Skip to content
Snippets Groups Projects
Commit 1cf225e5 authored by hahn's avatar hahn
Browse files

task#3869 - initial stuff for API

parent d86a4bf7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
public_html/api/index.php
+ 61
5
View file @ 1cf225e5
...@@ -14,13 +14,18 @@ ...@@ -14,13 +14,18 @@
error_reporting(E_ALL); error_reporting(E_ALL);
require_once("../../config/inc_projects_config.php"); require_once("../../config/inc_projects_config.php");
require_once(__DIR__.'/../deployment/classes/project.class.php');
$sDirClasses=__DIR__.'/../deployment/classes/';
require_once($sDirClasses.'/project.class.php');
require_once($sDirClasses.'logger.class.php');
$aApiItems=array( $aApiItems=array(
'project', 'project',
'projects', 'projects',
'help', 'help',
); );
$iMaxAge=60;
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
// FUNCTIONS // FUNCTIONS
...@@ -66,6 +71,43 @@ ...@@ -66,6 +71,43 @@
die(); die();
} }
/**
* Check authorization in the http request header and age of timestamp
* On a failed check the request will be terminated
* @global int $iMaxAge max allowed age
* @param type $sProjectSecret
* @return boolean
*/
function _checkAuth($sProjectSecret){
global $iMaxAge;
$aReqHeaders=apache_request_headers();
_wd('<pre>'.print_r($aReqHeaders, 1).'</pre>');
if(!isset($aReqHeaders['Authorization'])){
_quit('Access denied. Missing authorization.', 403);
}
$sGotHash= preg_replace('/^.*\:/', '', $aReqHeaders['Authorization']);
$sGotDate= $aReqHeaders['Date'];
$sGotMethod=$_SERVER['REQUEST_METHOD'];
$sGotReq=$_SERVER['REQUEST_URI'];
$sMyData="${sGotMethod}\n${sGotReq}\n${sGotDate}\n";
$sMyHash= base64_encode(hash_hmac("sha1", $sMyData, $sProjectSecret));
_wd('Hash: '.$sGotHash.' -- from header');
_wd('Hash: '.$sMyHash.' -- rebuilt');
if($sGotHash!==$sMyHash){
_quit('Access denied. Invalid hash.', 403);
}
$iAge=date('U')-date('U', strtotime($sGotDate));
_wd('Date: '.$sGotDate.' - age: '.$iAge.' sec');
if($iAge>$iMaxAge){
_quit('Access denied. Hash is out of date: '.$iAge. ' sec is older '.$iMaxAge.' sec', 403);
}
return true;
}
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
// MAIN // MAIN
// ---------------------------------------------------------------------- // ----------------------------------------------------------------------
...@@ -148,13 +190,27 @@ ...@@ -148,13 +190,27 @@
if(!$sProjectSecret){ if(!$sProjectSecret){
_quit('Access denied. API access is disabled.'); _quit('Access denied. API access is disabled.');
} }
// check authorization
_checkAuth($sProjectSecret);
$aReqHeaders=apache_request_headers(); echo "OK: request was authorized successfully.\n";
_wd('<pre>'.print_r($aReqHeaders, 1).'</pre>'); switch($sPrjAction){
case "build":
echo "build ...";
$oCLog = new logger();
echo $oProject->build();
break;;
default:
_quit('ERROR: Wrong action ['.$sApiItem.'].');
}
break;; break;;
default: default:
_quit('ERROR: Wrong item ['.$sApiItem.'].'); // unreachable - see in_array before switch
_quit('ERROR: item ['.$sApiItem.'] is invalid.');
} }
break; break;
default: default:
......
shellscripts/api-client.sh
+ 38
7
View file @ 1cf225e5
...@@ -22,32 +22,63 @@ apiHost="http://dev.ci.iml.unibe.ch:8002" ...@@ -22,32 +22,63 @@ apiHost="http://dev.ci.iml.unibe.ch:8002"
apiBaseUrl="/api/v1" apiBaseUrl="/api/v1"
apiMethod=GET apiMethod=GET
line="----------------------------------------------------------------------"
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# MAIN # REQ #1 - list project ids
# ----------------------------------------------------------------------
echo "[1] GET Request ${apiHost}${apiBaseUrl}/projects"
echo $line
curl -i \
-H "Accept: application/json" -H "Content-Type: application/json" \
-H "Date: ${apiTS}" \
-H "Authorization: demo-bash-client:${myHash}" \
-X $apiMethod \
${apiHost}${apiBaseUrl}/projects
echo
echo $line
echo
echo
# ----------------------------------------------------------------------
# REQ #2 - build ci webgui
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# --- build url # --- build url
apiRequest="${apiBaseUrl}/project/${myProject}/${myAction}" apiRequest="${apiBaseUrl}/project/${myProject}/${myAction}"
# --- generate auth # --- date in http format
data="`date`\n${apiMethod}\n${apiRequest}" LANG=en_EN
myHash=`echo -n "$data" | openssl sha1 -hmac "${secret}" | cut -f 2 -d" "` # export TZ=GMT
apiTS=`date "+%a, %d %b %Y %H:%M:%S %Z"`
# --- generate data to hash: method + uri + timestamp; delimited with line break
data="${apiMethod}
${apiRequest}
${apiTS}
"
# https://stackoverflow.com/questions/356705/how-to-send-a-header-using-a-http-request-through-a-curl-call # generate hash - split in 2 commands (piping "cut" sends additional line break)
myHash=`echo -n "$data" | openssl sha1 -hmac "${secret}" | cut -f 2 -d" "`
myHash=`echo -n "$myHash" | base64`
echo HASH: $myHash ... made from [$data]
echo REQEST: $apiRequest - $myHash
# --- send htp request
echo "[2] $apiMethod Request ${apiHost}${apiRequest}"
echo $line
curl -i \ curl -i \
-H "Accept: application/json" -H "Content-Type: application/json" \ -H "Accept: application/json" -H "Content-Type: application/json" \
-H "Date: ${apiTS}" \
-H "Authorization: demo-bash-client:${myHash}" \ -H "Authorization: demo-bash-client:${myHash}" \
-X $apiMethod \ -X $apiMethod \
${apiHost}${apiRequest} ${apiHost}${apiRequest}
rc=$? rc=$?
echo
echo $line
echo rc = $rc echo rc = $rc
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment