motus.org

validate_request

R Documentation

validate an API request by looking up its token

Description

validate an API request by looking up its token

Usage

validate_request(json, needProjectID = TRUE, needAdmin = FALSE)

Arguments

json

named list with at least these items:

authToken authorization token or authorization ticket
projectID (optional) integer projectID(s)

An authorization ticket is the cookie generated by Apache's mod-auth-tkt. It is distinguished by including at least one '!' character, which tokens never contain. If authToken is deemed to be a ticket, then this function looks in the parent.frame() for an environment or list named 'env', and looks up the item 'HTTP_X_FORWARDED_FOR' there. This must give the client IP address as a dotted-quad character scalar; e.g. "131.162.131.200" Default: NULL That IP address must be the same one from which the request to generate a ticket came.

needProjectID

logical; if TRUE, a projectID to which the user has permission must be in json; default: TRUE

needAdmin

logical; if TRUE, the user must have userType="administrator" in order to use the entry point; default: FALSE

Value

If the request was valid, a list with these items:

userID integer user ID
projects integer vector of *all* project IDs user has permission to
projectID the projectID(s) specified in the request (and it is guaranteed the user has permission to them), present only if the user specified it.
userType character scalar; one of "administrator", "contributor"
isAdmin logical scalar; TRUE if user is an administrator.

If the request was not valid, a value of class "error" and suitable for return by a Rook app, which contains an appropriate error message. This value should be immediately returned by the caller.

So typical usage is like: auth = validate_request(json, needProjectID=FALSE) if (inherits(auth, "error")) return(auth) projectID = auth$projectID