kmj1996
/
Practice
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
31 MiB
Tree: 6033cef2ee
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6033cef2ee'
${ noResults }
Practice/wheeparam/application/config/rest.php

594 lines
19 KiB
Raw Normal View History

v1.0.0
7 years ago
  1. <?php
  3. defined('BASEPATH') OR exit('No direct script access allowed');
  5. /*
  6. |--------------------------------------------------------------------------
  7. | HTTP protocol
  8. |--------------------------------------------------------------------------
  9. |
  10. | Set to force the use of HTTPS for REST API calls
  11. |
  12. */
  13. $config['force_https'] = FALSE;
  15. /*
  16. |--------------------------------------------------------------------------
  17. | REST Output Format
  18. |--------------------------------------------------------------------------
  19. |
  20. | The default format of the response
  21. |
  22. | 'array': Array data structure
  23. | 'csv': Comma separated file
  24. | 'json': Uses json_encode(). Note: If a GET query string
  25. | called 'callback' is passed, then jsonp will be returned
  26. | 'html' HTML using the table library in CodeIgniter
  27. | 'php': Uses var_export()
  28. | 'serialized': Uses serialize()
  29. | 'xml': Uses simplexml_load_string()
  30. |
  31. */
  32. $config['rest_default_format'] = 'json';
  34. /*
  35. |--------------------------------------------------------------------------
  36. | REST Supported Output Formats
  37. |--------------------------------------------------------------------------
  38. |
  39. | The following setting contains a list of the supported/allowed formats.
  40. | You may remove those formats that you don't want to use.
  41. | If the default format $config['rest_default_format'] is missing within
  42. | $config['rest_supported_formats'], it will be added silently during
  43. | REST_Controller initialization.
  44. |
  45. */
  46. $config['rest_supported_formats'] = [
  47. 'json',
  48. 'array',
  49. 'csv',
  50. 'html',
  51. 'jsonp',
  52. 'php',
  53. 'serialized',
  54. 'xml',
  55. ];
  57. /*
  58. |--------------------------------------------------------------------------
  59. | REST Status Field Name
  60. |--------------------------------------------------------------------------
  61. |
  62. | The field name for the status inside the response
  63. |
  64. */
  65. $config['rest_status_field_name'] = 'status';
  67. /*
  68. |--------------------------------------------------------------------------
  69. | REST Message Field Name
  70. |--------------------------------------------------------------------------
  71. |
  72. | The field name for the message inside the response
  73. |
  74. */
  75. $config['rest_message_field_name'] = 'error';
  77. /*
  78. |--------------------------------------------------------------------------
  79. | Enable Emulate Request
  80. |--------------------------------------------------------------------------
  81. |
  82. | Should we enable emulation of the request (e.g. used in Mootools request)
  83. |
  84. */
  85. $config['enable_emulate_request'] = TRUE;
  87. /*
  88. |--------------------------------------------------------------------------
  89. | REST Realm
  90. |--------------------------------------------------------------------------
  91. |
  92. | Name of the password protected REST API displayed on login dialogs
  93. |
  94. | e.g: My Secret REST API
  95. |
  96. */
  97. $config['rest_realm'] = 'REST API';
  99. /*
  100. |--------------------------------------------------------------------------
  101. | REST Login
  102. |--------------------------------------------------------------------------
  103. |
  104. | Set to specify the REST API requires to be logged in
  105. |
  106. | FALSE No login required
  107. | 'basic' Unsecure login
  108. | 'digest' More secure login
  109. | 'session' Check for a PHP session variable. See 'auth_source' to set the
  110. | authorization key
  111. |
  112. */
  113. $config['rest_auth'] = FALSE;
  115. /*
  116. |--------------------------------------------------------------------------
  117. | REST Login Source
  118. |--------------------------------------------------------------------------
  119. |
  120. | Is login required and if so, the user store to use
  121. |
  122. | '' Use config based users or wildcard testing
  123. | 'ldap' Use LDAP authentication
  124. | 'library' Use a authentication library
  125. |
  126. | Note: If 'rest_auth' is set to 'session' then change 'auth_source' to the name of the session variable
  127. |
  128. */
  129. $config['auth_source'] = 'ldap';
  131. /*
  132. |--------------------------------------------------------------------------
  133. | Allow Authentication and API Keys
  134. |--------------------------------------------------------------------------
  135. |
  136. | Where you wish to have Basic, Digest or Session login, but also want to use API Keys (for limiting
  137. | requests etc), set to TRUE;
  138. |
  139. */
  140. $config['allow_auth_and_keys'] = TRUE;
  142. /*
  143. |--------------------------------------------------------------------------
  144. | REST Login Class and Function
  145. |--------------------------------------------------------------------------
  146. |
  147. | If library authentication is used define the class and function name
  148. |
  149. | The function should accept two parameters: class->function($username, $password)
  150. | In other cases override the function _perform_library_auth in your controller
  151. |
  152. | For digest authentication the library function should return already a stored
  153. | md5(username:restrealm:password) for that username
  154. |
  155. | e.g: md5('admin:REST API:1234') = '1e957ebc35631ab22d5bd6526bd14ea2'
  156. |
  157. */
  158. $config['auth_library_class'] = '';
  159. $config['auth_library_function'] = '';
  161. /*
  162. |--------------------------------------------------------------------------
  163. | Override auth types for specific class/method
  164. |--------------------------------------------------------------------------
  165. |
  166. | Set specific authentication types for methods within a class (controller)
  167. |
  168. | Set as many config entries as needed. Any methods not set will use the default 'rest_auth' config value.
  169. |
  170. | e.g:
  171. |
  172. | $config['auth_override_class_method']['deals']['view'] = 'none';
  173. | $config['auth_override_class_method']['deals']['insert'] = 'digest';
  174. | $config['auth_override_class_method']['accounts']['user'] = 'basic';
  175. | $config['auth_override_class_method']['dashboard']['*'] = 'none|digest|basic';
  176. |
  177. | Here 'deals', 'accounts' and 'dashboard' are controller names, 'view', 'insert' and 'user' are methods within. An asterisk may also be used to specify an authentication method for an entire classes methods. Ex: $config['auth_override_class_method']['dashboard']['*'] = 'basic'; (NOTE: leave off the '_get' or '_post' from the end of the method name)
  178. | Acceptable values are; 'none', 'digest' and 'basic'.
  179. |
  180. */
  181. // $config['auth_override_class_method']['deals']['view'] = 'none';
  182. // $config['auth_override_class_method']['deals']['insert'] = 'digest';
  183. // $config['auth_override_class_method']['accounts']['user'] = 'basic';
  184. // $config['auth_override_class_method']['dashboard']['*'] = 'basic';
  187. // ---Uncomment list line for the wildard unit test
  188. // $config['auth_override_class_method']['wildcard_test_cases']['*'] = 'basic';
  190. /*
  191. |--------------------------------------------------------------------------
  192. | Override auth types for specfic 'class/method/HTTP method'
  193. |--------------------------------------------------------------------------
  194. |
  195. | example:
  196. |
  197. | $config['auth_override_class_method_http']['deals']['view']['get'] = 'none';
  198. | $config['auth_override_class_method_http']['deals']['insert']['post'] = 'none';
  199. | $config['auth_override_class_method_http']['deals']['*']['options'] = 'none';
  200. */
  202. // ---Uncomment list line for the wildard unit test
  203. // $config['auth_override_class_method_http']['wildcard_test_cases']['*']['options'] = 'basic';
  205. /*
  206. |--------------------------------------------------------------------------
  207. | REST Login Usernames
  208. |--------------------------------------------------------------------------
  209. |
  210. | Array of usernames and passwords for login, if ldap is configured this is ignored
  211. |
  212. */
  213. $config['rest_valid_logins'] = ['admin' => '1234'];
  215. /*
  216. |--------------------------------------------------------------------------
  217. | Global IP Whitelisting
  218. |--------------------------------------------------------------------------
  219. |
  220. | Limit connections to your REST server to whitelisted IP addresses
  221. |
  222. | Usage:
  223. | 1. Set to TRUE and select an auth option for extreme security (client's IP
  224. | address must be in whitelist and they must also log in)
  225. | 2. Set to TRUE with auth set to FALSE to allow whitelisted IPs access with no login
  226. | 3. Set to FALSE but set 'auth_override_class_method' to 'whitelist' to
  227. | restrict certain methods to IPs in your whitelist
  228. |
  229. */
  230. $config['rest_ip_whitelist_enabled'] = FALSE;
  232. /*
  233. |--------------------------------------------------------------------------
  234. | REST IP Whitelist
  235. |--------------------------------------------------------------------------
  236. |
  237. | Limit connections to your REST server with a comma separated
  238. | list of IP addresses
  239. |
  240. | e.g: '123.456.789.0, 987.654.32.1'
  241. |
  242. | 127.0.0.1 and 0.0.0.0 are allowed by default
  243. |
  244. */
  245. $config['rest_ip_whitelist'] = '';
  247. /*
  248. |--------------------------------------------------------------------------
  249. | Global IP Blacklisting
  250. |--------------------------------------------------------------------------
  251. |
  252. | Prevent connections to the REST server from blacklisted IP addresses
  253. |
  254. | Usage:
  255. | 1. Set to TRUE and add any IP address to 'rest_ip_blacklist'
  256. |
  257. */
  258. $config['rest_ip_blacklist_enabled'] = FALSE;
  260. /*
  261. |--------------------------------------------------------------------------
  262. | REST IP Blacklist
  263. |--------------------------------------------------------------------------
  264. |
  265. | Prevent connections from the following IP addresses
  266. |
  267. | e.g: '123.456.789.0, 987.654.32.1'
  268. |
  269. */
  270. $config['rest_ip_blacklist'] = '';
  272. /*
  273. |--------------------------------------------------------------------------
  274. | REST Database Group
  275. |--------------------------------------------------------------------------
  276. |
  277. | Connect to a database group for keys, logging, etc. It will only connect
  278. | if you have any of these features enabled
  279. |
  280. */
  281. $config['rest_database_group'] = 'default';
  283. /*
  284. |--------------------------------------------------------------------------
  285. | REST API Keys Table Name
  286. |--------------------------------------------------------------------------
  287. |
  288. | The table name in your database that stores API keys
  289. |
  290. */
  291. $config['rest_keys_table'] = 'keys';
  293. /*
  294. |--------------------------------------------------------------------------
  295. | REST Enable Keys
  296. |--------------------------------------------------------------------------
  297. |
  298. | When set to TRUE, the REST API will look for a column name called 'key'.
  299. | If no key is provided, the request will result in an error. To override the
  300. | column name see 'rest_key_column'
  301. |
  302. | Default table schema:
  303. | CREATE TABLE `keys` (
  304. | `id` INT(11) NOT NULL AUTO_INCREMENT,
  305. | `user_id` INT(11) NOT NULL,
  306. | `key` VARCHAR(40) NOT NULL,
  307. | `level` INT(2) NOT NULL,
  308. | `ignore_limits` TINYINT(1) NOT NULL DEFAULT '0',
  309. | `is_private_key` TINYINT(1) NOT NULL DEFAULT '0',
  310. | `ip_addresses` TEXT NULL DEFAULT NULL,
  311. | `date_created` INT(11) NOT NULL,
  312. | PRIMARY KEY (`id`)
  313. | ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  314. |
  315. */
  316. $config['rest_enable_keys'] = FALSE;
  318. /*
  319. |--------------------------------------------------------------------------
  320. | REST Table Key Column Name
  321. |--------------------------------------------------------------------------
  322. |
  323. | If not using the default table schema in 'rest_enable_keys', specify the
  324. | column name to match e.g. my_key
  325. |
  326. */
  327. $config['rest_key_column'] = 'key';
  329. /*
  330. |--------------------------------------------------------------------------
  331. | REST API Limits method
  332. |--------------------------------------------------------------------------
  333. |
  334. | Specify the method used to limit the API calls
  335. |
  336. | Available methods are :
  337. | $config['rest_limits_method'] = 'IP_ADDRESS'; // Put a limit per ip address
  338. | $config['rest_limits_method'] = 'API_KEY'; // Put a limit per api key
  339. | $config['rest_limits_method'] = 'METHOD_NAME'; // Put a limit on method calls
  340. | $config['rest_limits_method'] = 'ROUTED_URL'; // Put a limit on the routed URL
  341. |
  342. */
  343. $config['rest_limits_method'] = 'ROUTED_URL';
  345. /*
  346. |--------------------------------------------------------------------------
  347. | REST Key Length
  348. |--------------------------------------------------------------------------
  349. |
  350. | Length of the created keys. Check your default database schema on the
  351. | maximum length allowed
  352. |
  353. | Note: The maximum length is 40
  354. |
  355. */
  356. $config['rest_key_length'] = 40;
  358. /*
  359. |--------------------------------------------------------------------------
  360. | REST API Key Variable
  361. |--------------------------------------------------------------------------
  362. |
  363. | Custom header to specify the API key
  365. | Note: Custom headers with the X- prefix are deprecated as of
  366. | 2012/06/12. See RFC 6648 specification for more details
  367. |
  368. */
  369. $config['rest_key_name'] = 'X-API-KEY';
  371. /*
  372. |--------------------------------------------------------------------------
  373. | REST Enable Logging
  374. |--------------------------------------------------------------------------
  375. |
  376. | When set to TRUE, the REST API will log actions based on the column names 'key', 'date',
  377. | 'time' and 'ip_address'. This is a general rule that can be overridden in the
  378. | $this->method array for each controller
  379. |
  380. | Default table schema:
  381. | CREATE TABLE `logs` (
  382. | `id` INT(11) NOT NULL AUTO_INCREMENT,
  383. | `uri` VARCHAR(255) NOT NULL,
  384. | `method` VARCHAR(6) NOT NULL,
  385. | `params` TEXT DEFAULT NULL,
  386. | `api_key` VARCHAR(40) NOT NULL,
  387. | `ip_address` VARCHAR(45) NOT NULL,
  388. | `time` INT(11) NOT NULL,
  389. | `rtime` FLOAT DEFAULT NULL,
  390. | `authorized` VARCHAR(1) NOT NULL,
  391. | `response_code` smallint(3) DEFAULT '0',
  392. | PRIMARY KEY (`id`)
  393. | ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  394. |
  395. */
  396. $config['rest_enable_logging'] = FALSE;
  398. /*
  399. |--------------------------------------------------------------------------
  400. | REST API Logs Table Name
  401. |--------------------------------------------------------------------------
  402. |
  403. | If not using the default table schema in 'rest_enable_logging', specify the
  404. | table name to match e.g. my_logs
  405. |
  406. */
  407. $config['rest_logs_table'] = 'logs';
  409. /*
  410. |--------------------------------------------------------------------------
  411. | REST Method Access Control
  412. |--------------------------------------------------------------------------
  413. | When set to TRUE, the REST API will check the access table to see if
  414. | the API key can access that controller. 'rest_enable_keys' must be enabled
  415. | to use this
  416. |
  417. | Default table schema:
  418. | CREATE TABLE `access` (
  419. | `id` INT(11) unsigned NOT NULL AUTO_INCREMENT,
  420. | `key` VARCHAR(40) NOT NULL DEFAULT '',
  421. | `all_access` TINYINT(1) NOT NULL DEFAULT '0',
  422. | `controller` VARCHAR(50) NOT NULL DEFAULT '',
  423. | `date_created` DATETIME DEFAULT NULL,
  424. | `date_modified` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
  425. | PRIMARY KEY (`id`)
  426. | ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  427. |
  428. */
  429. $config['rest_enable_access'] = FALSE;
  431. /*
  432. |--------------------------------------------------------------------------
  433. | REST API Access Table Name
  434. |--------------------------------------------------------------------------
  435. |
  436. | If not using the default table schema in 'rest_enable_access', specify the
  437. | table name to match e.g. my_access
  438. |
  439. */
  440. $config['rest_access_table'] = 'access';
  442. /*
  443. |--------------------------------------------------------------------------
  444. | REST API Param Log Format
  445. |--------------------------------------------------------------------------
  446. |
  447. | When set to TRUE, the REST API log parameters will be stored in the database as JSON
  448. | Set to FALSE to log as serialized PHP
  449. |
  450. */
  451. $config['rest_logs_json_params'] = FALSE;
  453. /*
  454. |--------------------------------------------------------------------------
  455. | REST Enable Limits
  456. |--------------------------------------------------------------------------
  457. |
  458. | When set to TRUE, the REST API will count the number of uses of each method
  459. | by an API key each hour. This is a general rule that can be overridden in the
  460. | $this->method array in each controller
  461. |
  462. | Default table schema:
  463. | CREATE TABLE `limits` (
  464. | `id` INT(11) NOT NULL AUTO_INCREMENT,
  465. | `uri` VARCHAR(255) NOT NULL,
  466. | `count` INT(10) NOT NULL,
  467. | `hour_started` INT(11) NOT NULL,
  468. | `api_key` VARCHAR(40) NOT NULL,
  469. | PRIMARY KEY (`id`)
  470. | ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
  471. |
  472. | To specify the limits within the controller's __construct() method, add per-method
  473. | limits with:
  474. |
  475. | $this->method['METHOD_NAME']['limit'] = [NUM_REQUESTS_PER_HOUR];
  476. |
  477. | See application/controllers/api/example.php for examples
  478. */
  479. $config['rest_enable_limits'] = FALSE;
  481. /*
  482. |--------------------------------------------------------------------------
  483. | REST API Limits Table Name
  484. |--------------------------------------------------------------------------
  485. |
  486. | If not using the default table schema in 'rest_enable_limits', specify the
  487. | table name to match e.g. my_limits
  488. |
  489. */
  490. $config['rest_limits_table'] = 'limits';
  492. /*
  493. |--------------------------------------------------------------------------
  494. | REST Ignore HTTP Accept
  495. |--------------------------------------------------------------------------
  496. |
  497. | Set to TRUE to ignore the HTTP Accept and speed up each request a little.
  498. | Only do this if you are using the $this->rest_format or /format/xml in URLs
  499. |
  500. */
  501. $config['rest_ignore_http_accept'] = FALSE;
  503. /*
  504. |--------------------------------------------------------------------------
  505. | REST AJAX Only
  506. |--------------------------------------------------------------------------
  507. |
  508. | Set to TRUE to allow AJAX requests only. Set to FALSE to accept HTTP requests
  509. |
  510. | Note: If set to TRUE and the request is not AJAX, a 505 response with the
  511. | error message 'Only AJAX requests are accepted.' will be returned.
  512. |
  513. | Hint: This is good for production environments
  514. |
  515. */
  516. $config['rest_ajax_only'] = FALSE;
  518. /*
  519. |--------------------------------------------------------------------------
  520. | REST Language File
  521. |--------------------------------------------------------------------------
  522. |
  523. | Language file to load from the language directory
  524. |
  525. */
  526. $config['rest_language'] = 'korean';
  528. /*
  529. |--------------------------------------------------------------------------
  530. | CORS Check
  531. |--------------------------------------------------------------------------
  532. |
  533. | Set to TRUE to enable Cross-Origin Resource Sharing (CORS). Useful if you
  534. | are hosting your API on a different domain from the application that
  535. | will access it through a browser
  536. |
  537. */
  538. $config['check_cors'] = FALSE;
  540. /*
  541. |--------------------------------------------------------------------------
  542. | CORS Allowable Headers
  543. |--------------------------------------------------------------------------
  544. |
  545. | If using CORS checks, set the allowable headers here
  546. |
  547. */
  548. $config['allowed_cors_headers'] = [
  549. 'Origin',
  550. 'X-Requested-With',
  551. 'Content-Type',
  552. 'Accept',
  553. 'Access-Control-Request-Method'
  554. ];
  556. /*
  557. |--------------------------------------------------------------------------
  558. | CORS Allowable Methods
  559. |--------------------------------------------------------------------------
  560. |
  561. | If using CORS checks, you can set the methods you want to be allowed
  562. |
  563. */
  564. $config['allowed_cors_methods'] = [
  565. 'GET',
  566. 'POST',
  567. 'OPTIONS',
  568. 'PUT',
  569. 'PATCH',
  570. 'DELETE'
  571. ];
  573. /*
  574. |--------------------------------------------------------------------------
  575. | CORS Allow Any Domain
  576. |--------------------------------------------------------------------------
  577. |
  578. | Set to TRUE to enable Cross-Origin Resource Sharing (CORS) from any
  579. | source domain
  580. |
  581. */
  582. $config['allow_any_cors_domain'] = FALSE;
  584. /*
  585. |--------------------------------------------------------------------------
  586. | CORS Allowable Domains
  587. |--------------------------------------------------------------------------
  588. |
  589. | Used if $config['check_cors'] is set to TRUE and $config['allow_any_cors_domain']
  590. | is set to FALSE. Set all the allowable domains within the array
  591. |
  592. | e.g. $config['allowed_origins'] = ['http://www.example.com', 'https://spa.example.com']
  593. |
  594. */
  595. $config['allowed_cors_origins'] = [];