505 lines
19 KiB
PHP
505 lines
19 KiB
PHP
<?php
|
|
|
|
require_once __DIR__ . '/vendor/autoload.php';
|
|
require_once __DIR__ . '/classes/json.class.php';
|
|
require_once __DIR__ . '/classes/user.class.php';
|
|
require_once __DIR__ . '/classes/directory.class.php';
|
|
require_once __DIR__ . '/classes/file.class.php';
|
|
require_once __DIR__ . '/classes/email.class.php';
|
|
require_once __DIR__ . '/classes/helpers.class.php';
|
|
|
|
/**
|
|
* An example CORS-compliant method. It will allow any GET, POST, or OPTIONS requests from any
|
|
* origin.
|
|
*
|
|
* In a production environment, you probably want to be more restrictive, but this gives you
|
|
* the general idea of what is involved. For the nitty-gritty low-down, read:
|
|
*
|
|
* - https://developer.mozilla.org/en/HTTP_access_control
|
|
* - http://www.w3.org/TR/cors/
|
|
*
|
|
*/
|
|
function cors()
|
|
{
|
|
// Allow from any origin
|
|
if (isset($_SERVER['HTTP_ORIGIN'])) {
|
|
// Decide if the origin in $_SERVER['HTTP_ORIGIN'] is one
|
|
// you want to allow, and if so:
|
|
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
|
|
header('Access-Control-Allow-Credentials: true');
|
|
header('Access-Control-Max-Age: 86400'); // cache for 1 day
|
|
}
|
|
|
|
// Access-Control headers are received during OPTIONS requests
|
|
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
|
|
|
|
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
|
|
// may also be using PUT, PATCH, HEAD etc
|
|
header("Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, HEAD, DELETE");
|
|
|
|
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
|
|
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
|
|
|
|
exit(0);
|
|
}
|
|
}
|
|
cors();
|
|
|
|
// FUNCTIONS
|
|
// Get user informations or debug informations according $debug parameter
|
|
function getUser($debug)
|
|
{
|
|
$user = new MdEditApi\User();
|
|
if ($debug) {
|
|
return $user->getUserInfoDebug()->getInfo();
|
|
}
|
|
return $user->getUserInfo()->getInfo();
|
|
}
|
|
|
|
// Send response accordind data and format
|
|
function sendResponse($format, $data, $status)
|
|
{
|
|
cors();
|
|
header('Content-Type:', true, $status);
|
|
switch ($format) {
|
|
case 'json':
|
|
$data = json_encode($data, JSON_PARTIAL_OUTPUT_ON_ERROR);
|
|
// var_dump($data);
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
break;
|
|
case 'text':
|
|
header('Content-Type: text/plain; charset=utf-8');
|
|
break;
|
|
case 'xml':
|
|
header('Content-Type: application/xml; charset=utf-8');
|
|
break;
|
|
default:
|
|
header('Content-Type: text/html; charset=utf-8');
|
|
break;
|
|
}
|
|
echo $data;
|
|
exit;
|
|
}
|
|
|
|
// Check if file is in path of user and exists (if $is_file = true)
|
|
function fileAccess($file, $user, $is_file = false)
|
|
{
|
|
// var_dump([$file, $user['root_directory']]);
|
|
if (($is_file and is_file($file)) or !$is_file) {
|
|
foreach ($user['orgs'] as $org) {
|
|
// var_dump([$file, $user['root_directory'] . $org['directory']]);
|
|
if (strpos($file, $user['root_directory'] . $org['directory']) === 0) {
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
// Check if directory is in path of user and exists (if $is_directory = true)
|
|
function directoryAccess($directory, $user, $is_directory = false)
|
|
{
|
|
if (($is_directory and is_dir(__DIR__ . '/' . $directory)) or !$is_directory) {
|
|
foreach ($user['orgs'] as $org) {
|
|
if (strpos($directory, $user['root_directory'] . $org['directory']) === 0) {
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
// API
|
|
Flight::route('GET /', function () {
|
|
// echo (ini_get("upload_max_filesize"));
|
|
sendResponse('text', 'Welcome on mdEdit API server', 200);
|
|
});
|
|
|
|
Flight::route('GET /me', function () {
|
|
$params = Flight::request()->query;
|
|
$data = getUser($params['debug']);
|
|
// var_dump([$data]);
|
|
sendResponse('json', $data, 200);
|
|
});
|
|
|
|
Flight::route('GET /editor', function () {
|
|
$params = Flight::request()->query;
|
|
$user = getUser($params['debug']);
|
|
$data = [
|
|
'editor' => $user['editor'],
|
|
'username' => $user['username']
|
|
];
|
|
sendResponse('json', $data, 200);
|
|
});
|
|
|
|
|
|
/**
|
|
* URL pour lister les fichiers
|
|
* - Si le paramètre file est renseigné (chemin vers un fichier spécifique), elle renvoie le contenu du fichier au format XML
|
|
* - Si le paramètre files est reneseigné (liste de fichiers séparés par un ";") elle renvoie la liste de ce fichiers et leur contenu au format JSON
|
|
* - Sinon, renvoie la liste des fichiers de l'utilisateur authentifié et leur contenu
|
|
*/
|
|
Flight::route('GET /files', function () {
|
|
// Get config file
|
|
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
|
|
$request = Flight::request();
|
|
$params = $request->query;
|
|
$user = getUser($params['debug']);
|
|
$data = ['user' => $user];
|
|
// var_dump($params);
|
|
if ($params['file']) {
|
|
// Return file content if exist else error message
|
|
$text = 'File does\'nt exist.';
|
|
$file = __DIR__ . '/' . $config['md_relative_path'] . $params['file'];
|
|
// var_dump($file);
|
|
if (is_file($file)) {
|
|
// var_dump(123);
|
|
$text = file_get_contents($file);
|
|
sendResponse('xml', $text, 200);
|
|
}
|
|
sendResponse('text', $text, 200);
|
|
} elseif ($user['editor']) {
|
|
$data['files'] = [];
|
|
if ($params['files']) {
|
|
$files = array_filter(explode(';', $params['files']));
|
|
foreach ($files as $file) {
|
|
if (fileAccess($config['md_relative_path'] . $file, $user, true)) {
|
|
$f = new MdEditApi\File();
|
|
$data['files'][] = $f->getFile($file, $config['md_relative_path'], $config['md_root_url']);
|
|
}
|
|
}
|
|
} else {
|
|
$recursive = $params['recursive'] == NULL or $params['recursive'] == 1 ? true : false;
|
|
if ($params['directory']) {
|
|
$directory_path = $config['md_relative_path'] . $params['directory'];
|
|
if (directoryAccess($directory_path, $user, false) and is_dir($directory_path)) {
|
|
$dir = new MdEditApi\Directory();
|
|
$data['files'] = $dir->getFiles($params['directory'], $recursive, [], $config['md_relative_path'], $config['md_root_url'])['files'];
|
|
}
|
|
} else {
|
|
// Return files list of user
|
|
$dir = new MdEditApi\Directory();
|
|
foreach ($user['orgs'] as $org) {
|
|
// var_dump($org['directory']);
|
|
$directory_path = $config['md_relative_path'] . $org['directory'];
|
|
if (directoryAccess($directory_path, $user, true) and is_dir($directory_path)) {
|
|
$directory = $dir->getFiles($org['directory'], $recursive, ['xml'], __DIR__ . '/' . $config['md_relative_path'], $config['md_root_url']);
|
|
$directory['name'] = $org['directory'];
|
|
$data['directories'][] = $directory;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
sendResponse('json', $data, 200);
|
|
});
|
|
|
|
|
|
Flight::route('POST /files', function () {
|
|
// Get config file
|
|
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
|
|
$request = Flight::request();
|
|
$params = $request->query;
|
|
$user = getUser($params['debug']);
|
|
$data = [
|
|
'files' => [],
|
|
'created' => 0,
|
|
'success' => false
|
|
];
|
|
// var_dump([123, $user]);
|
|
if ($user['editor']) {
|
|
// TODO: voir pour utiliser fonction récupération fichiers à partir d'un forumaire ???
|
|
if ($params['upload']) {
|
|
$dir_path = $config['md_relative_path'] . $params['directory'];
|
|
$uploadedFiles = $request->files['files'];
|
|
// var_dump($request->files->files);
|
|
// var_dump($dir_path);
|
|
$data['upload'] = $uploadedFiles;
|
|
if ($uploadedFiles and count($uploadedFiles)) {
|
|
foreach ($uploadedFiles['name'] as $fileId => $fileName) {
|
|
if ($uploadedFiles['size'][$fileId] < $config['upload_max_filesize']) {
|
|
// var_dump($uploadedFiles['name'][$fileId]);
|
|
$file_path = $dir_path . $fileName;
|
|
// var_dump($file_path);
|
|
// Check if file is in path of user
|
|
if (fileAccess($file_path, $user, false)) {
|
|
if ($uploadedFiles['error'][$fileId] == 0) {
|
|
// $uploadedFile->moveTo($file_path);
|
|
// var_dump([123, $uploadedFiles['tmp_name'][$fileId], __DIR__ . '/' . $file_path]);
|
|
// var_dump(__DIR__ . '/' . $file_path);
|
|
move_uploaded_file($uploadedFiles['tmp_name'][$fileId], __DIR__ . '/' . $file_path);
|
|
$f = new MdEditApi\File();
|
|
// $data['files'][] = $f->getFile($params['file'], $config['md_relative_path']);
|
|
$data['files'][] = $f->getFile($file_path, $config['md_relative_path'], $config['md_root_url']);
|
|
$data['created']++;
|
|
$data['success'] = file_exists(__DIR__ . '/' . $file_path);
|
|
}
|
|
}
|
|
} else {
|
|
$data['success'] = false;
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
$body = $request->getBody();
|
|
$files = json_decode($body, true);
|
|
// var_dump([$files, $body]);
|
|
foreach ($files as $file_key => $file) {
|
|
// Check if file is in path of user
|
|
if (fileAccess($config['md_relative_path'] . $file['file'], $user, false)) {
|
|
$f = new MdEditApi\File();
|
|
$content = $file['content'];
|
|
$data['files'][] = $f->saveFile($content, $file['file'], $config['md_relative_path'], $config['md_root_url']);
|
|
$data['created']++;
|
|
// var_dump($files[0]['file']);
|
|
// var_dump(file_exists($config['md_relative_path'].$file['file']), $config['md_relative_path'].$file['file']);
|
|
$data['success'] = file_exists($config['md_relative_path'] . $file['file']);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
sendResponse('json', $data, 200);
|
|
});
|
|
|
|
// Update files - NOT USED
|
|
Flight::route('PUT /files', function () {
|
|
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
|
|
$request = Flight::request();
|
|
$params = $request->query;
|
|
$user = getUser($params['debug']);
|
|
$data = [
|
|
'file' => [],
|
|
'updated' => 0
|
|
];
|
|
if ($user['editor']) {
|
|
$body = $request->getBody();
|
|
$json_body = json_decode($body, true);
|
|
$files = array_filter(explode(';', $params['files']));
|
|
// if (count($files) == 0) {
|
|
// $files = array_map(
|
|
// function ($f) {
|
|
// return $f['path'] . '/' . $f['filename'];
|
|
// },
|
|
// $json_body
|
|
// );
|
|
// }
|
|
if (count($files) == 0) {
|
|
$old_file = $json_body['old_file'];
|
|
$new_file = $json_body['new_file'];
|
|
} else {
|
|
$old_file = $files[0];
|
|
$new_file = $files[1];
|
|
}
|
|
// foreach ($files as $file_key => $file) {
|
|
// // Check if file exists and if file is in path of user
|
|
// if (fileAccess($file, $user, true)) {
|
|
// $f = new MdEditApi\File();
|
|
// // $data['files'][] = $f->saveFile($json_body[$file_key]['content'], $file);
|
|
// $data['files'][] = $f->moveFile($json_body[$file_key]['content'], $file);
|
|
// $data['updated']++;
|
|
// }
|
|
// }
|
|
// Move old_file to new_file if file exists and is in path of user
|
|
// Check if file exists and if file is in path of user
|
|
if (fileAccess($config['md_relative_path'] . $old_file, $user, true)) {
|
|
$f = new MdEditApi\File();
|
|
// $data['files'][] = $f->saveFile($json_body[$file_key]['content'], $file);
|
|
// $data['files'][] = $f->moveFile($json_body[$file_key]['content'], $file);
|
|
$data['files'][] = $f->moveFile($old_file, $new_file, $config['md_relative_path']);
|
|
$data['updated']++;
|
|
}
|
|
}
|
|
sendResponse('json', $data, 200);
|
|
});
|
|
|
|
Flight::route('DELETE /files', function () {
|
|
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
|
|
$request = Flight::request();
|
|
$params = $request->query;
|
|
$user = getUser($params['debug']);
|
|
$data = [
|
|
'files' => [],
|
|
'deleted' => 0,
|
|
'success' => false
|
|
];
|
|
if ($user['editor']) {
|
|
// Can't use $request->getBody whith method DELETE in Floght PHP
|
|
$files = array_filter(explode(';', $params['files']));
|
|
foreach ($files as $file) {
|
|
// Check if file exists and is in path of user
|
|
if (fileAccess($config['md_relative_path'] . $file, $user, true)) {
|
|
$f = new MdEditApi\File();
|
|
$data['files'][] = $f->deleteFile($config['md_relative_path'] . $file);
|
|
$data['deleted']++;
|
|
$data['success'] = !file_exists($config['md_relative_path'] . $file);
|
|
}
|
|
}
|
|
}
|
|
sendResponse('json', $data, 200);
|
|
});
|
|
|
|
// Create directories - NOT USED
|
|
Flight::route('POST /directories', function () {
|
|
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
|
|
$request = Flight::request();
|
|
$params = $request->query;
|
|
$user = getUser($params['debug']);
|
|
$data = [
|
|
'directories' => [],
|
|
'created' => 0
|
|
];
|
|
if ($user['editor']) {
|
|
$body = $request->getBody();
|
|
$json_body = json_decode($body, true);
|
|
$directories = array_filter(explode(';', $params['directories']));
|
|
if (count($directories) == 0) {
|
|
$directories = $json_body;
|
|
}
|
|
foreach ($directories as $directory) {
|
|
// Check if file is in path of user
|
|
if (directoryAccess($config['md_relative_path'] . $directory, $user, false)) {
|
|
$d = new MdEditApi\Directory();
|
|
$data['directories'][] = $d->createDirectory($config['md_relative_path'] . $directory);
|
|
$data['created']++;
|
|
}
|
|
}
|
|
}
|
|
sendResponse('json', $data, 200);
|
|
});
|
|
|
|
// Rename directories
|
|
Flight::route('PUT /directories', function () {
|
|
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
|
|
$request = Flight::request();
|
|
$params = $request->query;
|
|
$user = getUser($params['debug']);
|
|
$data = [
|
|
'response' => [],
|
|
'created' => 0,
|
|
'copy' => 0
|
|
];
|
|
if ($user['editor']) {
|
|
$body = $request->getBody();
|
|
$json_body = json_decode($body, true);
|
|
$directories = array_filter(explode(';', $params['directories']));
|
|
|
|
if ($params['copy']) {
|
|
if (count($directories) == 0) {
|
|
$source = $json_body['source'];
|
|
$dest = $json_body['dest'];
|
|
} else {
|
|
$source = $directories[0];
|
|
$dest = $directories[1];
|
|
}
|
|
// Move old_directory to new_directory if directory is in path of user
|
|
if (directoryAccess($config['md_relative_path'] . $source, $user, false) and directoryAccess($config['md_relative_path'] . $dest, $user, false)) {
|
|
$d = new MdEditApi\Directory();
|
|
$data['response'][] = $d->copyDirectory($source, $dest, $config['md_relative_path']);
|
|
$data['copy']++;
|
|
}
|
|
} else {
|
|
if (count($directories) == 0) {
|
|
$old_directory = $json_body['old_directory'];
|
|
$new_directory = $json_body['new_directory'];
|
|
} else {
|
|
$old_directory = $directories[0];
|
|
$new_directory = $directories[1];
|
|
}
|
|
// Move old_directory to new_directory if directory is in path of user
|
|
if (directoryAccess($config['md_relative_path'] . $old_directory, $user, false)) {
|
|
$d = new MdEditApi\Directory();
|
|
$data['response'][] = $d->moveDirectory($old_directory, $new_directory, $config['md_relative_path']);
|
|
$data['created']++;
|
|
}
|
|
}
|
|
}
|
|
sendResponse('json', $data, 200);
|
|
});
|
|
|
|
|
|
// Delete directories
|
|
Flight::route('DELETE /directories', function () {
|
|
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
|
|
$request = Flight::request();
|
|
$params = $request->query;
|
|
$user = getUser($params['debug']);
|
|
$data = [
|
|
'directories' => [],
|
|
'deleted' => 0
|
|
];
|
|
if ($user['editor']) {
|
|
$body = $request->getBody();
|
|
$json_body = json_decode($body, true);
|
|
$directories = array_filter(explode(';', $params['directories']));
|
|
if (count($directories) == 0) {
|
|
$directories = $json_body;
|
|
}
|
|
foreach ($directories as $directory) {
|
|
$directory_path = $config['md_relative_path'] . $directory;
|
|
// Check if file exists and is in path of user
|
|
if (directoryAccess($directory_path, $user, true)) {
|
|
$d = new MdEditApi\Directory();
|
|
$data['directories'][] = $d->removeDirectory(__DIR__ . '/' . $directory_path);
|
|
$data['deleted']++;
|
|
}
|
|
}
|
|
}
|
|
sendResponse('json', $data, 200);
|
|
});
|
|
|
|
// Delete directories
|
|
Flight::route('GET /mail', function () {
|
|
$config = MdEditApi\Json::get(__DIR__ . '/config/config.json');
|
|
$request = Flight::request();
|
|
$params = $request->query;
|
|
$user = getUser($params['debug']);
|
|
$email_file_name = $params['mail'];
|
|
$data = [
|
|
'success' => false
|
|
];
|
|
if ($user['editor']) {
|
|
// Get email content
|
|
$email_file_path = "./config/emails/" . $email_file_name;
|
|
if (file_exists($email_file_path)) {
|
|
$email_content = file_get_contents($email_file_path);
|
|
$email_vars = [
|
|
'%USER%' => $user['firstname'] . ' ' . $user['lastname'],
|
|
'%DIRECTORY%' => 'DIR'
|
|
];
|
|
foreach ($email_vars as $key => $value) {
|
|
$email_content = str_replace($key, $value, $email_content);
|
|
}
|
|
// $email_info = [
|
|
// 'to' => $config['email_from'],
|
|
// 'to' => $config['email_to'],
|
|
// 'from_user' => 'mdEdit API',
|
|
// 'from_email' => '',
|
|
// 'message' => $email_content,
|
|
// 'subject' => 'mdEdit API - ' . $email_file_name
|
|
// ];
|
|
$config['email']['to_email'] = $user['email'];
|
|
$config['email']['to_user'] = $user['firstname'] . ' ' . $user['lastname'];
|
|
$config['email']['subject'] = 'mdEdit API - ' . $email_file_name;
|
|
$config['email']['message'] = $email_content;
|
|
}
|
|
// Send email
|
|
$email = new MdEditApi\Email();
|
|
$data = $email->send($config['email']);
|
|
|
|
$data['config'] = $config;
|
|
|
|
// $config['email']['to_email'] = $user['email'];
|
|
// $config['email']['to_user'] = $user['firstname'] . ' ' . $user['lastname'];
|
|
// $config['email']['message'] = json_encode($data);
|
|
|
|
|
|
}
|
|
sendResponse('json', $data, 200);
|
|
});
|
|
|
|
Flight::before('start', function () {
|
|
Flight::request()->url = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '/';
|
|
});
|
|
|
|
Flight::start();
|