diff options
Diffstat (limited to 'application/api/ApiMiddleware.php')
-rw-r--r-- | application/api/ApiMiddleware.php | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index 2d55bda6..f5b53b01 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php | |||
@@ -3,6 +3,7 @@ namespace Shaarli\Api; | |||
3 | 3 | ||
4 | use Shaarli\Api\Exceptions\ApiAuthorizationException; | 4 | use Shaarli\Api\Exceptions\ApiAuthorizationException; |
5 | use Shaarli\Api\Exceptions\ApiException; | 5 | use Shaarli\Api\Exceptions\ApiException; |
6 | use Shaarli\Bookmark\BookmarkFileService; | ||
6 | use Shaarli\Config\ConfigManager; | 7 | use Shaarli\Config\ConfigManager; |
7 | use Slim\Container; | 8 | use Slim\Container; |
8 | use Slim\Http\Request; | 9 | use Slim\Http\Request; |
@@ -70,7 +71,14 @@ class ApiMiddleware | |||
70 | $response = $e->getApiResponse(); | 71 | $response = $e->getApiResponse(); |
71 | } | 72 | } |
72 | 73 | ||
73 | return $response; | 74 | return $response |
75 | ->withHeader('Access-Control-Allow-Origin', '*') | ||
76 | ->withHeader( | ||
77 | 'Access-Control-Allow-Headers', | ||
78 | 'X-Requested-With, Content-Type, Accept, Origin, Authorization' | ||
79 | ) | ||
80 | ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS') | ||
81 | ; | ||
74 | } | 82 | } |
75 | 83 | ||
76 | /** | 84 | /** |
@@ -99,7 +107,9 @@ class ApiMiddleware | |||
99 | */ | 107 | */ |
100 | protected function checkToken($request) | 108 | protected function checkToken($request) |
101 | { | 109 | { |
102 | if (! $request->hasHeader('Authorization')) { | 110 | if (!$request->hasHeader('Authorization') |
111 | && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION']) | ||
112 | ) { | ||
103 | throw new ApiAuthorizationException('JWT token not provided'); | 113 | throw new ApiAuthorizationException('JWT token not provided'); |
104 | } | 114 | } |
105 | 115 | ||
@@ -107,7 +117,11 @@ class ApiMiddleware | |||
107 | throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); | 117 | throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); |
108 | } | 118 | } |
109 | 119 | ||
110 | $authorization = $request->getHeaderLine('Authorization'); | 120 | if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { |
121 | $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION']; | ||
122 | } else { | ||
123 | $authorization = $request->getHeaderLine('Authorization'); | ||
124 | } | ||
111 | 125 | ||
112 | if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) { | 126 | if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) { |
113 | throw new ApiAuthorizationException('Invalid JWT header'); | 127 | throw new ApiAuthorizationException('Invalid JWT header'); |
@@ -117,7 +131,7 @@ class ApiMiddleware | |||
117 | } | 131 | } |
118 | 132 | ||
119 | /** | 133 | /** |
120 | * Instantiate a new LinkDB including private links, | 134 | * Instantiate a new LinkDB including private bookmarks, |
121 | * and load in the Slim container. | 135 | * and load in the Slim container. |
122 | * | 136 | * |
123 | * FIXME! LinkDB could use a refactoring to avoid this trick. | 137 | * FIXME! LinkDB could use a refactoring to avoid this trick. |
@@ -126,10 +140,10 @@ class ApiMiddleware | |||
126 | */ | 140 | */ |
127 | protected function setLinkDb($conf) | 141 | protected function setLinkDb($conf) |
128 | { | 142 | { |
129 | $linkDb = new \Shaarli\Bookmark\LinkDB( | 143 | $linkDb = new BookmarkFileService( |
130 | $conf->get('resource.datastore'), | 144 | $conf, |
131 | true, | 145 | $this->container->get('history'), |
132 | $conf->get('privacy.hide_public_links') | 146 | true |
133 | ); | 147 | ); |
134 | $this->container['db'] = $linkDb; | 148 | $this->container['db'] = $linkDb; |
135 | } | 149 | } |