X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=application%2Fapi%2FApiMiddleware.php;h=da730e0c48e739fbb382e86f86dbb15f4e9287e8;hb=676571dab927b0fb9b3746c36f0d7540e8dba2b5;hp=66eac133649cf8c020c64164f7864b43ddf33a40;hpb=f211e417bf637b8a83988175c29ee072c69f7642;p=github%2Fshaarli%2FShaarli.git

diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index 66eac133..da730e0c 100644
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -1,9 +1,9 @@
 <?php
 namespace Shaarli\Api;
 
-use Shaarli\Api\Exceptions\ApiException;
 use Shaarli\Api\Exceptions\ApiAuthorizationException;
-
+use Shaarli\Api\Exceptions\ApiException;
+use Shaarli\Bookmark\BookmarkFileService;
 use Shaarli\Config\ConfigManager;
 use Slim\Container;
 use Slim\Http\Request;
@@ -71,7 +71,14 @@ class ApiMiddleware
             $response = $e->getApiResponse();
         }
 
-        return $response;
+        return $response
+            ->withHeader('Access-Control-Allow-Origin', '*')
+            ->withHeader(
+                'Access-Control-Allow-Headers',
+                'X-Requested-With, Content-Type, Accept, Origin, Authorization'
+            )
+            ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
+        ;
     }
 
     /**
@@ -100,7 +107,7 @@ class ApiMiddleware
      */
     protected function checkToken($request)
     {
-        if (! $request->hasHeader('Authorization')) {
+        if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
             throw new ApiAuthorizationException('JWT token not provided');
         }
 
@@ -108,7 +115,11 @@ class ApiMiddleware
             throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
         }
 
-        $authorization = $request->getHeaderLine('Authorization');
+	if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
+	    $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
+	} else {
+            $authorization = $request->getHeaderLine('Authorization');
+	}
 
         if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
             throw new ApiAuthorizationException('Invalid JWT header');
@@ -118,7 +129,7 @@ class ApiMiddleware
     }
 
     /**
-     * Instantiate a new LinkDB including private links,
+     * Instantiate a new LinkDB including private bookmarks,
      * and load in the Slim container.
      *
      * FIXME! LinkDB could use a refactoring to avoid this trick.
@@ -127,12 +138,10 @@ class ApiMiddleware
      */
     protected function setLinkDb($conf)
     {
-        $linkDb = new \LinkDB(
-            $conf->get('resource.datastore'),
-            true,
-            $conf->get('privacy.hide_public_links'),
-            $conf->get('redirector.url'),
-            $conf->get('redirector.encode_url')
+        $linkDb = new BookmarkFileService(
+            $conf,
+            $this->container->get('history'),
+            true
         );
         $this->container['db'] = $linkDb;
     }