202 lines
6.3 KiB
PHP
202 lines
6.3 KiB
PHP
<?php
|
||
|
||
/**
|
||
* Class Xapp_Rpc_Gateway_Options holds only constants
|
||
*/
|
||
class Xapp_Rpc_Gateway_Options{
|
||
/**
|
||
* defines whether readable error messages are omitted in error object or not
|
||
*
|
||
* @const OMIT_ERROR
|
||
*/
|
||
const OMIT_ERROR = 'RPC_GATEWAY_OMIT_ERROR';
|
||
|
||
/**
|
||
* array of ip´s that are allowed to request denying all others
|
||
*
|
||
* @const ALLOW_IP
|
||
*/
|
||
const ALLOW_IP = 'RPC_GATEWAY_ALLOW_IP';
|
||
|
||
/**
|
||
* array of ip´s that are always blocked from service
|
||
*
|
||
* @const DENY_IP
|
||
*/
|
||
const DENY_IP = 'RPC_GATEWAY_DENY_IP';
|
||
|
||
/**
|
||
* array of username and password set as array key 0 and 1 to activate basic auth
|
||
*
|
||
* @const BASIC_AUTH
|
||
*/
|
||
const BASIC_AUTH = 'RPC_GATEWAY_BASIC_AUTH';
|
||
|
||
/**
|
||
* disable gateway itself not servicing any requests
|
||
*
|
||
* @const DISABLE
|
||
*/
|
||
const DISABLE = 'RPC_GATEWAY_DISABLE';
|
||
|
||
/**
|
||
* array of services to disable. array must contain either full service name
|
||
* or valid preg regex pattern without pattern delimiters. the regex string will
|
||
* be placed inside the pattern like: '=^(' . implode('|', $services) . ')=i';
|
||
*
|
||
* @const DISABLE_SERVICE
|
||
*/
|
||
const DISABLE_SERVICE = 'RPC_GATEWAY_DISABLE_SERVICE';
|
||
|
||
/**
|
||
* array of host names, without scheme, to allow and block all others. the host
|
||
* name must be the same that will be found in request headers like foo.com
|
||
*
|
||
* @const ALLOW_HOST
|
||
*/
|
||
const ALLOW_HOST = 'RPC_GATEWAY_ALLOW_HOST';
|
||
|
||
/**
|
||
* array of host names to always block from service. host name must be without
|
||
* scheme, e.g. foo.com
|
||
*
|
||
* @const DENY_HOST
|
||
*/
|
||
const DENY_HOST = 'RPC_GATEWAY_DENY_HOST';
|
||
|
||
/**
|
||
* boolean value to define whether to deny service when not called through HTTPS
|
||
*
|
||
* @const FORCE_HTTPS
|
||
*/
|
||
const FORCE_HTTPS = 'RPC_GATEWAY_FORCE_HTTPS';
|
||
|
||
/**
|
||
* array of user agents to allow service to an block all others. values must be
|
||
* regex conform expressions or simple values. if you want to make sure you want
|
||
* to block exact name pass as ^name$ or use wildcard patterns .* or value as it
|
||
* is which will equal to a /value/i regex expression. NOTE: if you use plain
|
||
* value like google for example all other agent names like googlebot,
|
||
* googlesearch, .. are also blocked
|
||
*
|
||
* @const ALLOW_USER_AGENT
|
||
*/
|
||
const ALLOW_USER_AGENT = 'RPC_GATEWAY_ALLOW_USER_AGENT';
|
||
|
||
/**
|
||
* array of user agents to always deny service of - see explanations for
|
||
* ALLOW_USER_AGENT
|
||
*
|
||
* @const DENY_USER_AGENT
|
||
*/
|
||
const DENY_USER_AGENT = 'RPC_GATEWAY_DENY_USER_AGENT';
|
||
|
||
/**
|
||
* array of refereres to allow and deny all others. values must be
|
||
* regex conform expressions or simple values. if you want to make sure you want
|
||
* to block exact name pass as ^name$ or use wildcard patterns .* or value as it
|
||
* is which will equal to a /value/i regex expression.
|
||
*
|
||
* @const ALLOW_REFERER
|
||
*/
|
||
const ALLOW_REFERER = 'RPC_GATEWAY_ALLOW_REFERER';
|
||
|
||
/**
|
||
* activate signed requests expecting signature hash in request which. the signature parameter must always
|
||
* be set/placed in first level of request parameter array
|
||
*
|
||
* @const SIGNED_REQUEST
|
||
*/
|
||
const SIGNED_REQUEST = 'RPC_GATEWAY_SIGNED_REQUEST';
|
||
|
||
/**
|
||
* defines the signed request method to get user identifier from the request object. allowed values are:
|
||
* - host = will check for host/server name from server header object
|
||
* - ip = will check for client ip value from server header object
|
||
* - user = will check for user parameter value in request post object - see SIGNED_REQUEST_USER_PARAM
|
||
*
|
||
* @const SIGNED_REQUEST_METHOD
|
||
*/
|
||
const SIGNED_REQUEST_METHOD = 'RPC_GATEWAY_SIGNED_REQUEST_METHOD';
|
||
|
||
/**
|
||
* set optional array of preg regex patterns services to exclude from being only signed request services.
|
||
* the regex pattern should be valid an not contain pattern delimiters. the regex string will be placed inside
|
||
* the pattern like: '=^(' . implode('|', $services) . ')=i';
|
||
*
|
||
* @const SIGNED_REQUEST_EXCLUDES
|
||
*/
|
||
const SIGNED_REQUEST_EXCLUDES = 'RPC_GATEWAY_SIGNED_REQUEST_EXCLUDES';
|
||
|
||
/**
|
||
* set parameter name for signed request user identification - the user name or id
|
||
* that is necessary to retrieve api or service key for
|
||
*
|
||
* @const SIGNED_REQUEST_USER_PARAM
|
||
*/
|
||
const SIGNED_REQUEST_USER_PARAM = 'RPC_GATEWAY_SIGNED_REQUEST_USER_PARAM';
|
||
|
||
/**
|
||
* set parameter name for signed request signature parameter - the parameter
|
||
* where the signature for the request is to be found
|
||
*
|
||
* @const SIGNED_REQUEST_SIGN_PARAM
|
||
*/
|
||
const SIGNED_REQUEST_SIGN_PARAM = 'RPC_GATEWAY_SIGNED_REQUEST_SIGN_PARAM';
|
||
|
||
/**
|
||
* define you own callback to validate signed request by receiving data and api/gateway
|
||
* key. the callback function must return boolean value. the callback function will receive
|
||
* 3 parameters = 1) request object, 2) the get/post parameter merged 3) the api key if set in gateway instance, if not
|
||
* must be retrieved manually from where ever it is stored.
|
||
*
|
||
* <code>
|
||
* function myCallback($request, $params, $key = null)
|
||
* {
|
||
* return true;
|
||
* }
|
||
* </code>
|
||
*
|
||
* @const SIGNED_REQUEST_CALLBACK
|
||
*/
|
||
const SIGNED_REQUEST_CALLBACK = 'RPC_GATEWAY_SIGNED_REQUEST_CALLBACK';
|
||
|
||
/**
|
||
* secret salt for creating api keys
|
||
*/
|
||
const SALT_KEY = 'RPC_GATEWAY_SALT';
|
||
}
|
||
|
||
/**
|
||
* Default Gateway options
|
||
*/
|
||
$XAPP_GATEWAY_OPTIONS = array(
|
||
Xapp_Rpc_Gateway_Options::SIGNED_REQUEST => true,
|
||
Xapp_Rpc_Gateway_Options::OMIT_ERROR => true,
|
||
Xapp_Rpc_Gateway_Options::SIGNED_REQUEST_METHOD => 'user',
|
||
Xapp_Rpc_Gateway_Options::SIGNED_REQUEST_SIGN_PARAM => 'sig',
|
||
Xapp_Rpc_Gateway_Options::SALT_KEY => 'k?Ur$0aE#9j1+7ui'
|
||
);
|
||
|
||
/*******************************************************************************
|
||
*
|
||
* Example : Load security config from Ini - File:
|
||
**/
|
||
|
||
/*
|
||
xapp_import('xapp.Config.Ini');
|
||
$iniFilePath = realpath($ROOT_DIRECTORY_ABSOLUTE .'/profiles/default/security.ini');
|
||
$_XAPP_GATEWAY_OPTIONS_INI_CONF = new Xapp_Config_Ini($iniFilePath);//will throw an error if it doesnt exists
|
||
$_XAPP_GATEWAY_OPTIONS_INI_CONF->load($iniFilePath);
|
||
|
||
//example read a parameter in the ini file:
|
||
//$omit = $_XAPP_GATEWAY_OPTIONS_INI_CONF->get(Xapp_Rpc_Gateway_Options::OMIT_ERROR);
|
||
|
||
//example in case the parameter is in a ini Section:
|
||
//$omit = $_XAPP_GATEWAY_OPTIONS_INI_CONF->get('Default'. Xapp_Rpc_Gateway_Options::OMIT_ERROR);
|
||
|
||
// set $XAPP_GATEWAY_OPTIONS to the Config-Instance:
|
||
$XAPP_GATEWAY_OPTIONS = $_XAPP_GATEWAY_OPTIONS_INI_CONF;
|
||
|
||
*/
|