AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add custom HTTP header for API authentication

This commit is contained in:
Frederic Guillot 2015-05-25 14:07:06 -04:00
parent 00c2e5c80e
commit 03f89e2899
5 changed files with 37 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/constants.php
View File

@ -76,3 +76,6 @@ defined('FILES_DIR') or define('FILES_DIR', 'data/files/');
// Escape html inside markdown text
defined('MARKDOWN_ESCAPE_HTML') or define('MARKDOWN_ESCAPE_HTML', true);
// API alternative authentication header, the default is HTTP Basic Authentication defined in RFC2617
defined('API_AUTHENTICATION_HEADER') or define('API_AUTHENTICATION_HEADER', '');

3
config.default.php
View File

@ -132,3 +132,6 @@ define('ENABLE_XFRAME', true);
// Escape html inside markdown text
define('MARKDOWN_ESCAPE_HTML', true);
// API alternative authentication header, the default is HTTP Basic Authentication defined in RFC2617
define('API_AUTHENTICATION_HEADER', '');

32
docs/api-json-rpc.markdown
View File

@ -12,17 +12,39 @@ Almost the same thing as XML-RPC but with the JSON format.
We use the [version 2 of the protocol](http://www.jsonrpc.org/specification).
You must call the API with a `POST` HTTP request.
Credentials
-----------
Authentication
--------------
### Default method (HTTP Basic)
The API credentials are available on the settings page.
- API end-point: `http://YOUR_SERVER/jsonrpc.php`
- API end-point: `https://YOUR_SERVER/jsonrpc.php`
- Username: `jsonrpc`
- Password: Random token (API token on the settings page)
- Password: API token on the settings page
The API use the [HTTP Basic Authentication Scheme described in the RFC2617](http://www.ietf.org/rfc/rfc2617.txt).
If there is an authentication error, you got an HTTP status code `401 Not Authorized`.
If there is an authentication error, you will receive the HTTP status code `401 Not Authorized`.
### Custom HTTP header
You can use an alternative HTTP header for the authentication if your server have a very specific configuration.
- The header name can be anything you want, by example `X-API-Auth`.
- The header value is the `username:password` encoded in Base64.
Configuration:
1. Define your custom header in your `config.php`: `define('API_AUTHENTICATION_HEADER', 'X-API-Auth');`
2. Encode the credentials in Base64, example with PHP `base64_encode('jsonrpc:19ffd9709d03ce50675c3a43d1c49c1ac207f4bc45f06c5b2701fbdf8929);`
3. Test with curl:
```bash
curl \
-H 'X-API-Auth: anNvbnJwYzoxOWZmZDk3MDlkMDNjZTUwNjc1YzNhNDNkMWM0OWMxYWMyMDdmNGJjNDVmMDZjNWIyNzAxZmJkZjg5Mjk=' \
-d '{"jsonrpc": "2.0", "method": "getAllProjects", "id": 1}' \
http://localhost/kanboard/jsonrpc.php
```
Examples
--------

3
docs/config.markdown
View File

@ -191,4 +191,7 @@ Various settings
```php
// Escape html inside markdown text
define('MARKDOWN_ESCAPE_HTML', true);
// API alternative authentication header, the default is HTTP Basic Authentication defined in RFC2617
define('API_AUTHENTICATION_HEADER', '');
```

1
jsonrpc.php
View File

@ -3,6 +3,7 @@
require __DIR__.'/app/common.php';
$server = new JsonRPC\Server;
$server->setAuthenticationHeader(API_AUTHENTICATION_HEADER);
$server->before('authentication');
$server->attach(new Api\Action($container));
$server->attach(new Api\App($container));