Author: chabotc
Date: Sat Jul 12 05:40:06 2008
New Revision: 676170
URL: http://svn.apache.org/viewvc?rev=676170&view=rev
Log:
Allow anonymous social data requests (viewer = owner = app id = mod id = 0) and
limit anonymous requests to GET actions
Modified:
incubator/shindig/trunk/php/src/socialrest/DataRequestHandler.php
incubator/shindig/trunk/php/src/socialrest/http/RestServlet.php
Modified: incubator/shindig/trunk/php/src/socialrest/DataRequestHandler.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/socialrest/DataRequestHandler.php?rev=676170&r1=676169&r2=676170&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/socialrest/DataRequestHandler.php (original)
+++ incubator/shindig/trunk/php/src/socialrest/DataRequestHandler.php Sat Jul
12 05:40:06 2008
@@ -21,13 +21,20 @@
public function handleMethod(RestRequestItem $requestItem)
{
- if ($requestItem->getMethod() == 'POST') {
+ $token = $requestItem->getToken();
+ $owner = $token->getOwnerId();
+ $viewer = $token->getViewerId();
+ $method = $requestItem->getMethod();
+ if ($owner == 0 && $viewer == 0 && $method != 'GET') {
+ // Anonymous requests are only allowed to GET data (not
create/edit/delete)
+ $response = new ResponseItem(BAD_REQUEST, "", null);
+ } elseif ($method == 'GET') {
+ $response = $this->handleGet($requestItem);
+ } elseif ($method == 'POST') {
$response = $this->handlePost($requestItem);
- } elseif ($requestItem->getMethod() == 'GET') {
- $response = $this->handleGet($requestItem);
- } elseif ($requestItem->getMethod() == 'DELETE') {
+ } elseif ($method == 'DELETE') {
$response = $this->handleDelete($requestItem);
- } elseif ($requestItem->getMethod() == 'PUT') {
+ } elseif ($method == 'PUT') {
$response = $this->handlePut($requestItem);
} else {
$response = new ResponseItem(BAD_REQUEST, "Unserviced
Http method type", null);
Modified: incubator/shindig/trunk/php/src/socialrest/http/RestServlet.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/socialrest/http/RestServlet.php?rev=676170&r1=676169&r2=676170&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/socialrest/http/RestServlet.php (original)
+++ incubator/shindig/trunk/php/src/socialrest/http/RestServlet.php Sat Jul 12
05:40:06 2008
@@ -75,8 +75,9 @@
{
$this->setNoCache(true);
$this->noHeaders = true;
- // use security token, for now this is required
- // (later oauth should also be a way to specify this info)
+ // if oauth, create a token from it's values instead of one
based on $_get['st']/$_post['st']
+ // NOTE : if no token is provided an anonymous one is created
(owner = viewer = appId = modId = 0)
+ // keep this in mind when creating your data services..
$token = $this->getSecurityToken();
$req = null;
if ($this->isBatchUrl()) {
@@ -224,7 +225,12 @@
{
$token = isset($_GET['st']) ? $_GET['st'] : '';
if (empty($token)) {
- throw new RestException("Missing security token");
+ // no security token, continue anonymously, remeber to
check
+ // for private profiles etc in your code so their not
publicly
+ // accessable to anoymous users! Anonymous == owner =
viewer = appId = modId = 0
+ $gadgetSigner = Config::get('security_token');
+ // create token with 0 values, no gadget url, no domain
and 0 duration
+ return new $gadgetSigner(null, 0, 0, 0, 0, '', '', 0);
}
if (count(explode(':', $token)) != 6) {
$token = urldecode(base64_decode($token));
