From 3c2ddf78042b1a242a0b96b9402ef140bfcb4680 Mon Sep 17 00:00:00 2001
From: dignajar <dignajar@gmail.com>
Date: Wed, 30 Nov 2016 22:39:16 -0300
Subject: [PATCH] API Plugin improves

---
 bl-kernel/boot/init.php   |  12 +--
 bl-plugins/api/plugin.php | 214 ++++++++++++++++++++++----------------
 2 files changed, 130 insertions(+), 96 deletions(-)

diff --git a/bl-kernel/boot/init.php b/bl-kernel/boot/init.php
index 54808722..8b97507a 100644
--- a/bl-kernel/boot/init.php
+++ b/bl-kernel/boot/init.php
@@ -7,10 +7,10 @@ define('BLUDIT_RELEASE_DATE',	'2016-10-11');
 define('BLUDIT_BUILD',		'20161011');
 
 // Debug mode
+// Change to FALSE, for prevent warning or error on browser
 define('DEBUG_MODE', TRUE);
 error_reporting(0); // Turn off all error reporting
-if(DEBUG_MODE)
-{
+if(DEBUG_MODE) {
 	// Turn on all error reporting
 	ini_set("display_errors", 1);
 	ini_set('display_startup_errors',1);
@@ -90,7 +90,7 @@ define('NO_PARENT_CHAR', '3849abb4cb7abd24c2d8dac17b216f17');
 // Post per page on Manage->Posts
 define('POSTS_PER_PAGE_ADMIN', 10);
 
-// Cli mode status for new posts/pages
+// Enable or disable Cli mode
 define('CLI_MODE', FALSE);
 
 // Cli mode status for new posts/pages
@@ -99,7 +99,7 @@ define('CLI_STATUS', 'published');
 // Cli mode username for new posts/pages
 define('CLI_USERNAME', 'admin');
 
-// Filename for posts and pages, you can change for example, for index.md
+// Filename for posts and pages, you can change it, for example, for index.md
 define('FILENAME', 'index.txt');
 
 // Database date format
@@ -117,8 +117,8 @@ define('TOKEN_EMAIL_TTL', '+15 minutes');
 // Charset, default UTF-8.
 define('CHARSET', 'UTF-8');
 
-// EXTREME FRIENDLY URL, TRUE for dissmiss internet standard
-define('EXTREME_FRIENDLY_URL', false);
+// EXTREME FRIENDLY URL, TRUE for dissmiss internet standard. Experimental!
+define('EXTREME_FRIENDLY_URL', FALSE);
 
 // Directory permissions
 define('DIR_PERMISSIONS', 0755);
diff --git a/bl-plugins/api/plugin.php b/bl-plugins/api/plugin.php
index 393d35ce..bacdab18 100644
--- a/bl-plugins/api/plugin.php
+++ b/bl-plugins/api/plugin.php
@@ -7,12 +7,13 @@ class pluginAPI extends Plugin {
 		global $Security;
 
 		// This key is used for request such as get the list of all posts and pages
-		$authKey = md5($Security->key1().time().DOMAIN);
+		$token = md5($Security->key1().time().DOMAIN);
 
 		$this->dbFields = array(
-			'ping'=>1,		// 0 = false, 1 = true
-			'authKey'=>$authKey,	// Private key
-			'showAllAmount'=>15	// Amount of posts and pages for return
+			'ping'=>0,		// 0 = false, 1 = true
+			'token'=>$token,	// Private key
+			'showAllAmount'=>15,	// Amount of posts and pages for return
+			'authentication'=>1	// Authentication required
 		);
 	}
 
@@ -28,17 +29,17 @@ class pluginAPI extends Plugin {
 		$html .= '</div>';
 
 		$html .= '<div>';
-		$html .= '<p><b>Authorization Key:</b> '.$this->getDbField('authKey').'</p>';
+		$html .= '<p><b>Authorization Key:</b> '.$this->getDbField('token').'</p>';
 		$html .= '<div class="tip">This key is private, do not share it with anyone.</div>';
 		$html .= '</div>';
 
 		$html .= '<div>';
-		$html .= '<p><b>Show all posts:</b> <a href="'.DOMAIN_BASE.'api/show/all/posts/'.$this->getDbField('authKey').'">'.DOMAIN_BASE.'api/show/all/posts/'.$this->getDbField('authKey').'</a></p>';
+		$html .= '<p><b>Show all posts:</b> <a href="'.DOMAIN_BASE.'api/show/all/posts/'.$this->getDbField('token').'">'.DOMAIN_BASE.'api/show/all/posts/'.$this->getDbField('token').'</a></p>';
 		$html .= '<div class="tip">Get all posts from this site.</div>';
 		$html .= '</div>';
 
 		$html .= '<div>';
-		$html .= '<p><b>Show all pages:</b> <a href="'.DOMAIN_BASE.'api/show/all/pages/'.$this->getDbField('authKey').'">'.DOMAIN_BASE.'api/show/all/pages/'.$this->getDbField('authKey').'</a></p>';
+		$html .= '<p><b>Show all pages:</b> <a href="'.DOMAIN_BASE.'api/show/all/pages/'.$this->getDbField('token').'">'.DOMAIN_BASE.'api/show/all/pages/'.$this->getDbField('token').'</a></p>';
 		$html .= '<div class="tip">Get all pages from this site.</div>';
 		$html .= '</div>';
 
@@ -55,11 +56,6 @@ class pluginAPI extends Plugin {
 		return $html;
 	}
 
-	public function afterFormSave()
-	{
-		$this->ping();
-	}
-
 	public function install($position=0)
 	{
 		parent::install($position);
@@ -67,14 +63,128 @@ class pluginAPI extends Plugin {
 		$this->ping();
 	}
 
+
+// API HOOKS
+// ----------------------------------------------------------------------------
+
+	public function afterFormSave()
+	{
+		$this->ping();
+	}
+
+	public function beforeRulesLoad()
+	{
+		global $Url;
+
+		// Check if the URI start with /api/
+		$startString = HTML_PATH_ROOT.'api/';
+		$URI = $Url->uri();
+		$length = mb_strlen($startString, CHARSET);
+		if( mb_substr($URI, 0, $length)!=$startString ) {
+			return false;
+		}
+
+		// Remove the first part of the URI
+		$URI = mb_substr($URI, $length);
+
+		// METHODS
+		// ------------------------------------------------------------
+		// GET
+		// POST
+		// PUT
+		// DELETE
+
+		$method = $_SERVER['REQUEST_METHOD'];
+
+		// INPUTS
+		// ------------------------------------------------------------
+		// token 	| authentication token
+
+		$inputs = json_decode(file_get_contents('php://input'),true);
+
+		if( empty($inputs) ) {
+			// Default variables for $input
+			$inputs = array(
+				'token'=>''
+			);
+		}
+		else {
+			// Sanitize inputs
+			foreach( $inputs as $key=>$value ) {
+				if(empty($value)) {
+					return false;
+				} else {
+					$inputs[$key] = Sanitize::html($value);
+				}
+			}
+		}
+
+		// PARAMETERS
+		// ------------------------------------------------------------
+		// /api/posts 		| GET | returns all posts
+		// /api/posts/{slug}	| GET | returns the post with the {slug}
+		// /api/pages 		| GET | returns all pages
+		// /api/pages/{slug}	| GET | returns the page with the {slug}
+		// /api/cli/regenerate 	| PUT | check for new posts and pages
+
+		$parameters = explode('/', $URI);
+
+		// Sanitize parameters
+		foreach( $parameters as $key=>$value ) {
+			if(empty($value)) {
+				return false;
+			} else {
+				$parameters[$key] = Sanitize::html($value);
+			}
+		}
+
+		// Check authentication
+		if( $this->getDbField('authentication')==1 ) {
+			if( $inputs['token']!=$this->getDbField('token') ) {
+				return false;
+			}
+		}
+
+		// Default JSON
+		$json = json_encode(array(
+			'status'=>'0', // 0 = ok, 1 = error
+			'bludit'=>'Bludit API plugin',
+			'message'=>'Missing parameters, check the URL.'
+		));
+
+		// /api/posts
+		if( ($method==='GET') && ($parameters[0]==='posts') && empty($parameters[1]) ) {
+			$json = $this->getAllPosts();
+		}
+		// /api/pages
+		elseif( ($method==='GET') && ($parameters[0]==='pages') && empty($parameters[1]) ) {
+			$json = $this->getAllPages();
+		}
+		// /api/posts/{slug}
+		elseif( ($method==='GET') && ($parameters[0]==='posts') && !empty($parameters[1]) ) {
+			$json = $this->getPost($key);
+		}
+		// /api/pages/{slug}
+		elseif( ($method==='GET') && ($parameters[0]==='pages') && !empty($parameters[1]) ) {
+			$json = $this->getPage($key);
+		}
+
+		// Print the JSON
+		header('Content-Type: application/json');
+		exit($json);
+	}
+
+// FUNCTIONS
+// ----------------------------------------------------------------------------
+
 	private function ping()
 	{
 		if($this->getDbField('ping')) {
 
 			// Get the authentication key
-			$authKey = $this->getDbField('authKey');
+			$token = $this->getDbField('token');
 
-			$url = 'https://api.bludit.com/ping?authKey='.$authKey.'&url='.DOMAIN_BASE;
+			$url = 'https://api.bludit.com/ping?token='.$token.'&url='.DOMAIN_BASE;
 
 			// Check if curl is installed
 			if( function_exists('curl_version') ) {
@@ -165,80 +275,4 @@ class pluginAPI extends Plugin {
 		return json_encode($tmp);
 	}
 
-	public function beforeRulesLoad()
-	{
-		global $Url;
-
-		// The URI start with /api/
-		$startString = HTML_PATH_ROOT.'api/';
-		$URI = $Url->uri();
-		$length = mb_strlen($startString, CHARSET);
-		if( mb_substr($URI, 0, $length)!=$startString ) {
-			return false;
-		}
-
-		// Remove the first part of the URI
-		$URI = mb_substr($URI, $length);
-
-		// Parameters
-		// ------------------------------------------------------------
-		// show post {post slug}
-		// show page {page slug}
-		// show all posts {AUTH KEY}
-		// show all pages {AUTH KEY}
-
-		// Get parameters
-		$parameters = explode('/', $URI);
-
-		for($i=0; $i<3; $i++) {
-			if(empty($parameters[$i])) {
-				return false;
-			} else {
-				// Sanizite
-				$parameters[$i] = Sanitize::html($parameters[$i]);
-			}
-		}
-
-		// Default JSON
-		$json = json_encode(array(
-			'status'=>'0',
-			'bludit'=>'Bludit API plugin',
-			'message'=>'Check the parameters'
-		));
-
-		if($parameters[0]==='show') {
-
-			if($parameters[1]==='all') {
-
-				// Authentication key from the URI
-				$authKey = $parameters[3];
-
-				// Compare keys
-				if( $authKey===$this->getDbField('authKey') ) {
-
-					if($parameters[2] === 'posts') {
-						$json = $this->getAllPosts();
-					}
-					elseif($parameters[2] === 'pages') {
-						$json = $this->getAllPages();
-					}
-				}
-			}
-			elseif($parameters[1]==='post' || $parameters[1]==='page') {
-
-				$key = $parameters[2];
-
-				if($parameters[1] === 'post') {
-					$json = $this->getPost($key);
-				}
-				elseif($parameters[1] === 'page') {
-					$json = $this->getPage($key);
-				}
-			}
-		}
-
-		// Print the JSON
-		header('Content-Type: application/json');
-		exit($json);
-	}
 }