Skip to content
Snippets Groups Projects

7821 improve api error messages

Merged 7821 improve api error messages
7821-improve-api-error-messages into master
Merged Hahn Axel (hahn) requested to merge 7821-improve-api-error-messages into master
Compare
and
2 files
+ 75
66
Compare changes
  • Side-by-side
  • Inline
Files
2
public_html/api/index.php
+ 11
6
@@ -59,7 +59,7 @@ function _wd(string $s, string $sLevel = 'info'): bool
@@ -59,7 +59,7 @@ function _wd(string $s, string $sLevel = 'info'): bool
}
}
/**
/**
* Abort execution of API requestwith error
* Abort execution of API request with error
*
*
* @param string $s message
* @param string $s message
* @param integer $iStatus http status code to send
* @param integer $iStatus http status code to send
@@ -68,6 +68,7 @@ function _quit(string $s, int $iStatus = 400): void
@@ -68,6 +68,7 @@ function _quit(string $s, int $iStatus = 400): void
{
{
$aStatus = [
$aStatus = [
400 => 'HTTP/1.0 400 Bad Request',
400 => 'HTTP/1.0 400 Bad Request',
 
401 => 'HTTP/1.0 401 Unauthorized',
403 => 'HTTP/1.0 403 Access denied',
403 => 'HTTP/1.0 403 Access denied',
404 => 'HTTP/1.0 404 Not found',
404 => 'HTTP/1.0 404 Not found',
];
];
@@ -105,7 +106,7 @@ function _checkAuth(string $sProjectSecret): bool
@@ -105,7 +106,7 @@ function _checkAuth(string $sProjectSecret): bool
$aReqHeaders = apache_request_headers();
$aReqHeaders = apache_request_headers();
_wd('<pre>' . print_r($aReqHeaders, 1) . '</pre>');
_wd('<pre>' . print_r($aReqHeaders, 1) . '</pre>');
if (!isset($aReqHeaders['Authorization'])) {
if (!isset($aReqHeaders['Authorization'])) {
_quit('Access denied. Missing authorization.', 403);
_quit('Access denied. Missing authorization.', 401);
}
}
if (!isset($aReqHeaders['Date'])) {
if (!isset($aReqHeaders['Date'])) {
_quit('Access denied. Missing field "Date:" in the request header.', 403);
_quit('Access denied. Missing field "Date:" in the request header.', 403);
@@ -123,7 +124,7 @@ function _checkAuth(string $sProjectSecret): bool
@@ -123,7 +124,7 @@ function _checkAuth(string $sProjectSecret): bool
_wd('Hash: ' . $sGotHash . ' -- from header');
_wd('Hash: ' . $sGotHash . ' -- from header');
_wd('Hash: ' . $sMyHash . ' -- rebuilt');
_wd('Hash: ' . $sMyHash . ' -- rebuilt');
if ($sGotHash !== $sMyHash) {
if ($sGotHash !== $sMyHash) {
_quit('Access denied. Invalid hash.', 403);
_quit('Access denied. Invalid hash.', 401);
}
}
$iAge = date('U') - date('U', strtotime($sGotDate));
$iAge = date('U') - date('U', strtotime($sGotDate));
@@ -216,14 +217,18 @@ switch ($sApiVersion) {
@@ -216,14 +217,18 @@ switch ($sApiVersion) {
ob_end_clean();
ob_end_clean();
} catch (Exception $exc) {
} catch (Exception $exc) {
_quit('ERROR: project with id [' . $sPrjId . '] does not exist.', 404);
_quit('ERROR: project with id [' . $sPrjId . '] cannot be initialized.', 400); // never reached
}
}
// get secret
// get secret
$aPrjCfg = $oProject->getConfig();
$aPrjCfg = $oProject->getConfig();
$sProjectSecret = isset($aPrjCfg['api']['secret']) ? $aPrjCfg['api']['secret'] : false;
if(!count($aPrjCfg)){
 
_quit('ERROR: project with id [' . $sPrjId . '] does not exist.', 404);
 
}
 
 
$sProjectSecret = $aPrjCfg['api']['secret'] ?? false;
if (!$sProjectSecret) {
if (!$sProjectSecret) {
_quit('Access denied. API access is disabled.');
_quit('Access denied. API access is disabled.', 403);
}
}
// check authorization
// check authorization