dbFields = array( 'token'=>$token, // API Token 'numberOfItems'=>15 // Amount of items to return ); } public function getToken() { return $this->getValue('token'); } public function form() { global $L; $html = ''; $html .= '
'; $html .= ''; $html .= '

'.DOMAIN_BASE.'api/{endpoint}

'; $html .= '
'; $html .= '
'; $html .= ''; $html .= ''; $html .= ''.$L->get('This token is for read only and is regenerated every time you install the plugin').''; $html .= '
'; $html .= '
'; $html .= ''; $html .= ''; $html .= ''.$L->get('This is the maximum of pages to return when you call to').''; $html .= '
'; return $html; } // API HOOKS // ---------------------------------------------------------------------------- public function beforeAll() { global $url; global $pages; global $users; // CHECK URL // ------------------------------------------------------------ $URI = $this->webhook('api', $returnsAfterURI=true, $fixed=false); if ($URI===false) { return false; } // METHOD // ------------------------------------------------------------ $method = $this->getMethod(); // METHOD INPUTS // ------------------------------------------------------------ $inputs = $this->getMethodInputs(); if (empty($inputs)) { $this->response(400, 'Bad Request', array('message'=>'Missing method inputs.')); } // ENDPOINT PARAMETERS // ------------------------------------------------------------ $parameters = $this->getEndpointParameters($URI); if (empty($parameters)) { $this->response(400, 'Bad Request', array('message'=>'Missing endpoint parameters.')); } // API TOKEN // ------------------------------------------------------------ // Token from the plugin, the user can change it on the settings of the plugin $tokenAPI = $this->getValue('token'); // Check empty token if (empty($inputs['token'])) { $this->response(400, 'Bad Request', array('message'=>'Missing API token.')); } // Check if the token is valid if ($inputs['token']!==$tokenAPI) { $this->response(401, 'Unauthorized', array('message'=>'Invalid API token.')); } // AUTHENTICATION TOKEN // ------------------------------------------------------------ $writePermissions = false; if (!empty($inputs['authentication'])) { // Get the user with the authentication token, FALSE if doesn't exit $username = $users->getByAuthToken($inputs['authentication']); if ($username!==false) { try { $user = new User($username); if (($user->role()=='admin') && ($user->enabled())) { // Loggin the user to create the session $login = new Login(); $login->setLogin($username, 'admin'); // Enable write permissions $writePermissions = true; } } catch (Exception $e) { // Continue without permissions } } } // Clean inputs // ------------------------------------------------------------ unset($inputs['token']); unset($inputs['authentication']); // ENDPOINTS // ------------------------------------------------------------ // (GET) /api/pages if ( ($method==='GET') && ($parameters[0]==='pages') && empty($parameters[1]) ) { $data = $this->getPages($inputs); } // (GET) /api/pages/ elseif ( ($method==='GET') && ($parameters[0]==='pages') && !empty($parameters[1]) ) { $pageKey = $parameters[1]; $data = $this->getPage($pageKey); } // (PUT) /api/pages/ elseif ( ($method==='PUT') && ($parameters[0]==='pages') && !empty($parameters[1]) && $writePermissions ) { $pageKey = $parameters[1]; $data = $this->editPage($pageKey, $inputs); } // (DELETE) /api/pages/ elseif ( ($method==='DELETE') && ($parameters[0]==='pages') && !empty($parameters[1]) && $writePermissions ) { $pageKey = $parameters[1]; $data = $this->deletePage($pageKey); } // (POST) /api/pages elseif ( ($method==='POST') && ($parameters[0]==='pages') && empty($parameters[1]) && $writePermissions ) { $data = $this->createPage($inputs); } // (GET) /api/settings elseif ( ($method==='GET') && ($parameters[0]==='settings') && empty($parameters[1]) && $writePermissions ) { $data = $this->getSettings(); } // (PUT) /api/settings elseif ( ($method==='PUT') && ($parameters[0]==='settings') && empty($parameters[1]) && $writePermissions ) { $data = $this->editSettings($inputs); } // (POST) /api/images elseif ( ($method==='POST') && ($parameters[0]==='images') && $writePermissions ) { $data = $this->uploadImage($inputs); } // (GET) /api/tags elseif ( ($method==='GET') && ($parameters[0]==='tags') && empty($parameters[1]) ) { $data = $this->getTags(); } // (GET) /api/tags/ elseif ( ($method==='GET') && ($parameters[0]==='tags') && !empty($parameters[1]) ) { $tagKey = $parameters[1]; $data = $this->getTag($tagKey); } // (GET) /api/categories elseif ( ($method==='GET') && ($parameters[0]==='categories') && empty($parameters[1]) ) { $data = $this->getCategories(); } // (GET) /api/categories/ elseif ( ($method==='GET') && ($parameters[0]==='categories') && !empty($parameters[1]) ) { $categoryKey = $parameters[1]; $data = $this->getCategory($categoryKey); } // (GET) /api/users elseif ( ($method==='GET') && ($parameters[0]==='users') && empty($parameters[1]) ) { $data = $this->getUsers(); } // (GET) /api/users/ elseif ( ($method==='GET') && ($parameters[0]==='users') && !empty($parameters[1]) ) { $username = $parameters[1]; $data = $this->getUser($username); } // (GET) /api/files/ elseif ( ($method==='GET') && ($parameters[0]==='files') && !empty($parameters[1]) ) { $pageKey = $parameters[1]; $data = $this->getFiles($pageKey); } else { $this->response(401, 'Unauthorized', array('message'=>'Access denied or invalid endpoint.')); } $this->response(200, 'OK', $data); } // PRIVATE METHODS // ---------------------------------------------------------------------------- private function getMethod() { // METHODS // ------------------------------------------------------------ // GET // POST // PUT // DELETE $this->method = $_SERVER['REQUEST_METHOD']; return $this->method; } private function getMethodInputs() { switch($this->method) { case "POST": $inputs = $_POST; break; case "GET": case "DELETE": $inputs = $_GET; break; case "PUT": $inputs = ''; break; default: $inputs = json_encode(array()); break; } // Try to get raw/json data if (empty($inputs)) { $inputs = file_get_contents('php://input'); } return $this->cleanInputs($inputs); } // Returns an array with key=>value with the inputs // If the content is JSON is parsed to array private function cleanInputs($inputs) { $tmp = array(); if (is_array($inputs)) { foreach ($inputs as $key=>$value) { $tmp[$key] = Sanitize::html($value); } } elseif (is_string($inputs)) { $tmp = json_decode($inputs, true); if (json_last_error()!==JSON_ERROR_NONE) { $tmp = array(); } } return $tmp; } private function getEndpointParameters($URI) { // ENDPOINT Parameters // ------------------------------------------------------------ // /api/pages | GET | returns all pages // /api/pages/{key} | GET | returns the page with the {key} // /api/pages | POST | create a new page $URI = ltrim($URI, '/'); $parameters = explode('/', $URI); // Sanitize parameters foreach ($parameters as $key=>$value) { $parameters[$key] = Sanitize::html($value); } return $parameters; } private function response($code=200, $message='OK', $data=array()) { header('HTTP/1.1 '.$code.' '.$message); header('Access-Control-Allow-Origin: *'); header('Content-Type: application/json'); $json = json_encode($data); exit($json); } private function getTags() { global $tags; $tmp = array( 'status'=>'0', 'message'=>'List of tags.', 'data'=>array() ); foreach ($tags->keys() as $key) { $tag = $tags->getMap($key); array_push($tmp['data'], $tag); } return $tmp; } // Returns the tag information and the pages releated to the tag // The array with the pages has the complete information of each page private function getTag($key) { try { $tag = new Tag($key); } catch (Exception $e) { return array( 'status'=>'1', 'message'=>'Tag not found by the key: '.$key ); } $list = array(); foreach ($tag->pages() as $pageKey) { try { $page = new Page($pageKey); array_push($list, $page->json($returnsArray=true)); } catch (Exception $e){} } $data = $tag->json($returnsArray=true); $data['pages'] = $list; return array( 'status'=>'0', 'message'=>'Information about the tag and pages related.', 'data'=>$data ); } private function getPages($args) { global $pages; // Parameters and the default values $published = (isset($args['published'])?$args['published']=='true':true); $static = (isset($args['static'])?$args['static']=='true':false); $draft = (isset($args['draft'])?$args['draft']=='true':false); $sticky = (isset($args['sticky'])?$args['sticky']=='true':false); $scheduled = (isset($args['scheduled'])?$args['scheduled']=='true':false); $untagged = (isset($args['untagged'])?$args['untagged']=='true':false); $numberOfItems = (isset($args['numberOfItems'])?$args['numberOfItems']:10); $pageNumber = (isset($args['pageNumber'])?$args['pageNumber']:1); $list = $pages->getList($pageNumber, $numberOfItems, $published, $static, $sticky, $draft, $scheduled); $tmp = array( 'status'=>'0', 'message'=>'List of pages', 'numberOfItems'=>$numberOfItems, 'data'=>array() ); foreach ($list as $pageKey) { try { // Create the page object from the page key $page = new Page($pageKey); if ($untagged) { if (empty($page->tags())) { // Push the page to the data array for the response array_push($tmp['data'], $page->json($returnsArray=true)); } } else{ array_push($tmp['data'], $page->json($returnsArray=true)); } } catch (Exception $e) { // Continue } } return $tmp; } private function getPage($key) { try { $page = new Page($key); return array( 'status'=>'0', 'message'=>'Page filtered by key: '.$key, 'data'=>$page->json( $returnsArray=true ) ); } catch (Exception $e) { return array( 'status'=>'1', 'message'=>'Page not found.' ); } } private function createPage($args) { // Unsanitize content because all values are sanitized if (isset($args['content'])) { $args['content'] = Sanitize::htmlDecode($args['content']); } // This function is defined on functions.php $key = createPage($args); if ($key===false) { return array( 'status'=>'1', 'message'=>'Error trying to create the new page.' ); } return array( 'status'=>'0', 'message'=>'Page created.', 'data'=>array('key'=>$key) ); } private function editPage($key, $args) { // Unsanitize content because all values are sanitized if (isset($args['content'])) { $args['content'] = Sanitize::htmlDecode($args['content']); } $args['key'] = $key; $newKey = editPage($args); if ($newKey===false) { return array( 'status'=>'1', 'message'=>'Error trying to edit the page.' ); } return array( 'status'=>'0', 'message'=>'Page edited.', 'data'=>array('key'=>$newKey) ); } private function deletePage($key) { if (deletePage($key)) { return array( 'status'=>'0', 'message'=>'Page deleted.' ); } return array( 'status'=>'1', 'message'=>'Error trying to delete the page.' ); } /* | Upload an image and generate the thumbnails | Returns the image and thumbnail URL | | @inputs array | @inputs['uuid'] string Page UUID | @_FILE array https://www.php.net/manual/en/reserved.variables.files.php | | @return array */ private function uploadImage($inputs) { // Set upload directory if (isset($inputs['uuid']) && IMAGE_RESTRICT) { $imageDirectory = PATH_UPLOADS_PAGES.$inputs['uuid'].DS; $thumbnailDirectory = $imageDirectory.'thumbnails'.DS; $imageEndpoint = DOMAIN_UPLOADS_PAGES.$inputs['uuid'].'/'; $thumbnailEndpoint = $imageEndpoint.'thumbnails'.'/'; if (!Filesystem::directoryExists($thumbnailDirectory)) { Filesystem::mkdir($thumbnailDirectory, true); } } else { $imageDirectory = PATH_UPLOADS; $thumbnailDirectory = PATH_UPLOADS_THUMBNAILS; $imageEndpoint = DOMAIN_UPLOADS; $thumbnailEndpoint = DOMAIN_UPLOADS_THUMBNAILS; } if (!isset($_FILES['image'])) { return array( 'status'=>'1', 'message'=>'No image sent.' ); } if ($_FILES['image']['error'] != 0) { return array( 'status'=>'1', 'message'=>'Error uploading the image, maximum load file size allowed: '.ini_get('upload_max_filesize') ); } // Move from PHP tmp file to Bludit tmp directory Filesystem::mv($_FILES['image']['tmp_name'], PATH_TMP.$_FILES['image']['name']); // Transform image and create thumbnails $image = transformImage(PATH_TMP.$_FILES['image']['name'], $imageDirectory, $thumbnailDirectory); if ($image) { $filename = Filesystem::filename($image); return array( 'status'=>'0', 'message'=>'Image uploaded.', 'image'=>$imageEndpoint.$filename, 'thumbnail'=>$thumbnailEndpoint.$filename ); } return array( 'status'=>'1', 'message'=>'Image extension not allowed.' ); } /* | Get the settings | | @args array | | @return array */ private function getSettings() { global $site; return array( 'status'=>'0', 'message'=>'Settings.', 'data'=>$site->get() ); } /* | Edit the settings | You can edit any field defined in the class site.class.php variable $dbFields | | @args array | | @return array */ private function editSettings($args) { if (editSettings($args)) { return array( 'status'=>'0', 'message'=>'Settings edited.' ); } return array( 'status'=>'1', 'message'=>'Error trying to edit the settings.' ); } /* | Returns the categories in the system | Included the category name, key, description and the list of pages | The list of pages are the page's key | | @return array */ private function getCategories() { global $categories; $tmp = array( 'status'=>'0', 'message'=>'List of categories.', 'data'=>array() ); foreach ($categories->keys() as $key) { $category = $categories->getMap($key); array_push($tmp['data'], $category); } return $tmp; } /* | Returns information about the category and pages related | The pages are expanded which mean the title, content and more fields are returned in the query | This can degrade the performance | | @key string Category key | | @return array */ private function getCategory($key) { try { $category = new Category($key); } catch (Exception $e) { return array( 'status'=>'1', 'message'=>'Category not found by the key: '.$key ); } $list = array(); foreach ($category->pages() as $pageKey) { try { $page = new Page($pageKey); array_push($list, $page->json($returnsArray=true)); } catch (Exception $e){} } $data = $category->json($returnsArray=true); $data['pages'] = $list; return array( 'status'=>'0', 'message'=>'Information about the category and pages related.', 'data'=>$data ); } /* | Returns the user profile | | @username string Username | | @return array */ private function getUser($username) { try { $user = new User($username); } catch (Exception $e) { return array( 'status'=>'1', 'message'=>'User not found by username: '.$username ); } $data = $user->json($returnsArray=true); return array( 'status'=>'0', 'message'=>'User profile.', 'data'=>$data ); } /* | Returns all the users | | @return array */ private function getUsers() { global $users; $data = array(); foreach ($users->db as $username=>$profile) { try { $user = new User($username); $data[$username] = $user->json($returnsArray=true); } catch (Exception $e) { continue; } } return array( 'status'=>'0', 'message'=>'Users profiles.', 'data'=>$data ); } /* | Returns all files uploaded for a specific page, includes any type of file. | | @return array */ private function getFiles($pageKey) { $chunk = false; $sortByDate = true; $path = PATH_UPLOADS_PAGES.$pageKey.DS; $listFiles = Filesystem::listFiles($path, '*', '*', $sortByDate, $chunk); $files = array(); foreach ($listFiles as $file) { $info = array('thumbnail'=>''); $info['file'] = $file; $info['filename'] = basename($file); $info['mime'] = Filesystem::mimeType($file); $info['size'] = Filesystem::getSize($file); // Check if thumbnail exists for the file $thumbnail = $path.'thumbnails'.DS.$info['filename']; if (Filesystem::fileExists($thumbnail)) { $info['thumbnail'] = $thumbnail; } array_push($files, $info); } return array( 'status'=>'0', 'message'=>'Files for the page key: '.$pageKey, 'data'=>$files ); } }