, Chris Kacerguis
Inheritance: extends MX_Controller
Show file Open project: chriskacerguis/codeigniter-restserver Class Usage Examples

Protected Properties

Property Type Description
$_allow boolean If the request is allowed based on the API key provided
$_apiuser object Information about the current API user
$_args array The arguments from GET, POST, PUT, DELETE, PATCH, HEAD and OPTIONS request methods combined
$_delete_args array The arguments for the DELETE request method
$_enable_xss boolean Enable XSS flag Determines whether the XSS filter is always active when GET, OPTIONS, HEAD, POST, PUT, DELETE and PATCH data is encountered Set automatically based on config setting
$_end_rtime string The end of the response time from the server
$_get_args array The arguments for the GET request method
$_head_args array The arguments for the HEAD request method
$_insert_id string The insert_id of the log entry (if we have one)
$_options_args array The arguments for the OPTIONS request method
$_patch_args array The arguments for the PATCH request method
$_post_args array The arguments for the POST request method
$_put_args array The arguments for the PUT request method
$_query_args array The arguments for the query parameters
$_start_rtime string The start of the response time from the server
$_supported_formats array List all supported methods, the first will be the default format
$_user_ldap_dn string The LDAP Distinguished Name of the User post authentication
$allowed_http_methods array List of allowed HTTP methods
$check_cors boolean Whether or not to perform a CORS check and apply CORS headers to the request
$http_status_codes array HTTP status codes and their respective description Note: Only the widely used HTTP status codes are used
$methods array Defines the list of method properties such as limit, log and level
$request object Contains details about the request Fields: body, format, method, ssl Note: This is a dynamic object (stdClass)
$response object Contains details about the response Fields: format, lang Note: This is a dynamic object (stdClass)
$rest object Contains details about the REST API Fields: db, ignore_limits, key, level, user_id Note: This is a dynamic object (stdClass)
$rest_format string | null This defines the rest format Must be overridden it in a controller so that it is set

Public Methods

Method Description
__construct ( string $config = 'rest' ) Constructor for the REST API
__destruct ( ) : void Deconstructor
_remap ( string $object_called, array $arguments = [] ) Requests are not made to methods directly, the request will be for an "object". This simply maps the object and method to the correct Controller method
delete ( null $key = NULL, null $xss_clean = NULL ) : array | string | null Retrieve a value from a DELETE request
get ( null $key = NULL, null $xss_clean = NULL ) : array | string | null Retrieve a value from a GET request
head ( null $key = NULL, null $xss_clean = NULL ) : array | string | null Retrieve a value from a HEAD request
options ( null $key = NULL, null $xss_clean = NULL ) : array | string | null Retrieve a value from a OPTIONS request
patch ( null $key = NULL, null $xss_clean = NULL ) : array | string | null Retrieve a value from a PATCH request
post ( null $key = NULL, null $xss_clean = NULL ) : array | string | null Retrieve a value from a POST request
put ( null $key = NULL, null $xss_clean = NULL ) : array | string | null Retrieve a value from a PUT request
query ( null $key = NULL, null $xss_clean = NULL ) : array | string | null Retrieve a value from the query parameters
response ( array | null $data = NULL, integer | null $http_code = NULL, boolean $continue = FALSE ) Takes mixed data and optionally a status code, then creates the response
set_response ( array | null $data = NULL, integer | null $http_code = NULL ) Takes mixed data and optionally a status code, then creates the response within the buffers of the Output class. The response is sent to the client lately by the framework, after the current controller's method termination.
validation_errors ( ) : array Retrieve the validation errors

Protected Methods

Method Description
_auth_override_check ( ) : boolean Check if there is a specific auth type set for the current class/method/HTTP-method being called
_check_access ( ) : boolean Check to see if the API key has access to the controller and methods
_check_blacklist_auth ( ) : void Checks if the client's ip is in the 'rest_ip_blacklist' config and generates a 401 response
_check_cors ( ) : void Checks allowed domains, and adds appropriate headers for HTTP access control (CORS)
_check_limit ( string $controller_method ) : boolean Check if the requests to a controller method exceed a limit
_check_login ( string $username = NULL, boolean | string $password = FALSE ) : boolean Check if the user is logged in
_check_php_session ( ) : void Check to see if the user is logged in with a PHP session key
_check_whitelist_auth ( ) : void Check if the client's ip is in the 'rest_ip_whitelist' config and generates a 401 response
_detect_api_key ( ) : boolean See if the user has provided an API key
_detect_input_format ( ) : string | null Get the input format e.g. json or xml
_detect_lang ( ) : string | null Preferred return language
_detect_method ( ) : string | null Get the HTTP request string e.g. get or post
_detect_output_format ( ) : mixed | null | string Detect which format should be used to output the data
_force_login ( string $nonce = '' ) : void Force logging in by setting the WWW-Authenticate header
_get_default_output_format ( ) : string Gets the default format from the configuration. Fallbacks to 'json' if the corresponding configuration option $config['rest_default_format'] is missing or is empty
_log_access_time ( ) : boolean Updates the log table with the total access time
_log_request ( boolean $authorized = FALSE ) : boolean Add the request to the log table
_log_response_code ( $http_code ) : boolean Updates the log table with HTTP response code
_parse_delete ( ) : void Parse the DELETE request arguments
_parse_get ( ) : void Parse the GET request arguments
_parse_head ( ) : void Parse the HEAD request arguments
_parse_options ( ) : void Parse the OPTIONS request arguments
_parse_patch ( ) : void Parse the PATCH request arguments
_parse_post ( ) : void Parse the POST request arguments
_parse_put ( ) : void Parse the PUT request arguments
_parse_query ( ) : void Parse the query parameters
_perform_ldap_auth ( string $username = '', string $password = NULL ) : boolean Perform LDAP Authentication
_perform_library_auth ( string $username = '', string $password = NULL ) : boolean Perform Library Authentication - Override this function to change the way the library is called
_prepare_basic_auth ( ) : void Prepares for basic authentication
_prepare_digest_auth ( ) : void Prepares for digest authentication
_xss_clean ( string $value, boolean $xss_clean ) : string Sanitizes data so that Cross Site Scripting Hacks can be prevented
early_checks ( ) : void Extend this function to apply additional checking early on in the process
preflight_checks ( ) Checks to see if we have everything we need to run this library.

Method Details

__construct() public method

Constructor for the REST API
public __construct ( string $config = 'rest' )
$config string Configuration filename minus the file extension e.g: my_rest.php is passed as 'my_rest'

__destruct() public method

Deconstructor
Author: Chris Kacerguis
public __destruct ( ) : void
return void

_auth_override_check() protected method

Check if there is a specific auth type set for the current class/method/HTTP-method being called
protected _auth_override_check ( ) : boolean
return boolean

_check_access() protected method

Check to see if the API key has access to the controller and methods
protected _check_access ( ) : boolean
return boolean TRUE the API key has access; otherwise, FALSE

_check_blacklist_auth() protected method

Checks if the client's ip is in the 'rest_ip_blacklist' config and generates a 401 response
protected _check_blacklist_auth ( ) : void
return void

_check_cors() protected method

Checks allowed domains, and adds appropriate headers for HTTP access control (CORS)
protected _check_cors ( ) : void
return void

_check_limit() protected method

Check if the requests to a controller method exceed a limit
protected _check_limit ( string $controller_method ) : boolean
$controller_method string The method being called
return boolean TRUE the call limit is below the threshold; otherwise, FALSE

_check_login() protected method

Check if the user is logged in
protected _check_login ( string $username = NULL, boolean | string $password = FALSE ) : boolean
$username string The user's name
$password boolean | string The user's password
return boolean

_check_php_session() protected method

Check to see if the user is logged in with a PHP session key
protected _check_php_session ( ) : void
return void

_check_whitelist_auth() protected method

Check if the client's ip is in the 'rest_ip_whitelist' config and generates a 401 response
protected _check_whitelist_auth ( ) : void
return void

_detect_api_key() protected method

See if the user has provided an API key
protected _detect_api_key ( ) : boolean
return boolean

_detect_input_format() protected method

Get the input format e.g. json or xml
protected _detect_input_format ( ) : string | null
return string | null Supported input format; otherwise, NULL

_detect_lang() protected method

Preferred return language
protected _detect_lang ( ) : string | null
return string | null The language code

_detect_method() protected method

Get the HTTP request string e.g. get or post
protected _detect_method ( ) : string | null
return string | null Supported request method as a lowercase string; otherwise, NULL if not supported

_detect_output_format() protected method

Detect which format should be used to output the data
protected _detect_output_format ( ) : mixed | null | string
return mixed | null | string Output format

_force_login() protected method

Force logging in by setting the WWW-Authenticate header
protected _force_login ( string $nonce = '' ) : void
$nonce string A server-specified data string which should be uniquely generated each time
return void

_get_default_output_format() protected method

Gets the default format from the configuration. Fallbacks to 'json' if the corresponding configuration option $config['rest_default_format'] is missing or is empty
protected _get_default_output_format ( ) : string
return string The default supported input format

_log_access_time() protected method

Updates the log table with the total access time
Author: Chris Kacerguis
protected _log_access_time ( ) : boolean
return boolean TRUE log table updated; otherwise, FALSE

_log_request() protected method

Add the request to the log table
protected _log_request ( boolean $authorized = FALSE ) : boolean
$authorized boolean TRUE the user is authorized; otherwise, FALSE
return boolean TRUE the data was inserted; otherwise, FALSE

_log_response_code() protected method

Updates the log table with HTTP response code
Author: Justin Chen
protected _log_response_code ( $http_code ) : boolean
$http_code int HTTP status code
return boolean TRUE log table updated; otherwise, FALSE

_parse_delete() protected method

Parse the DELETE request arguments
protected _parse_delete ( ) : void
return void

_parse_get() protected method

Parse the GET request arguments
protected _parse_get ( ) : void
return void

_parse_head() protected method

Parse the HEAD request arguments
protected _parse_head ( ) : void
return void

_parse_options() protected method

Parse the OPTIONS request arguments
protected _parse_options ( ) : void
return void

_parse_patch() protected method

Parse the PATCH request arguments
protected _parse_patch ( ) : void
return void

_parse_post() protected method

Parse the POST request arguments
protected _parse_post ( ) : void
return void

_parse_put() protected method

Parse the PUT request arguments
protected _parse_put ( ) : void
return void

_parse_query() protected method

Parse the query parameters
protected _parse_query ( ) : void
return void

_perform_ldap_auth() protected method

Perform LDAP Authentication
protected _perform_ldap_auth ( string $username = '', string $password = NULL ) : boolean
$username string The username to validate
$password string The password to validate
return boolean

_perform_library_auth() protected method

Perform Library Authentication - Override this function to change the way the library is called
protected _perform_library_auth ( string $username = '', string $password = NULL ) : boolean
$username string The username to validate
$password string The password to validate
return boolean

_prepare_basic_auth() protected method

Prepares for basic authentication
protected _prepare_basic_auth ( ) : void
return void

_prepare_digest_auth() protected method

Prepares for digest authentication
protected _prepare_digest_auth ( ) : void
return void

_remap() public method

Requests are not made to methods directly, the request will be for an "object". This simply maps the object and method to the correct Controller method
public _remap ( string $object_called, array $arguments = [] )
$object_called string
$arguments array The arguments passed to the controller method

_xss_clean() protected method

Sanitizes data so that Cross Site Scripting Hacks can be prevented
protected _xss_clean ( string $value, boolean $xss_clean ) : string
$value string Input data
$xss_clean boolean Whether to apply XSS filtering
return string

delete() public method

Retrieve a value from a DELETE request
public delete ( null $key = NULL, null $xss_clean = NULL ) : array | string | null
$key null Key to retrieve from the DELETE request If NULL an array of arguments is returned
$xss_clean null Whether to apply XSS filtering
return array | string | null Value from the DELETE request; otherwise, NULL

early_checks() protected method

Extend this function to apply additional checking early on in the process
protected early_checks ( ) : void
return void

get() public method

Retrieve a value from a GET request
public get ( null $key = NULL, null $xss_clean = NULL ) : array | string | null
$key null Key to retrieve from the GET request If NULL an array of arguments is returned
$xss_clean null Whether to apply XSS filtering
return array | string | null Value from the GET request; otherwise, NULL

head() public method

Retrieve a value from a HEAD request
public head ( null $key = NULL, null $xss_clean = NULL ) : array | string | null
$key null Key to retrieve from the HEAD request If NULL an array of arguments is returned
$xss_clean null Whether to apply XSS filtering
return array | string | null Value from the HEAD request; otherwise, NULL

options() public method

Retrieve a value from a OPTIONS request
public options ( null $key = NULL, null $xss_clean = NULL ) : array | string | null
$key null Key to retrieve from the OPTIONS request. If NULL an array of arguments is returned
$xss_clean null Whether to apply XSS filtering
return array | string | null Value from the OPTIONS request; otherwise, NULL

patch() public method

Retrieve a value from a PATCH request
public patch ( null $key = NULL, null $xss_clean = NULL ) : array | string | null
$key null Key to retrieve from the PATCH request If NULL an array of arguments is returned
$xss_clean null Whether to apply XSS filtering
return array | string | null Value from the PATCH request; otherwise, NULL

post() public method

Retrieve a value from a POST request
public post ( null $key = NULL, null $xss_clean = NULL ) : array | string | null
$key null Key to retrieve from the POST request If NULL an array of arguments is returned
$xss_clean null Whether to apply XSS filtering
return array | string | null Value from the POST request; otherwise, NULL

preflight_checks() protected method

Checks to see if we have everything we need to run this library.
protected preflight_checks ( )

put() public method

Retrieve a value from a PUT request
public put ( null $key = NULL, null $xss_clean = NULL ) : array | string | null
$key null Key to retrieve from the PUT request If NULL an array of arguments is returned
$xss_clean null Whether to apply XSS filtering
return array | string | null Value from the PUT request; otherwise, NULL

query() public method

Retrieve a value from the query parameters
public query ( null $key = NULL, null $xss_clean = NULL ) : array | string | null
$key null Key to retrieve from the query parameters If NULL an array of arguments is returned
$xss_clean null Whether to apply XSS filtering
return array | string | null Value from the query parameters; otherwise, NULL

response() public method

Takes mixed data and optionally a status code, then creates the response
public response ( array | null $data = NULL, integer | null $http_code = NULL, boolean $continue = FALSE )
$data array | null Data to output to the user
$http_code integer | null HTTP status code
$continue boolean TRUE to flush the response to the client and continue running the script; otherwise, exit

set_response() public method

All the hooks after the controller's method termination are executable
public set_response ( array | null $data = NULL, integer | null $http_code = NULL )
$data array | null Data to output to the user
$http_code integer | null HTTP status code

validation_errors() public method

Retrieve the validation errors
public validation_errors ( ) : array
return array

Property Details

$_allow protected property

If the request is allowed based on the API key provided
protected bool $_allow
return boolean

$_apiuser protected property

Information about the current API user
protected object $_apiuser
return object

$_args protected property

The arguments from GET, POST, PUT, DELETE, PATCH, HEAD and OPTIONS request methods combined
protected array $_args
return array

$_delete_args protected property

The arguments for the DELETE request method
protected array $_delete_args
return array

$_enable_xss protected property

Enable XSS flag Determines whether the XSS filter is always active when GET, OPTIONS, HEAD, POST, PUT, DELETE and PATCH data is encountered Set automatically based on config setting
protected bool $_enable_xss
return boolean

$_end_rtime protected property

The end of the response time from the server
protected string $_end_rtime
return string

$_get_args protected property

The arguments for the GET request method
protected array $_get_args
return array

$_head_args protected property

The arguments for the HEAD request method
protected array $_head_args
return array

$_insert_id protected property

The insert_id of the log entry (if we have one)
protected string $_insert_id
return string

$_options_args protected property

The arguments for the OPTIONS request method
protected array $_options_args
return array

$_patch_args protected property

The arguments for the PATCH request method
protected array $_patch_args
return array

$_post_args protected property

The arguments for the POST request method
protected array $_post_args
return array

$_put_args protected property

The arguments for the PUT request method
protected array $_put_args
return array

$_query_args protected property

The arguments for the query parameters
protected array $_query_args
return array

$_start_rtime protected property

The start of the response time from the server
protected string $_start_rtime
return string

$_supported_formats protected property

List all supported methods, the first will be the default format
protected array $_supported_formats
return array

$_user_ldap_dn protected property

The LDAP Distinguished Name of the User post authentication
protected string $_user_ldap_dn
return string

$allowed_http_methods protected property

List of allowed HTTP methods
protected array $allowed_http_methods
return array

$check_cors protected property

Whether or not to perform a CORS check and apply CORS headers to the request
protected bool $check_cors
return boolean

$http_status_codes protected property

HTTP status codes and their respective description Note: Only the widely used HTTP status codes are used
protected array $http_status_codes
return array

$methods protected property

Defines the list of method properties such as limit, log and level
protected array $methods
return array

$request protected property

Contains details about the request Fields: body, format, method, ssl Note: This is a dynamic object (stdClass)
protected object $request
return object

$response protected property

Contains details about the response Fields: format, lang Note: This is a dynamic object (stdClass)
protected object $response
return object

$rest protected property

Contains details about the REST API Fields: db, ignore_limits, key, level, user_id Note: This is a dynamic object (stdClass)
protected object $rest
return object

$rest_format protected property

This defines the rest format Must be overridden it in a controller so that it is set
protected string|NULL $rest_format
return string | null