Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Who
Who
    Kevin van Zonneveld
        t: @kvz          e: kvz@php.net


•   Developer, trapped in a sysadmin’s body

•   com...
What
What




CakePHP REST Plugin
  Does heavy lifting so you can finally rest.
What
             Design Goals

• Painless drop-in
  Should not bite existing code


• Use existing controller actions
  J...
Why
Why

                REST helps..
• Open up your application
  Let others write the features you don’t have the time for, ...
Why

     What I use it for
• Distributing config files throughout our
  network
• Letting customers edit DNS records,
  reb...
How
How

                                 Features
                                       Already implemented


• Logging & Ra...
How

             Setup files
• Save it to a ‘rest’ directory inside your
  plugins folder.
How

         Setup router

• Makes sure .json files are parsed by Cake
• Maps the controllers you want to open up
How

           Setup controllers
•   You already have a working view & index method

•   Rest Plugin can reuse any of the...
How

            Reroute errors

• Use one AppController::_flash() method
  From now on, forward all your: ‘No access’, Err...
How
 Setup authentication
                                Optional

• Retrieve REST credentials & login
  public function ...
How

                            Todo
• XML
  For now only .json is supported


• Testing
  Expose to more programmers & e...
Where
Where

                     Here:
•   Fork
    http://github.com/kvz/cakephp-rest-plugin

•   Follow
    http://twitter.co...
Questions?
Thank you!
Upcoming SlideShare
Loading in …5
×

CakePHP REST Plugin

19,716 views

Published on

The CakePHP talk about my REST plugin that I held January 12 in Amsterdam during the first Dutch CakePHP meetup #cakephpnl

Published in: Technology

CakePHP REST Plugin

  1. 1. Who
  2. 2. Who Kevin van Zonneveld t: @kvz e: kvz@php.net • Developer, trapped in a sysadmin’s body • company: Hosting provider specialized in scalability: http://true.nl • cake: Learned from Felix while working on http://phpjs.org • likes: Reusable code & to Automate everything.
  3. 3. What
  4. 4. What CakePHP REST Plugin Does heavy lifting so you can finally rest.
  5. 5. What Design Goals • Painless drop-in Should not bite existing code • Use existing controller actions Just add .json to your URLs and REST kicks in. • Declarative configuration Inject viewVars according to Set::extract()-compatible source & destination paths
  6. 6. Why
  7. 7. Why REST helps.. • Open up your application Let others write the features you don’t have the time for, couldn’t be bothered with, or even imagine. Bottom line: your product is getting used more, while you are doing less. • Close down your application By making use of existing authentication & authorization code in your app, you can restrict anyone from anything. • Reuse your application Let your own little scripts - running on different servers - use the API as well. They won’t need database access, and existing Model / caching / logging logic will be used at all times.
  8. 8. Why What I use it for • Distributing config files throughout our network • Letting customers edit DNS records, reboot servers, through their own interface • Receiving monitoring status reports and updating them through our Cake Models • Letting customers retrieve statistic • All bots have their own API-key. Raw MySQL connections no longer allowed
  9. 9. How
  10. 10. How Features Already implemented • Logging & Rate-limiting Configurable max requests per type of authenticated user. • Can dump all RESTful controllers So your client API can iterate & instantiate them, and make the following simple syntax available: $Api->Servers->index(); $Api->Servers->edit(2, array(‘hostname’ => ‘awesome.true.nl’)); • Minimal changes ..to your existing Cake App • Authentication Uses the Authorization header just like Amazon S3; have your client set it with every request (remember, REST is stateless): Authorization: TRUEREST username=john&password=xxx&apikey=247b5a2f72df375279573f2746686daa http://docs.amazonwebservices.com/AmazonS3/2006-03-01/index.html?RESTAuthentication.html
  11. 11. How Setup files • Save it to a ‘rest’ directory inside your plugins folder.
  12. 12. How Setup router • Makes sure .json files are parsed by Cake • Maps the controllers you want to open up
  13. 13. How Setup controllers • You already have a working view & index method • Rest Plugin can reuse any of their viewVars • Optionally transform them them into different arrangements so you can talk in a consistent format to you clients. In this case, servers are always presented as: servers: { 0: { hostname: “awesome.true.nl” } } even if it’s just one.
  14. 14. How Reroute errors • Use one AppController::_flash() method From now on, forward all your: ‘No access’, Error & Success messages to this method. Let it call setFlash() as you would normally. • And let it check if REST is active: if ($this->_isRest()) { // map CSS flash error levels to corresponding rest methods. $map = array( 'failure' => 'error', 'neutral' => 'info', 'success' => 'info', ); $func = $map[$type]; return $this->Rest->{$func}($str); } • REST plugin will take care of the rest ; )
  15. 15. How Setup authentication Optional • Retrieve REST credentials & login public function beforeFilter() { $credentials = $this->Rest->credentials(); // Hash them with Security::salt $success = $this->Auth->login($credentials); // Further handling of return value } • Done! The REST client has logged in as an actual user (or not), and from here-on, it’s your app’s domain, just like you’re used to. This means whatever ACL or other authorization code you have in place, will be respected.
  16. 16. How Todo • XML For now only .json is supported • Testing Expose to more programmers & environments to track issues. Unit tests • HMAC Signed requests Could provide additional security (even though you’re probably not doing this with regular https requests either, and you are only opening up existing functionality, so I consider it secure enough to use over HTTPS as it is) • IP-based rate-limiter Better protection against DDOS attacks than the current api-key based.
  17. 17. Where
  18. 18. Where Here: • Fork http://github.com/kvz/cakephp-rest-plugin • Follow http://twitter.com/kvz • Subscribe http://kevin.vanzonneveld.net • Mail kvz@php.net • Check http://true.nl
  19. 19. Questions?
  20. 20. Thank you!

×