Merge branch 'saas-provisioning-controller' into saas
This commit is contained in:
Albert Santoni
commit
3668a60139
@ -21,6 +21,7 @@ require_once "LocaleHelper.php";
|
||||
require_once "HTTPHelper.php";
|
||||
require_once "OsPath.php";
|
||||
require_once "Database.php";
|
||||
require_once "ProvisioningHelper.php";
|
||||
require_once "Timezone.php";
|
||||
require_once "Auth.php";
|
||||
require_once __DIR__.'/forms/helpers/ValidationTypes.php';
|
||||
@ -33,6 +34,13 @@ require_once __DIR__.'/modules/rest/controllers/MediaController.php';
|
||||
require_once (APPLICATION_PATH."/logging/Logging.php");
|
||||
Logging::setLogPath('/var/log/airtime/zendphp.log');
|
||||
|
||||
// We need to manually route because we can't load Zend without the database being initialized first.
|
||||
if (strpos($_SERVER["REQUEST_URI"], "/provisioning/create") !== false) {
|
||||
$provisioningHelper = new ProvisioningHelper($CC_CONFIG["apiKey"][0]);
|
||||
$provisioningHelper->createAction();
|
||||
die();
|
||||
}
|
||||
|
||||
Config::setAirtimeVersion();
|
||||
require_once __DIR__."/configs/navigation.php";
|
||||
|
||||
|
||||
159
airtime_mvc/application/common/ProvisioningHelper.php
Normal file
159
airtime_mvc/application/common/ProvisioningHelper.php
Normal file
@ -0,0 +1,159 @@
|
||||
<?php
|
||||
|
||||
/** This class provides the business logic for station provisioning. */
|
||||
class ProvisioningHelper
|
||||
{
|
||||
|
||||
/* @var $dbh PDO */
|
||||
static $dbh;
|
||||
|
||||
// Parameter values
|
||||
private $dbuser, $dbpass, $dbname, $dbhost, $dbowner, $apikey;
|
||||
private $instanceId;
|
||||
|
||||
public function __construct($apikey)
|
||||
{
|
||||
$this->apikey = $apikey;
|
||||
}
|
||||
|
||||
/**
|
||||
* Endpoint for setting up and installing the Airtime database. This all has to be done without Zend
|
||||
* which is why the code looks so old school (eg. http_response_code). (We can't currently bootstrap our
|
||||
* Zend app without the database unfortunately.)
|
||||
*/
|
||||
public function createAction()
|
||||
{
|
||||
$apikey = $_SERVER['PHP_AUTH_USER'];
|
||||
if (!isset($apikey) || $apikey != $this->apikey) {
|
||||
Logging::info("Invalid API Key: $apikey");
|
||||
http_response_code(403);
|
||||
echo "ERROR: Incorrect API key";
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
$this->parsePostParams();
|
||||
|
||||
if (empty($this->instanceId))
|
||||
|
||||
//For security, the Airtime Pro provisioning system creates the database for the user.
|
||||
// $this->setNewDatabaseConnection();
|
||||
//if ($this->checkDatabaseExists()) {
|
||||
// throw new Exception("ERROR: Airtime database already exists");
|
||||
//}
|
||||
//$this->createDatabase();
|
||||
|
||||
//All we need to do is create the database tables.
|
||||
$this->createDatabaseTables();
|
||||
$this->initializeMusicDirsTable($this->instanceId);
|
||||
} catch (Exception $e) {
|
||||
http_response_code(400);
|
||||
Logging::error($e->getMessage());
|
||||
echo $e->getMessage();
|
||||
return;
|
||||
}
|
||||
|
||||
http_response_code(201);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the database settings and credentials given are valid
|
||||
* @return boolean true if the database given exists and the user is valid and can access it
|
||||
*/
|
||||
private function checkDatabaseExists()
|
||||
{
|
||||
$statement = self::$dbh->prepare("SELECT datname FROM pg_database WHERE datname = :dbname");
|
||||
$statement->execute(array(":dbname" => $this->dbname));
|
||||
$result = $statement->fetch();
|
||||
return isset($result[0]);
|
||||
}
|
||||
|
||||
private function parsePostParams()
|
||||
{
|
||||
$this->dbuser = $_POST['dbuser'];
|
||||
$this->dbpass = $_POST['dbpass'];
|
||||
$this->dbname = $_POST['dbname'];
|
||||
$this->dbhost = $_POST['dbhost'];
|
||||
$this->dbowner = $_POST['dbowner'];
|
||||
$this->instanceId = $_POST['instanceid'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Set up a new database connection based on the parameters in the request
|
||||
* @throws PDOException upon failure to connect
|
||||
*/
|
||||
private function setNewDatabaseConnection()
|
||||
{
|
||||
self::$dbh = new PDO("pgsql:host=" . $this->dbhost
|
||||
. ";dbname=postgres"
|
||||
. ";port=5432" . ";user=" . $this->dbuser
|
||||
. ";password=" . $this->dbpass);
|
||||
$err = self::$dbh->errorInfo();
|
||||
if ($err[1] != null) {
|
||||
throw new PDOException("ERROR: Could not connect to database");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates the Airtime database using the given credentials
|
||||
* @throws Exception
|
||||
*/
|
||||
private function createDatabase()
|
||||
{
|
||||
Logging::info("Creating database...");
|
||||
$statement = self::$dbh->prepare("CREATE DATABASE " . pg_escape_string($this->dbname)
|
||||
. " WITH ENCODING 'UTF8' TEMPLATE template0"
|
||||
. " OWNER " . pg_escape_string($this->dbowner));
|
||||
if (!$statement->execute()) {
|
||||
throw new Exception("ERROR: Failed to create Airtime database");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Install the Airtime database
|
||||
* @throws Exception
|
||||
*/
|
||||
private function createDatabaseTables()
|
||||
{
|
||||
Logging::info("Creating database tables...");
|
||||
$sqlDir = dirname(APPLICATION_PATH) . "/build/sql/";
|
||||
$files = array("schema.sql", "sequences.sql", "views.sql", "triggers.sql", "defaultdata.sql");
|
||||
foreach ($files as $f) {
|
||||
/*
|
||||
* Unfortunately, we need to use exec here due to PDO's lack of support for importing
|
||||
* multi-line .sql files. PDO->exec() almost works, but any SQL errors stop the import,
|
||||
* so the necessary DROPs on non-existent tables make it unusable. Prepared statements
|
||||
* have multiple issues; they similarly die on any SQL errors, fail to read in multi-line
|
||||
* commands, and fail on any unescaped ? or $ characters.
|
||||
*/
|
||||
exec("PGPASSWORD=$this->dbpass psql -U $this->dbuser --dbname $this->dbname -h $this->dbhost -f $sqlDir$f", $out, $status);
|
||||
if ($status != 0) {
|
||||
throw new Exception("ERROR: Failed to create database tables");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private function initializeMusicDirsTable($instanceId)
|
||||
{
|
||||
if (!is_string($instanceId) || empty($instanceId) || !is_numeric($instanceId))
|
||||
{
|
||||
throw new Exception("Invalid instance id: " . $instanceId);
|
||||
}
|
||||
|
||||
$instanceIdPrefix = $instanceId[0];
|
||||
|
||||
//Reinitialize Propel, just in case...
|
||||
Propel::init(__DIR__."/../configs/airtime-conf-production.php");
|
||||
|
||||
//Create the cc_music_dir entry
|
||||
$musicDir = new CcMusicDirs();
|
||||
$musicDir->setType("stor");
|
||||
$musicDir->setExists(true);
|
||||
$musicDir->setWatched(true);
|
||||
$musicDir->setDirectory("/mnt/airtimepro/instances/$instanceIdPrefix/$instanceId/srv/airtime/stor/");
|
||||
$musicDir->save();
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@ -6,9 +6,18 @@ use Aws\S3\S3Client;
|
||||
|
||||
class ProvisioningController extends Zend_Controller_Action
|
||||
{
|
||||
|
||||
public function init()
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* The "create action" is in ProvisioningHelper because it needs to have no dependency on Zend,
|
||||
* since when we bootstrap Zend, we already need the database set up and working (Bootstrap.php is a mess).
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Delete the Airtime Pro station's files from Amazon S3
|
||||
*/
|
||||
@ -16,8 +25,8 @@ class ProvisioningController extends Zend_Controller_Action
|
||||
{
|
||||
$this->view->layout()->disableLayout();
|
||||
$this->_helper->viewRenderer->setNoRender(true);
|
||||
|
||||
if (!$this->verifyAPIKey()) {
|
||||
|
||||
if (!RestAuth::verifyAuth(true, true, $this)) {
|
||||
return;
|
||||
}
|
||||
|
||||
@ -32,28 +41,5 @@ class ProvisioningController extends Zend_Controller_Action
|
||||
->setHttpResponseCode(200)
|
||||
->appendBody("OK");
|
||||
}
|
||||
|
||||
private function verifyAPIKey()
|
||||
{
|
||||
// The API key is passed in via HTTP "basic authentication":
|
||||
// http://en.wikipedia.org/wiki/Basic_access_authentication
|
||||
|
||||
$CC_CONFIG = Config::getConfig();
|
||||
|
||||
// Decode the API key that was passed to us in the HTTP request.
|
||||
$authHeader = $this->getRequest()->getHeader("Authorization");
|
||||
$encodedRequestApiKey = substr($authHeader, strlen("Basic "));
|
||||
$encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":");
|
||||
|
||||
if ($encodedRequestApiKey === $encodedStoredApiKey)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
$this->getResponse()
|
||||
->setHttpResponseCode(401)
|
||||
->appendBody("ERROR: Incorrect API key.");
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -1,64 +1,60 @@
|
||||
<?php
|
||||
|
||||
class RestAuth
|
||||
{
|
||||
public static function verifyAuth($checkApiKey, $checkSession)
|
||||
{
|
||||
//Session takes precedence over API key for now:
|
||||
if ($checkSession && RestAuth::verifySession()
|
||||
|| $checkApiKey && RestAuth::verifyAPIKey())
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
$resp = $this->getResponse();
|
||||
$resp->setHttpResponseCode(401);
|
||||
$resp->appendBody("ERROR: Incorrect API key.");
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public static function getOwnerId()
|
||||
{
|
||||
try {
|
||||
if (RestAuth::verifySession()) {
|
||||
$service_user = new Application_Service_UserService();
|
||||
return $service_user->getCurrentUser()->getDbId();
|
||||
} else {
|
||||
$defaultOwner = CcSubjsQuery::create()
|
||||
->filterByDbType('A')
|
||||
->orderByDbId()
|
||||
->findOne();
|
||||
if (!$defaultOwner) {
|
||||
// what to do if there is no admin user?
|
||||
// should we handle this case?
|
||||
return null;
|
||||
}
|
||||
return $defaultOwner->getDbId();
|
||||
}
|
||||
} catch(Exception $e) {
|
||||
Logging::info($e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
private static function verifySession()
|
||||
{
|
||||
$auth = Zend_Auth::getInstance();
|
||||
return $auth->hasIdentity();
|
||||
}
|
||||
|
||||
private static function verifyAPIKey()
|
||||
{
|
||||
//The API key is passed in via HTTP "basic authentication":
|
||||
// http://en.wikipedia.org/wiki/Basic_access_authentication
|
||||
$CC_CONFIG = Config::getConfig();
|
||||
|
||||
//Decode the API key that was passed to us in the HTTP request.
|
||||
$authHeader = $this->getRequest()->getHeader("Authorization");
|
||||
$encodedRequestApiKey = substr($authHeader, strlen("Basic "));
|
||||
$encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":");
|
||||
|
||||
return ($encodedRequestApiKey === $encodedStoredApiKey);
|
||||
}
|
||||
|
||||
class RestAuth {
|
||||
|
||||
public static function verifyAuth($checkApiKey, $checkSession, $action) {
|
||||
//Session takes precedence over API key for now:
|
||||
if ($checkSession && self::verifySession()
|
||||
|| $checkApiKey && self::verifyAPIKey($action)
|
||||
) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$action->getResponse()
|
||||
->setHttpResponseCode(401)
|
||||
->appendBody(json_encode(array("message" => "ERROR: Incorrect API key.")));
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public static function getOwnerId() {
|
||||
try {
|
||||
if (self::verifySession()) {
|
||||
$service_user = new Application_Service_UserService();
|
||||
return $service_user->getCurrentUser()->getDbId();
|
||||
} else {
|
||||
$defaultOwner = CcSubjsQuery::create()
|
||||
->filterByDbType(array('A', 'S'), Criteria::IN)
|
||||
->orderByDbId()
|
||||
->findOne();
|
||||
if (!$defaultOwner) {
|
||||
// what to do if there is no admin user?
|
||||
// should we handle this case?
|
||||
return null;
|
||||
}
|
||||
return $defaultOwner->getDbId();
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
Logging::info($e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
private static function verifySession() {
|
||||
$auth = Zend_Auth::getInstance();
|
||||
return $auth->hasIdentity();
|
||||
}
|
||||
|
||||
private static function verifyAPIKey($action) {
|
||||
//The API key is passed in via HTTP "basic authentication":
|
||||
// http://en.wikipedia.org/wiki/Basic_access_authentication
|
||||
$CC_CONFIG = Config::getConfig();
|
||||
|
||||
//Decode the API key that was passed to us in the HTTP request.
|
||||
$authHeader = $action->getRequest()->getHeader("Authorization");
|
||||
$encodedRequestApiKey = substr($authHeader, strlen("Basic "));
|
||||
$encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":");
|
||||
|
||||
return ($encodedRequestApiKey === $encodedStoredApiKey);
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,3 +1,6 @@
|
||||
-- Schema version
|
||||
INSERT INTO cc_pref("keystr", "valstr") VALUES('system_version', '2.5.9');
|
||||
|
||||
INSERT INTO cc_subjs ("login", "type", "pass") VALUES ('admin', 'A', md5('admin'));
|
||||
-- added in 2.3
|
||||
INSERT INTO cc_stream_setting ("keyname", "value", "type") VALUES ('off_air_meta', 'Airtime - offline', 'string');
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user