1 files changed, 137 insertions, 0 deletions
diff --git a/application/api/ApiUtils.php b/application/api/ApiUtils.php
new file mode 100644
index 00000000..f154bb52
--- /dev/null
+++ b/application/api/ApiUtils.php
@@ -0,0 +1,137 @@
+<?php
+namespace Shaarli\Api;
+use Shaarli\Base64Url;
+use Shaarli\Api\Exceptions\ApiAuthorizationException;
+/**
+ * REST API utilities
+ */
+class ApiUtils
+{
+    /**
+     * Validates a JWT token authenticity.
+     *
+     * @param string $token JWT token extracted from the headers.
+     * @param string $secret API secret set in the settings.
+     *
+     * @throws ApiAuthorizationException the token is not valid.
+     */
+    public static function validateJwtToken($token, $secret)
+    {
+        $parts = explode('.', $token);
+        if (count($parts) != 3 || strlen($parts[0]) == 0 || strlen($parts[1]) == 0) {
+            throw new ApiAuthorizationException('Malformed JWT token');
+        }
+        $genSign = Base64Url::encode(hash_hmac('sha512', $parts[0] .'.'. $parts[1], $secret, true));
+        if ($parts[2] != $genSign) {
+            throw new ApiAuthorizationException('Invalid JWT signature');
+        }
+        $header = json_decode(Base64Url::decode($parts[0]));
+        if ($header === null) {
+            throw new ApiAuthorizationException('Invalid JWT header');
+        }
+        $payload = json_decode(Base64Url::decode($parts[1]));
+        if ($payload === null) {
+            throw new ApiAuthorizationException('Invalid JWT payload');
+        }
+        if (empty($payload->iat)
+            || $payload->iat > time()
+            || time() - $payload->iat > ApiMiddleware::$TOKEN_DURATION
+        ) {
+            throw new ApiAuthorizationException('Invalid JWT issued time');
+        }
+    }
+    /**
+     * Format a Link for the REST API.
+     *
+     * @param array $link Link data read from the datastore.
+     * @param string $indexUrl Shaarli's index URL (used for relative URL).
+     *
+     * @return array Link data formatted for the REST API.
+     */
+    public static function formatLink($link, $indexUrl)
+    {
+        $out['id'] = $link['id'];
+        // Not an internal link
+        if ($link['url'][0] != '?') {
+            $out['url'] = $link['url'];
+        } else {
+            $out['url'] = $indexUrl . $link['url'];
+        }
+        $out['shorturl'] = $link['shorturl'];
+        $out['title'] = $link['title'];
+        $out['description'] = $link['description'];
+        $out['tags'] = preg_split('/\s+/', $link['tags'], -1, PREG_SPLIT_NO_EMPTY);
+        $out['private'] = $link['private'] == true;
+        $out['created'] = $link['created']->format(\DateTime::ATOM);
+        if (! empty($link['updated'])) {
+            $out['updated'] = $link['updated']->format(\DateTime::ATOM);
+        } else {
+            $out['updated'] = '';
+        }
+        return $out;
+    }
+    /**
+     * Convert a link given through a request, to a valid link for LinkDB.
+     *
+     * If no URL is provided, it will generate a local note URL.
+     * If no title is provided, it will use the URL as title.
+     *
+     * @param array  $input          Request Link.
+     * @param bool   $defaultPrivate Request Link.
+     *
+     * @return array Formatted link.
+     */
+    public static function buildLinkFromRequest($input, $defaultPrivate)
+    {
+        $input['url'] = ! empty($input['url']) ? cleanup_url($input['url']) : '';
+        if (isset($input['private'])) {
+            $private = filter_var($input['private'], FILTER_VALIDATE_BOOLEAN);
+        } else {
+            $private = $defaultPrivate;
+        }
+        $link = [
+            'title'         => ! empty($input['title']) ? $input['title'] : $input['url'],
+            'url'           => $input['url'],
+            'description'   => ! empty($input['description']) ? $input['description'] : '',
+            'tags'          => ! empty($input['tags']) ? implode(' ', $input['tags']) : '',
+            'private'       => $private,
+            'created'       => new \DateTime(),
+        ];
+        return $link;
+    }
+    /**
+     * Update link fields using an updated link object.
+     *
+     * @param array $oldLink data
+     * @param array $newLink data
+     *
+     * @return array $oldLink updated with $newLink values
+     */
+    public static function updateLink($oldLink, $newLink)
+    {
+        foreach (['title', 'url', 'description', 'tags', 'private'] as $field) {
+            $oldLink[$field] = $newLink[$field];
+        }
+        $oldLink['updated'] = new \DateTime();
+        if (empty($oldLink['url'])) {
+            $oldLink['url'] = '?' . $oldLink['shorturl'];
+        }
+        if (empty($oldLink['title'])) {
+            $oldLink['title'] = $oldLink['url'];
+        }
+        return $oldLink;
+    }
+}

diff --git a/application/api/ApiUtils.php b/application/api/ApiUtils.php new file mode 100644 index 00000000..f154bb52 --- /dev/null +++ b/application/api/ApiUtils.php
@@ -0,0 +1,137 @@
	1	<?php
	2	namespace Shaarli\Api;
	3
	4	use Shaarli\Base64Url;
	5	use Shaarli\Api\Exceptions\ApiAuthorizationException;
	6
	7	/**
	8	* REST API utilities
	9	*/
	10	class ApiUtils
	11	{
	12	/**
	13	* Validates a JWT token authenticity.
	14	*
	15	* @param string $token JWT token extracted from the headers.
	16	* @param string $secret API secret set in the settings.
	17	*
	18	* @throws ApiAuthorizationException the token is not valid.
	19	*/
	20	public static function validateJwtToken($token, $secret)
	21	{
	22	$parts = explode('.', $token);
	23	if (count($parts) != 3 \|\| strlen($parts[0]) == 0 \|\| strlen($parts[1]) == 0) {
	24	throw new ApiAuthorizationException('Malformed JWT token');
	25	}
	26
	27	$genSign = Base64Url::encode(hash_hmac('sha512', $parts[0] .'.'. $parts[1], $secret, true));
	28	if ($parts[2] != $genSign) {
	29	throw new ApiAuthorizationException('Invalid JWT signature');
	30	}
	31
	32	$header = json_decode(Base64Url::decode($parts[0]));
	33	if ($header === null) {
	34	throw new ApiAuthorizationException('Invalid JWT header');
	35	}
	36
	37	$payload = json_decode(Base64Url::decode($parts[1]));
	38	if ($payload === null) {
	39	throw new ApiAuthorizationException('Invalid JWT payload');
	40	}
	41
	42	if (empty($payload->iat)
	43	\|\| $payload->iat > time()
	44	\|\| time() - $payload->iat > ApiMiddleware::$TOKEN_DURATION
	45	) {
	46	throw new ApiAuthorizationException('Invalid JWT issued time');
	47	}
	48	}
	49
	50	/**
	51	* Format a Link for the REST API.
	52	*
	53	* @param array $link Link data read from the datastore.
	54	* @param string $indexUrl Shaarli's index URL (used for relative URL).
	55	*
	56	* @return array Link data formatted for the REST API.
	57	*/
	58	public static function formatLink($link, $indexUrl)
	59	{
	60	$out['id'] = $link['id'];
	61	// Not an internal link
	62	if ($link['url'][0] != '?') {
	63	$out['url'] = $link['url'];
	64	} else {
	65	$out['url'] = $indexUrl . $link['url'];
	66	}
	67	$out['shorturl'] = $link['shorturl'];
	68	$out['title'] = $link['title'];
	69	$out['description'] = $link['description'];
	70	$out['tags'] = preg_split('/\s+/', $link['tags'], -1, PREG_SPLIT_NO_EMPTY);
	71	$out['private'] = $link['private'] == true;
	72	$out['created'] = $link['created']->format(\DateTime::ATOM);
	73	if (! empty($link['updated'])) {
	74	$out['updated'] = $link['updated']->format(\DateTime::ATOM);
	75	} else {
	76	$out['updated'] = '';
	77	}
	78	return $out;
	79	}
	80
	81	/**
	82	* Convert a link given through a request, to a valid link for LinkDB.
	83	*
	84	* If no URL is provided, it will generate a local note URL.
	85	* If no title is provided, it will use the URL as title.
	86	*
	87	* @param array $input Request Link.
	88	* @param bool $defaultPrivate Request Link.
	89	*
	90	* @return array Formatted link.
	91	*/
	92	public static function buildLinkFromRequest($input, $defaultPrivate)
	93	{
	94	$input['url'] = ! empty($input['url']) ? cleanup_url($input['url']) : '';
	95	if (isset($input['private'])) {
	96	$private = filter_var($input['private'], FILTER_VALIDATE_BOOLEAN);
	97	} else {
	98	$private = $defaultPrivate;
	99	}
	100
	101	$link = [
	102	'title' => ! empty($input['title']) ? $input['title'] : $input['url'],
	103	'url' => $input['url'],
	104	'description' => ! empty($input['description']) ? $input['description'] : '',
	105	'tags' => ! empty($input['tags']) ? implode(' ', $input['tags']) : '',
	106	'private' => $private,
	107	'created' => new \DateTime(),
	108	];
	109	return $link;
	110	}
	111
	112	/**
	113	* Update link fields using an updated link object.
	114	*
	115	* @param array $oldLink data
	116	* @param array $newLink data
	117	*
	118	* @return array $oldLink updated with $newLink values
	119	*/
	120	public static function updateLink($oldLink, $newLink)
	121	{
	122	foreach (['title', 'url', 'description', 'tags', 'private'] as $field) {
	123	$oldLink[$field] = $newLink[$field];
	124	}
	125	$oldLink['updated'] = new \DateTime();
	126
	127	if (empty($oldLink['url'])) {
	128	$oldLink['url'] = '?' . $oldLink['shorturl'];
	129	}
	130
	131	if (empty($oldLink['title'])) {
	132	$oldLink['title'] = $oldLink['url'];
	133	}
	134
	135	return $oldLink;
	136	}
	137	}