diff options
Diffstat (limited to 'application/api/ApiMiddleware.php')
| -rw-r--r-- | application/api/ApiMiddleware.php | 28 |
1 files changed, 10 insertions, 18 deletions
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index da730e0c..f4a71f7c 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php | |||
| @@ -3,7 +3,6 @@ namespace Shaarli\Api; | |||
| 3 | 3 | ||
| 4 | use Shaarli\Api\Exceptions\ApiAuthorizationException; | 4 | use Shaarli\Api\Exceptions\ApiAuthorizationException; |
| 5 | use Shaarli\Api\Exceptions\ApiException; | 5 | use Shaarli\Api\Exceptions\ApiException; |
| 6 | use Shaarli\Bookmark\BookmarkFileService; | ||
| 7 | use Shaarli\Config\ConfigManager; | 6 | use Shaarli\Config\ConfigManager; |
| 8 | use Slim\Container; | 7 | use Slim\Container; |
| 9 | use Slim\Http\Request; | 8 | use Slim\Http\Request; |
| @@ -71,14 +70,7 @@ class ApiMiddleware | |||
| 71 | $response = $e->getApiResponse(); | 70 | $response = $e->getApiResponse(); |
| 72 | } | 71 | } |
| 73 | 72 | ||
| 74 | return $response | 73 | return $response; |
| 75 | ->withHeader('Access-Control-Allow-Origin', '*') | ||
| 76 | ->withHeader( | ||
| 77 | 'Access-Control-Allow-Headers', | ||
| 78 | 'X-Requested-With, Content-Type, Accept, Origin, Authorization' | ||
| 79 | ) | ||
| 80 | ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS') | ||
| 81 | ; | ||
| 82 | } | 74 | } |
| 83 | 75 | ||
| 84 | /** | 76 | /** |
| @@ -107,16 +99,16 @@ class ApiMiddleware | |||
| 107 | */ | 99 | */ |
| 108 | protected function checkToken($request) | 100 | protected function checkToken($request) |
| 109 | { | 101 | { |
| 110 | if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { | 102 | if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { |
| 111 | throw new ApiAuthorizationException('JWT token not provided'); | 103 | throw new ApiAuthorizationException('JWT token not provided'); |
| 112 | } | 104 | } |
| 113 | 105 | ||
| 114 | if (empty($this->conf->get('api.secret'))) { | 106 | if (empty($this->conf->get('api.secret'))) { |
| 115 | throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); | 107 | throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); |
| 116 | } | 108 | } |
| 117 | 109 | ||
| 118 | if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { | 110 | if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { |
| 119 | $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; | 111 | $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION']; |
| 120 | } else { | 112 | } else { |
| 121 | $authorization = $request->getHeaderLine('Authorization'); | 113 | $authorization = $request->getHeaderLine('Authorization'); |
| 122 | } | 114 | } |
| @@ -129,7 +121,7 @@ class ApiMiddleware | |||
| 129 | } | 121 | } |
| 130 | 122 | ||
| 131 | /** | 123 | /** |
| 132 | * Instantiate a new LinkDB including private bookmarks, | 124 | * Instantiate a new LinkDB including private links, |
| 133 | * and load in the Slim container. | 125 | * and load in the Slim container. |
| 134 | * | 126 | * |
| 135 | * FIXME! LinkDB could use a refactoring to avoid this trick. | 127 | * FIXME! LinkDB could use a refactoring to avoid this trick. |
| @@ -138,10 +130,10 @@ class ApiMiddleware | |||
| 138 | */ | 130 | */ |
| 139 | protected function setLinkDb($conf) | 131 | protected function setLinkDb($conf) |
| 140 | { | 132 | { |
| 141 | $linkDb = new BookmarkFileService( | 133 | $linkDb = new \Shaarli\Bookmark\LinkDB( |
| 142 | $conf, | 134 | $conf->get('resource.datastore'), |
| 143 | $this->container->get('history'), | 135 | true, |
| 144 | true | 136 | $conf->get('privacy.hide_public_links') |
| 145 | ); | 137 | ); |
| 146 | $this->container['db'] = $linkDb; | 138 | $this->container['db'] = $linkDb; |
| 147 | } | 139 | } |