From 676571dab927b0fb9b3746c36f0d7540e8dba2b5 Mon Sep 17 00:00:00 2001 From: Christoph Stoettner Date: Tue, 29 Sep 2020 12:15:04 +0200 Subject: Workaround for hoster (ionos) The hoster writes the environment variable with bearer token to REDIRECT_HTTP_AUTHORIZATION and needs to provide RewriteBase / to .htaccess --- application/api/ApiMiddleware.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'application/api') diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index 09ce6445..da730e0c 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php @@ -107,7 +107,7 @@ class ApiMiddleware */ protected function checkToken($request) { - if (! $request->hasHeader('Authorization')) { + if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { throw new ApiAuthorizationException('JWT token not provided'); } @@ -115,7 +115,11 @@ class ApiMiddleware throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); } - $authorization = $request->getHeaderLine('Authorization'); + if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { + $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; + } else { + $authorization = $request->getHeaderLine('Authorization'); + } if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) { throw new ApiAuthorizationException('Invalid JWT header'); -- cgit v1.2.3 From d8ef4a893fc899471d415c4aa0bb1cad9ab9c2dc Mon Sep 17 00:00:00 2001 From: Christoph Stoettner Date: Wed, 30 Sep 2020 12:27:44 +0200 Subject: Change to ->container->environment --- application/api/ApiMiddleware.php | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) (limited to 'application/api') diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index da730e0c..f4a71f7c 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php @@ -3,7 +3,6 @@ namespace Shaarli\Api; use Shaarli\Api\Exceptions\ApiAuthorizationException; use Shaarli\Api\Exceptions\ApiException; -use Shaarli\Bookmark\BookmarkFileService; use Shaarli\Config\ConfigManager; use Slim\Container; use Slim\Http\Request; @@ -71,14 +70,7 @@ class ApiMiddleware $response = $e->getApiResponse(); } - return $response - ->withHeader('Access-Control-Allow-Origin', '*') - ->withHeader( - 'Access-Control-Allow-Headers', - 'X-Requested-With, Content-Type, Accept, Origin, Authorization' - ) - ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS') - ; + return $response; } /** @@ -107,16 +99,16 @@ class ApiMiddleware */ protected function checkToken($request) { - if (! $request->hasHeader('Authorization') && !isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { + if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { throw new ApiAuthorizationException('JWT token not provided'); } - + if (empty($this->conf->get('api.secret'))) { throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); } - if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { - $authorization = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; + if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { + $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION']; } else { $authorization = $request->getHeaderLine('Authorization'); } @@ -129,7 +121,7 @@ class ApiMiddleware } /** - * Instantiate a new LinkDB including private bookmarks, + * Instantiate a new LinkDB including private links, * and load in the Slim container. * * FIXME! LinkDB could use a refactoring to avoid this trick. @@ -138,10 +130,10 @@ class ApiMiddleware */ protected function setLinkDb($conf) { - $linkDb = new BookmarkFileService( - $conf, - $this->container->get('history'), - true + $linkDb = new \Shaarli\Bookmark\LinkDB( + $conf->get('resource.datastore'), + true, + $conf->get('privacy.hide_public_links') ); $this->container['db'] = $linkDb; } -- cgit v1.2.3 From 25cb75552baaad62b093b0b38156fcb15dca7826 Mon Sep 17 00:00:00 2001 From: Christoph Stoettner Date: Wed, 30 Sep 2020 12:29:54 +0200 Subject: Fix identation --- application/api/ApiMiddleware.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'application/api') diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index f4a71f7c..7f1e7fca 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php @@ -102,16 +102,16 @@ class ApiMiddleware if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { throw new ApiAuthorizationException('JWT token not provided'); } - + if (empty($this->conf->get('api.secret'))) { throw new ApiAuthorizationException('Token secret must be set in Shaarli\'s administration'); } - if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { - $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION']; - } else { + if (isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { + $authorization = $this->container->environment['REDIRECT_HTTP_AUTHORIZATION']; + } else { $authorization = $request->getHeaderLine('Authorization'); - } + } if (! preg_match('/^Bearer (.*)/i', $authorization, $matches)) { throw new ApiAuthorizationException('Invalid JWT header'); -- cgit v1.2.3 From 255b2264a119f4b8cc9fe211c7740906701e15b4 Mon Sep 17 00:00:00 2001 From: ArthurHoaro Date: Wed, 30 Sep 2020 15:57:57 +0200 Subject: Revert unrelated changes and add unit tests --- application/api/ApiMiddleware.php | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) (limited to 'application/api') diff --git a/application/api/ApiMiddleware.php b/application/api/ApiMiddleware.php index 7f1e7fca..f5b53b01 100644 --- a/application/api/ApiMiddleware.php +++ b/application/api/ApiMiddleware.php @@ -3,6 +3,7 @@ namespace Shaarli\Api; use Shaarli\Api\Exceptions\ApiAuthorizationException; use Shaarli\Api\Exceptions\ApiException; +use Shaarli\Bookmark\BookmarkFileService; use Shaarli\Config\ConfigManager; use Slim\Container; use Slim\Http\Request; @@ -70,7 +71,14 @@ class ApiMiddleware $response = $e->getApiResponse(); } - return $response; + return $response + ->withHeader('Access-Control-Allow-Origin', '*') + ->withHeader( + 'Access-Control-Allow-Headers', + 'X-Requested-With, Content-Type, Accept, Origin, Authorization' + ) + ->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS') + ; } /** @@ -99,7 +107,9 @@ class ApiMiddleware */ protected function checkToken($request) { - if (! $request->hasHeader('Authorization') && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION'])) { + if (!$request->hasHeader('Authorization') + && !isset($this->container->environment['REDIRECT_HTTP_AUTHORIZATION']) + ) { throw new ApiAuthorizationException('JWT token not provided'); } @@ -121,7 +131,7 @@ class ApiMiddleware } /** - * Instantiate a new LinkDB including private links, + * Instantiate a new LinkDB including private bookmarks, * and load in the Slim container. * * FIXME! LinkDB could use a refactoring to avoid this trick. @@ -130,10 +140,10 @@ class ApiMiddleware */ protected function setLinkDb($conf) { - $linkDb = new \Shaarli\Bookmark\LinkDB( - $conf->get('resource.datastore'), - true, - $conf->get('privacy.hide_public_links') + $linkDb = new BookmarkFileService( + $conf, + $this->container->get('history'), + true ); $this->container['db'] = $linkDb; } -- cgit v1.2.3