aboutsummaryrefslogtreecommitdiffhomepage
path: root/application
diff options
context:
space:
mode:
Diffstat (limited to 'application')
-rw-r--r--application/api/ApiMiddleware.php28
1 files changed, 10 insertions, 18 deletions
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php
index da730e0c..f4a71f7c 100644
--- a/application/api/ApiMiddleware.php
+++ b/application/api/ApiMiddleware.php
@@ -3,7 +3,6 @@ namespace Shaarli\Api;
3 3
4use Shaarli\Api\Exceptions\ApiAuthorizationException; 4use Shaarli\Api\Exceptions\ApiAuthorizationException;
5use Shaarli\Api\Exceptions\ApiException; 5use Shaarli\Api\Exceptions\ApiException;
6use Shaarli\Bookmark\BookmarkFileService;
7use Shaarli\Config\ConfigManager; 6use Shaarli\Config\ConfigManager;
8use Slim\Container; 7use Slim\Container;
9use Slim\Http\Request; 8use Slim\Http\Request;
@@ -71,14 +70,7 @@ class ApiMiddleware
71 $response = $e->getApiResponse(); 70 $response = $e->getApiResponse();
72 } 71 }
73 72
74 return $response 73 return $response;
75 ->withHeader('Access-Control-Allow-Origin', '*')
76 ->withHeader(
77 'Access-Control-Allow-Headers',
78 'X-Requested-With, Content-Type, Accept, Origin, Authorization'
79 )
80 ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS')
81 ;
82 } 74 }
83 75
84 /** 76 /**
@@ -107,16 +99,16 @@ class ApiMiddleware
107 */ 99 */
108 protected function checkToken($request) 100 protected function checkToken($request)
109 { 101 {
110 if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { 102 if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
111 throw new ApiAuthorizationException('JWT token not provided'); 103 throw new ApiAuthorizationException('JWT token not provided');
112 } 104 }
113 105
114 if (empty($this->conf->get('api.secret'))) { 106 if (empty($this->conf->get('api.secret'))) {
115 throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); 107 throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration');
116 } 108 }
117 109
118 if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { 110 if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) {
119 $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; 111 $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION'];
120 } else { 112 } else {
121 $authorization = $request->getHeaderLine('Authorization'); 113 $authorization = $request->getHeaderLine('Authorization');
122 } 114 }
@@ -129,7 +121,7 @@ class ApiMiddleware
129 } 121 }
130 122
131 /** 123 /**
132 * Instantiate a new LinkDB including private bookmarks, 124 * Instantiate a new LinkDB including private links,
133 * and load in the Slim container. 125 * and load in the Slim container.
134 * 126 *
135 * FIXME! LinkDB could use a refactoring to avoid this trick. 127 * FIXME! LinkDB could use a refactoring to avoid this trick.
@@ -138,10 +130,10 @@ class ApiMiddleware
138 */ 130 */
139 protected function setLinkDb($conf) 131 protected function setLinkDb($conf)
140 { 132 {
141 $linkDb = new BookmarkFileService( 133 $linkDb = new \Shaarli\Bookmark\LinkDB(
142 $conf, 134 $conf->get('resource.datastore'),
143 $this->container->get('history'), 135 true,
144 true 136 $conf->get('privacy.hide_public_links')
145 ); 137 );
146 $this->container['db'] = $linkDb; 138 $this->container['db'] = $linkDb;
147 } 139 }