CakePHP REST Plugin
Upcoming SlideShare
Loading in...5
×
 

CakePHP REST Plugin

on

  • 18,924 views

The CakePHP talk about my REST plugin that I held January 12 in Amsterdam during the first Dutch CakePHP meetup #cakephpnl

The CakePHP talk about my REST plugin that I held January 12 in Amsterdam during the first Dutch CakePHP meetup #cakephpnl

Statistics

Views

Total Views
18,924
Views on SlideShare
10,552
Embed Views
8,372

Actions

Likes
7
Downloads
116
Comments
1

21 Embeds 8,372

http://kevin.vanzonneveld.net 5555
http://kvz.io 2694
http://www.slideshare.net 58
http://prower-tms.blogspot.in 12
http://translate.googleusercontent.com 10
http://www.sentel.nl 9
http://feeds.feedburner.com 7
http://www.scoop.it 5
http://blog.sentel.nl 4
http://sentel.nl 4
http://www.linkedin.com 3
http://webcache.googleusercontent.com 2
http://www.techgig.com 1
http://www.slashdocs.com 1
http://pinterest.com 1
http://localhost 1
http://kvz.github.com 1
https://si0.twimg.com 1
http://www.minecraft6699.appspot.com 1
http://wp3.sentel.nl 1
http://translate.yandex.net 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Apple Keynote

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • You can leave your comments here as well:
    http://kevin.vanzonneveld.net/techblog/article/cakephp_rest_plugin_presentation/
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

CakePHP REST Plugin CakePHP REST Plugin Presentation Transcript

  • Who
  • Who Kevin van Zonneveld t: @kvz e: kvz@php.net • Developer, trapped in a sysadmin’s body • company: Hosting provider specialized in scalability: http://true.nl • cake: Learned from Felix while working on http://phpjs.org • likes: Reusable code & to Automate everything.
  • What
  • What CakePHP REST Plugin Does heavy lifting so you can finally rest.
  • What Design Goals • Painless drop-in Should not bite existing code • Use existing controller actions Just add .json to your URLs and REST kicks in. • Declarative configuration Inject viewVars according to Set::extract()-compatible source & destination paths
  • Why
  • Why REST helps.. • Open up your application Let others write the features you don’t have the time for, couldn’t be bothered with, or even imagine. Bottom line: your product is getting used more, while you are doing less. • Close down your application By making use of existing authentication & authorization code in your app, you can restrict anyone from anything. • Reuse your application Let your own little scripts - running on different servers - use the API as well. They won’t need database access, and existing Model / caching / logging logic will be used at all times.
  • Why What I use it for • Distributing config files throughout our network • Letting customers edit DNS records, reboot servers, through their own interface • Receiving monitoring status reports and updating them through our Cake Models • Letting customers retrieve statistic • All bots have their own API-key. Raw MySQL connections no longer allowed
  • How
  • How Features Already implemented • Logging & Rate-limiting Configurable max requests per type of authenticated user. • Can dump all RESTful controllers So your client API can iterate & instantiate them, and make the following simple syntax available: $Api->Servers->index(); $Api->Servers->edit(2, array(‘hostname’ => ‘awesome.true.nl’)); • Minimal changes ..to your existing Cake App • Authentication Uses the Authorization header just like Amazon S3; have your client set it with every request (remember, REST is stateless): Authorization: TRUEREST username=john&password=xxx&apikey=247b5a2f72df375279573f2746686daa http://docs.amazonwebservices.com/AmazonS3/2006-03-01/index.html?RESTAuthentication.html
  • How Setup files • Save it to a ‘rest’ directory inside your plugins folder.
  • How Setup router • Makes sure .json files are parsed by Cake • Maps the controllers you want to open up
  • How Setup controllers • You already have a working view & index method • Rest Plugin can reuse any of their viewVars • Optionally transform them them into different arrangements so you can talk in a consistent format to you clients. In this case, servers are always presented as: servers: { 0: { hostname: “awesome.true.nl” } } even if it’s just one.
  • How Reroute errors • Use one AppController::_flash() method From now on, forward all your: ‘No access’, Error & Success messages to this method. Let it call setFlash() as you would normally. • And let it check if REST is active: if ($this->_isRest()) { // map CSS flash error levels to corresponding rest methods. $map = array( 'failure' => 'error', 'neutral' => 'info', 'success' => 'info', ); $func = $map[$type]; return $this->Rest->{$func}($str); } • REST plugin will take care of the rest ; )
  • How Setup authentication Optional • Retrieve REST credentials & login public function beforeFilter() { $credentials = $this->Rest->credentials(); // Hash them with Security::salt $success = $this->Auth->login($credentials); // Further handling of return value } • Done! The REST client has logged in as an actual user (or not), and from here-on, it’s your app’s domain, just like you’re used to. This means whatever ACL or other authorization code you have in place, will be respected.
  • How Todo • XML For now only .json is supported • Testing Expose to more programmers & environments to track issues. Unit tests • HMAC Signed requests Could provide additional security (even though you’re probably not doing this with regular https requests either, and you are only opening up existing functionality, so I consider it secure enough to use over HTTPS as it is) • IP-based rate-limiter Better protection against DDOS attacks than the current api-key based.
  • Where
  • Where Here: • Fork http://github.com/kvz/cakephp-rest-plugin • Follow http://twitter.com/kvz • Subscribe http://kevin.vanzonneveld.net • Mail kvz@php.net • Check http://true.nl
  • Questions?
  • Thank you!