X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Fapi%2FApiMiddleware.php;h=cc7af18e962427405335f2f8c506934c6129762f;hb=HEAD;hp=162e88e0bc06ea50a43e6cc1cc289212962b1edf;hpb=fc11ab2f290a3712b766d78fdbcd354625a35d0a;p=github%2Fshaarli%2FShaarli.git diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index 162e88e0..cc7af18e 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php @@ -2,8 +2,11 @@ namespace Shaarli\Api; -use Shaarli\Api\Exceptions\ApiException; +use malkusch\lock\mutex\FlockMutex; use Shaarli\Api\Exceptions\ApiAuthorizationException; +use Shaarli\Api\Exceptions\ApiException; +use Shaarli\Bookmark\BookmarkFileService; +use Shaarli\Config\ConfigManager; use Slim\Container; use Slim\Http\Request; use Slim\Http\Response; @@ -31,7 +34,7 @@ class ApiMiddleware protected $container; /** - * @var \ConfigManager instance. + * @var ConfigManager instance. */ protected $conf; @@ -64,13 +67,20 @@ class ApiMiddleware try { $this->checkRequest($request); $response = $next($request, $response); - } catch(ApiException $e) { + } catch (ApiException $e) { $e->setResponse($response); $e->setDebug($this->conf->get('dev.debug', false)); $response = $e->getApiResponse(); } - return $response; + return $response + ->withHeader('Access-Control-Allow-Origin', '*') + ->withHeader( + 'Access-Control-Allow-Headers', + 'X-Requested-With, Content-Type, Accept, Origin, Authorization' + ) + ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS') + ; } /** @@ -97,9 +107,12 @@ class ApiMiddleware * * @throws ApiAuthorizationException The token couldn't be validated. */ - protected function checkToken($request) { - $jwt = $request->getHeaderLine('jwt'); - if (empty($jwt)) { + protected function checkToken($request) + { + if ( + !$request->hasHeader('Authorization') + && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION']) + ) { throw new ApiAuthorizationException('JWT token not provided'); } @@ -107,25 +120,35 @@ class ApiMiddleware throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); } - ApiUtils::validateJwtToken($jwt, $this->conf->get('api.secret')); + if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { + $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION']; + } else { + $authorization = $request->getHeaderLine('Authorization'); + } + + if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) { + throw new ApiAuthorizationException('Invalid JWT header'); + } + + ApiUtils::validateJwtToken($matches[1], $this->conf->get('api.secret')); } /** - * Instantiate a new LinkDB including private links, + * Instantiate a new LinkDB including private bookmarks, * and load in the Slim container. * * FIXME! LinkDB could use a refactoring to avoid this trick. * - * @param \ConfigManager $conf instance. + * @param ConfigManager $conf instance. */ protected function setLinkDb($conf) { - $linkDb = new \LinkDB( - $conf->get('resource.datastore'), - true, - $conf->get('privacy.hide_public_links'), - $conf->get('redirector.url'), - $conf->get('redirector.encode_url') + $linkDb = new BookmarkFileService( + $conf, + $this->container->get('pluginManager'), + $this->container->get('history'), + new FlockMutex(fopen(SHAARLI_MUTEX_FILE, 'r'), 2), + true ); $this->container['db'] = $linkDb; }