application/api/ApiUtils.php

   1 <?php
   2 namespace Shaarli\Api;
   3
   4 use Shaarli\Base64Url;
   5 use Shaarli\Api\Exceptions\ApiAuthorizationException;
   6
   7 /**
   8  * REST API utilities
   9  */
  10 class ApiUtils
  11 {
  12     /**
  13      * Validates a JWT token authenticity.
  14      *
  15      * @param string $token JWT token extracted from the headers.
  16      * @param string $secret API secret set in the settings.
  17      *
  18      * @throws ApiAuthorizationException the token is not valid.
  19      */
  20     public static function validateJwtToken($token, $secret)
  21     {
  22         $parts = explode('.', $token);
  23         if (count($parts) != 3 || strlen($parts[0]) == 0 || strlen($parts[1]) == 0) {
  24             throw new ApiAuthorizationException('Malformed JWT token');
  25         }
  26
  27         $genSign = Base64Url::encode(hash_hmac('sha512', $parts[0] .'.'. $parts[1], $secret, true));
  28         if ($parts[2] != $genSign) {
  29             throw new ApiAuthorizationException('Invalid JWT signature');
  30         }
  31
  32         $header = json_decode(Base64Url::decode($parts[0]));
  33         if ($header === null) {
  34             throw new ApiAuthorizationException('Invalid JWT header');
  35         }
  36
  37         $payload = json_decode(Base64Url::decode($parts[1]));
  38         if ($payload === null) {
  39             throw new ApiAuthorizationException('Invalid JWT payload');
  40         }
  41
  42         if (empty($payload->iat)
  43             || $payload->iat > time()
  44             || time() - $payload->iat > ApiMiddleware::$TOKEN_DURATION
  45         ) {
  46             throw new ApiAuthorizationException('Invalid JWT issued time');
  47         }
  48     }
  49
  50     /**
  51      * Format a Link for the REST API.
  52      *
  53      * @param array $link Link data read from the datastore.
  54      * @param string $indexUrl Shaarli's index URL (used for relative URL).
  55      *
  56      * @return array Link data formatted for the REST API.
  57      */
  58     public static function formatLink($link, $indexUrl)
  59     {
  60         $out['id'] = $link['id'];
  61         // Not an internal link
  62         if ($link['url'][0] != '?') {
  63             $out['url'] = $link['url'];
  64         } else {
  65             $out['url'] = $indexUrl . $link['url'];
  66         }
  67         $out['shorturl'] = $link['shorturl'];
  68         $out['title'] = $link['title'];
  69         $out['description'] = $link['description'];
  70         $out['tags'] = preg_split('/\s+/', $link['tags'], -1, PREG_SPLIT_NO_EMPTY);
  71         $out['private'] = $link['private'] == true;
  72         $out['created'] = $link['created']->format(\DateTime::ATOM);
  73         if (! empty($link['updated'])) {
  74             $out['updated'] = $link['updated']->format(\DateTime::ATOM);
  75         } else {
  76             $out['updated'] = '';
  77         }
  78         return $out;
  79     }
  80
  81     /**
  82      * Convert a link given through a request, to a valid link for LinkDB.
  83      *
  84      * If no URL is provided, it will generate a local note URL.
  85      * If no title is provided, it will use the URL as title.
  86      *
  87      * @param array  $input          Request Link.
  88      * @param bool   $defaultPrivate Request Link.
  89      *
  90      * @return array Formatted link.
  91      */
  92     public static function buildLinkFromRequest($input, $defaultPrivate)
  93     {
  94         $input['url'] = ! empty($input['url']) ? cleanup_url($input['url']) : '';
  95         if (isset($input['private'])) {
  96             $private = filter_var($input['private'], FILTER_VALIDATE_BOOLEAN);
  97         } else {
  98             $private = $defaultPrivate;
  99         }
 100
 101         $link = [
 102             'title'         => ! empty($input['title']) ? $input['title'] : $input['url'],
 103             'url'           => $input['url'],
 104             'description'   => ! empty($input['description']) ? $input['description'] : '',
 105             'tags'          => ! empty($input['tags']) ? implode(' ', $input['tags']) : '',
 106             'private'       => $private,
 107             'created'       => new \DateTime(),
 108         ];
 109         return $link;
 110     }
 111
 112     /**
 113      * Update link fields using an updated link object.
 114      *
 115      * @param array $oldLink data
 116      * @param array $newLink data
 117      *
 118      * @return array $oldLink updated with $newLink values
 119      */
 120     public static function updateLink($oldLink, $newLink)
 121     {
 122         foreach (['title', 'url', 'description', 'tags', 'private'] as $field) {
 123             $oldLink[$field] = $newLink[$field];
 124         }
 125         $oldLink['updated'] = new \DateTime();
 126
 127         if (empty($oldLink['url'])) {
 128             $oldLink['url'] = '?' . $oldLink['shorturl'];
 129         }
 130
 131         if (empty($oldLink['title'])) {
 132             $oldLink['title'] = $oldLink['url'];
 133         }
 134
 135         return $oldLink;
 136     }
 137 }