bludit/bl-plugins/api/plugin.php

711 lines
18 KiB
PHP
Raw Normal View History

2016-05-29 19:21:11 +02:00
<?php
class pluginAPI extends Plugin {
2017-06-25 22:54:59 +02:00
private $method;
public function init()
{
// Generate the API Token
$token = md5( uniqid().time().DOMAIN );
$this->dbFields = array(
'token'=>$token, // API Token
2018-08-06 21:46:58 +02:00
'numberOfItems'=>15 // Amount of items to return
);
}
2019-02-25 16:32:47 +01:00
public function getToken()
{
return $this->getValue('token');
}
public function form()
{
global $L;
2017-06-25 22:54:59 +02:00
2018-07-01 14:17:24 +02:00
$html = '<div class="alert alert-primary" role="alert">';
$html .= $this->description();
$html .= '</div>';
2018-08-09 23:15:52 +02:00
$html .= '<div>';
$html .= '<label>'.$L->get('URL').'</label>';
$html .= '<p class="text-muted">'.DOMAIN_BASE.'api/{endpoint}</p>';
2018-08-09 23:15:52 +02:00
$html .= '</div>';
2018-07-01 14:17:24 +02:00
$html .= '<div>';
$html .= '<label>'.$L->get('API Token').'</label>';
2017-06-25 22:54:59 +02:00
$html .= '<input name="token" type="text" value="'.$this->getValue('token').'">';
$html .= '<span class="tip">'.$L->get('This token is for read only and is regenerated every time you install the plugin').'</span>';
$html .= '</div>';
$html .= '<div>';
$html .= '<label>'.$L->get('Amount of pages').'</label>';
2018-08-06 21:46:58 +02:00
$html .= '<input id="jsnumberOfItems" name="numberOfItems" type="text" value="'.$this->getValue('numberOfItems').'">';
$html .= '<span class="tip">'.$L->get('This is the maximum of pages to return when you call to').'</span>';
$html .= '</div>';
2016-06-03 03:37:52 +02:00
return $html;
}
2016-12-01 02:39:16 +01:00
// API HOOKS
// ----------------------------------------------------------------------------
2017-07-05 23:30:30 +02:00
public function beforeAll()
2016-09-25 20:38:15 +02:00
{
global $url;
2018-08-03 18:59:23 +02:00
global $pages;
global $users;
2016-09-25 20:38:15 +02:00
// CHECK URL
// ------------------------------------------------------------
2017-07-29 01:20:47 +02:00
$URI = $this->webhook('api', $returnsAfterURI=true, $fixed=false);
2017-07-19 22:50:08 +02:00
if ($URI===false) {
2016-12-01 02:39:16 +01:00
return false;
}
2017-06-25 22:54:59 +02:00
// METHOD
// ------------------------------------------------------------
$method = $this->getMethod();
2017-07-19 22:50:08 +02:00
// METHOD INPUTS
2016-12-01 02:39:16 +01:00
// ------------------------------------------------------------
2017-07-19 22:50:08 +02:00
$inputs = $this->getMethodInputs();
2019-02-19 08:38:17 +01:00
if (empty($inputs)) {
2019-02-08 08:53:26 +01:00
$this->response(400, 'Bad Request', array('message'=>'Missing method inputs.'));
2017-07-07 23:38:01 +02:00
}
2017-07-19 22:50:08 +02:00
// ENDPOINT PARAMETERS
2016-12-01 02:39:16 +01:00
// ------------------------------------------------------------
2017-07-19 22:50:08 +02:00
$parameters = $this->getEndpointParameters($URI);
2019-02-19 08:38:17 +01:00
if (empty($parameters)) {
2019-02-08 08:53:26 +01:00
$this->response(400, 'Bad Request', array('message'=>'Missing endpoint parameters.'));
2017-07-07 23:38:01 +02:00
}
// API TOKEN
// ------------------------------------------------------------
2017-08-30 20:02:31 +02:00
// Token from the plugin, the user can change it on the settings of the plugin
$tokenAPI = $this->getValue('token');
2016-12-01 02:39:16 +01:00
// Check empty token
2017-09-22 23:11:08 +02:00
if (empty($inputs['token'])) {
2019-02-08 08:53:26 +01:00
$this->response(400, 'Bad Request', array('message'=>'Missing API token.'));
2016-12-01 02:39:16 +01:00
}
2017-08-30 20:02:31 +02:00
// Check if the token is valid
2017-07-19 22:50:08 +02:00
if ($inputs['token']!==$tokenAPI) {
$this->response(401, 'Unauthorized', array('message'=>'Invalid API token.'));
2016-12-01 02:39:16 +01:00
}
// AUTHENTICATION TOKEN
2016-12-01 02:39:16 +01:00
// ------------------------------------------------------------
$writePermissions = false;
if (!empty($inputs['authentication'])) {
2017-09-23 13:10:05 +02:00
// Get the user with the authentication token, FALSE if doesn't exit
2018-08-03 18:59:23 +02:00
$username = $users->getByAuthToken($inputs['authentication']);
2017-07-19 22:50:08 +02:00
if ($username!==false) {
try {
$user = new User($username);
if (($user->role()=='admin') && ($user->enabled())) {
// Loggin the user to create the session
$login = new Login();
$login->setLogin($username, 'admin');
// Enable write permissions
$writePermissions = true;
}
} catch (Exception $e) {
// Continue without permissions
2017-09-23 13:10:05 +02:00
}
2016-12-01 02:39:16 +01:00
}
}
2019-11-11 19:16:05 +01:00
// Clean inputs
// ------------------------------------------------------------
unset($inputs['token']);
unset($inputs['authentication']);
2017-07-19 22:50:08 +02:00
// ENDPOINTS
2017-06-22 23:50:12 +02:00
// ------------------------------------------------------------
2016-12-01 02:39:16 +01:00
2017-06-22 23:50:12 +02:00
// (GET) /api/pages
2017-07-19 22:50:08 +02:00
if ( ($method==='GET') && ($parameters[0]==='pages') && empty($parameters[1]) ) {
2019-02-19 08:38:17 +01:00
$data = $this->getPages($inputs);
2016-12-01 02:39:16 +01:00
}
2017-06-22 23:50:12 +02:00
// (GET) /api/pages/<key>
2017-07-19 22:50:08 +02:00
elseif ( ($method==='GET') && ($parameters[0]==='pages') && !empty($parameters[1]) ) {
2017-09-21 20:42:03 +02:00
$pageKey = $parameters[1];
$data = $this->getPage($pageKey);
}
// (PUT) /api/pages/<key>
elseif ( ($method==='PUT') && ($parameters[0]==='pages') && !empty($parameters[1]) && $writePermissions ) {
$pageKey = $parameters[1];
$data = $this->editPage($pageKey, $inputs);
}
// (DELETE) /api/pages/<key>
elseif ( ($method==='DELETE') && ($parameters[0]==='pages') && !empty($parameters[1]) && $writePermissions ) {
$pageKey = $parameters[1];
$data = $this->deletePage($pageKey);
2016-12-01 02:39:16 +01:00
}
2017-06-22 23:50:12 +02:00
// (POST) /api/pages
2017-07-19 22:50:08 +02:00
elseif ( ($method==='POST') && ($parameters[0]==='pages') && empty($parameters[1]) && $writePermissions ) {
2017-09-21 20:42:03 +02:00
$data = $this->createPage($inputs);
2017-06-22 23:50:12 +02:00
}
2019-11-11 19:16:05 +01:00
// (GET) /api/settings
elseif ( ($method==='GET') && ($parameters[0]==='settings') && empty($parameters[1]) && $writePermissions ) {
$data = $this->getSettings();
}
2019-09-25 20:19:34 +02:00
// (PUT) /api/settings
elseif ( ($method==='PUT') && ($parameters[0]==='settings') && empty($parameters[1]) && $writePermissions ) {
$data = $this->editSettings($inputs);
}
2019-03-27 22:33:23 +01:00
// (POST) /api/images
elseif ( ($method==='POST') && ($parameters[0]==='images') && $writePermissions ) {
$data = $this->uploadImage($inputs);
}
2019-02-19 08:38:17 +01:00
// (GET) /api/tags
elseif ( ($method==='GET') && ($parameters[0]==='tags') && empty($parameters[1]) ) {
$data = $this->getTags();
}
// (GET) /api/tags/<key>
elseif ( ($method==='GET') && ($parameters[0]==='tags') && !empty($parameters[1]) ) {
$tagKey = $parameters[1];
$data = $this->getTag($tagKey);
}
2019-05-12 12:32:12 +02:00
// (GET) /api/categories
elseif ( ($method==='GET') && ($parameters[0]==='categories') && empty($parameters[1]) ) {
$data = $this->getCategories();
}
// (GET) /api/categories/<key>
elseif ( ($method==='GET') && ($parameters[0]==='categories') && !empty($parameters[1]) ) {
$categoryKey = $parameters[1];
$data = $this->getCategory($categoryKey);
}
2019-09-25 20:19:34 +02:00
// (GET) /api/users
elseif ( ($method==='GET') && ($parameters[0]==='users') && empty($parameters[1]) ) {
$data = $this->getUsers();
}
// (GET) /api/users/<username>
elseif ( ($method==='GET') && ($parameters[0]==='users') && !empty($parameters[1]) ) {
$username = $parameters[1];
$data = $this->getUser($username);
}
2020-03-20 19:49:59 +01:00
// (GET) /api/files/<page-key>
elseif ( ($method==='GET') && ($parameters[0]==='files') && !empty($parameters[1]) ) {
$pageKey = $parameters[1];
$data = $this->getFiles($pageKey);
}
2017-06-22 23:50:12 +02:00
else {
2017-07-19 22:50:08 +02:00
$this->response(401, 'Unauthorized', array('message'=>'Access denied or invalid endpoint.'));
2016-12-02 00:59:58 +01:00
}
2017-06-22 23:50:12 +02:00
2017-07-19 22:50:08 +02:00
$this->response(200, 'OK', $data);
2016-09-25 20:38:15 +02:00
}
// PRIVATE METHODS
2016-12-01 02:39:16 +01:00
// ----------------------------------------------------------------------------
2017-06-25 22:54:59 +02:00
private function getMethod()
{
// METHODS
// ------------------------------------------------------------
// GET
// POST
// PUT
// DELETE
$this->method = $_SERVER['REQUEST_METHOD'];
return $this->method;
}
2017-07-19 22:50:08 +02:00
private function getMethodInputs()
{
2017-06-25 22:54:59 +02:00
switch($this->method) {
case "POST":
$inputs = $_POST;
break;
case "GET":
case "DELETE":
$inputs = $_GET;
break;
case "PUT":
2017-10-20 20:34:22 +02:00
$inputs = '';
break;
default:
$inputs = json_encode(array());
break;
}
2017-10-20 20:34:22 +02:00
// Try to get raw/json data
2017-09-22 23:11:08 +02:00
if (empty($inputs)) {
$inputs = file_get_contents('php://input');
}
2017-07-07 23:38:01 +02:00
return $this->cleanInputs($inputs);
}
2019-02-19 08:38:17 +01:00
// Returns an array with key=>value with the inputs
2017-10-20 20:34:22 +02:00
// If the content is JSON is parsed to array
private function cleanInputs($inputs)
{
$tmp = array();
if (is_array($inputs)) {
foreach ($inputs as $key=>$value) {
$tmp[$key] = Sanitize::html($value);
}
} elseif (is_string($inputs)) {
$tmp = json_decode($inputs, true);
if (json_last_error()!==JSON_ERROR_NONE) {
$tmp = array();
}
}
return $tmp;
}
2017-07-19 22:50:08 +02:00
private function getEndpointParameters($URI)
{
// ENDPOINT Parameters
// ------------------------------------------------------------
// /api/pages | GET | returns all pages
// /api/pages/{key} | GET | returns the page with the {key}
// /api/pages | POST | create a new page
2017-08-30 20:02:31 +02:00
$URI = ltrim($URI, '/');
2017-07-19 22:50:08 +02:00
$parameters = explode('/', $URI);
// Sanitize parameters
foreach ($parameters as $key=>$value) {
$parameters[$key] = Sanitize::html($value);
}
return $parameters;
}
private function response($code=200, $message='OK', $data=array())
2016-12-01 19:09:29 +01:00
{
2017-07-19 22:50:08 +02:00
header('HTTP/1.1 '.$code.' '.$message);
2017-08-30 20:02:31 +02:00
header('Access-Control-Allow-Origin: *');
2016-12-01 19:09:29 +01:00
header('Content-Type: application/json');
2017-07-19 22:50:08 +02:00
$json = json_encode($data);
2016-12-01 19:09:29 +01:00
exit($json);
}
2019-02-19 08:38:17 +01:00
private function getTags()
2016-06-06 04:24:15 +02:00
{
2019-02-19 08:38:17 +01:00
global $tags;
$tmp = array(
'status'=>'0',
'message'=>'List of tags.',
'data'=>array()
);
foreach ($tags->keys() as $key) {
$tag = $tags->getMap($key);
array_push($tmp['data'], $tag);
}
return $tmp;
}
2017-06-22 23:50:12 +02:00
2019-02-19 08:38:17 +01:00
// Returns the tag information and the pages releated to the tag
// The array with the pages has the complete information of each page
private function getTag($key)
{
try {
$tag = new Tag($key);
} catch (Exception $e) {
return array(
'status'=>'1',
2019-05-12 12:32:12 +02:00
'message'=>'Tag not found by the key: '.$key
2019-02-19 08:38:17 +01:00
);
}
$list = array();
foreach ($tag->pages() as $pageKey) {
try {
$page = new Page($pageKey);
array_push($list, $page->json($returnsArray=true));
} catch (Exception $e){}
}
$data = $tag->json($returnsArray=true);
$data['pages'] = $list;
return array(
'status'=>'0',
2019-05-12 12:32:12 +02:00
'message'=>'Information about the tag and pages related.',
2019-02-19 08:38:17 +01:00
'data'=>$data
);
}
private function getPages($args)
{
global $pages;
2019-02-20 08:45:55 +01:00
// Parameters and the default values
2019-02-25 16:32:47 +01:00
$published = (isset($args['published'])?$args['published']=='true':true);
$static = (isset($args['static'])?$args['static']=='true':false);
$draft = (isset($args['draft'])?$args['draft']=='true':false);
$sticky = (isset($args['sticky'])?$args['sticky']=='true':false);
$scheduled = (isset($args['scheduled'])?$args['scheduled']=='true':false);
$untagged = (isset($args['untagged'])?$args['untagged']=='true':false);
2019-02-20 08:45:55 +01:00
2019-09-25 20:19:34 +02:00
$numberOfItems = (isset($args['numberOfItems'])?$args['numberOfItems']:10);
$pageNumber = (isset($args['pageNumber'])?$args['pageNumber']:1);
2019-02-19 08:38:17 +01:00
$list = $pages->getList($pageNumber, $numberOfItems, $published, $static, $sticky, $draft, $scheduled);
2016-06-06 04:24:15 +02:00
2016-12-01 19:09:29 +01:00
$tmp = array(
'status'=>'0',
2019-09-25 20:19:34 +02:00
'message'=>'List of pages',
'numberOfItems'=>$numberOfItems,
2016-12-02 00:59:58 +01:00
'data'=>array()
2016-12-01 19:09:29 +01:00
);
2016-06-06 04:24:15 +02:00
2017-12-26 17:45:02 +01:00
foreach ($list as $pageKey) {
try {
// Create the page object from the page key
2018-08-02 17:06:53 +02:00
$page = new Page($pageKey);
2019-02-20 08:45:55 +01:00
if ($untagged) {
if (empty($page->tags())) {
// Push the page to the data array for the response
array_push($tmp['data'], $page->json($returnsArray=true));
}
} else{
2019-02-19 08:38:17 +01:00
array_push($tmp['data'], $page->json($returnsArray=true));
}
} catch (Exception $e) {
// Continue
}
2016-06-06 04:24:15 +02:00
}
2016-12-01 19:09:29 +01:00
return $tmp;
2016-06-06 04:24:15 +02:00
}
2017-09-21 20:42:03 +02:00
private function getPage($key)
{
try {
2018-08-02 17:06:53 +02:00
$page = new Page($key);
return array(
'status'=>'0',
'message'=>'Page filtered by key: '.$key,
'data'=>$page->json( $returnsArray=true )
);
} catch (Exception $e) {
2017-09-21 20:42:03 +02:00
return array(
'status'=>'1',
'message'=>'Page not found.'
);
}
}
2017-07-07 23:38:01 +02:00
private function createPage($args)
2017-06-22 23:50:12 +02:00
{
// Unsanitize content because all values are sanitized
if (isset($args['content'])) {
$args['content'] = Sanitize::htmlDecode($args['content']);
}
2017-06-22 23:50:12 +02:00
// This function is defined on functions.php
2017-09-21 20:42:03 +02:00
$key = createPage($args);
if ($key===false) {
return array(
'status'=>'1',
'message'=>'Error trying to create the new page.'
);
}
return array(
'status'=>'0',
'message'=>'Page created.',
'data'=>array('key'=>$key)
);
}
private function editPage($key, $args)
{
// Unsanitize content because all values are sanitized
if (isset($args['content'])) {
$args['content'] = Sanitize::htmlDecode($args['content']);
}
2017-09-21 20:42:03 +02:00
$args['key'] = $key;
$newKey = editPage($args);
if ($newKey===false) {
return array(
'status'=>'1',
'message'=>'Error trying to edit the page.'
);
}
return array(
'status'=>'0',
'message'=>'Page edited.',
'data'=>array('key'=>$newKey)
);
}
private function deletePage($key)
{
if (deletePage($key)) {
return array(
'status'=>'0',
'message'=>'Page deleted.'
);
}
return array(
'status'=>'1',
'message'=>'Error trying to delete the page.'
);
2017-06-22 23:50:12 +02:00
}
/*
| Upload an image and generate the thumbnails
| Returns the image and thumbnail URL
|
| @inputs array
| @inputs['uuid'] string Page UUID
| @_FILE array https://www.php.net/manual/en/reserved.variables.files.php
|
| @return array
*/
2019-03-27 22:33:23 +01:00
private function uploadImage($inputs)
{
2019-04-23 23:21:43 +02:00
// Set upload directory
2019-03-27 22:33:23 +01:00
if (isset($inputs['uuid']) && IMAGE_RESTRICT) {
$imageDirectory = PATH_UPLOADS_PAGES.$inputs['uuid'].DS;
$thumbnailDirectory = $imageDirectory.'thumbnails'.DS;
$imageEndpoint = DOMAIN_UPLOADS_PAGES.$inputs['uuid'].'/';
$thumbnailEndpoint = $imageEndpoint.'thumbnails'.'/';
if (!Filesystem::directoryExists($thumbnailDirectory)) {
Filesystem::mkdir($thumbnailDirectory, true);
}
2019-03-27 22:33:23 +01:00
} else {
$imageDirectory = PATH_UPLOADS;
$thumbnailDirectory = PATH_UPLOADS_THUMBNAILS;
$imageEndpoint = DOMAIN_UPLOADS;
$thumbnailEndpoint = DOMAIN_UPLOADS_THUMBNAILS;
2019-03-27 22:33:23 +01:00
}
if (!isset($_FILES['image'])) {
2019-03-27 22:33:23 +01:00
return array(
'status'=>'1',
'message'=>'No image sent.'
2019-03-27 22:33:23 +01:00
);
}
if ($_FILES['image']['error'] != 0) {
2019-03-27 22:33:23 +01:00
return array(
'status'=>'1',
'message'=>'Error uploading the image, maximum load file size allowed: '.ini_get('upload_max_filesize')
2019-03-27 22:33:23 +01:00
);
}
2019-04-23 23:21:43 +02:00
// Move from PHP tmp file to Bludit tmp directory
Filesystem::mv($_FILES['image']['tmp_name'], PATH_TMP.$_FILES['image']['name']);
2019-03-27 22:33:23 +01:00
2019-04-23 23:21:43 +02:00
// Transform image and create thumbnails
$image = transformImage(PATH_TMP.$_FILES['image']['name'], $imageDirectory, $thumbnailDirectory);
if ($image) {
$filename = Filesystem::filename($image);
return array(
'status'=>'0',
'message'=>'Image uploaded.',
'image'=>$imageEndpoint.$filename,
'thumbnail'=>$thumbnailEndpoint.$filename
);
2019-03-27 22:33:23 +01:00
}
return array(
'status'=>'1',
'message'=>'Image extension not allowed.'
2019-03-27 22:33:23 +01:00
);
}
2019-11-11 19:16:05 +01:00
/*
| Get the settings
|
| @args array
|
| @return array
*/
private function getSettings()
{
global $site;
return array(
'status'=>'0',
'message'=>'Settings.',
'data'=>$site->get()
);
}
2019-05-12 11:50:08 +02:00
/*
| Edit the settings
| You can edit any field defined in the class site.class.php variable $dbFields
|
2019-05-12 12:32:12 +02:00
| @args array
2019-05-12 11:50:08 +02:00
|
2019-05-12 12:32:12 +02:00
| @return array
2019-05-12 11:50:08 +02:00
*/
private function editSettings($args)
{
if (editSettings($args)) {
return array(
'status'=>'0',
'message'=>'Settings edited.'
);
}
return array(
'status'=>'1',
'message'=>'Error trying to edit the settings.'
);
}
2019-05-12 12:32:12 +02:00
/*
| Returns the categories in the system
| Included the category name, key, description and the list of pages
| The list of pages are the page's key
|
| @return array
*/
private function getCategories()
{
global $categories;
$tmp = array(
'status'=>'0',
'message'=>'List of categories.',
'data'=>array()
);
foreach ($categories->keys() as $key) {
$category = $categories->getMap($key);
array_push($tmp['data'], $category);
}
return $tmp;
}
/*
| Returns information about the category and pages related
| The pages are expanded which mean the title, content and more fields are returned in the query
| This can degrade the performance
|
| @key string Category key
|
| @return array
*/
private function getCategory($key)
{
try {
$category = new Category($key);
} catch (Exception $e) {
return array(
'status'=>'1',
'message'=>'Category not found by the key: '.$key
);
}
$list = array();
foreach ($category->pages() as $pageKey) {
try {
$page = new Page($pageKey);
array_push($list, $page->json($returnsArray=true));
} catch (Exception $e){}
}
$data = $category->json($returnsArray=true);
$data['pages'] = $list;
return array(
'status'=>'0',
'message'=>'Information about the category and pages related.',
'data'=>$data
);
}
2019-09-25 20:19:34 +02:00
/*
| Returns the user profile
|
| @username string Username
|
| @return array
*/
private function getUser($username)
{
try {
$user = new User($username);
} catch (Exception $e) {
return array(
'status'=>'1',
'message'=>'User not found by username: '.$username
);
}
$data = $user->json($returnsArray=true);
return array(
'status'=>'0',
'message'=>'User profile.',
'data'=>$data
);
}
/*
| Returns all the users
|
| @return array
*/
private function getUsers()
{
global $users;
$data = array();
foreach ($users->db as $username=>$profile) {
try {
$user = new User($username);
$data[$username] = $user->json($returnsArray=true);
} catch (Exception $e) {
continue;
}
}
return array(
'status'=>'0',
'message'=>'Users profiles.',
'data'=>$data
);
}
2020-03-20 19:49:59 +01:00
/*
| Returns all files uploaded for a specific page, includes any type of file.
|
| @return array
*/
private function getFiles($pageKey)
{
$chunk = false;
$sortByDate = true;
$path = PATH_UPLOADS_PAGES.$pageKey.DS;
$listFiles = Filesystem::listFiles($path, '*', '*', $sortByDate, $chunk);
$files = array();
foreach ($listFiles as $file) {
$info = array('thumbnail'=>'');
$info['file'] = $file;
$info['filename'] = basename($file);
$info['mime'] = Filesystem::mimeType($file);
$info['size'] = Filesystem::getSize($file);
// Check if thumbnail exists for the file
$thumbnail = $path.'thumbnails'.DS.$info['filename'];
if (Filesystem::fileExists($thumbnail)) {
$info['thumbnail'] = $thumbnail;
}
array_push($files, $info);
}
return array(
'status'=>'0',
'message'=>'Files for the page key: '.$pageKey,
'data'=>$files
);
}
2016-12-02 00:59:58 +01:00
}