mdedit3-api/index.php
Guillaume RYCKELYNCK b864cb1820 first commit
2022-01-31 19:06:50 +01:00

505 lines
19 KiB
PHP

<?php
require_once __DIR__ . '/vendor/autoload.php';
require_once __DIR__ . '/classes/json.class.php';
require_once __DIR__ . '/classes/user.class.php';
require_once __DIR__ . '/classes/directory.class.php';
require_once __DIR__ . '/classes/file.class.php';
require_once __DIR__ . '/classes/email.class.php';
require_once __DIR__ . '/classes/helpers.class.php';
/**
* An example CORS-compliant method. It will allow any GET, POST, or OPTIONS requests from any
* origin.
*
* In a production environment, you probably want to be more restrictive, but this gives you
* the general idea of what is involved. For the nitty-gritty low-down, read:
*
* - https://developer.mozilla.org/en/HTTP_access_control
* - http://www.w3.org/TR/cors/
*
*/
function cors()
{
// Allow from any origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
// you want to allow, and if so:
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
// may also be using PUT, PATCH, HEAD etc
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, HEAD, DELETE");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
}
cors();
// FUNCTIONS
// Get user informations or debug informations according $debug parameter
function getUser($debug)
{
$user = new MdEditApi\User();
if ($debug) {
return $user->getUserInfoDebug()->getInfo();
}
return $user->getUserInfo()->getInfo();
}
// Send response accordind data and format
function sendResponse($format, $data, $status)
{
cors();
header('Content-Type:', true, $status);
switch ($format) {
case 'json':
$data = json_encode($data, JSON_PARTIAL_OUTPUT_ON_ERROR);
// var_dump($data);
header('Content-Type: application/json; charset=utf-8');
break;
case 'text':
header('Content-Type: text/plain; charset=utf-8');
break;
case 'xml':
header('Content-Type: application/xml; charset=utf-8');
break;
default:
header('Content-Type: text/html; charset=utf-8');
break;
}
echo $data;
exit;
}
// Check if file is in path of user and exists (if $is_file = true)
function fileAccess($file, $user, $is_file = false)
{
// var_dump([$file, $user['root_directory']]);
if (($is_file and is_file($file)) or !$is_file) {
foreach ($user['orgs'] as $org) {
// var_dump([$file, $user['root_directory'] . $org['directory']]);
if (strpos($file, $user['root_directory'] . $org['directory']) === 0) {
return true;
}
}
}
return false;
}
// Check if directory is in path of user and exists (if $is_directory = true)
function directoryAccess($directory, $user, $is_directory = false)
{
if (($is_directory and is_dir(__DIR__ . '/' . $directory)) or !$is_directory) {
foreach ($user['orgs'] as $org) {
if (strpos($directory, $user['root_directory'] . $org['directory']) === 0) {
return true;
}
}
}
return false;
}
// API
Flight::route('GET /', function () {
// echo (ini_get("upload_max_filesize"));
sendResponse('text', 'Welcome on mdEdit API server', 200);
});
Flight::route('GET /me', function () {
$params = Flight::request()->query;
$data = getUser($params['debug']);
// var_dump([$data]);
sendResponse('json', $data, 200);
});
Flight::route('GET /editor', function () {
$params = Flight::request()->query;
$user = getUser($params['debug']);
$data = [
'editor' => $user['editor'],
'username' => $user['username']
];
sendResponse('json', $data, 200);
});
/**
* URL pour lister les fichiers
* - Si le paramètre file est renseigné (chemin vers un fichier spécifique), elle renvoie le contenu du fichier au format XML
* - Si le paramètre files est reneseigné (liste de fichiers séparés par un ";") elle renvoie la liste de ce fichiers et leur contenu au format JSON
* - Sinon, renvoie la liste des fichiers de l'utilisateur authentifié et leur contenu
*/
Flight::route('GET /files', function () {
// Get config file
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
$request = Flight::request();
$params = $request->query;
$user = getUser($params['debug']);
$data = ['user' => $user];
// var_dump($params);
if ($params['file']) {
// Return file content if exist else error message
$text = 'File does\'nt exist.';
$file = __DIR__ . '/' . $config['md_relative_path'] . $params['file'];
// var_dump($file);
if (is_file($file)) {
// var_dump(123);
$text = file_get_contents($file);
sendResponse('xml', $text, 200);
}
sendResponse('text', $text, 200);
} elseif ($user['editor']) {
$data['files'] = [];
if ($params['files']) {
$files = array_filter(explode(';', $params['files']));
foreach ($files as $file) {
if (fileAccess($config['md_relative_path'] . $file, $user, true)) {
$f = new MdEditApi\File();
$data['files'][] = $f->getFile($file, $config['md_relative_path'], $config['md_root_url']);
}
}
} else {
$recursive = $params['recursive'] == NULL or $params['recursive'] == 1 ? true : false;
if ($params['directory']) {
$directory_path = $config['md_relative_path'] . $params['directory'];
if (directoryAccess($directory_path, $user, false) and is_dir($directory_path)) {
$dir = new MdEditApi\Directory();
$data['files'] = $dir->getFiles($params['directory'], $recursive, [], $config['md_relative_path'], $config['md_root_url'])['files'];
}
} else {
// Return files list of user
$dir = new MdEditApi\Directory();
foreach ($user['orgs'] as $org) {
// var_dump($org['directory']);
$directory_path = $config['md_relative_path'] . $org['directory'];
if (directoryAccess($directory_path, $user, true) and is_dir($directory_path)) {
$directory = $dir->getFiles($org['directory'], $recursive, ['xml'], __DIR__ . '/' . $config['md_relative_path'], $config['md_root_url']);
$directory['name'] = $org['directory'];
$data['directories'][] = $directory;
}
}
}
}
}
sendResponse('json', $data, 200);
});
Flight::route('POST /files', function () {
// Get config file
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
$request = Flight::request();
$params = $request->query;
$user = getUser($params['debug']);
$data = [
'files' => [],
'created' => 0,
'success' => false
];
// var_dump([123, $user]);
if ($user['editor']) {
// TODO: voir pour utiliser fonction récupération fichiers à partir d'un forumaire ???
if ($params['upload']) {
$dir_path = $config['md_relative_path'] . $params['directory'];
$uploadedFiles = $request->files['files'];
// var_dump($request->files->files);
// var_dump($dir_path);
$data['upload'] = $uploadedFiles;
if ($uploadedFiles and count($uploadedFiles)) {
foreach ($uploadedFiles['name'] as $fileId => $fileName) {
if ($uploadedFiles['size'][$fileId] < $config['upload_max_filesize']) {
// var_dump($uploadedFiles['name'][$fileId]);
$file_path = $dir_path . $fileName;
// var_dump($file_path);
// Check if file is in path of user
if (fileAccess($file_path, $user, false)) {
if ($uploadedFiles['error'][$fileId] == 0) {
// $uploadedFile->moveTo($file_path);
// var_dump([123, $uploadedFiles['tmp_name'][$fileId], __DIR__ . '/' . $file_path]);
// var_dump(__DIR__ . '/' . $file_path);
move_uploaded_file($uploadedFiles['tmp_name'][$fileId], __DIR__ . '/' . $file_path);
$f = new MdEditApi\File();
// $data['files'][] = $f->getFile($params['file'], $config['md_relative_path']);
$data['files'][] = $f->getFile($file_path, $config['md_relative_path'], $config['md_root_url']);
$data['created']++;
$data['success'] = file_exists(__DIR__ . '/' . $file_path);
}
}
} else {
$data['success'] = false;
}
}
}
} else {
$body = $request->getBody();
$files = json_decode($body, true);
// var_dump([$files, $body]);
foreach ($files as $file_key => $file) {
// Check if file is in path of user
if (fileAccess($config['md_relative_path'] . $file['file'], $user, false)) {
$f = new MdEditApi\File();
$content = $file['content'];
$data['files'][] = $f->saveFile($content, $file['file'], $config['md_relative_path'], $config['md_root_url']);
$data['created']++;
// var_dump($files[0]['file']);
// var_dump(file_exists($config['md_relative_path'].$file['file']), $config['md_relative_path'].$file['file']);
$data['success'] = file_exists($config['md_relative_path'] . $file['file']);
}
}
}
}
sendResponse('json', $data, 200);
});
// Update files - NOT USED
Flight::route('PUT /files', function () {
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
$request = Flight::request();
$params = $request->query;
$user = getUser($params['debug']);
$data = [
'file' => [],
'updated' => 0
];
if ($user['editor']) {
$body = $request->getBody();
$json_body = json_decode($body, true);
$files = array_filter(explode(';', $params['files']));
// if (count($files) == 0) {
// $files = array_map(
// function ($f) {
// return $f['path'] . '/' . $f['filename'];
// },
// $json_body
// );
// }
if (count($files) == 0) {
$old_file = $json_body['old_file'];
$new_file = $json_body['new_file'];
} else {
$old_file = $files[0];
$new_file = $files[1];
}
// foreach ($files as $file_key => $file) {
// // Check if file exists and if file is in path of user
// if (fileAccess($file, $user, true)) {
// $f = new MdEditApi\File();
// // $data['files'][] = $f->saveFile($json_body[$file_key]['content'], $file);
// $data['files'][] = $f->moveFile($json_body[$file_key]['content'], $file);
// $data['updated']++;
// }
// }
// Move old_file to new_file if file exists and is in path of user
// Check if file exists and if file is in path of user
if (fileAccess($config['md_relative_path'] . $old_file, $user, true)) {
$f = new MdEditApi\File();
// $data['files'][] = $f->saveFile($json_body[$file_key]['content'], $file);
// $data['files'][] = $f->moveFile($json_body[$file_key]['content'], $file);
$data['files'][] = $f->moveFile($old_file, $new_file, $config['md_relative_path']);
$data['updated']++;
}
}
sendResponse('json', $data, 200);
});
Flight::route('DELETE /files', function () {
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
$request = Flight::request();
$params = $request->query;
$user = getUser($params['debug']);
$data = [
'files' => [],
'deleted' => 0,
'success' => false
];
if ($user['editor']) {
// Can't use $request->getBody whith method DELETE in Floght PHP
$files = array_filter(explode(';', $params['files']));
foreach ($files as $file) {
// Check if file exists and is in path of user
if (fileAccess($config['md_relative_path'] . $file, $user, true)) {
$f = new MdEditApi\File();
$data['files'][] = $f->deleteFile($config['md_relative_path'] . $file);
$data['deleted']++;
$data['success'] = !file_exists($config['md_relative_path'] . $file);
}
}
}
sendResponse('json', $data, 200);
});
// Create directories - NOT USED
Flight::route('POST /directories', function () {
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
$request = Flight::request();
$params = $request->query;
$user = getUser($params['debug']);
$data = [
'directories' => [],
'created' => 0
];
if ($user['editor']) {
$body = $request->getBody();
$json_body = json_decode($body, true);
$directories = array_filter(explode(';', $params['directories']));
if (count($directories) == 0) {
$directories = $json_body;
}
foreach ($directories as $directory) {
// Check if file is in path of user
if (directoryAccess($config['md_relative_path'] . $directory, $user, false)) {
$d = new MdEditApi\Directory();
$data['directories'][] = $d->createDirectory($config['md_relative_path'] . $directory);
$data['created']++;
}
}
}
sendResponse('json', $data, 200);
});
// Rename directories
Flight::route('PUT /directories', function () {
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
$request = Flight::request();
$params = $request->query;
$user = getUser($params['debug']);
$data = [
'response' => [],
'created' => 0,
'copy' => 0
];
if ($user['editor']) {
$body = $request->getBody();
$json_body = json_decode($body, true);
$directories = array_filter(explode(';', $params['directories']));
if ($params['copy']) {
if (count($directories) == 0) {
$source = $json_body['source'];
$dest = $json_body['dest'];
} else {
$source = $directories[0];
$dest = $directories[1];
}
// Move old_directory to new_directory if directory is in path of user
if (directoryAccess($config['md_relative_path'] . $source, $user, false) and directoryAccess($config['md_relative_path'] . $dest, $user, false)) {
$d = new MdEditApi\Directory();
$data['response'][] = $d->copyDirectory($source, $dest, $config['md_relative_path']);
$data['copy']++;
}
} else {
if (count($directories) == 0) {
$old_directory = $json_body['old_directory'];
$new_directory = $json_body['new_directory'];
} else {
$old_directory = $directories[0];
$new_directory = $directories[1];
}
// Move old_directory to new_directory if directory is in path of user
if (directoryAccess($config['md_relative_path'] . $old_directory, $user, false)) {
$d = new MdEditApi\Directory();
$data['response'][] = $d->moveDirectory($old_directory, $new_directory, $config['md_relative_path']);
$data['created']++;
}
}
}
sendResponse('json', $data, 200);
});
// Delete directories
Flight::route('DELETE /directories', function () {
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
$request = Flight::request();
$params = $request->query;
$user = getUser($params['debug']);
$data = [
'directories' => [],
'deleted' => 0
];
if ($user['editor']) {
$body = $request->getBody();
$json_body = json_decode($body, true);
$directories = array_filter(explode(';', $params['directories']));
if (count($directories) == 0) {
$directories = $json_body;
}
foreach ($directories as $directory) {
$directory_path = $config['md_relative_path'] . $directory;
// Check if file exists and is in path of user
if (directoryAccess($directory_path, $user, true)) {
$d = new MdEditApi\Directory();
$data['directories'][] = $d->removeDirectory(__DIR__ . '/' . $directory_path);
$data['deleted']++;
}
}
}
sendResponse('json', $data, 200);
});
// Delete directories
Flight::route('GET /mail', function () {
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
$request = Flight::request();
$params = $request->query;
$user = getUser($params['debug']);
$email_file_name = $params['mail'];
$data = [
'success' => false
];
if ($user['editor']) {
// Get email content
$email_file_path = "./config/emails/" . $email_file_name;
if (file_exists($email_file_path)) {
$email_content = file_get_contents($email_file_path);
$email_vars = [
'%USER%' => $user['firstname'] . ' ' . $user['lastname'],
'%DIRECTORY%' => 'DIR'
];
foreach ($email_vars as $key => $value) {
$email_content = str_replace($key, $value, $email_content);
}
// $email_info = [
// 'to' => $config['email_from'],
// 'to' => $config['email_to'],
// 'from_user' => 'mdEdit API',
// 'from_email' => '',
// 'message' => $email_content,
// 'subject' => 'mdEdit API - ' . $email_file_name
// ];
$config['email']['to_email'] = $user['email'];
$config['email']['to_user'] = $user['firstname'] . ' ' . $user['lastname'];
$config['email']['subject'] = 'mdEdit API - ' . $email_file_name;
$config['email']['message'] = $email_content;
}
// Send email
$email = new MdEditApi\Email();
$data = $email->send($config['email']);
$data['config'] = $config;
// $config['email']['to_email'] = $user['email'];
// $config['email']['to_user'] = $user['firstname'] . ' ' . $user['lastname'];
// $config['email']['message'] = json_encode($data);
}
sendResponse('json', $data, 200);
});
Flight::before('start', function () {
Flight::request()->url = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '/';
});
Flight::start();