New version of CodeIgniter REST Server with API Key management, permissions and method limiting. All turned off by default, turn them on and find the schema for each feature in application/config/rest.php.

Author: Phil Sturgeon

application/config/rest.php

@@ -1,5 +1,17 @@
 <?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
 
+/*
+|--------------------------------------------------------------------------
+| REST Format
+|--------------------------------------------------------------------------
+|
+| What format should the data be returned in by default?
+|
+|	Default: xml
+|
+*/
+$config['rest_default_format'] = 'xml';
+
 /*
 |--------------------------------------------------------------------------
 | REST Realm
@@ -58,9 +70,18 @@
 | If no key is provided, the request will return an error.
 |
 |	FALSE
+
+	CREATE TABLE `keys` (
+	  `id` int(11) NOT NULL AUTO_INCREMENT,
+	  `key` varchar(40) NOT NULL,
+	  `level` int(2) NOT NULL,
+	  `ignore_limits` tinyint(1) NOT NULL DEFAULT '0',
+	  `date_created` int(11) NOT NULL,
+	  PRIMARY KEY (`id`)
+	) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 |
 */
-$config['rest_enable_keys'] = TRUE;
+$config['rest_enable_keys'] = FALSE;
 
 /*
 |--------------------------------------------------------------------------
@@ -94,12 +115,48 @@
 |--------------------------------------------------------------------------
 |
 | When set to true REST_Controller will log actions based on key, date,
-| time and IP address.
+| time and IP address. This is a general rule that can be overridden in the
+| $this->method array in each controller.
+|
+|	FALSE
+|
+	CREATE TABLE `logs` (
+	  `id` int(11) NOT NULL AUTO_INCREMENT,
+	  `uri` varchar(255) NOT NULL,
+	  `method` varchar(6) NOT NULL,
+	  `params` text NOT NULL,
+	  `api_key` varchar(40) NOT NULL,
+	  `ip_address` varchar(15) NOT NULL,
+	  `time` int(11) NOT NULL,
+	  `authorized` tinyint(1) NOT NULL,
+	  PRIMARY KEY (`id`)
+	) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+|
+*/
+$config['rest_enable_logging'] = FALSE;
+
+/*
+|--------------------------------------------------------------------------
+| REST Enable Limits
+|--------------------------------------------------------------------------
+|
+| When set to true REST_Controller will count the number of uses of each method
+| by an API key each hour. This is a general rule that can be overridden in the
+| $this->method array in each controller.
 |
 |	FALSE
+|
+	CREATE TABLE `limits` (
+	  `id` int(11) NOT NULL AUTO_INCREMENT,
+	  `uri` varchar(255) NOT NULL,
+	  `count` int(10) NOT NULL,
+	  `hour_started` int(11) NOT NULL,
+	  `api_key` varchar(40) NOT NULL,
+	  PRIMARY KEY (`id`)
+	) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 |
 */
-$config['rest_enable_logging'] = TRUE;
+$config['rest_enable_limits'] = FALSE;
 
 /*
 |--------------------------------------------------------------------------

application/controllers/api/example.php

@@ -80,7 +80,4 @@ function users_get()
             $this->response(array('error' => 'Couldn\'t find any users!'), 404);
         }
     }
-    
-}
-
-?>
+}

application/controllers/api/keys.php renamed to application/controllers/api/key.php

@@ -15,10 +15,10 @@
 // This can be removed if you use __autoload() in config.php
 require(APPPATH.'/libraries/REST_Controller.php');
 
-class Keys extends REST_Controller
+class Key extends REST_Controller
 {
 	protected $methods = array(
-		'index_put' => array('level' => 10),
+		'index_put' => array('level' => 10, 'limit' => 10),
 		'index_delete' => array('level' => 10),
 		'level_post' => array('level' => 10),
 		'regenerate_post' => array('level' => 10),
@@ -39,9 +39,10 @@ public function index_put()
 
 		// If no key level provided, give them a rubbish one
 		$level = $this->put('level') ? $this->put('level') : 1;
+		$ignore_limits = $this->put('ignore_limits') ? $this->put('ignore_limits') : 1;
 
 		// Insert the new key
-		if (self::_insert_key($key, $level))
+		if (self::_insert_key($key, array('level' => $level, 'ignore_limits' => $ignore_limits)))
 		{
 			$this->response(array('status' => 1, 'key' => $key), 201); // 201 = Created
 		}
@@ -105,7 +106,7 @@ public function level_post()
 		// Update the key level
 		if (self::_update_key($key, array('level' => $new_level)))
 		{
-			$this->response(array('status' => 1, 'success' => 'Key was updated.'), 200); // 200 = OK
+			$this->response(array('status' => 1, 'success' => 'API Key was updated.'), 200); // 200 = OK
 		}
 
 		else
@@ -173,7 +174,7 @@ public function regenerate_post()
 		$new_key = self::_generate_key();
 
 		// Insert the new key
-		if (self::_insert_key($new_key, $key_details->level))
+		if (self::_insert_key($new_key, array('level' => $key_details->level, 'ignore_limits' => $key_details->ignore_limits)))
 		{
 			// Suspend old key
 			self::_update_key($old_key, array('level' => 0));
@@ -225,13 +226,14 @@ private function _key_exists($key)
 
 	// --------------------------------------------------------------------
 
-	private function _insert_key($key, $level)
+	private function _insert_key($key, $data)
 	{
-		return $this->rest->db->set(array(
-			'key' => $key,
-			'level' => $level,
-			'date_created' => function_exists('now') ? now() : time()
-		))->insert('keys');
+		var_dump($data);
+		
+		$data['key'] = $key;
+		$data['date_created'] = function_exists('now') ? now() : time();
+
+		return $this->rest->db->set($data)->insert('keys');
 	}
 
 	// --------------------------------------------------------------------