I'm in the process of building a RESTful API server. Everything is working as it should be as of now.
I'm using Phil Sturgeon RESTful server implementation for CodeIgniter which is pretty much popular.
https://github.com/chriskacerguis/codeigniter-restserver
What i need is to have a Basic API key authentication for some of the routes which this Package already provides, but it does apply to all the API Routes.
I do not want Authentication for all Routes..as some API should be called without Authentication
How do we achieve it..
Note : I cant switch the technology or framework as I'm currently using the Models which have been developed before and being used now.
Eg Route without Auth : $route['api/products'] = "api/Products/allProducts";
Eg Route with Auth : $route['api/devices/update'] = "api/Devices/updateDevice";
Try with:
$config['auth_override_class_method']['products']['allproducts'] = 'none';
$config['auth_override_class_method']['devices']['updatedevice'] = 'basic';
add the following code to "application/config/rest.php"
$config['auth_override_class_method']['Products']['allProducts'] = "none";
$config['auth_override_class_method']['Devices']['updateDevice'] = FALSE;
or you can just add this.
$config['auth_override_class_method']['Products']['allProducts'] = "none";
because your application automatically activates the token / is false so there is no need to add a route that activates the token again.
Related
I've built a multilanguage app in Laravel 5.3 and I have a bunch of api routes that return me some resources where the url is something like this http://app-domain.com/api/resource when I'm on my default language.
The problem presents itself when I'm not in the default language. When the app tries to call the api it sends a request to http://app-domain.com/locale/api/resource which returns nothing since it's not the correct path.
My implementation is very simple, just basic routing in my routes/api.php
Route::group([
'prefix' => 'api'
],function() {
Route::get('resource', 'ApiController#getResource')->name('get-resource');
});
Then I'm using jquery ajax object to call it
$.get( "api/resource", function( data ) {
//run somecode
});
How can I address this problem and have my api routes resolving correctly no matter the language? Is there some params that I can set in the routes to prevent this? I've been looking in the documentation but found nothing relevant.
P.S.: I'm using Mcmanamara Laravel Localization
IMHO for setting locale its better if you use a query-string: i.e.:
http://app-domain.com/api/resource?locale=en
For two, valid, reasons:
1) The locale in the querystring could also be non existing, so you can fallback to default locale.
2) Having a locale parameter in a route could conflict with other routes parameters generating a lot of confusion
I am using the CodeIgniter REST Server Library
https://github.com/philsturgeon/codeigniter-restserver
One problem about CodeIgniter is that it is not a RESTful framework. I get confused about the routes.php file that I have to set a "default controller."
$route['default_controller'] = "welcome";
What should I choose to be the default_controller if the server is fully RESTful?
add $route['(:any)'] = "your_default_controller/$1"; in your route config.
but it work for one controller. if you want to call another controller you still need including your controller at your URL http://localhost/api_rest/your_another_controller/method.
I have a Laravel 4 web application where users can login and edit their profile.
I've created an API package that allows the user to login with their username/password and get a json dump of their profile.
Now, I don't want the API users to use their username/password but instead to use an app_id / app_key from another table in the database.
How to accomplish this with Laravel 4? It would be fantastic if I can create an Auth driver that works the same way Auth:attempt() would so I don't have to change any of my business logic, but I don't know how to inject a new Auth service provider that ONLY works inside of the API package.
You can change your Auth settings at where you want. You can create a filter in filters.php like that:
Route::filter('api_auth', function()
{
Config::set('auth.table', 'api_table');
// you can even change your model
// Config::set('auth.model', 'Apiuser');
});
And use before any route in routes.php like that:
Route::get('user', array('before' => 'api_auth', function()
{
// some stuff
}));
So that, you can use different settings and do what you want.
BTW, I tried this method at Laravel 3, it worked. I looked docs of laravel 4, I couldn't see anything prevent this work.
I have created a RESTful apps using Lithium php framework and now my question is how to secure it?
Is there any existing code for OAUTH or HTTP Digest Authentication that uses lithium framework?
Thanks for editing your question to actually ask something specific. Please see the following:
https://github.com/search?q=li3_oauth
http://li3.me/docs/lithium/security/auth/adapter/Http
While I'm not sure what sort of security you are looking for ...
There is built in security for Lithium, you can see two short tutorials to get you going here:
Simple Authentication in Lithium
Creating a user in M, V, C
The basics are covered in the "Simple Authentication" tutorial ... you'll need:
A database to keep track of you users
Bootstrap Auth via config/bootstrap.php
Setup Sessions & Auth adapters
Then it depends on if you are going to do authenticaion via forms, or by some other method.
The turtorials will show you how to setup a form, but you can also "secure" the route (url) that is being requested via the config/routes.php file like so ...
<?php
use lithium\net\http\Router;
use lithium\core\Environment;
use lithium\security\Auth;
// check if the user is logged in
$user = Auth::check('default');
// these routes are not behind a login
Router::connect('/login', 'Sessions::add');
Router::connect('/logout', 'Sessions::delete');
if ($user && $user["user"] == "admin") {
// these two routes will only work if a user is authenticated.
Router::connect('/{:controller}/{:action}/{:args}.{:type}');
Router::connect('/{:controller}/{:action}/{:args}');
}
// redirect the user to a login if no other routes match
Router::connect('/{:args}', array(), function($request) { header('Location: /login/url/'.str_replace('/','*',$request->url)); exit; });
?>
Hi
I know that I can set the rest authentication in Phil Sturgeons rest API, but I only want authentication for some methods in the REST API.
I want some of my methods to be accessible for everyone with no authentication at all, and others to only be accessible to administrators/people authenticated users.
In .net I can simply set a [RequiresAuthentication] attribute over methods in a webservice, is there something similar I can do with Rest PHP in CodeIgniter?
Or Controller specific would be fine too.
"philsturgeon Phil Sturgeon
Why do people ask questions about my code on StackOverflow and random forums instead of just asking me?"
Go ask Phil Sturgeon.
Hello Jakob :) What you are trying to do is a bit tricky as Phil Sturgeons rest API Controller only supports setting the authentication method globally. To set it globaly you edit this line in the rest config file:
$config['rest_auth'] = '';
I have an untested theory though:
To set this setting per controller make sure the setting in the config file is as above (empty) and add this constructor to the controller you would like to specify authentication method for:
function __construct()
{
$this->load->config('rest');
//$this->_prepare_basic_auth(); //Uncomment to use basic
//$this->_prepare_digest_auth(); //Uncomment to use digest
parent::Controller();
}