Merge branch 'v0.12' into latest

author: ArthurHoaro <arthur@hoa.ro> 2020-10-13 12:05:08 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2020-10-13 12:05:08 +0200
commit: b6f678a5a1d15acf284ebcec16c905e976671ce1 (patch)
tree: 33c7da831482ed79c44896ef19c73c72ada84f2e /application/api/ApiMiddleware.php
parent: b14687036b9b800681197f51fdc47e62f0c88e2e (diff)
parent: 1c1520b6b98ab20201bfe15577782a52320339df (diff)
download: Shaarli-b6f678a5a1d15acf284ebcec16c905e976671ce1.tar.gz
Shaarli-b6f678a5a1d15acf284ebcec16c905e976671ce1.tar.zst
Shaarli-b6f678a5a1d15acf284ebcec16c905e976671ce1.zip
1 files changed, 22 insertions, 8 deletions
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index 2d55bda6..f5b53b01 100644
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -3,6 +3,7 @@ namespace Shaarli\Api;
 use Shaarli\Api\Exceptions\ApiAuthorizationException;
 use Shaarli\Api\Exceptions\ApiException;
+use Shaarli\Bookmark\BookmarkFileService;
 use Shaarli\Config\ConfigManager;
 use Slim\Container;
 use Slim\Http\Request;
@@ -70,7 +71,14 @@ class ApiMiddleware
            $response = $e->getApiResponse();
        }
-        return $response;
+        return $response
+            ->withHeader('Access-Control-Allow-Origin', '*')
+            ->withHeader(
+                'Access-Control-Allow-Headers',
+                'X-Requested-With, Content-Type, Accept, Origin, Authorization'
+            )
+            ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
+        ;
    }
    /**
@@ -99,7 +107,9 @@ class ApiMiddleware
     */
    protected function checkToken($request)
    {
-        if (! $request->hasHeader('Authorization')) {
+        if (!$request->hasHeader('Authorization')
+            && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])
+        ) {
            throw new ApiAuthorizationException('JWT token not provided');
        }
@@ -107,7 +117,11 @@ class ApiMiddleware
            throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
        }
-        $authorization = $request->getHeaderLine('Authorization');
+        if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
+            $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'];
+        } else {
+            $authorization = $request->getHeaderLine('Authorization');
+        }
        if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) {
            throw new ApiAuthorizationException('Invalid JWT header');
@@ -117,7 +131,7 @@ class ApiMiddleware
    }
    /**
-     * Instantiate a new LinkDB including private links,
+     * Instantiate a new LinkDB including private bookmarks,
     * and load in the Slim container.
     *
     * FIXME! LinkDB could use a refactoring to avoid this trick.
@@ -126,10 +140,10 @@ class ApiMiddleware
     */
    protected function setLinkDb($conf)
    {
-        $linkDb = new \Shaarli\Bookmark\LinkDB(
+        $linkDb = new BookmarkFileService(
-            $conf->get('resource.datastore'),
+            $conf,
-            true,
+            $this->container->get('history'),
-            $conf->get('privacy.hide_public_links')
+            true
        );
        $this->container['db'] = $linkDb;
    }
author	ArthurHoaro <arthur@hoa.ro>	2020-10-13 12:05:08 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2020-10-13 12:05:08 +0200
commit	b6f678a5a1d15acf284ebcec16c905e976671ce1 (patch)
tree	33c7da831482ed79c44896ef19c73c72ada84f2e /application/api/ApiMiddleware.php
parent	b14687036b9b800681197f51fdc47e62f0c88e2e (diff)
parent	1c1520b6b98ab20201bfe15577782a52320339df (diff)
download	Shaarli-b6f678a5a1d15acf284ebcec16c905e976671ce1.tar.gz Shaarli-b6f678a5a1d15acf284ebcec16c905e976671ce1.tar.zst Shaarli-b6f678a5a1d15acf284ebcec16c905e976671ce1.zip