Merge pull request #1698 from ArthurHoaro/feature/plugins-search-filter

[github/shaarli/Shaarli.git] / application / api / ApiMiddleware.php
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php

index 522091cac39328222d790b441f29195e2d64fe78..cc7af18e962427405335f2f8c506934c6129762f 100644 (file)
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -2,8 +2,11 @@
  
  namespace Shaarli\Api;
  
-use Shaarli\Api\Exceptions\ApiException;
+use malkusch\lock\mutex\FlockMutex;
  use Shaarli\Api\Exceptions\ApiAuthorizationException;
+use Shaarli\Api\Exceptions\ApiException;
+use Shaarli\Bookmark\BookmarkFileService;
+use Shaarli\Config\ConfigManager;
  use Slim\Container;
  use Slim\Http\Request;
  use Slim\Http\Response;
@@ -31,7 +34,7 @@ class ApiMiddleware
      protected $container;
  
      /**
-     * @var \ConfigManager instance.
+     * @var ConfigManager instance.
       */
      protected $conf;
  
@@ -64,13 +67,20 @@ class ApiMiddleware
          try {
              $this->checkRequest($request);
              $response = $next($request, $response);
-        } catch(ApiException $e) {
+        } catch (ApiException $e) {
              $e->setResponse($response);
              $e->setDebug($this->conf->get('dev.debug', false));
              $response = $e->getApiResponse();
          }
  
-        return $response;
+        return $response
+            ->withHeader('Access-Control-Allow-Origin', '*')
+            ->withHeader(
+                'Access-Control-Allow-Headers',
+                'X-Requested-With, Content-Type, Accept, Origin, Authorization'
+            )
+            ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
+        ;
      }
  
      /**
@@ -97,8 +107,12 @@ class ApiMiddleware
       *
       * @throws ApiAuthorizationException The token couldn't be validated.
       */
-    protected function checkToken($request) {
-        if (! $request->hasHeader('Authorization')) {
+    protected function checkToken($request)
+    {
+        if (
+            !$request->hasHeader('Authorization')
+            && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
+        ) {
              throw new ApiAuthorizationException('JWT token not provided');
          }
  
@@ -106,7 +120,11 @@ class ApiMiddleware
              throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
          }
  
-        $authorization = $request->getHeaderLine('Authorization');
+        if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
+            $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'];
+        } else {
+            $authorization = $request->getHeaderLine('Authorization');
+        }
  
          if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
              throw new ApiAuthorizationException('Invalid JWT header');
@@ -116,21 +134,21 @@ class ApiMiddleware
      }
  
      /**
-     * Instantiate a new LinkDB including private links,
+     * Instantiate a new LinkDB including private bookmarks,
       * and load in the Slim container.
       *
       * FIXME! LinkDB could use a refactoring to avoid this trick.
       *
-     * @param \ConfigManager $conf instance.
+     * @param ConfigManager $conf instance.
       */
      protected function setLinkDb($conf)
      {
-        $linkDb = new \LinkDB(
-            $conf->get('resource.datastore'),
-            true,
-            $conf->get('privacy.hide_public_links'),
-            $conf->get('redirector.url'),
-            $conf->get('redirector.encode_url')
+        $linkDb = new BookmarkFileService(
+            $conf,
+            $this->container->get('pluginManager'),
+            $this->container->get('history'),
+            new FlockMutex(fopen(SHAARLI_MUTEX_FILE, 'r'), 2),
+            true
          );
          $this->container['db'] = $linkDb;
      }