diff options
Diffstat (limited to 'application')
-rw-r--r-- | application/api/ApiMiddleware.php | 28 |
1 files changed, 10 insertions, 18 deletions
diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index da730e0c..f4a71f7c 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php | |||
@@ -3,7 +3,6 @@ namespace Shaarli\Api; | |||
3 | 3 | ||
4 | use Shaarli\Api\Exceptions\ApiAuthorizationException; | 4 | use Shaarli\Api\Exceptions\ApiAuthorizationException; |
5 | use Shaarli\Api\Exceptions\ApiException; | 5 | use Shaarli\Api\Exceptions\ApiException; |
6 | use Shaarli\Bookmark\BookmarkFileService; | ||
7 | use Shaarli\Config\ConfigManager; | 6 | use Shaarli\Config\ConfigManager; |
8 | use Slim\Container; | 7 | use Slim\Container; |
9 | use Slim\Http\Request; | 8 | use Slim\Http\Request; |
@@ -71,14 +70,7 @@ class ApiMiddleware | |||
71 | $response = $e->getApiResponse(); | 70 | $response = $e->getApiResponse(); |
72 | } | 71 | } |
73 | 72 | ||
74 | return $response | 73 | return $response; |
75 | ->withHeader('Access-Control-Allow-Origin', '*') | ||
76 | ->withHeader( | ||
77 | 'Access-Control-Allow-Headers', | ||
78 | 'X-Requested-With, Content-Type, Accept, Origin, Authorization' | ||
79 | ) | ||
80 | ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS') | ||
81 | ; | ||
82 | } | 74 | } |
83 | 75 | ||
84 | /** | 76 | /** |
@@ -107,16 +99,16 @@ class ApiMiddleware | |||
107 | */ | 99 | */ |
108 | protected function checkToken($request) | 100 | protected function checkToken($request) |
109 | { | 101 | { |
110 | if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { | 102 | if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { |
111 | throw new ApiAuthorizationException('JWT token not provided'); | 103 | throw new ApiAuthorizationException('JWT token not provided'); |
112 | } | 104 | } |
113 | 105 | ||
114 | if (empty($this->conf->get('api.secret'))) { | 106 | if (empty($this->conf->get('api.secret'))) { |
115 | throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); | 107 | throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); |
116 | } | 108 | } |
117 | 109 | ||
118 | if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { | 110 | if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { |
119 | $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; | 111 | $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION']; |
120 | } else { | 112 | } else { |
121 | $authorization = $request->getHeaderLine('Authorization'); | 113 | $authorization = $request->getHeaderLine('Authorization'); |
122 | } | 114 | } |
@@ -129,7 +121,7 @@ class ApiMiddleware | |||
129 | } | 121 | } |
130 | 122 | ||
131 | /** | 123 | /** |
132 | * Instantiate a new LinkDB including private bookmarks, | 124 | * Instantiate a new LinkDB including private links, |
133 | * and load in the Slim container. | 125 | * and load in the Slim container. |
134 | * | 126 | * |
135 | * FIXME! LinkDB could use a refactoring to avoid this trick. | 127 | * FIXME! LinkDB could use a refactoring to avoid this trick. |
@@ -138,10 +130,10 @@ class ApiMiddleware | |||
138 | */ | 130 | */ |
139 | protected function setLinkDb($conf) | 131 | protected function setLinkDb($conf) |
140 | { | 132 | { |
141 | $linkDb = new BookmarkFileService( | 133 | $linkDb = new \Shaarli\Bookmark\LinkDB( |
142 | $conf, | 134 | $conf->get('resource.datastore'), |
143 | $this->container->get('history'), | 135 | true, |
144 | true | 136 | $conf->get('privacy.hide_public_links') |
145 | ); | 137 | ); |
146 | $this->container['db'] = $linkDb; | 138 | $this->container['db'] = $linkDb; |
147 | } | 139 | } |