2

I have two one question about the Fat Free Framework.

First of all, how can i use multiple parameters(tokens in fat free framework) in a GET request? Or, is there only 1 token possible per REST GET request, and should one handle additional arguments as a regular GET request, for example:

domain/rest/somedata/5231?param1=value1&param2=value2

where the ?param1=value1&param2=value2 should be 'manually' parsed, not by a framework?

Is it at all possible to build a RESTful API with Fat Free Framework and also have some area's or routes needing authentication? if so, how?

I just stumbled upon this related question: REST API Best practices: Where to put parameters?

[edit]: i've found out that it is indeed possible to have authentication with fat free framework using several methods. However, they seem not very well documented (at least not on their github wiki).

[edit2] Since it's only very basic authentication, for now i'm using this:

function beforeRoute($f3,$params) {
    $url = $params[0];
    $parsed_key = parse_str(parse_url($url, PHP_URL_QUERY));

    if (isset($apikey)){
        // check if apikey is in database
        $authenticated = false;
        foreach(R::find('apikey') as $key_bean) {
            if($key_bean->key == $apikey) {
                $authenticated = true;
                break;
            }
        }
        if($authenticated == false) $f3->error(403);
    } else {
        $f3->error(403);
    }
}

I'm looking for documentation on the basic http authentication method!

Community
  • 1
  • 1
Michael Trouw
  • 4,268
  • 3
  • 25
  • 41
  • Any framework should be able to handle authentication. Some are going to have it built in, others are going to require you to do some coding. There appear to be some decent [Google query results for fat free framework authentication](https://www.google.com/search?q=fat+free+framework+authentication). – ceejayoz Feb 11 '13 at 20:19
  • thanks, @ceejayoz, although i've googled that several times. see [updated question]. I need to find out how the basic http auth works (i **think** i do not need heavier authentication, because database, php and webapp are on the same server. So basically, i will authenticate on localhost if that's even possible). All this to just have a private REST interface, as it were (and the possibility to later make stuff public ofcourse, which would suit a REST interface better). – Michael Trouw Feb 11 '13 at 20:31

2 Answers2

3

The auth class always authenticates you against a mapper. Feel free to use F3's Jig, Mongo or SQL.

$db = new DB\SQL('mysql:host=localhost;dbname=mydb', 'dbuser', '1234');
$mapper = new DB\SQL\Mapper($db, 'users');    
$auth = new Auth($mapper, array('id'=>'username','pw'=>'password'));

if($auth->basic())
    return true;

password and username are field names in the database. id and pw are internal used by the auth class. I recommend checking the auth class code and the unit tests in the dev branch on Github.

sascha
  • 4,591
  • 3
  • 34
  • 51
  • 1
    Otherwise feel free to join us on Freenode #fatfree – sascha Feb 14 '13 at 09:31
  • Thanks for your answer, however, i'm using F3 only for routing at the moment and have another framework for ORM. it would be nice if there was a username + password authentication possibility also, so you can retrieve it from anywhere (even not from a database, if there's only 1 username + password for a private API). – Michael Trouw Feb 16 '13 at 11:12
  • 2
    Well, you have two options. Do it yourself, or use F3's Jig. It's a file based "database". At least, it's nothing less than an array with some informations. – sascha Feb 16 '13 at 18:47
1

An simple example would be something like...

Username: admin, Password: 123

// Create users table using Jig.
$db = new \DB\Jig('data/');
$users = array(
    0 => array('username' => 'admin', 'password' => '202cb962ac59075b964b07152d234b70'),
);
$db->write('users', $users);

$db_mapper = new \DB\Jig\Mapper($db, 'users');
$auth = new \Auth($db_mapper, array('id' => 'username', 'pw' => 'password'));

// Callback function because of md5 stored password.
function chkauth($pw) {    
    return md5($pw);
}

$auth->basic('chkauth');
Slipstream
  • 9,418
  • 2
  • 47
  • 41