allow api methods whitelisting
This commit is contained in:
Guillermo Dev
12
src/Webservice/Exception/ConfigException.php
Normal file
12
src/Webservice/Exception/ConfigException.php
Normal file
@@ -0,0 +1,12 @@
|
||||
<?php
|
||||
|
||||
namespace Bsr\Webservice\Exception;
|
||||
|
||||
/**
|
||||
* This exception should be raised by the WebService engine when
|
||||
* there is an error in the provided configuration information.
|
||||
*
|
||||
* @package Bsr\Webservice\Exception
|
||||
*/
|
||||
class ConfigException extends \Exception {
|
||||
}
|
||||
@@ -3,6 +3,7 @@
|
||||
namespace Bsr\Webservice;
|
||||
|
||||
use Bsr\Webservice\Exception\UsageException;
|
||||
use Bsr\Webservice\Exception\ConfigException;
|
||||
use Bsr\Webservice\Exception\WebException;
|
||||
use Bsr\Utils\Configuration\Configuration;
|
||||
use Bsr\Utils\Logger\Logger;
|
||||
@@ -91,19 +92,33 @@ abstract class WebService
|
||||
|
||||
$params = $this->filterParams($params);
|
||||
|
||||
$this->isAllowedMethodNameOrThrow($params["func"]);
|
||||
|
||||
$this->func = $params["func"];
|
||||
unset($params['func']);
|
||||
|
||||
$this->paramsMatchMethodDeclarationOrThrow($params);
|
||||
|
||||
Logger::info(array(
|
||||
'func' => $this->func.'('.implode(', ', $params).')',
|
||||
));
|
||||
|
||||
return call_user_func_array(array($this, $this->func), $params);
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify that the provided params match the declaration of the requested method
|
||||
* @param array $params
|
||||
* @throws UsageException
|
||||
*/
|
||||
protected function paramsMatchMethodDeclarationOrThrow($params)
|
||||
{
|
||||
if (!is_callable(array($this, $this->func))) {
|
||||
throw new UsageException("BadMethod", "Method {$this->func} does not exists.", UsageException::BAD_METHOD);
|
||||
throw new UsageException("BadMethod", "Method {$this->func} does not exist.", UsageException::BAD_METHOD);
|
||||
}
|
||||
|
||||
$rm = new \ReflectionMethod($this, $this->func);
|
||||
$nbParams = count($params);
|
||||
$rm = new \ReflectionMethod($this, $this->func);
|
||||
$nbArgsFix = $rm->getNumberOfRequiredParameters();
|
||||
$nbArgs = $rm->getNumberOfParameters();
|
||||
|
||||
@@ -114,8 +129,24 @@ abstract class WebService
|
||||
if ($nbParams > $nbArgs) {
|
||||
throw new UsageException("TooManyArgs", "You must provide at most $nbArgs arguments.", UsageException::TOO_MANY_ARGS);
|
||||
}
|
||||
}
|
||||
|
||||
return call_user_func_array(array($this, $this->func), $params);
|
||||
/**
|
||||
* If no configuration is available assumes that all public methods are allowed
|
||||
* @param string the requested method name from api param func
|
||||
*/
|
||||
protected function isAllowedMethodNameOrThrow($requestedMethodName)
|
||||
{
|
||||
$allowedMethodNames = Configuration::get('webservice.api_method_names', null);
|
||||
if (null === $allowedMethodNames) {
|
||||
return;
|
||||
}
|
||||
if (!is_array($allowedMethodNames)) {
|
||||
throw new ConfigException('Bad config. You should pass an array of method names as strings, in "webservice" key and "api_method_names" subkey');
|
||||
}
|
||||
if (!in_array($requestedMethodName, $allowedMethodNames)) {
|
||||
throw new UsageException("BadMethod", "Method {$requestedMethodName} is not whitelisted. Pick one of :" . implode(', ', $allowedMethodNames), UsageException::BAD_METHOD);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user