View on GitHub

lRapi

Laravel REST API

Download this project as a .zip file Download this project as a tar.gz file

What is it?

lRapi is just a demo/example of a REST API Service based on Laravel framework, that I've made to provide an API service for a Android (and iOS by someone else) app that I was developing.

Personaly, I think this is a good starting point, but needs to be adapted to each one's needs.

Structure

Config

  • config/lrapi_config.php -> Custom declared parameters for the app
  • config/lrapi_status.php -> Status codes for the responses

Controllers

  • controllers/api.php -> The main controller which is extended by the others within the api/ fodler
  • controllers/activate.php -> Controller that contains the method which user will access to activate its account
  • controllers/api/devices.php -> Controller that will handle the devices
  • controllers/api/users.php -> Controller that will handle the users
  • controllers/api/users.php -> Controller that will handle the places

Response

All the responses are in JSON format

Requests

URL Structure

http://site.com/api/request/(method)

request Default controllers: devices/, users/, places/
method Methods are not always required, because of the public $restful = true;

Requests

All methods must include a hash parameter, which is generated using HMAC SHA1 using the key provided when registering the device

Name Methods Parameters Returns Description
api/device [POST] / device_id key, token This is the first thing to be called, as it will register the device in the database and return the key and token later to be used
api/user [POST] /
  • device_id
  • email
  • name (optional)
  • (*) password
  • (*) token_facebook
An error with its proper status code, or the user_id if successful Use it to add an user
/login
  • email
  • (*) password
  • (*) token_facebook
An error message or a 200 response Method to authenticate user
/logout
  • device_id
An error message or a 200 response Method regenerate credentials for the user's device
/validate
  • user_id
An error message or a 200 response Method check if user is validated
api/place [GET] /data/{id}
api/place [POST] /check

(*) => means that one of the two will be used. If both set, only password field will be used

Workflow

The app has been designed to be used the following way

  1. Register the device at api/device
  2. Save the key and token, you will use them later
  3. Any api/{} calls, will have to contain the token which will be used to authenticate the calls and the key to generate the hash for the parameters sent
  4. iOS HMAC SHA1 function to generate the hash (thanks to @nandodelauni) 
    - (NSString *)hmacSha1WithSecret:(NSString *)key
{
const char *cKey  = [key cStringUsingEncoding:NSUTF8StringEncoding];
const char *cData = [self cStringUsingEncoding:NSUTF8StringEncoding];

unsigned char cHMAC[CC_SHA1_DIGEST_LENGTH];

CCHmac(kCCHmacAlgSHA1, cKey, strlen(cKey), cData, strlen(cData), cHMAC);
NSData *HMAC = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)];

NSString *hash = [HMAC base64EncodedString];

return hash;
}

Vhost

Vhost configuration demo, for apache 

<VirtualHost *:80>
DocumentRoot /var/www/app.com/web
ServerName app.com

ErrorLog /var/www/logs/app-error.log
LogLevel debug

<Directory "/var/www/app.com/web">
		Options Indexes Includes FollowSymLinks MultiViews
		AllowOverride all
		Order allow,deny
		Allow from all
</Directory>
</VirtualHost>