通过 
搜索
搜索transfuse / codeigniter-restserver
为 CodeIgniter 2 和 3 实现的完全 RESTful 服务器,使用一个库、一个配置文件和一个控制器。
1.0.0
2016-03-24 02:26 UTC
Requires
- php: >=5.4.0
- codeigniter/framework: ^3.0.4
This package is not auto-updated.
Last update: 2024-09-14 18:36:51 UTC
README
为 CodeIgniter 2 和 3 实现的完全 RESTful 服务器,使用一个库、一个配置文件和一个控制器。
原始来源: (https://github.com/Hanisch-IT/codeigniter-restserver).
要求
- PHP 5.4 或更高版本
- CodeIgniter 2.0+
安装与加载
Rest Server 通过 Composer/Packagist 提供支持(使用语义版本控制),因此只需将以下行添加到您的 composer.json 文件中
"transfuse/codeigniter-restserver": "^1.0"
或
composer require transfuse/codeigniter-restserver
处理请求
当您的控制器从 REST_Controller 继承时,方法名称将被附加到用于访问请求的 HTTP 方法。例如,如果您正在向 /books 发送 HTTP GET 请求,则将调用 Books#index_get() 方法。
这使得您能够轻松实现 RESTful 接口
use Restserver\Libraries\REST_Controller; class Books extends REST_Controller { public function index_get() { // Display all books } public function index_post() { // Create a new book } }
REST_Controller 还支持 PUT 和 DELETE 方法,允许您支持真正的 RESTful 接口。
访问参数也很简单。只需使用 HTTP 动词的名称作为方法即可
$this->get('blah'); // GET param $this->post('blah'); // POST param $this->put('blah'); // PUT param
DELETE 请求的 HTTP 规范排除了使用参数。对于删除请求,您可以在 URL 中添加项
public function index_delete($id) { $this->response([ 'returned from delete:' => $id, ]); }
如果通过 URL 传递查询参数(无论是否为 GET 请求),都可以通过查询方法获取
$this->query('blah'); // Query param
内容类型
REST_Controller 支持多种不同的请求/响应格式,包括 XML、JSON 和序列化 PHP。默认情况下,类将检查 URL 并查找格式,无论是作为扩展还是作为单独的段。
这意味着您的 URL 可以看起来像这样
http://example.com/books.json
http://example.com/books?format=json
这与 URI 段可能不太稳定,因此建议使用 HTTP Accept 标头
$ curl -H "Accept: application/json" http://example.com
从类(有关更多信息,请参阅响应)发出的任何响应都将以指定的格式序列化。
响应
该类提供了一个 response() 方法,允许您以用户请求的响应格式返回数据。
返回任何对象/数组/字符串等都很简单
public function index_get() { $this->response($this->db->get('books')->result()); }
这将自动返回 HTTP 200 OK 响应。您可以在第二个参数中指定状态码
public function index_post() { // ...create new book $this->response($book, 201); // Send an HTTP 201 Created }
如果您未指定响应代码,并且您响应的数据 == FALSE(例如空数组或字符串),则响应代码将自动设置为 404 Not Found
$this->response([]); // HTTP 404 Not Found
配置
要覆盖默认配置,您必须在应用程序的配置路径中创建一个 "rest.php" 配置文件。
/* |-------------------------------------------------------------------------- | HTTP protocol |-------------------------------------------------------------------------- | | Set to force the use of HTTPS for REST API calls | */ $config['force_https'] = FALSE; /* |-------------------------------------------------------------------------- | REST Output Format |-------------------------------------------------------------------------- | | The default format of the response | | 'array': Array data structure | 'csv': Comma separated file | 'json': Uses json_encode(). Note: If a GET query string | called 'callback' is passed, then jsonp will be returned | 'html' HTML using the table library in CodeIgniter | 'php': Uses var_export() | 'serialized': Uses serialize() | 'xml': Uses simplexml_load_string() | */ $config['rest_default_format'] = 'json'; /* |-------------------------------------------------------------------------- | REST Supported Output Formats |-------------------------------------------------------------------------- | | The following setting contains a list of the supported/allowed formats. | You may remove those formats that you don't want to use. | If the default format $config['rest_default_format'] is missing within | $config['rest_supported_formats'], it will be added silently during | REST_Controller initialization. | */ $config['rest_supported_formats'] = [ 'json', 'array', 'csv', 'html', 'jsonp', 'php', 'serialized', 'xml', ]; /* |-------------------------------------------------------------------------- | REST Status Field Name |-------------------------------------------------------------------------- | | The field name for the status inside the response | */ $config['rest_status_field_name'] = 'status'; /* |-------------------------------------------------------------------------- | REST Message Field Name |-------------------------------------------------------------------------- | | The field name for the message inside the response | */ $config['rest_message_field_name'] = 'error'; /* |-------------------------------------------------------------------------- | Enable Emulate Request |-------------------------------------------------------------------------- | | Should we enable emulation of the request (e.g. used in Mootools request) | */ $config['enable_emulate_request'] = TRUE; /* |-------------------------------------------------------------------------- | REST Realm |-------------------------------------------------------------------------- | | Name of the password protected REST API displayed on login dialogs | | e.g: My Secret REST API | */ $config['rest_realm'] = 'REST API'; /* |-------------------------------------------------------------------------- | REST Login |-------------------------------------------------------------------------- | | Set to specify the REST API requires to be logged in | | FALSE No login required | 'basic' Unsecure login | 'digest' More secure login | 'session' Check for a PHP session variable. See 'auth_source' to set the | authorization key | */ $config['rest_auth'] = FALSE; /* |-------------------------------------------------------------------------- | REST Login Source |-------------------------------------------------------------------------- | | Is login required and if so, the user store to use | | '' Use config based users or wildcard testing | 'ldap' Use LDAP authentication | 'library' Use a authentication library | | Note: If 'rest_auth' is set to 'session' then change 'auth_source' to the name of the session variable | */ $config['auth_source'] = 'ldap'; /* |-------------------------------------------------------------------------- | Allow Authentication and API Keys |-------------------------------------------------------------------------- | | Where you wish to have Basic, Digest or Session login, but also want to use API Keys (for limiting | requests etc), set to TRUE; | */ $config['allow_auth_and_keys'] = TRUE; /* |-------------------------------------------------------------------------- | REST Login Class and Function |-------------------------------------------------------------------------- | | If library authentication is used define the class and function name | | The function should accept two parameters: class->function($username, $password) | In other cases override the function _perform_library_auth in your controller | | For digest authentication the library function should return already a stored | md5(username:restrealm:password) for that username | | e.g: md5('admin:REST API:1234') = '1e957ebc35631ab22d5bd6526bd14ea2' | */ $config['auth_library_class'] = ''; $config['auth_library_function'] = ''; /* |-------------------------------------------------------------------------- | Override auth types for specific class/method |-------------------------------------------------------------------------- | | Set specific authentication types for methods within a class (controller) | | Set as many config entries as needed. Any methods not set will use the default 'rest_auth' config value. | | e.g: | | $config['auth_override_class_method']['deals']['view'] = 'none'; | $config['auth_override_class_method']['deals']['insert'] = 'digest'; | $config['auth_override_class_method']['accounts']['user'] = 'basic'; | $config['auth_override_class_method']['dashboard']['*'] = 'none|digest|basic'; | | Here 'deals', 'accounts' and 'dashboard' are controller names, 'view', 'insert' and 'user' are methods within. An asterisk may also be used to specify an authentication method for an entire classes methods. Ex: $config['auth_override_class_method']['dashboard']['*'] = 'basic'; (NOTE: leave off the '_get' or '_post' from the end of the method name) | Acceptable values are; 'none', 'digest' and 'basic'. | */ // $config['auth_override_class_method']['deals']['view'] = 'none'; // $config['auth_override_class_method']['deals']['insert'] = 'digest'; // $config['auth_override_class_method']['accounts']['user'] = 'basic'; // $config['auth_override_class_method']['dashboard']['*'] = 'basic'; // ---Uncomment list line for the wildard unit test // $config['auth_override_class_method']['wildcard_test_cases']['*'] = 'basic'; /* |-------------------------------------------------------------------------- | Override auth types for specfic 'class/method/HTTP method' |-------------------------------------------------------------------------- | | example: | | $config['auth_override_class_method_http']['deals']['view']['get'] = 'none'; | $config['auth_override_class_method_http']['deals']['insert']['post'] = 'none'; | $config['auth_override_class_method_http']['deals']['*']['options'] = 'none'; */ // ---Uncomment list line for the wildard unit test // $config['auth_override_class_method_http']['wildcard_test_cases']['*']['options'] = 'basic'; /* |-------------------------------------------------------------------------- | REST Login Usernames |-------------------------------------------------------------------------- | | Array of usernames and passwords for login, if ldap is configured this is ignored | */ $config['rest_valid_logins'] = ['admin' => '1234']; /* |-------------------------------------------------------------------------- | Global IP Whitelisting |-------------------------------------------------------------------------- | | Limit connections to your REST server to whitelisted IP addresses | | Usage: | 1. Set to TRUE and select an auth option for extreme security (client's IP | address must be in whitelist and they must also log in) | 2. Set to TRUE with auth set to FALSE to allow whitelisted IPs access with no login | 3. Set to FALSE but set 'auth_override_class_method' to 'whitelist' to | restrict certain methods to IPs in your whitelist | */ $config['rest_ip_whitelist_enabled'] = FALSE; /* |-------------------------------------------------------------------------- | REST IP Whitelist |-------------------------------------------------------------------------- | | Limit connections to your REST server with a comma separated | list of IP addresses | | e.g: '123.456.789.0, 987.654.32.1' | | 127.0.0.1 and 0.0.0.0 are allowed by default | */ $config['rest_ip_whitelist'] = ''; /* |-------------------------------------------------------------------------- | Global IP Blacklisting |-------------------------------------------------------------------------- | | Prevent connections to the REST server from blacklisted IP addresses | | Usage: | 1. Set to TRUE and add any IP address to 'rest_ip_blacklist' | */ $config['rest_ip_blacklist_enabled'] = FALSE; /* |-------------------------------------------------------------------------- | REST IP Blacklist |-------------------------------------------------------------------------- | | Prevent connections from the following IP addresses | | e.g: '123.456.789.0, 987.654.32.1' | */ $config['rest_ip_blacklist'] = ''; /* |-------------------------------------------------------------------------- | REST Database Group |-------------------------------------------------------------------------- | | Connect to a database group for keys, logging, etc. It will only connect | if you have any of these features enabled | */ $config['rest_database_group'] = 'default'; /* |-------------------------------------------------------------------------- | REST API Keys Table Name |-------------------------------------------------------------------------- | | The table name in your database that stores API keys | */ $config['rest_keys_table'] = 'keys'; /* |-------------------------------------------------------------------------- | REST Enable Keys |-------------------------------------------------------------------------- | | When set to TRUE, the REST API will look for a column name called 'key'. | If no key is provided, the request will result in an error. To override the | column name see 'rest_key_column' | | Default table schema: | CREATE TABLE `keys` ( | `id` INT(11) NOT NULL AUTO_INCREMENT, | `user_id` INT(11) NOT NULL, | `key` VARCHAR(40) NOT NULL, | `level` INT(2) NOT NULL, | `ignore_limits` TINYINT(1) NOT NULL DEFAULT '0', | `is_private_key` TINYINT(1) NOT NULL DEFAULT '0', | `ip_addresses` TEXT NULL DEFAULT NULL, | `date_created` INT(11) NOT NULL, | PRIMARY KEY (`id`) | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; | */ $config['rest_enable_keys'] = FALSE; /* |-------------------------------------------------------------------------- | REST Table Key Column Name |-------------------------------------------------------------------------- | | If not using the default table schema in 'rest_enable_keys', specify the | column name to match e.g. my_key | */ $config['rest_key_column'] = 'key'; /* |-------------------------------------------------------------------------- | REST API Limits method |-------------------------------------------------------------------------- | | Specify the method used to limit the API calls | | Available methods are : | $config['rest_limits_method'] = 'API_KEY'; // Put a limit per api key | $config['rest_limits_method'] = 'METHOD_NAME'; // Put a limit on method calls | $config['rest_limits_method'] = 'ROUTED_URL'; // Put a limit on the routed URL | */ $config['rest_limits_method'] = 'ROUTED_URL'; /* |-------------------------------------------------------------------------- | REST Key Length |-------------------------------------------------------------------------- | | Length of the created keys. Check your default database schema on the | maximum length allowed | | Note: The maximum length is 40 | */ $config['rest_key_length'] = 40; /* |-------------------------------------------------------------------------- | REST API Key Variable |-------------------------------------------------------------------------- | | Custom header to specify the API key | Note: Custom headers with the X- prefix are deprecated as of | 2012/06/12. See RFC 6648 specification for more details | */ $config['rest_key_name'] = 'X-API-KEY'; /* |-------------------------------------------------------------------------- | REST Enable Logging |-------------------------------------------------------------------------- | | When set to TRUE, the REST API will log actions based on the column names 'key', 'date', | 'time' and 'ip_address'. This is a general rule that can be overridden in the | $this->method array for each controller | | Default table schema: | CREATE TABLE `logs` ( | `id` INT(11) NOT NULL AUTO_INCREMENT, | `uri` VARCHAR(255) NOT NULL, | `method` VARCHAR(6) NOT NULL, | `params` TEXT DEFAULT NULL, | `api_key` VARCHAR(40) NOT NULL, | `ip_address` VARCHAR(45) NOT NULL, | `time` INT(11) NOT NULL, | `rtime` FLOAT DEFAULT NULL, | `authorized` VARCHAR(1) NOT NULL, | `response_code` smallint(3) DEFAULT '0', | PRIMARY KEY (`id`) | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; | */ $config['rest_enable_logging'] = FALSE; /* |-------------------------------------------------------------------------- | REST API Logs Table Name |-------------------------------------------------------------------------- | | If not using the default table schema in 'rest_enable_logging', specify the | table name to match e.g. my_logs | */ $config['rest_logs_table'] = 'logs'; /* |-------------------------------------------------------------------------- | REST Method Access Control |-------------------------------------------------------------------------- | When set to TRUE, the REST API will check the access table to see if | the API key can access that controller. 'rest_enable_keys' must be enabled | to use this | | Default table schema: | CREATE TABLE `access` ( | `id` INT(11) unsigned NOT NULL AUTO_INCREMENT, | `key` VARCHAR(40) NOT NULL DEFAULT '', | `controller` VARCHAR(50) NOT NULL DEFAULT '', | `date_created` DATETIME DEFAULT NULL, | `date_modified` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, | PRIMARY KEY (`id`) | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; | */ $config['rest_enable_access'] = FALSE; /* |-------------------------------------------------------------------------- | REST API Access Table Name |-------------------------------------------------------------------------- | | If not using the default table schema in 'rest_enable_access', specify the | table name to match e.g. my_access | */ $config['rest_access_table'] = 'access'; /* |-------------------------------------------------------------------------- | REST API Param Log Format |-------------------------------------------------------------------------- | | When set to TRUE, the REST API log parameters will be stored in the database as JSON | Set to FALSE to log as serialized PHP | */ $config['rest_logs_json_params'] = FALSE; /* |-------------------------------------------------------------------------- | REST Enable Limits |-------------------------------------------------------------------------- | | When set to TRUE, the REST API will count the number of uses of each method | by an API key each hour. This is a general rule that can be overridden in the | $this->method array in each controller | | Default table schema: | CREATE TABLE `limits` ( | `id` INT(11) NOT NULL AUTO_INCREMENT, | `uri` VARCHAR(255) NOT NULL, | `count` INT(10) NOT NULL, | `hour_started` INT(11) NOT NULL, | `api_key` VARCHAR(40) NOT NULL, | PRIMARY KEY (`id`) | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; | | To specify the limits within the controller's __construct() method, add per-method | limits with: | | $this->method['METHOD_NAME']['limit'] = [NUM_REQUESTS_PER_HOUR]; | | See application/controllers/api/example.php for examples */ $config['rest_enable_limits'] = FALSE; /* |-------------------------------------------------------------------------- | REST API Limits Table Name |-------------------------------------------------------------------------- | | If not using the default table schema in 'rest_enable_limits', specify the | table name to match e.g. my_limits | */ $config['rest_limits_table'] = 'limits'; /* |-------------------------------------------------------------------------- | REST Ignore HTTP Accept |-------------------------------------------------------------------------- | | Set to TRUE to ignore the HTTP Accept and speed up each request a little. | Only do this if you are using the $this->rest_format or /format/xml in URLs | */ $config['rest_ignore_http_accept'] = FALSE; /* |-------------------------------------------------------------------------- | REST AJAX Only |-------------------------------------------------------------------------- | | Set to TRUE to allow AJAX requests only. Set to FALSE to accept HTTP requests | | Note: If set to TRUE and the request is not AJAX, a 505 response with the | error message 'Only AJAX requests are accepted.' will be returned. | | Hint: This is good for production environments | */ $config['rest_ajax_only'] = FALSE; /* |-------------------------------------------------------------------------- | REST Language File |-------------------------------------------------------------------------- | | Language file to load from the language directory | */ $config['rest_language'] = 'english';
身份验证
该类还提供了对 HTTP 基本身份验证和/或更安全的 HTTP 摘要访问身份验证的初步支持。
您可以通过将 $config['rest_auth'] 设置为 'basic' 来启用基本身份验证。然后可以使用 $config['rest_valid_logins'] 指令设置可以登录到您的系统的用户名和密码。类将自动发送所有正确的标头以触发身份验证对话框
$config['rest_valid_logins'] = ['username' => 'password', 'other_person' => 'secure123'];
启用摘要身份验证同样简单。在配置文件中配置您希望登录的用户,如上所述,并将 $config['rest_auth'] 设置为 'digest'。类将自动发送标头以启用摘要身份验证。
如果您将此库与使用PHP会话进行身份验证的AJAX端点绑定,那么您可能不喜欢摘要或基本身份验证方法。在这种情况下,您可以告诉REST库检查哪个PHP会话变量。如果变量存在,则用户已被授权。设置该变量将由您的应用程序负责。您可以在$config['auth_source']中定义该变量。然后告诉库使用PHP会话变量,通过将$config['rest_auth']设置为session。
以上三种身份验证方法都可以通过使用IP白名单进一步确保安全。如果您在配置文件中启用$config['rest_ip_whitelist_enabled'],则可以设置允许的IP列表。
任何连接到您的API的客户端都将与白名单IP数组进行核对。如果他们在列表中,他们将获得访问权限。如果没有,很抱歉,无法实现。白名单是一个以逗号分隔的字符串
$config['rest_ip_whitelist'] = '123.456.789.0, 987.654.32.1';
默认情况下,允许localhost的IP地址(127.0.0.1和0.0.0.0)。
API密钥
除了上述身份验证方法之外,REST_Controller类还支持使用API密钥。启用API密钥非常简单。在您的config/rest.php文件中将其打开。
$config['rest_enable_keys'] = TRUE;
您需要创建一个新的数据库表来存储和访问密钥。REST_Controller将自动假设您有一个如下所示的表。
CREATE TABLE `keys` ( `id` INT(11) NOT NULL AUTO_INCREMENT, `key` VARCHAR(40) NOT NULL, `level` INT(2) NOT NULL, `ignore_limits` TINYINT(1) NOT NULL DEFAULT '0', `date_created` INT(11) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
类将查找每个请求的HTTP头中的API密钥。无效或缺失的API密钥将导致返回HTTP 403 Forbidden。
默认情况下,HTTP头为X-API-KEY。这可以在config/rest.php中进行配置。
$ curl -X POST -H "X-API-KEY: some_key_here" http://example.com/books
语言设置
默认语言为英语。您可以在rest配置文件中更改语言(见上文)。要创建或覆盖默认语言,您必须在您的应用程序文件夹中创建"rest_controller_lang.php"(例如german/rest_controller_lang.php)。
$lang['text_rest_invalid_api_key'] = 'Invalid API key %s'; // %s is the REST API key $lang['text_rest_invalid_credentials'] = 'Invalid credentials'; $lang['text_rest_ip_denied'] = 'IP denied'; $lang['text_rest_ip_unauthorized'] = 'IP unauthorized'; $lang['text_rest_unauthorized'] = 'Unauthorized'; $lang['text_rest_ajax_only'] = 'Only AJAX requests are allowed'; $lang['text_rest_api_key_unauthorized'] = 'This API key does not have access to the requested controller'; $lang['text_rest_api_key_permissions'] = 'This API key does not have enough permissions'; $lang['text_rest_api_key_time_limit'] = 'This API key has reached the time limit for this method'; $lang['text_rest_unknown_method'] = 'Unknown method'; $lang['text_rest_unsupported'] = 'Unsupported protocol';
其他文档/教程
贡献
此项目最初由Phil Sturgeon和Chris Kacerguis编写。
查看:https://github.com/chriskacerguis/codeigniter-restserver