diff --git amfserver.info amfserver.info index 9a79199..4956a13 100644 --- amfserver.info +++ amfserver.info @@ -4,5 +4,7 @@ package = Services - servers core = 7.x ; version = 7.x-3.x-rc1 configure = admin/config/services/amfserver/settings +files[] = amfserver.server.inc files[] = amfserver.resources.inc +files[] = amfserver.vo.inc dependencies[] = services (>3.0-rc1) \ No newline at end of file diff --git amfserver.module amfserver.module index e9920cf..a8a7a41 100644 --- amfserver.module +++ amfserver.module @@ -27,7 +27,7 @@ function amfserver_server() { } //The amfserver itself, a subclass of the Zend amfserver - require_once 'amfserver.resources.inc'; + require_once 'amfserver.server.inc'; $server = new AmfServerServer(); //we add the classmappings here, they are configurable via the amfserver settings $mappings = db_query('SELECT class_php, class_as3 FROM {amfserver_classmapping}'); diff --git amfserver.resources.inc amfserver.resources.inc index c55261b..f5ecc5d 100644 --- amfserver.resources.inc +++ amfserver.resources.inc @@ -1,285 +1,11 @@ $description, - 'detail' => ($this->isProduction()) ? '' : $detail, - 'line' => ($this->isProduction()) ? 0 : $line, - 'code' => $code - ); - case Zend_Amf_Constants::AMF3_OBJECT_ENCODING : - $return = new Zend_Amf_Value_Messaging_ErrorMessage($message); - $return->faultString = $description; - $return->faultCode = $code; - $return->faultDetail = $this->isProduction () ? '' : $detail; - break; - } - return $return; - } -} - -/** - * AmfServerServiceProxy is a proxy class to forward requests to the right resource - */ -class AmfServerServiceProxy { - //holds the endpoint reference of this amfserver - public static $endpoint; - //holds a reference to the AmfServerServer - public static $server; - - function execute() { - $arguments = func_get_args(); - $function = array_shift($arguments); - try{ - $controller = services_controller_get($function, self::$endpoint->name); - if ($controller == NULL) { - //the resource is not found, so stop execution and inform user (reason: resource not defined on endpoint) - throw new Zend_Amf_Server_Exception(t('requested resource not found:') . ' "' . $function . '". ' . t("Is this resource enabled via the amfserver endpoint?")); - } - - //check if we can use a session and function with the logged in user's permission - $succes = $this->use_session(); - - //next, we sanitize the arguments (see issue: http://drupal.org/node/1124960 in essence, this should be handled by services itself...) - //check required arguments and set defaults for optional arguments - $number_of_passed_arguments = count($arguments); - $number_of_potential_arguments = count($controller['args']); - - //check for too many arguments - if ($number_of_passed_arguments > $number_of_potential_arguments) { - throw new Zend_Amf_Server_Exception(t('Too many arguments supplied, expected a maximum of @expected but got @got', array( - '@got' => $number_of_passed_arguments , '@expected' => $number_of_potential_arguments)), 400); - } - - //loop through the arguments definitions for the callback to check for required arguments and set default values for optional arguments - $number_of_required_arguments = 0; - $args = array(); - $i = 0; - foreach ($controller['args'] as $key => $value) { - - if(isset($value['optional']) && $value['optional'] == FALSE) - $number_of_required_arguments++; - - if(isset($arguments[$key])) - $args[$key] = $arguments[$key]; - elseif(isset($arguments[$i])) - $args[$key] = $arguments[$i]; - elseif(isset($value['optional']) && $value['optional'] == TRUE) { - if(isset($value['default value'])) - $args[$key] = $value['default value']; - } - - $i++; - } - - //check for too few arguments - if ($number_of_required_arguments > $number_of_passed_arguments) { - throw new Zend_Amf_Server_Exception(t('Too few arguments supplied, expected a minimum of @expected required arguments but got only @got', array( - '@got' => $number_of_passed_arguments , '@expected' => $number_of_required_arguments)), 400); - } - - $options = array(); - $data = services_controller_execute($controller, $args, $options); - return $data; - } catch (Exception $e) { - //convert it to the right type of exception to let zendamf handle it. - throw new Zend_Amf_Server_Exception($e->getMessage()); - } - } - - - /** - * can we use a session? - * this is for cookie disabled clients like the standalone flash player, air applications and the flash and flex authoring tool - * read the comments, an actionscript client implementation needs custom amf headers for this to work - * - * clients that run in the browser and can use cookies, will use the normal session authentication of drupal - */ - function use_session() { - /* - sessions are no longer used in services as parameters coming in from the remote call like in D6 - instead sessions are handled via the normal mechanism: cookies - If this is a standalone actionscript client (flash player, flash authoring tool, air application etc.) cookies cannot be sent. - this can only be done via the browser the flash player runs in. - we need the session to be able to log in as a certain user and stay logged in (with the permissions from the logged in user) during consecutive calls. - - in D6, key authentication and session authentication was part of the method signature to the amfphp implementation. - here, in the amfserver for D7, we will do it another way. - NO authentication or session data will come in except via the amf headers (see actionscript Netconnection.addHeader), - keeping all method calls extremely clean. Actionscript libraries should handle this for the user. - - in case of session authentication, which is part of the normal drupal flow, this can also be handled by the amf headers we sent, baked into the actionscript library - in this way, there will not be a need to alter the arguments we send via the amf body as in D6 and have a cleaner solution - - we want to be able to check if we have either a session and logged in user in place, - if not, we possibly have a standalone flash client and we have to fake this via the amfheaders. - these amf headers have to be passed via actionscript clients in the way used below if they want to function independently - - the header name should be 'amfserver' and it should have an object with 'sessid' and 'session_name' in it, which you get from a call to user.login - example: netconnection.addHeader("amfserver", false, {sessid: "blablabla", session_name: "yadayadayada"}) - */ - - - //if we are not able to use normal session authentication... - if (!$this->is_using_session()) { - //we check if amfheaders are used by cookie disabled clients - - //get the current request from the amfserver - $request = self::$server->getRequest(); - //get the headers from the request - $headers = $request->getAmfHeaders(); - - //it's an array, loop through it - foreach ($headers as $header => $value) { - //throw new Zend_Amf_Server_Exception('headers exists, key: '. $header . ', name: ' . $value->name); - - //if we have a header called amfserver, we know it is specifically sent from the actionscript client - if ($value->name == 'amfserver') { - - //we check for sessid and session_name (these will originally have come from a call to system.connect and user.login) - //and have to be set by the actionscript client - $sessid = $value->data->sessid; - $session_name = $value->data->session_name; - - /* - no need to load a session if we do system.connect or user.login or if there is no sessionid provided. - in case of no sessionid passed from the actionscript client, we can be: - - not logged in - - having an actionscript client that doesnt care to write the code for standalone applications (in other words, no actionscript framework with drupal capabilities used) - - having a functional cookie and have a normal session via drupal bootstrap in which case we won't be in this if statement - * - * it's not really necessary to check for which method we call, but it saves some work for those calls - */ - if ($sessid != '' && $sessid != NULL && $function != 'user.login' && $function != "system.connect") { - //load a session that belongs to this sessionid. it will populate the global $user object from drupal if the sessid exists and we will be able to operate with that user's permissions from here on - $this->load_session($sessid); - //throw new Zend_Amf_Server_Exception(t ('session_name ') . $value->data->session_name . ' = ' . t ('sessionid ') . $value->data->sessid); - return TRUE; - } - } - } - //we did not break out of the foreach. therefore it did not work and we don't have a session and we don't have amfheaders set. probably just not logged in yet. - return FALSE; - } - else { - //we are able to use normal session authentication, so bypass all amf header arguments that could be sent from the client to recreate the session for cookie disabled clients - //we'll have session capabilities associated to the user account belonging to the session - return TRUE; - } - - } - - - /** - * check if we have a cookie set with the current session name. if not, maybe the client cannot send cookies, or we are not logged in and don't have a cookie set. - */ - function is_using_session() { - //this is a way of checking if we have a session - return isset($_COOKIE[ session_name()]); - } - - - /** - * loads the session data in the $user object when the $sessid is correct - * some low level drupal stuff in here. - * TODO: expert drupal screening needed - */ - function load_session($sessid) { - global $user; - - // If user's session is already loaded, just return current user's data - if ($user->sid == $sessid) { - return $user; - } - - // Make backup of current user and session data - $backup = $user; - $backup->session = session_encode(); - - // Empty current session data - $_SESSION = array(); - - // Load session data - session_id($sessid); - - //hack, originally from the rc-1 of services. set the cookie value so we can trick the drupal session loading mechanism in believing there is a valid cookie - $_COOKIE[ session_name() ] = $sessid; - - //drupal docs say not to call this method directly, but it is _the_ way to create the whole $user object from a sessionId. - //as of yet, no alternative. get clarification from docs team. - _drupal_session_read($sessid); - - // Check if it really loaded user. If not, then revert automatically. - if ($user->sid != $sessid) { - //TODO, is this the right method to call? - drupal_session_destroy_uid($user->uid); - return NULL; - } - - // Prevent saving of this impersonation in case of unexpected failure. - //question remains if this is needed. after this, we don't alter the global $user object anymore - drupal_save_session(FALSE); - - return $backup; - } - - -} - - - -/** - * test class for classmapping - * Prefixed to avoid potential future naming conflicts with drupal - */ -class AmfServerUser { - public $id; - public $name; -} - +include_once 'amfserver.vo.inc'; diff --git amfserver.resources.inc amfserver.server.inc similarity index 66% copy from amfserver.resources.inc copy to amfserver.server.inc index c55261b..fbbb5f0 100644 --- amfserver.resources.inc +++ amfserver.server.inc @@ -1,9 +1,7 @@ name); - if ($controller == NULL) { - //the resource is not found, so stop execution and inform user (reason: resource not defined on endpoint) - throw new Zend_Amf_Server_Exception(t('requested resource not found:') . ' "' . $function . '". ' . t("Is this resource enabled via the amfserver endpoint?")); - } - - //check if we can use a session and function with the logged in user's permission - $succes = $this->use_session(); - - //next, we sanitize the arguments (see issue: http://drupal.org/node/1124960 in essence, this should be handled by services itself...) - //check required arguments and set defaults for optional arguments - $number_of_passed_arguments = count($arguments); - $number_of_potential_arguments = count($controller['args']); - //check for too many arguments - if ($number_of_passed_arguments > $number_of_potential_arguments) { - throw new Zend_Amf_Server_Exception(t('Too many arguments supplied, expected a maximum of @expected but got @got', array( - '@got' => $number_of_passed_arguments , '@expected' => $number_of_potential_arguments)), 400); - } - - //loop through the arguments definitions for the callback to check for required arguments and set default values for optional arguments - $number_of_required_arguments = 0; - $args = array(); - $i = 0; - foreach ($controller['args'] as $key => $value) { - - if(isset($value['optional']) && $value['optional'] == FALSE) - $number_of_required_arguments++; - - if(isset($arguments[$key])) - $args[$key] = $arguments[$key]; - elseif(isset($arguments[$i])) - $args[$key] = $arguments[$i]; - elseif(isset($value['optional']) && $value['optional'] == TRUE) { - if(isset($value['default value'])) - $args[$key] = $value['default value']; + try{ + $controller = services_controller_get($function, self::$endpoint->name); + if ($controller == NULL) { + //the resource is not found, so stop execution and inform user (reason: resource not defined on endpoint) + throw new Zend_Amf_Server_Exception(t('requested resource not found:') . ' "' . $function . '". ' . t("Is this resource enabled via the amfserver endpoint?")); } - - $i++; - } - - //check for too few arguments - if ($number_of_required_arguments > $number_of_passed_arguments) { - throw new Zend_Amf_Server_Exception(t('Too few arguments supplied, expected a minimum of @expected required arguments but got only @got', array( - '@got' => $number_of_passed_arguments , '@expected' => $number_of_required_arguments)), 400); - } - - $options = array(); - $data = services_controller_execute($controller, $args, $options); - return $data; + + // check if we can use a session and function with the logged in user's permission + $succes = $this->use_session(); + + // parse arguments + $arguments = $this->getControllerArguments($controller, $arguments); + $options = array(); + + $data = services_controller_execute($controller, $arguments, $options); + return $data; } catch (Exception $e) { - //convert it to the right type of exception to let zendamf handle it. - throw new Zend_Amf_Server_Exception($e->getMessage()); + //convert it to the right type of exception to let zendamf handle it. + throw new Zend_Amf_Server_Exception($e->getMessage()); } - } + } /** @@ -267,80 +231,53 @@ class AmfServerServiceProxy { } -} - - - -/** - * test class for classmapping - * Prefixed to avoid potential future naming conflicts with drupal - */ -class AmfServerUser { - public $id; - public $name; -} - - + /** + * Parses controller arguments from request + * + * @param array $controller + * The controller definition + * @param array $data + * An array of arguments from the call + * @return void + */ + private function getControllerArguments($controller, $data = array()) { + // Map source data to arguments. + $arguments = array(); + $j = 0; + if (isset($controller['args'])) { + foreach ($controller['args'] as $i => $info) { -/** - * service method for the amfserver, returns a classmapped object to flash - * it's a testing method for the amfserver, provided as an implementation example - * Classmapping is now a configuration setting, so users can implement it in their own modules. - * this shows how classmapping works: http://www.screencast.com/users/wadearnold/folders/Default/media/a1188f2c-997f-436c-ac44-25285e96aec1 - */ -function _amfserver_service_get_user() { - $user = new AmfServerUser(); - //$user = new stdClass(); - //we can either set _explicitType or use the setClassMap method on the drupal server. setClassMap can be made configurable :) - //$user ->_explicitType = "org.drupal.amfserver.User"; - $user->id = 1; - $user->name = "awesome!"; - //we could also have created an instance from the User class defined here - return $user; -} + // Fill in argument from source data + if(isset($data[$j])) { + $arguments[$i] = $data[$j]; -/** - * classmapped from flash to php. - * service method for the amfserver - * it's a testing method for the amfserver, provided as an implementation example - */ -function _amfserver_service_send_user($user) { - //return immediately, it should be the right datatype for flash again (org.drupal.amfserver.Drupal7AmfServer) - return $user; -} + // Convert to array if argument expected to be array. + if (isset($info['type']) && $info['type'] == 'array' && isset($arguments[$i])) { + $arguments[$i] = (array)$arguments[$i]; + } + } -/** - * service method for the amfserver - * it's a testing method for the amfserver, provided as an implementation example - */ -function _amfserver_service_retrieve() { - return amfserver_get_version(); -} + // When argument isn't set, insert default value if provided or + // throw a exception if the argument isn't optional. + if (!isset($arguments[$i])) { + if (isset($info['default value'])) { + $arguments[$i] = $info['default value']; + } + elseif (!isset($info['optional']) || !$info['optional']) { + return services_error(t('Missing required argument @arg', array( + '@arg' => $info['name'], + )), 401); + } + else { + $arguments[$i] = NULL; + } + } -/** - * service method for the amfserver - * it's a testing method for the amfserver, provided as an implementation example - */ -function _amfserver_service_sleep($seconds) { - if ($seconds >= 1 && $seconds <= 10) { - sleep($seconds); + $j++; + } + } + return $arguments; } - return "amfservice says: argument to 'sleep' should be between 1 to 10 , yours was: " . $seconds; -} - -/** - * service method for the amfserver - * it's a testing method for the amfserver, provided as an implementation example - */ -function _amfserver_service_ping($message = "nothing") { - return 'hello, you said: "' . $message . '"'; -} - -/** - * access callback for the service resources - */ -function _amfserver_service_permission() { - return TRUE; + } - diff --git amfserver.vo.inc amfserver.vo.inc new file mode 100644 index 0000000..dcec2e3 --- /dev/null +++ amfserver.vo.inc @@ -0,0 +1,16 @@ +