Andy Posted March 2, 2020 Share Posted March 2, 2020 When using RestAPI, I found the following error in the debug page. (RestApi 0.0.7 ProcessWire 3.0.148) Link to comment Share on other sites More sharing options...
Andy Posted March 3, 2020 Share Posted March 3, 2020 This module is very useful unconditionally. Could you add an example of uploading a file to the server in the README.md. I just can’t understand how this is implemented in your module. Link to comment Share on other sites More sharing options...
thomasaull Posted March 4, 2020 Author Share Posted March 4, 2020 @Andy Uh, the first time I'm seeing this page. Where can I access it in the ProcessWire Backend? Is the module otherwise working for you? Regarding your question about file uploads: The module itself does not has an implementation for this case, basically it provides just a wrapper for your own functions. So in theory you should be able to create a route for a file upload and have your own function to accept the file and store it on the server. If you google "Processwire file upload" you should find some examples to get you started. I'm writing "in theory" because I haven't done it myself yet. If this approach fails, we can figure out what needs be changed in the module itself. Link to comment Share on other sites More sharing options...
flydev 👊🏻 Posted March 4, 2020 Share Posted March 4, 2020 17 minutes ago, thomasaull said: Uh, the first time I'm seeing this page. Where can I access it in the ProcessWire Backend? 1 Link to comment Share on other sites More sharing options...
Andy Posted March 4, 2020 Share Posted March 4, 2020 @thomasaull 3 hours ago, thomasaull said: Where can I access it in the ProcessWire Backend? When you set up the site configuration. In file /site/config.php change the row to true and you will see backend debugging capabilities. /*** SITE CONFIG *************************************************************************/ /** * Enable debug mode? * * Debug mode causes additional info to appear for use during dev and debugging. * This is almost always recommended for sites in development. However, you should * always have this disabled for live/production sites. * * @var bool * */ $config->debug = true; Thanks for the answer on downloading the file in the Processwire. I don’t understand very well how API communication works. But your module perfectly illustrates this feature. I managed to transfer any information from the site through the API. But I can’t transfer a file through your module to site. When we submit a file from the form, we have identifiers <input type="file" name="uploadedFile[]" id="uploadedFile" multiple> And we can find it in global wire('input') or $_GET, $_POST. But in our case this is empty wire('input')->post->upload Link to comment Share on other sites More sharing options...
Andy Posted March 4, 2020 Share Posted March 4, 2020 @thomasaull It seems I found what was the mistake. It was necessary to transfer the dispatch from Insomnia to the multipart format and set the file name. After that, in the $_FILES variable you can find all the data to get the file. $_FILES Array( [upfile]=>Array( [name]=>hot-pizza.jpeg [type]=>image/jpeg [tmp_name]=>/localhost/tmp/phptAUnX5 [error]=>0 [size]=>65639 ) ) 2 Link to comment Share on other sites More sharing options...
Andy Posted March 6, 2020 Share Posted March 6, 2020 @thomasaull I continue to test this module which is very suitable for me. JWT token. Problem with authorization. Apache2 server and PHP 7.3.10. Can't auth and gives a message: No Authorization Header found' and code 400. This is a problem in Router.php function private static function getAuthorizationHeader() $headers = array(); foreach($_SERVER as $key => $value) { $headers[strtolower($key)] = $value; } Where variable $_SERVER have no authorization variable. If you change this to a function, it will work. foreach(getallheaders() as $key => $value) { $headers[strtolower($key)] = $value; } The following error occurs if you enter an invalid token. { "error": "Error: Exception: Signature verification failed (in \/localhost\/site\/modules\/RestApi\/Router.php line 131)\n\n#0 \/localhost\/site\/modules\/RestApi\/Router.php(91): ProcessWire\\Router::handle('ProcessWire\\\\Exa...', 'getUser', Object(stdClass), Array)\n#1 \/localhost\/site\/modules\/RestApi\/RestApi.module(50): ProcessWire\\Router::go()\n#2 \/localhost\/wire\/core\/WireHooks.php(924): ProcessWire\\RestApi->checkIfApiRequest(Object(ProcessWire\\HookEvent))\n#3 \/localhost\/wire\/core\/Wire.php(450): ProcessWire\\WireHooks->runHooks(Object(ProcessWire\\ProcessPageView), 'execute', Array)\n#4 \/localhost\/index.php(61): ProcessWire\\Wire->__call('execute', Array)\n#5 {main}. File: \/localhost\/index.php:70" } It seems to me that it would be right to replace Router.php line 131 with code 500 catch (\Throwable $e) { throw new \Exception($e->getMessage()); } Can be replaced by catch (\Throwable $e) { self::displayError('Signature verification failed', 400); } This will be more correct, as the token error is a request syntax error and this is code 400. Link to comment Share on other sites More sharing options...
thomasaull Posted March 6, 2020 Author Share Posted March 6, 2020 @Andy I'd be awesome if you could create a Pull Request for these changes 🙏: https://github.com/thomasaull/RestApi/pulls 1 Link to comment Share on other sites More sharing options...
Andy Posted March 6, 2020 Share Posted March 6, 2020 @thomasaull I will try, although I do not have such experience with github. And I'm not sure that all my suggestions are useful. Maybe I'm wrong somewhere. Link to comment Share on other sites More sharing options...
thomasaull Posted March 6, 2020 Author Share Posted March 6, 2020 @Andy I think for the getallheaders() function it'd make sense to keep the old way aswell and just search in both for the Authorization Header (If I remember correctly, the getallheaders() function wasn't available in all environments. In case you create a PR we can discuss the details there 🙂 Basically you need to fork the repository, push your changes and then create a PR on the github website Link to comment Share on other sites More sharing options...
Andy Posted March 6, 2020 Share Posted March 6, 2020 @thomasaull Array merging may help $headers = array(); $header_variables = array_merge($_SERVER, getallheaders()); foreach($header_variables as $key => $value) { $headers[strtolower($key)] = $value; } Since you require in your module PHP>=7.2.0, ProcessWire>=3.0.98 The getallheaders() function is definitely present. 1 Link to comment Share on other sites More sharing options...
Andy Posted March 19, 2020 Share Posted March 19, 2020 Another problem with RestAPI. When loading large files, an error occurs. In the backend everything is fine, a 300 MB file is loaded normally. The problem only occurs when testing through Insomnia or Postman with files larger than 15 mb. We managed to solve the problem. It is necessary to include AJAX in the file properties. $ul = wire(new WireUpload($formName)); $ul->setValidExtensions(['mp4', 'avi', '3gp']); $ul->setMaxFiles(1); $ul->setMaxFileSize(100 * 1000000); // 100 MB $ul->setOverwrite(true); $ul->setDestinationPath($p_path); $ul->setLowercase(true); $ul->setAllowAjax(true); $files = $ul->execute(); 2 Link to comment Share on other sites More sharing options...
Orkun Posted March 20, 2020 Share Posted March 20, 2020 Hi @thomasaull Do you know what the best way is to restrict the API Requests for specific IP Adresses? KR Orkun Link to comment Share on other sites More sharing options...
thomasaull Posted March 20, 2020 Author Share Posted March 20, 2020 Hi @Orkun, at the moment there is not built-in way for such a use case. However I guess it's really easy to do with a ProcessWire Hook which can be independet of the API, you'd just need to run the hook on the endpoint-url and check the IP with PHP there. If you want to restrict access to specific routes of the API only, I'd probably run the same checks in the endpoint function. 2 Link to comment Share on other sites More sharing options...
Orkun Posted April 9, 2020 Share Posted April 9, 2020 On 3/20/2020 at 10:21 AM, thomasaull said: Hi @Orkun, at the moment there is not built-in way for such a use case. However I guess it's really easy to do with a ProcessWire Hook which can be independet of the API, you'd just need to run the hook on the endpoint-url and check the IP with PHP there. If you want to restrict access to specific routes of the API only, I'd probably run the same checks in the endpoint function. I tried this by creating a init.php file insdie /site/ with this content in it, but the go method of the router class from your RestApi.module is still executed. <?php require_once wire('config')->paths->RestApi . "/Router.php"; $this->addHookBefore('ProcessPageView::execute', function(HookEvent $event) { $url = wire('sanitizer')->url(wire('input')->url); // support / in endpoint url: $endpoint = str_replace("/", "\/", wire('modules')->RestApi->endpoint); $regex = '/^\/'.$endpoint.'\/?.*/m'; preg_match($regex, $url, $matches); $hasAccess = array( '178.192.77.1' ); if($matches) { $event->replace = true; if(in_array($_SERVER['REMOTE_ADDR'], $hasAccess)){ wire('log')->save("sso-debug", "Access granted for ".$_SERVER['REMOTE_ADDR']); Router::go(); } else { wire('log')->save("sso-debug", "Access denied for ".$_SERVER['REMOTE_ADDR']); throw new \Exception("Access denied!", 400); } } }); What can I do? KR Orkun Link to comment Share on other sites More sharing options...
Orkun Posted April 9, 2020 Share Posted April 9, 2020 1 hour ago, Orkun said: I tried this by creating a init.php file insdie /site/ with this content in it, but the go method of the router class from your RestApi.module is still executed. <?php require_once wire('config')->paths->RestApi . "/Router.php"; $this->addHookBefore('ProcessPageView::execute', function(HookEvent $event) { $url = wire('sanitizer')->url(wire('input')->url); // support / in endpoint url: $endpoint = str_replace("/", "\/", wire('modules')->RestApi->endpoint); $regex = '/^\/'.$endpoint.'\/?.*/m'; preg_match($regex, $url, $matches); $hasAccess = array( '178.192.77.1' ); if($matches) { $event->replace = true; if(in_array($_SERVER['REMOTE_ADDR'], $hasAccess)){ wire('log')->save("sso-debug", "Access granted for ".$_SERVER['REMOTE_ADDR']); Router::go(); } else { wire('log')->save("sso-debug", "Access denied for ".$_SERVER['REMOTE_ADDR']); throw new \Exception("Access denied!", 400); } } }); What can I do? KR Orkun Ok this works for me now: require_once wire('config')->paths->RestApi . "Router.php"; $this->addHookBefore('ProcessPageView::execute', function(HookEvent $event) { $url = wire('sanitizer')->url(wire('input')->url); // support / in endpoint url: $endpoint = str_replace("/", "\/", wire('modules')->RestApi->endpoint); $regex = '/^\/'.$endpoint.'\/?.*/m'; preg_match($regex, $url, $matches); $hasAccess = array( '178.192.77.1' ); if($matches) { if(!in_array($_SERVER['REMOTE_ADDR'], $hasAccess)){ wire('log')->save("sso-debug", "Access denied for ".$_SERVER['REMOTE_ADDR']); http_response_code(403); exit; } $event->replace = true; } }, [ 'priority' => 99 ]); I have added the priority option and set it to 99 so that it gets executed before your hook in RestApi Module. KR Orkun 2 Link to comment Share on other sites More sharing options...
blackeye Posted June 5, 2020 Share Posted June 5, 2020 @thomasaull hey i got this weird issue that i installed the module and basically i can't even get the /api/users route to work it didn't create any folders so i copied from modulex\RestApi\apiTemplate everything into \site\api\ but still there is no possibility to be able to run /api/users did i miss anything from the readme ? O.o Link to comment Share on other sites More sharing options...
thomasaull Posted June 5, 2020 Author Share Posted June 5, 2020 Hey @blackeye, the easiest way to install the module to, in the ProcessWire backend, go to modules -> new and paste the module name "RestApi" in the input at "Add module from directory". After installing you usually don't need to copy any files! Link to comment Share on other sites More sharing options...
blackeye Posted June 5, 2020 Share Posted June 5, 2020 @thomasaull jeah that didn't worked i found out what is or was wrong i have my processwire on a subroute http://myserver.de/customerPw/ <- so the hook in the RestApi.module couldn't work due to the regex only looking for /^ so my api would have beenhttp://myserver.de/customerPw/api but onlyhttp://myserver.de/api would have been allowed i changed the regex to : $regex = '/\/' . $endpoint . '\/?.*/m'; but i am thinking if i am just trying to remove the host from the request so the module can work properly the next issue cam in the router.php where the /api/ part is removed from the request so my request is now customerPw/users/ which cannot be found aswell i was thinking okay i can just add the prefix to the routes.php but then it doesn't work for users for some reason, couldn't find out why next step will be removing the hostname or changing the api route to /customerPw/api i think this might be adressed in the readme if someone like me uses multiple pw instances on one server Link to comment Share on other sites More sharing options...
thomasaull Posted August 13, 2020 Author Share Posted August 13, 2020 Hey everyone, there is a new module AppApi available which is based on my original RestApi module but has some additional features which are really cool! I have been struggling to find time for the RestApi module over the course of the last 1+ year, so I'm really glad @Sebi is stepping in and doing work in this area. I think it would be a good idea, to see AppApi as a successor of the RestApi module and put all focus and development efforts there. What do you guys think? 4 1 Link to comment Share on other sites More sharing options...
pmichaelis Posted August 13, 2020 Share Posted August 13, 2020 Hey Thomas, first of all: thanks for your all the effort you put into the RestApi Module. I've seen the AppApi Module recently and I think it would be good to focus on it. keep it up. 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now