123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310 |
- <?php
- /**
- * ownCloud
- *
- * @author Tom Needham
- * @author Michael Gapczynski
- * @author Bart Visscher
- * @copyright 2012 Tom Needham tom@owncloud.com
- * @copyright 2012 Michael Gapczynski mtgap@owncloud.com
- * @copyright 2012 Bart Visscher bartv@thisnet.nl
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
- *
- * You should have received a copy of the GNU Affero General Public
- * License along with this library. If not, see <http://www.gnu.org/licenses/>.
- *
- */
- class OC_API {
- /**
- * API authentication levels
- */
- const GUEST_AUTH = 0;
- const USER_AUTH = 1;
- const SUBADMIN_AUTH = 2;
- const ADMIN_AUTH = 3;
-
- /**
- * API Response Codes
- */
- const RESPOND_UNAUTHORISED = 997;
- const RESPOND_SERVER_ERROR = 996;
- const RESPOND_NOT_FOUND = 998;
- const RESPOND_UNKNOWN_ERROR = 999;
-
- /**
- * api actions
- */
- protected static $actions = array();
- private static $logoutRequired = false;
-
- /**
- * registers an api call
- * @param string $method the http method
- * @param string $url the url to match
- * @param callable $action the function to run
- * @param string $app the id of the app registering the call
- * @param int $authLevel the level of authentication required for the call
- * @param array $defaults
- * @param array $requirements
- */
- public static function register($method, $url, $action, $app,
- $authLevel = OC_API::USER_AUTH,
- $defaults = array(),
- $requirements = array()) {
- $name = strtolower($method).$url;
- $name = str_replace(array('/', '{', '}'), '_', $name);
- if(!isset(self::$actions[$name])) {
- OC::getRouter()->useCollection('ocs');
- OC::getRouter()->create($name, $url)
- ->method($method)
- ->defaults($defaults)
- ->requirements($requirements)
- ->action('OC_API', 'call');
- self::$actions[$name] = array();
- }
- self::$actions[$name][] = array('app' => $app, 'action' => $action, 'authlevel' => $authLevel);
- }
-
- /**
- * handles an api call
- * @param array $parameters
- */
- public static function call($parameters) {
- // Prepare the request variables
- if($_SERVER['REQUEST_METHOD'] == 'PUT') {
- parse_str(file_get_contents("php://input"), $parameters['_put']);
- } else if($_SERVER['REQUEST_METHOD'] == 'DELETE') {
- parse_str(file_get_contents("php://input"), $parameters['_delete']);
- }
- $name = $parameters['_route'];
- // Foreach registered action
- $responses = array();
- foreach(self::$actions[$name] as $action) {
- // Check authentication and availability
- if(!self::isAuthorised($action)) {
- $responses[] = array(
- 'app' => $action['app'],
- 'response' => new OC_OCS_Result(null, OC_API::RESPOND_UNAUTHORISED, 'Unauthorised'),
- );
- continue;
- }
- if(!is_callable($action['action'])) {
- $responses[] = array(
- 'app' => $action['app'],
- 'response' => new OC_OCS_Result(null, OC_API::RESPOND_NOT_FOUND, 'Api method not found'),
- );
- continue;
- }
- // Run the action
- $responses[] = array(
- 'app' => $action['app'],
- 'response' => call_user_func($action['action'], $parameters),
- );
- }
- $response = self::mergeResponses($responses);
- $formats = array('json', 'xml');
- $format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';
- if (self::$logoutRequired) {
- OC_User::logout();
- }
- self::respond($response, $format);
- }
-
- /**
- * merge the returned result objects into one response
- * @param array $responses
- */
- private static function mergeResponses($responses) {
- $response = array();
- // Sort into shipped and thirdparty
- $shipped = array(
- 'succeeded' => array(),
- 'failed' => array(),
- );
- $thirdparty = array(
- 'succeeded' => array(),
- 'failed' => array(),
- );
- foreach($responses as $response) {
- if(OC_App::isShipped($response['app']) || ($response['app'] === 'core')) {
- if($response['response']->succeeded()) {
- $shipped['succeeded'][$response['app']] = $response['response'];
- } else {
- $shipped['failed'][$response['app']] = $response['response'];
- }
- } else {
- if($response['response']->succeeded()) {
- $thirdparty['succeeded'][$response['app']] = $response['response'];
- } else {
- $thirdparty['failed'][$response['app']] = $response['response'];
- }
- }
- }
- // Remove any error responses if there is one shipped response that succeeded
- if(!empty($shipped['succeeded'])) {
- $responses = array_merge($shipped['succeeded'], $thirdparty['succeeded']);
- } else if(!empty($shipped['failed'])) {
- // Which shipped response do we use if they all failed?
- // They may have failed for different reasons (different status codes)
- // Which reponse code should we return?
- // Maybe any that are not OC_API::RESPOND_SERVER_ERROR
- $response = reset($shipped['failed']);
- return $response;
- } elseif(!empty($thirdparty['failed'])) {
- // Return the third party failure result
- $response = reset($thirdparty['failed']);
- return $response;
- } else {
- $responses = array_merge($shipped['succeeded'], $thirdparty['succeeded']);
- }
- // Merge the successful responses
- $meta = array();
- $data = array();
- foreach($responses as $app => $response) {
- if(OC_App::isShipped($app)) {
- $data = array_merge_recursive($response->getData(), $data);
- } else {
- $data = array_merge_recursive($data, $response->getData());
- }
- }
- $result = new OC_OCS_Result($data, 100);
- return $result;
- }
-
- /**
- * authenticate the api call
- * @param array $action the action details as supplied to OC_API::register()
- * @return bool
- */
- private static function isAuthorised($action) {
- $level = $action['authlevel'];
- switch($level) {
- case OC_API::GUEST_AUTH:
- // Anyone can access
- return true;
- break;
- case OC_API::USER_AUTH:
- // User required
- return self::loginUser();
- break;
- case OC_API::SUBADMIN_AUTH:
- // Check for subadmin
- $user = self::loginUser();
- if(!$user) {
- return false;
- } else {
- $subAdmin = OC_SubAdmin::isSubAdmin($user);
- $admin = OC_User::isAdminUser($user);
- if($subAdmin || $admin) {
- return true;
- } else {
- return false;
- }
- }
- break;
- case OC_API::ADMIN_AUTH:
- // Check for admin
- $user = self::loginUser();
- if(!$user) {
- return false;
- } else {
- return OC_User::isAdminUser($user);
- }
- break;
- default:
- // oops looks like invalid level supplied
- return false;
- break;
- }
- }
-
- /**
- * http basic auth
- * @return string|false (username, or false on failure)
- */
- private static function loginUser(){
- // basic auth
- $authUser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
- $authPw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
- $return = OC_User::login($authUser, $authPw);
- if ($return === true) {
- self::$logoutRequired = true;
- return $authUser;
- }
- // reuse existing login
- $loggedIn = OC_User::isLoggedIn();
- if ($loggedIn === true) {
- return OC_User::getUser();
- }
- return false;
- }
-
- /**
- * respond to a call
- * @param OC_OCS_Result $result
- * @param string $format the format xml|json
- */
- private static function respond($result, $format='xml') {
- // Send 401 headers if unauthorised
- if($result->getStatusCode() === self::RESPOND_UNAUTHORISED) {
- header('WWW-Authenticate: Basic realm="Authorisation Required"');
- header('HTTP/1.0 401 Unauthorized');
- }
- $response = array(
- 'ocs' => array(
- 'meta' => $result->getMeta(),
- 'data' => $result->getData(),
- ),
- );
- if ($format == 'json') {
- OC_JSON::encodedPrint($response);
- } else if ($format == 'xml') {
- header('Content-type: text/xml; charset=UTF-8');
- $writer = new XMLWriter();
- $writer->openMemory();
- $writer->setIndent( true );
- $writer->startDocument();
- self::toXML($response, $writer);
- $writer->endDocument();
- echo $writer->outputMemory(true);
- }
- }
- private static function toXML($array, $writer) {
- foreach($array as $k => $v) {
- if ($k[0] === '@') {
- $writer->writeAttribute(substr($k, 1), $v);
- continue;
- } else if (is_numeric($k)) {
- $k = 'element';
- }
- if(is_array($v)) {
- $writer->startElement($k);
- self::toXML($v, $writer);
- $writer->endElement();
- } else {
- $writer->writeElement($k, $v);
- }
- }
- }
-
- }
|