proxy private api

Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy.
This forum is not for asking programming related questions.

Moderator: General Moderators

Post Reply
alme
Forum Newbie
Posts: 1
Joined: Mon Mar 31, 2014 10:51 am

proxy private api

Post by alme »

Hello!
I would like to know if there is a library that allow me to use php as apache proxyPass and proxyPassReverse functionality (mod_proxy module).
I try to explain better.
I have to build an api (1; PHP) that after checking validity of oauth2 access_token, switch the request to another internal and privare api (2. JAVA), (adding some user parameters) and return to its client the response of the internal and private api.
I hope there is a library to do this, I wouldn't use rest server and client toghether in the same api, also because methods and content types of requests are very different.

Example:
Mobile app send a request to PHP Webapp (https://my-frontend-app/v2/rest/getUser ... l.jackson/. Php Webapp check if user access_token is valid and switch the request to JAVA Webapp (http://localhost/v2/rest/getUserFriends/michal.jackson/). JAVA Webapp returns a json object to PHP Webapp, and PHP Webapp returns the json object to Mobile app.

Someone can give me some suggestion?

Thank you :D
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: proxy private api

Post by requinix »

There might be a library for it but the manual implementation is straightfoward:
1. Check the token and stop if invalid.
2. Remove the token from the input data (so you don't send it to the internal API).
3. Send the same request you got to the internal API. Same request method, same request URI, same headers, same POST body.
4. Get the response and send it back. Same response status code, same headers, same response body.

Things that don't work with this:
- Cookies (you'd have to rewrite some of the details on the cookies set by the internal API)
- Redirects (the API might try to redirect to http://localhost/* and you'd have to change that to http://my-frontend-app/*)

[edit] Accidentally posted before I could include an example.

Code: Select all

// fortunately the request URI is the same. otherwise you'd have to rearrange it or something
$curl = curl_init("http://localhost" . $_SERVER["REQUEST_URI"]);

// request method
$options = array(
	CURLOPT_CUSTOMREQUEST => $_SERVER["REQUEST_METHOD"],
	CURLOPT_HEADER => true,
	CURLOPT_HTTPHEADER => array(),
	CURLOPT_RETURNTRANSFER => true
);

// request headers
foreach ($_SERVER as $key => $value) {
	if (strncmp($key, "HTTP_", 5) == 0) {
		$header = ucwords(strtolower(str_replace("_", "-", $key)));
		$options[$header] = $value;
	}
}

// request body
if (!empty($_SERVER["HTTP_CONTENT_LENGTH"])) {
	$options[CURLOPT_POSTFIELDS] = file_get_contents("php://stdin");
}

curl_setopt_array($curl, $options);

$response = curl_exec($curl);
curl_close($curl);

// response contains the headers and the body all together

$separator = strpos($response, "\r\n\r\n");
$headers = substr($response, 0, $separator);
$response = substr($response, $separator + 4);

// response headers
foreach (explode("\r\n", $headers) as $headerline) {
	header($headerline);
}

// response body
echo $response;
My only concern with this untested code is that cURL might overwrite some of the headers that the code sets itself.
Post Reply