php-hmac-rest-api
php-hmac-rest-api copied to clipboard
jeteokeeffe
How to open it on Browser?
Hi, I am noob in this. I am learning to write secure api-centric application and found your blog post and this repo. I Downloaded it and am trying it since yesterday. I used your nginx file. I am able to run it via php client-connect.php and getting responce. But if i try to use my browser (via nginx or via php inbuilt server) I am getting indexPage doesn't exist. on browser. How do I run it on browser.
You could replace your nginx config file with nginx-virtual-host-php-fpm.conf. And restart.
Did that. I mentioned that I am using your config file. I initially used the url l.papi . Then tried using api.example.com, adding it to the /etc/hosts file. I am getting same error with php -S server also. I am getting response via terminal using your client-connect.php . but not via browser pointing to index file in public folder.
Can post both the php -S command with output and your client-connect.php command with output.
You won't be able to see a successful pong request because the necessary http headers won't be sent. That's why need need to use the client app. You can test that php is running by putting http://localhost:8000 in your browser
On Thursday, July 9, 2015 10:58 PM, Abhinav Kulshreshtha <[email protected]> wrote:
Did that. I mentioned that I am using your config file. I initially used the url l.papi . Then tried using api.example.com, adding it to the /etc/hosts file. I am getting same error with php -S server also. — Reply to this email directly or view it on GitHub.
Output from php -S
[Abhinav@abhinav-fed22 public] $ php -S localhost:8000 ../.htrouter.php
PHP 5.6.10 Development Server started at Fri Jul 10 09:01:44 2015
Listening on http://localhost:8000
Document root is /var/www/hmac/public
Press Ctrl-C to quit.
[Fri Jul 10 09:01:54 2015] 127.0.0.1:43440 [404]: /
[Fri Jul 10 09:01:54 2015] 127.0.0.1:43441 [404]: /favicon.ico - No such file or directory
[Fri Jul 10 09:01:59 2015] 127.0.0.1:43442 [404]: /
[Fri Jul 10 09:02:00 2015] 127.0.0.1:43443 [404]: /
[Fri Jul 10 09:03:11 2015] 127.0.0.1:43446 [200]: /ping
404 s are from browser pointing to localhost:8000. last line with [200] is from console.
Output from console
[Abhinav@abhinav-fed22 hmac] $ php client-connect.php
Request:
POST /ping HTTP/1.1
Host: localhost:8000
Accept: */*
API_ID: 1
API_TIME: 1436499190
API_HASH: ca6fb67add4409ea244a59af2e2b85483b79c0b49cf773c037dd8c6609c13fea
Content-Length: 142
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------90550a8901f809c9
Response:
HTTP/1.1 200 OK
Host: localhost:8000
Connection: close
X-Powered-By: PHP/5.6.10
Content-type: text/html; charset=UTF-8
indexpong
Output on browser is indexPage doesn't exist.
The client is connecting and printing out the correct information. Everything is successful.
The reason the browser is failing is because you're not providing the http headers (API_ID: 1 API_TIME: 1436499190 API_HASH: ca6fb67add4409ea244a59af2e2b85483b79c0b49cf773c037dd8c6609c13fea). This project isn't just a restful api, it has authentication through http headers to verify who the user is.
Read this about what hmac is and used for http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/
if you just want a restful api, comment out line 68 in https://github.com/jeteokeeffe/php-hmac-rest-api/blob/master/public/index.php. I won't check the http headers
I commented the line 68. Still getting indexPage not found. On both localhost:8000 and localhost:8000/ping