gnieark
/
dc-rest
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bitbucket -> github

Browse Source
master
Gnieark 7 years ago
parent 954195b57f
commit 803b36ed3d
21 changed files with 953 additions and 519 deletions
Show Stats Download Patch File Download Diff File

11
README.md
Unescape Escape View File

@ -2,12 +2,9 @@
Plugin dotclear ouvrant une API REST/JSON
Interface d'administration commencée
C'est en cours de développement et est loin d'être fini.
Dégrossi les specs / documentation de l'API (swagger).
Elles seront modifiées au fur et à mesure du développement de l'API.
Pour le moment les specifications Swagger sont basées sur la structure de la base de données.
A terme, elles seront basées plus sur les fonctions de dotclear.
PS: Des que l'architecture de ce plugin sera plus développée, je poursuivrai son dev sur Bitbucket.
Les spécifications swagger seront modifiées au fur et à mesure du développement de l'API.
Pour le moment elles sont basées sur la structure de la base de données et ne sont pas exhaustives.
A terme, elles seront basées plus sur les fonctions de dotclear.

8
_admin.php
Unescape Escape View File

@ -3,7 +3,7 @@
if (!defined('DC_CONTEXT_ADMIN')) { return; }
$_menu['Blog']->addItem(__('Rest API'),
'plugin.php?p=rest',
urldecode(dcPage::getPF('rest/rest_api_256x256.png')),
preg_match('/plugin.php\?p=rest(&.*)?$/',$_SERVER['REQUEST_URI']),
$core->auth->check('contentadmin',$core->blog->id));
'plugin.php?p=rest',
urldecode(dcPage::getPF('rest/rest_api_256x256.png')),
preg_match('/plugin.php\?p=rest(&.*)?$/',$_SERVER['REQUEST_URI']),
$core->auth->check('contentadmin',$core->blog->id));

16
_define.php
Unescape Escape View File

@ -12,12 +12,12 @@
if (!defined('DC_RC_PATH')) { return; }
$this->registerModule(
/* Name */ "rest",
/* Description*/ "A JSON/REST API for Dotclear",
/* Author */ "Gnieark (hope some others contributors)",
/* Version */ '0.0.1',
array(
'permissions' => 'usage,contentadmin',
'type' => 'plugin',
)
/* Name */ "rest",
/* Description*/ "A JSON/REST API for Dotclear",
/* Author */ "Gnieark (hope some others contributors)",
/* Version */ '0.0.1',
array(
'permissions' => 'usage,contentadmin',
'type' => 'plugin',
)
);

4
_prepend.php
Unescape Escape View File

@ -5,4 +5,6 @@ $__autoload['ApiKey'] = dirname(__FILE__).'/inc/class.rest.key.php';
$__autoload['restAuth'] = dirname(__FILE__).'/inc/class.rest.auth.php';
$__autoload['RestQuery'] = dirname(__FILE__).'/inc/class.rest.query.php';
$__autoload['RestQueryGetBlogs'] = dirname(__FILE__).'/inc/class.rest.query.get.blogs.php';
$__autoload['RestQueryGetSpecs'] = dirname(__FILE__).'/inc/class.rest.query.get.specs.php';
$__autoload['RestQueryGetBlog'] = dirname(__FILE__).'/inc/class.rest.query.get.blog.php';
$__autoload['RestQueryGetSpecs'] = dirname(__FILE__).'/inc/class.rest.query.get.specs.php';
$__autoload['RestQueryPostBlogs'] = dirname(__FILE__).'/inc/class.rest.query.post.blogs.php';

214
_public.php
Unescape Escape View File

@ -5,110 +5,116 @@ $core->url->register('rest','rest','^rest(?:/(.*))?$',array('rest','getResponse'
class rest extends dcUrlHandlers
{
/**
* Create the "good" RestQuery instance
* Input: $httpMethod: String (POST/GET/PATCH etc...)
* $args Url arguments
* $user dcAuth object
* $body Body of the input query. String
* Output: object RestQuery
*/
private function restFactoryQuery($httpMethod,$args,$user,$body){
//définir la methode API (pas HTML) appelée
switch($httpMethod){
case "GET":
if($args == 'blogs'){
$queryObj = new RestQueryGetBlogs($user);
break;
}elseif($args == 'specs'){
$queryObj = new RestQueryGetSpecs($user);
break;
}
break;
case "POST":
break;
case "PUT":
break;
case "PATCH":
break;
case "DELETE":
break;
default:
$this->response_code = RestQuery::get_full_code_header(400);
$this->response_message = array(
"error" => "Unrecoknized method",
"code" => 400
);
return;
break;
}
return $queryObj;
}
/**
* Create the "good" RestQuery instance
* Input: $httpMethod: String (POST/GET/PATCH etc...)
* $args Url arguments
* $user dcAuth object
* $body Body of the input query. String
* Output: object RestQuery
*/
private function restFactoryQuery($httpMethod,$args,$body){
//définir la methode API (pas HTML) appelée
switch($httpMethod){
case "GET":
if($args == 'blogs'){
$queryObj = new RestQueryGetBlogs();
break;
}elseif($args == 'specs'){
$queryObj = new RestQueryGetSpecs();
break;
}elseif(preg_match('^blogs/(.+)$', $args )){
$queryObj = new RestQueryGetBlog($args);
break;
}
///blogs/{blog-id}
break;
case "POST":
if($args == 'blogs'){
$queryObj = new RestQueryPostBlogs($body);
}
break;
case "PUT":
break;
case "PATCH":
break;
case "DELETE":
break;
default:
$queryObj = new RestQuery();
break;
}
return $queryObj;
}
public static function getResponse($args)
{
global $core;
$active = (boolean)$core->blog->settings->rest->rest_active;
if (!$active){
self::p404();
return;
}
error_log($args);
//exception pour la documentation
if($args == "documentation"){
public static function getResponse($args)
{
global $core;
$active = (boolean)$core->blog->settings->rest->rest_active;
if (!$active){
self::p404();
return;
}
//coors headers
if($core->blog->settings->rest->rest_send_cors_headers){
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, authorization, x_dc_key');
}
//exception pour la documentation
if($args == "documentation"){
include (dirname(__FILE__).'/documentation/swagger-ui-dist/index.php');
return;
}
//coors headers
if($core->blog->settings->rest->rest_send_cors_headers){
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE');
header('Access-Control-Allow-Headers: Content-Type, authorization, x_dc_key');
}
header('Content-Type: application/json');
//user authentification (facultative at this step)
$apiKey = rest::get_api_key_sended();
$user = false;
if($apiKey){
$user = new restAuth($core);
if($user->checkUser('','',$apiKey) === false){
header(RestQuery::get_full_code_header(403));
echo json_encode(array(
"error" => "Wrong API Key",
"code" => 403
));
return;
}
}
$r = rest::restFactoryQuery($_SERVER['REQUEST_METHOD'],$args,$user,file_get_contents('php://input'));
header($r->response_code);
echo json_encode($r->response_message);
}
private function get_api_key_sended()
{
//to do: test it on nginx
$headers = apache_request_headers();
if(isset($headers['x_dc_key'])){
return $headers['x_dc_key'];
}else{
return false;
}
}
}
}
header('Content-Type: application/json');
//user authentification (facultative at this step)
$apiKey = rest::get_api_key_sended();
//$user = false;
if($apiKey){
$core->auth = new restAuth($core);
if($core->auth->checkUser('','',$apiKey) === false){
header(RestQuery::get_full_code_header(403));
echo json_encode(array(
"error" => "Wrong API Key",
"code" => 403
));
return;
}
}else{
$core->auth = false;
}
$r = rest::restFactoryQuery($_SERVER['REQUEST_METHOD'],$args,file_get_contents('php://input'));
header($r->response_code);
echo json_encode($r->response_message);
}
private function get_api_key_sended()
{
//to do: test it on nginx
$headers = apache_request_headers();
if(isset($headers['x_dc_key'])){
return $headers['x_dc_key'];
}else{
return false;
}
}
}

130
documentation/definition.yaml
Unescape Escape View File

@ -2,18 +2,27 @@ swagger: '2.0'
info:
title: Dotclear API
description: Manage your(s) blogs with this API
version: "0.0.1"
# the domain of the service
version: 0.0.1
host: dotclear.localhost
# array of all schemes that your API supports
schemes:
- http
# will be prefixed to all paths
# (part of plugin url)
basePath: /dotclear/index.php?rest/
basePath: /dotclear/index.php?rest
produces:
- application/json
paths:
/specs:
get:
summary: Get this API SWAGGER documentation
responses:
'200':
description: swagger.json
schema:
title: doc
type: string
default:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
/blogs:
get:
summary: Get list of availables blogs
@ -23,13 +32,12 @@ paths:
required: false
type: string
responses:
200:
'200':
description: array serving blogs properties
schema:
title: blogs
type: array
items:
$ref: '#/definitions/blog'
type: string
default:
description: Unexpected error
schema:
@ -48,7 +56,7 @@ paths:
$ref: '#/definitions/blog'
required: true
responses:
200:
'200':
description: array containing the new blog's identifiant
schema:
$ref: '#/definitions/Ids'
@ -56,7 +64,7 @@ paths:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
/blogs/{blog-id}:
'/blogs/{blog-id}':
get:
summary: Get a blog poperties
parameters:
@ -69,11 +77,13 @@ paths:
type: string
required: true
responses:
200:
description: array containing blog properties. This list of attributes is not exhaustive.
'200':
description: >-
array containing blog properties. This list of attributes is not
exhaustive.
schema:
$ref: '#/definitions/blogProperties'
404:
'404':
description: this blog id does not exists
default:
description: Unexpected error
@ -97,18 +107,20 @@ paths:
schema:
$ref: '#/definitions/blogProperties'
responses:
200:
'200':
description: array containing the edited blog's identifiant
schema:
$ref: '#/definitions/Ids'
404:
'404':
description: this blog id does not exists
default:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
put:
summary: Overwrite blog Properties (if a parameter is not set, his value will be erased by de default value)
summary: >-
Overwrite blog Properties (if a parameter is not set, his value will be
erased by de default value)
parameters:
- name: x_dc_key
in: header
@ -125,17 +137,16 @@ paths:
schema:
$ref: '#/definitions/blogProperties'
responses:
200:
'200':
description: array containing the edited blog's identifiant
schema:
$ref: '#/definitions/Ids'
404:
'404':
description: this blog id does not exists
default:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
delete:
summary: Delete this blog
parameters:
@ -148,18 +159,17 @@ paths:
type: string
required: true
responses:
200:
'200':
description: array containing the deleted blog's identifiant
schema:
$ref: '#/definitions/Ids'
404:
'404':
description: this blog id does not exists
default:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
/{blog-id}/posts:
'/{blog-id}/posts':
get:
summary: Get list of posts
parameters:
@ -184,16 +194,17 @@ paths:
items:
type: string
required: false
description: Fields you want to get. If unset, fields are post_id, post_url, post_status, post_title, post_date
description: >-
Fields you want to get. If unset, fields are post_id, post_url,
post_status, post_title, post_date
responses:
200:
'200':
description: list of posts
schema:
title: posts
type: array
items:
$ref: '#/definitions/dc_post'
default:
description: Unexpected error
schema:
@ -211,11 +222,13 @@ paths:
required: true
- name: properties
in: body
description: Some non required fields you don't define will be set (default value) by the API
description: >-
Some non required fields you don't define will be set (default
value) by the API
schema:
$ref: '#/definitions/new_dc_post'
responses:
200:
'200':
description: Id of newly created post
schema:
$ref: '#/definitions/Ids'
@ -223,8 +236,7 @@ paths:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
/{blog-id}/posts/{post-id}:
'/{blog-id}/posts/{post-id}':
get:
summary: Get a post entry
parameters:
@ -253,11 +265,11 @@ paths:
items:
type: string
required: false
description: Fields you want to get. If unset, all available fields will be get.
description: 'Fields you want to get. If unset, all available fields will be get.'
responses:
200:
'200':
description: The post values
schema:
schema:
$ref: '#/definitions/dc_post'
default:
description: Unexpected error
@ -283,16 +295,16 @@ paths:
schema:
$ref: '#/definitions/dc_post'
responses:
200:
'200':
description: array containing the updated post's id
schema:
$ref: '#/definitions/Ids'
404:
'404':
description: this post does not exists
default:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
$ref: '#/definitions/Error'
put:
summary: Update full blog properties. Unsetted parameters will be erased
parameters:
@ -313,11 +325,11 @@ paths:
schema:
$ref: '#/definitions/new_dc_post'
responses:
200:
'200':
description: array containing the updated post's id
schema:
$ref: '#/definitions/Ids'
404:
'404':
description: this post does not exists
default:
description: Unexpected error
@ -339,17 +351,17 @@ paths:
type: string
required: true
responses:
200:
'200':
description: array containing the deleted post's id
schema:
$ref: '#/definitions/Ids'
404:
'404':
description: this post does not exists
default:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
/{blog-id}/categories:
'/{blog-id}/categories':
get:
summary: Get list of available categories
parameters:
@ -362,7 +374,7 @@ paths:
type: string
required: true
responses:
200:
'200':
description: array containing the categories properties
schema:
title: categories
@ -388,9 +400,8 @@ paths:
in: body
schema:
$ref: '#/definitions/new_category'
responses:
200:
'200':
description: array containing the created category id
schema:
$ref: '#/definitions/Ids'
@ -398,8 +409,7 @@ paths:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
/{blog-id}/categories/{cat-id}:
'/{blog-id}/categories/{cat-id}':
get:
summary: get one category properties
parameters:
@ -416,7 +426,7 @@ paths:
type: string
required: true
responses:
200:
'200':
description: array containing the created category properties
schema:
$ref: '#/definitions/category'
@ -440,7 +450,7 @@ paths:
schema:
$ref: '#/definitions/category'
responses:
200:
'200':
description: array containing the modified category id
schema:
$ref: '#/definitions/Ids'
@ -448,13 +458,6 @@ paths:
description: Unexpected error
schema:
$ref: '#/definitions/Error'
definitions:
blog:
type: object
@ -469,14 +472,12 @@ definitions:
type: string
blog_url:
type: string
description:
blog_desc:
type: string
blog_status:
lang:
type: string
blog_timezone:
type: string
enum:
- En ligne
- Hors ligne
- Retiré
url_scan:
type: string
enum:
@ -497,7 +498,7 @@ definitions:
type: string
url:
type: string
description:
description:
type: string
author:
type: string
@ -799,7 +800,6 @@ definitions:
type: integer
temporary:
type: boolean
Error:
type: object
properties:
@ -809,4 +809,4 @@ definitions:
message:
type: string
fields:
type: string
type: string

93
documentation/swagger-ui-dist/index.html
Unescape Escape View File

@ -0,0 +1,93 @@
<!-- HTML for static distribution bundle build -->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Swagger UI</title>
<link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700|Source+Code+Pro:300,600|Titillium+Web:400,600,700" rel="stylesheet">
<link rel="stylesheet" type="text/css" href="./swagger-ui.css" >
<link rel="icon" type="image/png" href="./favicon-32x32.png" sizes="32x32" />
<link rel="icon" type="image/png" href="./favicon-16x16.png" sizes="16x16" />
<style>
html
{
box-sizing: border-box;
overflow: -moz-scrollbars-vertical;
overflow-y: scroll;
}
*,
*:before,
*:after
{
box-sizing: inherit;
}
body {
margin:0;
background: #fafafa;
}
</style>
</head>
<body>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="position:absolute;width:0;height:0">
<defs>
<symbol viewBox="0 0 20 20" id="unlocked">
<path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V6h2v-.801C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8z"></path>
</symbol>
<symbol viewBox="0 0 20 20" id="locked">
<path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z"/>
</symbol>
<symbol viewBox="0 0 20 20" id="close">
<path d="M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z"/>
</symbol>
<symbol viewBox="0 0 20 20" id="large-arrow">
<path d="M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z"/>
</symbol>
<symbol viewBox="0 0 20 20" id="large-arrow-down">
<path d="M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z"/>
</symbol>
<symbol viewBox="0 0 24 24" id="jump-to">
<path d="M19 7v4H5.83l3.58-3.59L8 6l-6 6 6 6 1.41-1.41L5.83 13H21V7z"/>
</symbol>
<symbol viewBox="0 0 24 24" id="expand">
<path d="M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z"/>
</symbol>
</defs>
</svg>
<div id="swagger-ui"></div>
<script src="./swagger-ui-bundle.js"> </script>
<script src="./swagger-ui-standalone-preset.js"> </script>
<script>
window.onload = function() {
// Build a system
const ui = SwaggerUIBundle({
url: "http://dotclear.localhost/dotclear/index.php?rest/specs",
dom_id: '#swagger-ui',
presets: [
SwaggerUIBundle.presets.apis,
SwaggerUIStandalonePreset
],
plugins: [
SwaggerUIBundle.plugins.DownloadUrl
],
layout: "StandaloneLayout"
})
window.ui = ui
}
</script>
</body>
</html>

1
documentation/swagger-ui-dist/index.php
Unescape Escape View File

@ -1,4 +1,3 @@
<!-- HTML for static distribution bundle build -->
<!DOCTYPE html>
<html lang="en">
<head>

2
documentation/swagger-ui-dist/swagger-ui-bundle.js
View File

File diff suppressed because one or more lines are too long

2
documentation/swagger-ui-dist/swagger-ui-bundle.js.map
Unescape Escape View File

@ -1 +1 @@
{"version":3,"file":"swagger-ui-bundle.js","sources":["webpack:///swagger-ui-bundle.js"],"mappings":"AAAA;AAu/FA;AA6+FA;;;;;;;;;;;;;;;;;;;;;;;;;;AAmTA;;;;;;AAoIA;AAi7FA;AAmtCA;AAi0IA;AA2pJA;AA+uFA;AA2rGA;AAgiFA;AA0rFA;AAk9CA;AA2hDA;AA4rCA;AAi6EA;;;;;AA2gCA;AA02JA;;;;;;;;;;;;;;AAuyEA;AA4mIA;AAquJA;AAwsHA;AA2mGA;AAiiEA;AAq4DA;AA+2DA;AAqlBA;;;;;;AAilFA;AAs1FA;;;;;AAy3CA;AA2qFA;AAw2CA;AAwkCA;AAs/CA;AA4kFA;AAy1FA;;;;;;;;;AAm5CA;AA2zIA;AAk4DA;AAolDA","sourceRoot":""}
{"version":3,"file":"swagger-ui-bundle.js","sources":["webpack:///swagger-ui-bundle.js"],"mappings":"AAAA;AAu/FA;AA6+FA;;;;;;;;;;;;;;;;;;;;;;;;;;AAoTA;;;;;;AAoIA;AAi7FA;AAmtCA;AAi0IA;AA2pJA;AA+uFA;AA2rGA;AAgiFA;AA0rFA;AAk9CA;AA2hDA;AA4rCA;AAi6EA;;;;;AA2gCA;AA02JA;;;;;;;;;;;;;;AAuyEA;AA4mIA;AAquJA;AAwsHA;AA2mGA;AAiiEA;AAq4DA;AA+2DA;AAqlBA;;;;;;AAilFA;AAs1FA;;;;;AAy3CA;AA2qFA;AAw2CA;AAwkCA;AAs/CA;AA4kFA;AAy1FA;;;;;;;;;AAm5CA;AA2zIA;AAk4DA;AAolDA","sourceRoot":""}

2
documentation/swagger-ui-dist/swagger-ui.js
View File

File diff suppressed because one or more lines are too long

2
documentation/swagger-ui-dist/swagger-ui.js.map
Unescape Escape View File

@ -1 +1 @@
{"version":3,"file":"swagger-ui.js","sources":["webpack:///swagger-ui.js"],"mappings":"AAAA;;;;;;AAwxCA;AAoyHA;AAuxHA;AAy4FA;AA2sCA;AAmgCA;AA0iCA;AA+3BA","sourceRoot":""}
{"version":3,"file":"swagger-ui.js","sources":["webpack:///swagger-ui.js"],"mappings":"AAAA;;;;;;AAyxCA;AAoyHA;AAuxHA;AAy4FA;AA2sCA;AAmgCA;AA0iCA;AA+3BA","sourceRoot":""}

39
documentation/swagger.json
Unescape Escape View File

@ -9,11 +9,31 @@
"schemes": [
"http"
],
"basePath": "/dotclear/index.php?rest/",
"basePath": "/dotclear/index.php?rest",
"produces": [
"application/json"
],
"paths": {
"/specs": {
"get": {
"summary": "Get this API SWAGGER documentation",
"responses": {
"200": {
"description": "swagger.json",
"schema": {
"title": "doc",
"type": "string"
}
},
"default": {
"description": "Unexpected error",
"schema": {
"$ref": "#/definitions/Error"
}
}
}
}
},
"/blogs": {
"get": {
"summary": "Get list of availables blogs",
@ -29,10 +49,9 @@
"200": {
"description": "array serving blogs properties",
"schema": {
"title": "blogs",
"type": "array",
"items": {
"$ref": "#/definitions/blog"
"type": "string"
}
}
},
@ -695,16 +714,14 @@
"blog_url": {
"type": "string"
},
"description": {
"blog_desc": {
"type": "string"
},
"blog_status": {
"type": "string",
"enum": [
"En ligne",
"Hors ligne",
"Retiré"
]
"lang": {
"type": "string"
},
"blog_timezone": {
"type": "string"
},
"url_scan": {
"type": "string",

188
inc/class.rest.auth.php
Unescape Escape View File

@ -2,84 +2,122 @@
class restAuth extends dcAuth
{
# L'utilisateur n'a pas le droit de changer son mot de passe
protected $allow_pass_change = false;
# L'utilisateur n'a pas le droit de changer son mot de passe
protected $allow_pass_change = false;
/**
* Méthode de vérification de la clef d'api_key
* Remplace la méthode chekUser (id: password)
* Only use $user_key (all others parameters are for compatibility with the parent function)
* input: $user_key STRING
* output: boolean
*/
public function checkUser($user_id, $pwd = NULL, $user_key = NULL, $check_blog = true)
{
global $core;
/**
* Méthode de vérification de la clef d'api_key
* Remplace la méthode chekUser (id: password)
* Only use $user_key (all others parameters are for compatibility with the parent function)
* input: $user_key STRING
* output: boolean
*/
public function checkUser($user_id, $pwd = NULL, $user_key = NULL, $check_blog = true)
{
global $core;
//Check for the user api key
$sqlStr = " SELECT setting_id
FROM dc_setting
WHERE setting_ns='rest'
AND setting_id LIKE 'rest_key_%'
AND setting_value = md5('".$core->con->escape($user_key)."');";
try {
$rs = $core->con->select($sqlStr);
} catch (Exception $e) {
$err = $e->getMessage();
return false;
}
$hashedKey = $core->auth->crypt($user_key);
//Check for the user api key
$sqlStr = " SELECT setting_id
FROM dc_setting
WHERE setting_ns='rest'
AND setting_id LIKE 'rest_key_%'
AND setting_value = '".$core->con->escape($hashedKey)."';";
try {
$rs = $core->con->select($sqlStr);
} catch (Exception $e) {
$err = $e->getMessage();
return false;
}
if ($rs->isEmpty()) {
sleep(rand(2,5));
return false;
}
if ($rs->isEmpty()) {
sleep(rand(2,5));
return false;
}
//get the user ID from the previous query
$userId = explode("_", $rs->setting_id)[2];
//get USER infos
$strReq = 'SELECT user_id, user_super, user_pwd, user_change_pwd, '.
'user_name, user_firstname, user_displayname, user_email, '.
'user_url, user_default_blog, user_options, '.
'user_lang, user_tz, user_post_status, user_creadt, user_upddt '.
'FROM '.$this->con->escapeSystem($this->user_table).' '.
"WHERE user_id = '".$this->con->escape($userId)."'";
try {
$rs = $core->con->select($strReq);
} catch (Exception $e) {
$err = $e->getMessage();
return false;
}
//get the user ID from the previous query
$userId = explode("_", $rs->setting_id)[2];
//get USER infos
$strReq = 'SELECT user_id, user_super, user_pwd, user_change_pwd, '.
'user_name, user_firstname, user_displayname, user_email, '.
'user_url, user_default_blog, user_options, '.
'user_lang, user_tz, user_post_status, user_creadt, user_upddt '.
'FROM '.$core->con->escapeSystem($this->user_table).' '.
"WHERE user_id = '".$core->con->escape($userId)."'";
try {
$rs = $core->con->select($strReq);
} catch (Exception $e) {
$err = $e->getMessage();
return false;
}
if ($rs->isEmpty()) {
sleep(rand(2,5));
return false;
}
$this->user_id = $rs->user_id;
$this->user_change_pwd = (boolean) $rs->user_change_pwd;
$this->user_admin = (boolean) $rs->user_super;
$this->user_info['user_pwd'] = $rs->user_pwd;
$this->user_info['user_name'] = $rs->user_name;
$this->user_info['user_firstname'] = $rs->user_firstname;
$this->user_info['user_displayname'] = $rs->user_displayname;
$this->user_info['user_email'] = $rs->user_email;
$this->user_info['user_url'] = $rs->user_url;
$this->user_info['user_default_blog'] = $rs->user_default_blog;
$this->user_info['user_lang'] = $rs->user_lang;
$this->user_info['user_tz'] = $rs->user_tz;
$this->user_info['user_post_status'] = $rs->user_post_status;
$this->user_info['user_creadt'] = $rs->user_creadt;
$this->user_info['user_upddt'] = $rs->user_upddt;
$this->user_info['user_cn'] = dcUtils::getUserCN($rs->user_id, $rs->user_name,
$rs->user_firstname, $rs->user_displayname);
//$this->user_options = array_merge($this->core->userDefaults(),$rs->options());
$this->user_prefs = new dcPrefs($this->core,$this->user_id);
return true;
}
if ($rs->isEmpty()) {
sleep(rand(2,5));
return false;
}
$this->user_id = $rs->user_id;
$this->user_change_pwd = (boolean) $rs->user_change_pwd;
$this->user_admin = (boolean) $rs->user_super;
$this->user_info['user_pwd'] = $rs->user_pwd;
$this->user_info['user_name'] = $rs->user_name;
$this->user_info['user_firstname'] = $rs->user_firstname;
$this->user_info['user_displayname'] = $rs->user_displayname;
$this->user_info['user_email'] = $rs->user_email;
$this->user_info['user_url'] = $rs->user_url;
$this->user_info['user_default_blog'] = $rs->user_default_blog;
$this->user_info['user_lang'] = $rs->user_lang;
$this->user_info['user_tz'] = $rs->user_tz;
$this->user_info['user_post_status'] = $rs->user_post_status;
$this->user_info['user_creadt'] = $rs->user_creadt;
$this->user_info['user_upddt'] = $rs->user_upddt;
$this->user_info['user_cn'] = dcUtils::getUserCN($rs->user_id, $rs->user_name,
$rs->user_firstname, $rs->user_displayname);
//$this->user_options = array_merge($this->core->userDefaults(),$rs->options());
$this->user_prefs = new dcPrefs($this->core,$this->user_id);
return true;
}
//return user permission for all blogs
//[blog_id] => permission
public function getAllPermissions()
{
global $core;
//conserve the value
static $blogs = false;
if($blogs !== false){
return $blogs;
}
if ($this->user_admin) { //user_admin == super admin
$strReq = 'SELECT blog_id '.
'from '.$this->blog_table;
$rs = $core->con->select($strReq);
while ($rs->fetch())
{
$blogs[$rs->blog_id] = 'admin';
}
return $blogs;
}
$strReq = 'SELECT blog_id, permissions '.
'FROM '.$this->perm_table.' '.
"WHERE user_id = '".$this->con->escape($this->user_id)."' ".
"AND (permissions LIKE '%|usage|%' OR permissions LIKE '%|admin|%' OR permissions LIKE '%|contentadmin|%') ";
$rs = $this->con->select($strReq);
while ($rs->fetch()){
$blogs[$rs->blog_id] = $this->parsePermissions($rs->permissions);
}
return $blogs;
}
}

171
inc/class.rest.key.php
Unescape Escape View File

@ -1,91 +1,90 @@
<?php
class ApiKey
{
public $key;
public function __construct(){
$this->key = '';
}
public function new_key($dcUserId)
{
$this->key = $this->rand_str();
$this -> put_dc_setting_user_key($dcUserId);
return $this->key;
}
public function set_key($key)
{
$this->key = $key;
}
public function get_dc_admin_form($dcUserId)
{
global $core;
//tester si une clef d'API a été générée
if($this->dc_is_key_setting_set($dcUserId)){
$infoFormApiKey = __('Your api key has already been created.');
$buttonFormApiKey = __('Erase existing API key and generate a new one for').' '.$dcUserId;
}else{
$infoFormApiKey = __('No API key found.');
$buttonFormApiKey = __('Generate a API key for').' '.$dcUserId;
}
if($this->key == ''){
$infoKey = $infoFormApiKey;
}else{
$infoKey = '<p class="info">'.__('The api key is').':<input type ="texte" value="'.$this->key.'"/><br/>'.
__('Copy and paste it, You will cannot see it again.').'</p>';
}
return '<form method="post" action="'.http::getSelfURI().'">'.
$infoKey.
'<p><input type="submit" name="resetApiKey" value="'.$buttonFormApiKey.'"/></p>'.
$core->formNonce().
'</form>';
}
private function dc_is_key_setting_set($dcUserId)
{
global $core;
$apiKeyName = $this->get_dc_setting_api_name($dcUserId);
$currentHashedKey = $core->blog->settings->rest->{$apiKeyName};
if(empty($currentHashedKey)){
return false;
}else{
return true;
}
}
private function put_dc_setting_user_key($dcUserId)
{
global $core;
if ($this->key == ''){
//don't save an empty key
return false;
}
$hash = md5($this->key);
$core->blog->settings->rest->put(
$this->get_dc_setting_api_name($dcUserId),
$hash,
'string'
);
return $hash;
}
private function get_dc_setting_api_name($dcUserId)
{
return 'rest_key_'.$dcUserId;
}
private function rand_str($length = 32, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890')
{
public $key;
public function __construct(){
$this->key = '';
}
public function new_key($dcUserId)
{
$this->key = $this->rand_str();
$this -> put_dc_setting_user_key($dcUserId);
return $this->key;
}
public function set_key($key)
{
$this->key = $key;
}
public function get_dc_admin_form($dcUserId)
{
global $core;
//tester si une clef d'API a été générée
if($this->dc_is_key_setting_set($dcUserId)){
$infoFormApiKey = __('Your api key has already been created.');
$buttonFormApiKey = __('Erase existing API key and generate a new one for').' '.$dcUserId;
}else{
$infoFormApiKey = __('No API key found.');
$buttonFormApiKey = __('Generate a API key for').' '.$dcUserId;
}
if($this->key == ''){
$infoKey = $infoFormApiKey;
}else{
$infoKey = '<p class="info">'.__('The api key is').':<input type ="texte" value="'.$this->key.'"/><br/>'.
__('Copy and paste it, You will cannot see it again.').'</p>';
}
return '<form method="post" action="'.http::getSelfURI().'">'.
$infoKey.
'<p><input type="submit" name="resetApiKey" value="'.$buttonFormApiKey.'"/></p>'.
$core->formNonce().
'</form>';
}
private function dc_is_key_setting_set($dcUserId)
{
global $core;
$apiKeyName = $this->get_dc_setting_api_name($dcUserId);
$currentHashedKey = $core->blog->settings->rest->{$apiKeyName};
if(empty($currentHashedKey)){
return false;
}else{
return true;
}
}
private function put_dc_setting_user_key($dcUserId)
{
global $core;
if ($this->key == ''){
//don't save an empty key
return false;
}
$hashedKey = $core->auth->crypt($this->key);
$core->blog->settings->rest->put(
$this->get_dc_setting_api_name($dcUserId),
$hashedKey,
'string'
);
return $hashedKey;
}
private function get_dc_setting_api_name($dcUserId)
{
return 'rest_key_'.$dcUserId;
}
private function rand_str($length = 32, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890')
{
$chars_length = (strlen($chars) - 1);
$string = $chars{rand(0, $chars_length)};
for ($i = 1; $i < $length; $i = strlen($string)){
@ -93,5 +92,5 @@ class ApiKey
if ($r != $string{$i - 1}) $string .= $r;
}
return $string;
}
}
}

27
inc/class.rest.query.get.blog.php
Unescape Escape View File

@ -0,0 +1,27 @@
<?php
/*
*Methode permettant de retourner des informations sur un blog particulier
*/
class RestQueryGetBlog extends RestQuery
{
public function __construct(){
global $core;
}
/*
* ça se complique niveau droits
*
* SI L'utilisateur n'est pas authentifié
* le blog est hors ligne
* -> 404
* l'API n'est pas publique
* -> refus
* l'API est publique
* -> OK, mais on ne retourne pas les infos techniques
* L'utilisateur est authentifié
* n'est pas admin (du blog en question)
* -> OK, mais on ne retourne pas les infos techniques
* est admin
* -> L'API retourne le maximum d'infos
*/
}

34
inc/class.rest.query.get.blogs.php
Unescape Escape View File

@ -2,17 +2,25 @@
class RestQueryGetBlogs extends RestQuery
{
public function __construct($user){
if($user === false){
//need To be authentified
$this->response_code = 403;
$this->response_message = array('code' => 403, 'error' => 'get Blogs methods requires to be authentified');
return;
}
//error_log(json_encode($user->findUserBlog()));
}
public function __construct(){
global $core;
$this->blog_id = false; //this method doesn't depend on a bolg_id
$this->required_perms = 'none'; //I want user have an account
if($this->is_allowed() === false){
//need To be authentified
$this->response_code = 403;
$this->response_message = array('code' => 403, 'error' => 'get Blogs methods requires to be authentified');
return;
}
//list the blogs the user can access
$blgs = $core->auth->getAllPermissions();
$ret = array();
foreach($blgs as $key=>$value){
$ret[] = $key;
}
$this->response_code = 200;
$this->response_message = $ret;
}
}

38
inc/class.rest.query.get.specs.php
Unescape Escape View File

@ -1,19 +1,27 @@
<?php
class RestQueryGetSpecs extends RestQuery
{
public function __construct($user){
global $core;
$this->response_code = 200;
$specs = json_decode(file_get_contents(dirname(__FILE__).'/../documentation/swagger.json'),true);
//change some parameters
$url = parse_url($core->blog->url.$core->url->getBase('rest'));
$specs['host'] = $url['host'];
$specs['schemes'] = $url['scheme'];
preg_match('/https?:\/\/[^\/]*(\/.*)/',$core->blog->url.$core->url->getBase('rest'),$end);
$specs['basePath'] = $end[1];
$this->response_message = $specs;
return;
}
public function __construct(){
global $core;
$this->response_code = 200;
$this->required_perms = 'unauth';
if($this->is_allowed() === false){
$this->response_code = 403;
$this->response_message = array('code' => 403, 'error' => 'this method is not open');
return;
}
$specs = json_decode(file_get_contents(dirname(__FILE__).'/../documentation/swagger.json'),true);
//change some parameters
$url = parse_url($core->blog->url.$core->url->getBase('rest'));
$specs['host'] = $url['host'];
$specs['schemes'] = $url['scheme'];
preg_match('/https?:\/\/[^\/]*(\/.*)/',$core->blog->url.$core->url->getBase('rest'),$end);
$specs['basePath'] = $end[1];
$this->response_message = $specs;
return;
}
}

279
inc/class.rest.query.php
Unescape Escape View File

@ -1,72 +1,215 @@
<?php
class RestQuery{
public $response_code;
public $response_message; //array
public function get_full_code_header($code){
static $codes = array(
100 =>"Continue",
101 =>"Switching Protocols",
102 =>"Processing",
200 =>"OK",
201 =>"Created",
202 =>"Accepted",
203 =>"Non-Authoritative Information",
204 =>"No Content",
205 =>"Reset Content",
206 =>"Partial Content",
207 =>"Multi-Status",
210 =>"Content Different",
226 =>"IM Used",
300 =>"Multiple Choices",
301 =>"Moved Permanently",
302 =>"Moved Temporarily",
303 =>"See Other",
304 =>"Not Modified",
305 =>"Use Proxy",
306 =>"(aucun)",
307 =>"Temporary Redirect",
308 =>"Permanent Redirect",
310 =>"Too many Redirects",
400 =>"Bad Request",
401 =>"Unauthorized",
402 =>"Payment Required",
403 =>"Forbidden",
404 =>"Not Found",
405 =>"Method Not Allowed",
406 =>"Not Acceptable",
407 =>"Proxy Authentication Required",
408 =>"Request Time-out",
409 =>"Conflict",
410 =>"Gone",
411 =>"Length Required",
412 =>"Precondition Failed",
413 =>"Request Entity Too Large",
414 =>"Request-URI Too Long",
415 =>"Unsupported Media Type",
416 =>"Requested range unsatisfiable",
417 =>"Expectation failed",
418 =>"Im a teapot",
421 =>"Bad mapping / Misdirected Request",
422 =>"Unprocessable entity",
423 =>"Locked",
424 =>"Method failure",
425 =>"Unordered Collection",
426 =>"Upgrade Required",
428 =>"Precondition Required",
429 =>"Too Many Requests",
431 =>"Request Header Fields Too Large",
449 =>"Retry With",
450 =>"Blocked by Windows Parental Controls",
451 =>"Unavailable For Legal Reasons",
456 =>"Unrecoverable Error"
);
if(isset($codes[$code])){
return "HTTP/1.0 ".$code." ".$codes[$code];
}else{
return "HTTP/1.0 ".$code." Something wrong happened";
}
}
public $response_code;
public $response_message; //array
public $blog_id;
protected $required_perms = 'admin'; //must be changed by the childs class
/*
should be:
'admin'
'usage'
'publish'
'delete'
'contentadmin'
'categories'
'media'
'media_admin'
'none' //must be have an account (without any rights)
'unauth' //Open to the world
*/
public function __construct()
{
$this->response_code = RestQuery::get_full_code_header(400);
$this->response_message = array(
"error" => "Unrecoknized method",
"code" => 400
);
}
/**
* Check if required fields are set
* $strict => Go on error if a additionnal field is given
*/
protected function check_for_required_fields($arrayToCheck,$fieldsRequired,$fieldsOptionals = '')
{
if ($fieldsOptionals == ''){
$fieldsOptionals == array();
}
$fieldsSetted = array_keys($arrayToCheck);
if($fieldsOptionals == ''){
if(empty(array_diff($fieldsSetted,$fieldsRequired))){
return true;
}else{
$this->response_code = RestQuery::get_full_code_header(400);
$this->response_message = array(
"error" => "Only and each of following parameters ".
implode(", ",$fieldsRequired)." are required",
"code" => 400
);
return false;
}
}else{
//check if all required fields are set
foreach($fieldsRequired as $key){
if(!isset($arrayToCheck[$key])){
$this->response_code = RestQuery::get_full_code_header(400);
$this->response_message = array(
"error" => "field ".$key." is needed",
"code" => 400
);
return false;
}
}
//check if a field is not in required and in fieldsOptionals
foreach($fieldsSetted as $keyToTest){
if((!in_array($keyToTest,$fieldsRequired)) && (!in_array($keyToTest,$fieldsOptionals))){
$this->response_message = array(
"error" => "Unwanted field '".$keyToTest."'",
"code" => 400
);
return false;
}
}
return true;
}
}
protected function body_to_array($body){
if($ret = json_decode($body,true)){
return $ret;
}else{
$this->response_code = 301;
$this->response_message = array(
'error' => 'Can\'t parse input JSON',
'code' => 400
);
return false;
}
}
protected function is_allowed()
{
global $core;
if($core->auth){
$perms = $core->auth->getAllPermissions();
}
switch($this->required_perms){
case 'unauth':
//on verifie quand même que l'API est ouverte
if((!$core->blog->settings->rest->rest_is_open) && ($core->auth === false)){
return false;
}else{
return true;
}
break;
//to do
case 'none':
//user must be valid
if($core->auth === false){
return false;
}else{
return true;
}
break;
case 'media_admin':
break;
case 'media':
break;
case 'categories':
break;
case 'contentadmin':
break;
case 'delete':
break;
case 'publish':
break;
case 'usage':
break;
case 'admin':
if($core->auth === false){
return false;
}
if ($core->auth->isSuperAdmin()){
return true;
}else{
return false;
}
break;
}
}
public function get_full_code_header($code){
static $codes = array(
100 =>"Continue",
101 =>"Switching Protocols",
102 =>"Processing",
200 =>"OK",
201 =>"Created",
202 =>"Accepted",
203 =>"Non-Authoritative Information",
204 =>"No Content",
205 =>"Reset Content",
206 =>"Partial Content",
207 =>"Multi-Status",
210 =>"Content Different",
226 =>"IM Used",
300 =>"Multiple Choices",
301 =>"Moved Permanently",
302 =>"Moved Temporarily",
303 =>"See Other",
304 =>"Not Modified",
305 =>"Use Proxy",
306 =>"(aucun)",
307 =>"Temporary Redirect",
308 =>"Permanent Redirect",
310 =>"Too many Redirects",
400 =>"Bad Request",
401 =>"Unauthorized",
402 =>"Payment Required",
403 =>"Forbidden",
404 =>"Not Found",
405 =>"Method Not Allowed",
406 =>"Not Acceptable",
407 =>"Proxy Authentication Required",
408 =>"Request Time-out",
409 =>"Conflict",
410 =>"Gone",
411 =>"Length Required",
412 =>"Precondition Failed",
413 =>"Request Entity Too Large",
414 =>"Request-URI Too Long",
415 =>"Unsupported Media Type",
416 =>"Requested range unsatisfiable",
417 =>"Expectation failed",
418 =>"Im a teapot",
421 =>"Bad mapping / Misdirected Request",
422 =>"Unprocessable entity",
423 =>"Locked",
424 =>"Method failure",
425 =>"Unordered Collection",
426 =>"Upgrade Required",
428 =>"Precondition Required",
429 =>"Too Many Requests",
431 =>"Request Header Fields Too Large",
449 =>"Retry With",
450 =>"Blocked by Windows Parental Controls",
451 =>"Unavailable For Legal Reasons",
456 =>"Unrecoverable Error"
);
if(isset($codes[$code])){
return "HTTP/1.0 ".$code." ".$codes[$code];
}else{
return "HTTP/1.0 ".$code." Something wrong happened";
}
}
}

97
inc/class.rest.query.post.blogs.php
Unescape Escape View File

@ -0,0 +1,97 @@
<?php
class RestQueryPostBlogs extends RestQuery
{
public function __construct($body)
{
global $core;
$this->blog_id = false; //this method doesn't depend on a bolg_id
$this->required_perms = 'admin'; //I want user have an account
if($this->is_allowed() === false){
//need To be authentified
$this->response_code = 403;
$this->response_message = array('code' => 403, 'error' => 'You need to be admin to create a new blog');
return;
}
$inputArray = $this-> body_to_array($body);
if ($inputArray === false){
return false;
}
//permit optional description
if(!isset($inputArray['blog_desc'])){
$inputArray["blog_desc"] = '';
}
//check if parameters are set
if(!$this->check_for_required_fields( $inputArray, array('blog_id','blog_url','blog_name','blog_desc'),
array('lang','blog_timezone','url_scan')) ){
return;
}
//Following lines are same as admin/blog.php
$cur = $core->con->openCursor($core->prefix.'blog');
$blog_id = $cur->blog_id = $inputArray['blog_id'];
$blog_url = $cur->blog_url = $inputArray['blog_url'];
$blog_name = $cur->blog_name = $inputArray['blog_name'];
$blog_desc = $cur->blog_desc = $inputArray['blog_desc'];
try
{
# --BEHAVIOR-- adminBeforeBlogCreate
$core->callBehavior('adminBeforeBlogCreate',$cur,$blog_id);
$core->addBlog($cur);
# Default settings and override some
$core->blogDefaults($cur->blog_id);
$blog_settings = new dcSettings($core,$cur->blog_id);
$blog_settings->addNamespace('system');
if(isset($inputArray['lang'])){
$blog_settings->system->put('lang',$inputArray['lang']);
}else{
$blog_settings->system->put('lang',$core->auth->getInfo('user_lang'));
}
if(isset($inputArray['blog_timezone'])){
$blog_settings->system->put('blog_timezone',$inputArray['blog_timezone']);
}else{
$blog_settings->system->put('blog_timezone',$core->auth->getInfo('user_tz'));
}
if(isset($inputArray['url_scan'])){
$blog_settings->system->put('url_scan',$inputArray['url_scan']);
}elseif(substr($blog_url,-1) == '?') {
$blog_settings->system->put('url_scan','query_string');
} else {
$blog_settings->system->put('url_scan','path_info');
}
# --BEHAVIOR-- adminAfterBlogCreate
$core->callBehavior('adminAfterBlogCreate',$cur,$blog_id,$blog_settings);
//cool
$this->response_code = 200;
$this->response_message = array(
'code' => 200,
'message' => 'Successfully created blog'.$blog_id
);
}
catch (Exception $e)
{
$this->response_code = 500;
$this->response_message = array(
'code' => 500,
'message' => $e->getMessage()
);
}
return;
}
}

114
index.php
Unescape Escape View File

@ -8,16 +8,16 @@ $apiKey = new ApiKey;
// Setting default parameters if missing configuration
$core->blog->settings->addNamespace('rest');
if (is_null($core->blog->settings->rest->rest_active)) {
try {
$core->blog->settings->rest->put('rest_active',false,'boolean',true);
$core->blog->settings->rest->put('rest_is_open',false,'boolean',true);
$core->blog->settings->rest->put('rest_send_cors_headers',true,'boolean',true);
$core->blog->triggerBlog();
http::redirect($p_url);
}
catch (Exception $e) {
$core->error->add($e->getMessage());
}
try {
$core->blog->settings->rest->put('rest_active',false,'boolean',true);
$core->blog->settings->rest->put('rest_is_open',false,'boolean',true);
$core->blog->settings->rest->put('rest_send_cors_headers',true,'boolean',true);
$core->blog->triggerBlog();
http::redirect($p_url);
}
catch (Exception $e) {
$core->error->add($e->getMessage());
}
}
// Getting current parameters
$active = (boolean)$core->blog->settings->rest->rest_active;
@ -26,70 +26,70 @@ $sendHeaders =(boolean)$core->blog->settings->rest->rest_send_cors_headers;
//Sousmission Formulaire parametres
if ((!empty($_POST['saveconfig'])) && ($core->auth->isSuperAdmin())) {
try
{
$core->blog->settings->addNameSpace('rest');
$active = (empty($_POST['active'])) ? false : true;
$core->blog->settings->rest->put('rest_active',$active,'boolean');
$openApi = (empty($_POST['open'])) ? false : true;
$core->blog->settings->rest->put('rest_is_open',$openApi,'boolean');
$sendHeaders = (empty($_POST['sendHeaders'])) ? false : true;
$core->blog->settings->rest->put('rest_send_cors_headers',$sendHeaders,'boolean');
dcPage::addSuccessNotice(__('Configuration successfully updated.'));
http::redirect($p_url);
}catch (Exception $e)
{
$core->error->add($e->getMessage());
}
try
{
$core->blog->settings->addNameSpace('rest');
$active = (empty($_POST['active'])) ? false : true;
$core->blog->settings->rest->put('rest_active',$active,'boolean');
$openApi = (empty($_POST['open'])) ? false : true;
$core->blog->settings->rest->put('rest_is_open',$openApi,'boolean');
$sendHeaders = (empty($_POST['sendHeaders'])) ? false : true;
$core->blog->settings->rest->put('rest_send_cors_headers',$sendHeaders,'boolean');
dcPage::addSuccessNotice(__('Configuration successfully updated.'));
http::redirect($p_url);
}catch (Exception $e)
{
$core->error->add($e->getMessage());
}
}
//Sousmission Formulaire Reset API Key
if(!empty($_POST['resetApiKey'])){
$core->blog->settings->addNameSpace('rest');
$apiKey -> new_key($core->auth->userID());
dcPage::addSuccessNotice(__('Your new key is').' '.$apiKey->key);
$core->blog->settings->addNameSpace('rest');
$apiKey -> new_key($core->auth->userID());
dcPage::addSuccessNotice(__('Your new key is').' '.$apiKey->key);
}
?>
<html>
<head>
<title>Rest API config</title>
<title>Rest API config</title>
</head>
<body>
<h2>Documentation</h2>
<h2>Documentation</h2>
<p><a href="<?php echo $core->blog->url."rest/documentation"; ?>">Go to the Swagger documentation</a></p>
<h2><?php echo __('Your API key');?></h2>
<?php echo $apiKey-> get_dc_admin_form($core->auth->userID()); ?>
<h2><?php echo __('Your API key');?></h2>
<?php echo $apiKey-> get_dc_admin_form($core->auth->userID()); ?>
<?php
//Seulement si administrateur:
if($core->auth->isSuperAdmin()):
?>
<h2><?php echo __('Rest API configuration'); ?></h2>
<form method="post" action="<?php http::getSelfURI(); ?>">
<p>
<?php echo form::checkbox('active', 1, $active); ?>
<label class="classic" for="active">&nbsp;<?php echo __('Enable REST API');?></label>
</p>
<p>
<?php echo form::checkbox('open', 1, $openApi); ?>
<label class="classic" for="open">&nbsp;<?php echo __('API is open');?></label>
</p>
<p class="info"><?php echo __("If checked, few methods as GET will be allowed to externals users without API key.
However, they won't be able to request for non public content."); ?></p>
<?php echo $core->formNonce(); ?>
<p>
<?php echo form::checkbox('sendHeaders', 1, $sendHeaders); ?>
<label class="classic" for="sendHeaders">&nbsp;<?php echo __('Send Coors headers');?></label>
</p>
<p>
<input type="submit" name="saveconfig" value="<?php echo __('Save configuration'); ?>" />
</p>
</from>
<h2><?php echo __('Rest API configuration'); ?></h2>
<form method="post" action="<?php http::getSelfURI(); ?>">
<p>
<?php echo form::checkbox('active', 1, $active); ?>
<label class="classic" for="active">&nbsp;<?php echo __('Enable REST API');?></label>
</p>
<p>
<?php echo form::checkbox('open', 1, $openApi); ?>
<label class="classic" for="open">&nbsp;<?php echo __('API is open');?></label>
</p>
<p class="info"><?php echo __("If checked, few methods as GET will be allowed to externals users without API key.
However, they won't be able to request for non public content."); ?></p>
<?php echo $core->formNonce(); ?>
<p>
<?php echo form::checkbox('sendHeaders', 1, $sendHeaders); ?>
<label class="classic" for="sendHeaders">&nbsp;<?php echo __('Send Coors headers');?></label>
</p>
<p>
<input type="submit" name="saveconfig" value="<?php echo __('Save configuration'); ?>" />
</p>
</from>
<?php
endif;
?>

Write Preview
Loading…
Cancel
Save