Working on OOP framework for API models

Author: Jared Hendrickson

pfSense-pkg-API/files/etc/inc/api/api_calls/APIAccessToken.inc

@@ -1,22 +1,15 @@
 <?php
-require_once("api/APITools.inc");
-require_once("api/APIResponse.inc");
-require_once("api/APIAuth.inc");
-
-class APIAccessToken {
-    private $client;
-    private $methods;
-    private $req_privs;
-    public $errors;
-    public $valid_data;
+require_once("api/framework/APITools.inc");
+require_once("api/framework/APIBaseModel.inc");
+require_once("api/framework/APIResponse.inc");
+require_once("api/framework/APIAuth.inc");
 
+class APIAccessToken extends APIBaseModel {
     # Create our method constructor
     public function __construct() {
-        $this->req_privs = [];
+        parent::__construct();
         $this->methods = ["GET"];
-        $this->client = new APIAuth($this->req_privs);
-        $this->errors = [];
-        $this->valid_data = [];
+        $this->validators = ["validateAuthMode"];
     }
 
     # Validate our API configurations auth mode (must be JWT)
@@ -29,53 +22,9 @@ class APIAccessToken {
         }
     }
 
-    # Validate our request
-    public function validate($validate_auth=true, $validate_http_method=true) {
-        # Validate authentication
-        if ($validate_auth === true) {
-            # Add error if user is not authenticated
-            if (!$this->client->is_authenticated) {
-                $this->errors[] = APIResponse\get(3);
-            }
-            # Add error if user is not authorized
-            if (!$this->client->is_authorized) {
-                $this->errors[] = APIResponse\get(4);
-            }
-        }
-
-        # Validate HTTP method
-        if ($validate_http_method === true) {
-
-        }
-
-        # Run our field/conditional validators
-        $this->validateAuthMode();
-
-        # Check if we have errors in our error array
-        if (count($this->errors) === 0) {
-            return true;
-        } else {
-            return false;
-        }
-    }
-
-    # Run our call. This method will return an assoc array containing the API response results
-    public function call() {
-        # Check if our request is valid
-        if ($this->validate()) {
-            $jwt = api_create_jwt($this->client->username);
-            return ApiResponse\get(0, [["token" => $jwt]]);
-        } else {
-            return $this->errors[0];
-        }
-    }
-
-    # Listen for client requests. This method should executed on the API endpoint.
-    public function listen() {
-        # RUN API CALL
-        $resp = $this->call();
-        http_response_code($resp["code"]);
-        echo json_encode($resp) . PHP_EOL;
-        exit();
+    # Override action subclass to create a JWT and return it to the user
+    public function action() {
+        $jwt = api_create_jwt($this->client->username);
+        return APIResponse\get(0, ["token" => $jwt]);
     }
 }

pfSense-pkg-API/files/etc/inc/api/framework/APIAuth.inc

@@ -1,5 +1,5 @@
 <?php
-require_once("api/APITools.inc");
+require_once("api/framework/APITools.inc");
 
 
 # Creates an object capable of verifying authentication and authorization based on the configuration
@@ -26,9 +26,8 @@ class APIAuth {
 
     # AUTHENTICATION #
     # Attempts to authenticate using local database authentication
-    private function authenticateLocalDatabase() {
+    private function authenticate_local_database() {
         $this->username = $this->request["client-id"];
-        var_dump(authenticate_user("admin", "pfsense"));
         // Authenticate against local database
         if (authenticate_user($this->username, $this->request["client-token"])) {
             // Ensure user is not disabled
@@ -42,7 +41,7 @@ class APIAuth {
     }
 
     # Attempts to authenticate using JWT authentication
-    private function authenticateJWT() {
+    private function authenticate_jwt() {
         $auth_header = explode(" ", $_SERVER["HTTP_AUTHORIZATION"]);
         $token_type = $auth_header[0];
         $token = $auth_header[1];
@@ -62,7 +61,7 @@ class APIAuth {
     }
 
     # Attempts to authenticate using API token authentication
-    private function authenticateToken() {
+    private function authenticate_token() {
         if (APITools\authenticate_token($this->request["client-id"], $this->request["client-id"]) === true) {
             $this->username = pack("H*", $this->request["client-id"]);
             // Ensure user is not disabled
@@ -79,13 +78,13 @@ class APIAuth {
     public function authenticate() {
         # Attempt to authenticate
         if ($this->auth_mode === "local") {
-            $resp = $this->authenticateLocalDatabase();
+            $resp = $this->authenticate_local_database();
         }
         elseif ($this->auth_mode === "jwt") {
-            $resp = $this->authenticateJWT();
+            $resp = $this->authenticate_jwt();
         }
         elseif ($this->auth_mode === "token") {
-            $resp = $this->authenticateToken();
+            $resp = $this->authenticate_token();
         }
         else {
             $resp = false;

pfSense-pkg-API/files/etc/inc/api/framework/APIBaseModel.inc

@@ -1,7 +1,7 @@
 <?php
-require_once("api/APITools.inc");
-require_once("api/APIResponse.inc");
-require_once("api/APIAuth.inc");
+require_once("api/framework/APITools.inc");
+require_once("api/framework/APIResponse.inc");
+require_once("api/framework/APIAuth.inc");
 
 class APIBaseModel {
     public $client;
@@ -13,10 +13,9 @@ class APIBaseModel {
     public $methods;
     public $requires_auth;
 
-
     public function __construct() {
-        $this->methods = ["POST"];
-        $this->privileges = ["pages-all"];
+        $this->methods = ["GET", "POST"];
+        $this->privileges = ["page-all"];
         $this->client = new APIAuth($this->privileges);
         $this->requires_auth = true;
         $this->validators = [];
@@ -26,34 +25,62 @@ class APIBaseModel {
 
     }
 
-    # Validate our request
-    public function validate() {
-        # Validate authentication
+    private function check_authentication() {
         if ($this->requires_auth === true) {
-            # Add error if user is not authenticated
             if (!$this->client->is_authenticated) {
                 $this->errors[] = APIResponse\get(3);
             }
-            # Add error if user is not authorized
-            if (!$this->client->is_authorized) {
-                $this->errors[] = APIResponse\get(4);
-            }
         }
+    }
 
-        # Validate HTTP method
+    private function check_authorization() {
+        if (!$this->client->is_authorized) {
+            $this->errors[] = APIResponse\get(4);
+        }
+    }
+
+    private function check_method() {
         if (!in_array($_SERVER["REQUEST_METHOD"], $this->methods)) {
+            $this->errors[] = APIResponse\get(2);
+        }
+    }
 
+    public function action() {
+        # This function is intended to be overridden by an API model extended class
+        # Any configuration writes, system configurations, etc should be added when overriding this base class
+        # If this class is not overridden a 500 unexpected error is returned
+        return APIResponse\get(1);
+    }
+
+    public function validate() {
+        $this->check_method();
+        if ($this->requires_auth) {
+            $this->check_authentication();
+            $this->check_authorization();
         }
+        $this->errors = array_merge($this->errors, $this->validators);
 
-        # Run our field/conditional validators
-        $this->validateAuthMode();
 
-        # Check if we have errors in our error array
         if (count($this->errors) === 0) {
             return true;
         } else {
             return false;
         }
     }
 
+    public function call() {
+        if ($this->validate()) {
+            return $this->action();
+        } else {
+            return $this->errors[0];
+        }
+    }
+
+    public function listen() {
+        $resp = $this->call();
+        http_response_code($resp["code"]);
+        echo json_encode($resp) . PHP_EOL;
+        exit();
+    }
+
 }