}
Tool::endWithJson($tags->get());
});
$tag_single = Tool::makeEndpoint(function ($key) use($app) {
OAuthHelper::needsScopes(['tag']);
$tag = Tag::where('key', '=', $key)->first();
if ($tag == NULL) {
throw new \API\Exception\ResourceNotFound('Tag', $key);
}
Tool::endWithJson($tag);
});
$tag_plugins = Tool::makeEndpoint(function ($key) use($app) {
OAuthHelper::needsScopes(['tag', 'plugins']);
$tag = Tag::where('key', '=', $key)->first();
if ($tag == NULL) {
throw new \API\Exception\ResourceNotFound('Tag', $key);
}
$plugins = Tool::paginateCollection(Plugin::with('versions', 'authors')->short()->withAverageNote()->descWithLang(Tool::getRequestLang())->withTag($tag));
Tool::endWithJson($plugins);
});
// HTTP rest map
$app->get('/tags', $tags_all);
$app->get('/tags/top', $tags_top);
$app->get('/tags/:id/plugin', $tag_plugins);
$app->get('/tags/:id', $tag_single);
$app->options('/tags', function () {
});
$app->options('/tags/top', function () {
});
$app->options('/tags/:id/plugin', function ($id) {
});
<?php
use Illuminate\Database\Capsule\Manager as DB;
use API\Core\Tool;
use API\Model\Plugin;
use API\OAuthServer\OAuthHelper;
$version_plugins = Tool::makeEndpoint(function ($version) {
OAuthHelper::needsScopes(['version', 'plugins']);
$plugins = Tool::paginateCollection(Plugin::short()->with('authors', 'versions', 'descriptions')->withAverageNote()->descWithLang(Tool::getRequestLang())->withGlpiVersion($version));
Tool::endWithJson($plugins);
});
$app->get('/version/:version/plugin', $version_plugins);
$app->options('/version/:version/plugin', function () {
});
*/
use API\Core\Tool;
use API\Model\Plugin;
use API\Model\PluginDownload;
use Illuminate\Database\Capsule\Manager as DB;
use API\OAuthServer\OAuthHelper;
$download = Tool::makeEndpoint(function ($key) use($app) {
$plugin = Plugin::where('key', '=', $key)->first();
$plugin->download_count = DB::raw('download_count + 1');
$plugin->save();
$plugin_download = new PluginDownload();
$plugin_download->downloaded_at = DB::raw('NOW()');
$plugin_download->plugin_id = $plugin->id;
$plugin_download->save();
/**
* @MonkeyPatch
* @todo remove this as soon as possible once
* all our famous, star, since-day-one
* contributors took the time
* to update their XML file.
*/
$indepnetFixSearchPattern = '/https:\\/\\/forge\\.indepnet\\.net/';
if (preg_match($indepnetFixSearchPattern, $plugin->download_url)) {
$plugin->download_url = preg_replace($indepnetFixSearchPattern, 'https://forge.glpi-project.org', $plugin->download_url);
}
$app->redirect($plugin->download_url, 301);
});
// HTTP Rest Map
$app->get('/plugin/:key/download', $download);
$app->options('/plugin/:key/download', function ($key) {
});
$send = Tool::makeEndpoint(function () use($app) {
OAuthHelper::needsScopes(['message']);
$msg_alerts_settings = Tool::getConfig()['msg_alerts'];
$body = Tool::getBody();
$fields = ['firstname', 'lastname', 'email', 'subject', 'message'];
$recaptcha = new ReCaptcha(Tool::getConfig()['recaptcha_secret']);
$resp = $recaptcha->verify($body->recaptcha_response);
if (!$resp->isSuccess()) {
throw new InvalidRecaptcha();
}
foreach ($fields as $prop) {
if (!property_exists($body->contact, $prop)) {
throw new MissingField($prop);
} else {
switch ($prop) {
case 'email':
if (gettype($body->contact->email) != 'string' || !filter_var($body->contact->email, FILTER_VALIDATE_EMAIL)) {
throw new InvalidField('email');
}
break;
case 'firstname':
if (gettype($body->contact->firstname) != 'string' || strlen($body->contact->firstname) > 45) {
throw new InvalidField('firstname');
}
break;
case 'lastname':
if (gettype($body->contact->lastname) != 'string' || strlen($body->contact->lastname) > 45) {
throw new InvalidField('lastname');
}
break;
case 'subject':
if (gettype($body->contact->subject) != 'string' || strlen($body->contact->subject) > 280) {
throw new InvalidField('subject');
}
break;
case 'message':
if (gettype($body->contact->message) != 'string' || strlen($body->contact->message) > 16000) {
throw new InvalidField('message');
}
break;
}
}
}
// Sending mail
$mailer = new Mailer();
$mailer->sendMail('user_message.html', Tool::getConfig()['msg_alerts']['local_admins'], '[MSG] ' . $body->contact->subject, ['firstname' => $body->contact->firstname, 'lastname' => $body->contact->lastname, 'email' => $body->contact->email, 'message' => $body->contact->message], [$body->contact->email => $body->contact->firstname . ' ' . $body->contact->lastname]);
// also saving message in database
$message = new Message();
$message->first_name = $body->contact->firstname;
$message->last_name = $body->contact->lastname;
$message->email = $body->contact->email;
$message->subject = $body->contact->subject;
$message->message = $body->contact->message;
$message->sent = DB::raw('NOW()');
$message->save();
Tool::endWithJson(["success" => true]);
});
$user_reset_password = Tool::makeEndpoint(function () use($app) {
$body = Tool::getBody();
// rejecting if token not provided as a string
if (!isset($body->token) || gettype($body->token) !== 'string') {
throw new WrongPasswordResetToken();
}
$token = ResetPasswordToken::where('token', '=', $body->token)->first();
// rejecting if no password given
if (!isset($body->password) || gettype($body->password) !== 'string') {
throw new InvalidField('password');
}
// rejecting if request isn't signed by
// a recaptcha captcha
// if (!isset($body->recaptcha_response) ||
// gettype($body->recaptcha_response) !== 'string') {
// throw new InvalidRecaptcha;
// }
// $recaptchaStuff = new ReCaptcha(Tool::getConfig()['recaptcha_secret']);
// $resp = $recaptchaStuff->verify($body->recaptcha_response);
// if (!$resp->isSuccess()) {
// throw new InvalidRecaptcha;
// }
// ultimately rejecting request if token is not in db
if (!$token) {
throw new WrongPasswordResetToken();
}
// having the user which is concerned by the
// password change procedure.
$user = $token->user;
// Changing the password
$user->setPassword($body->password);
$user->save();
// Deleting the ResetPasswordToken objects for this user
$user->passwordResetTokens()->truncate();
$app->halt(200);
});
if (gettype($body->description) != 'string' || !App::isValidDescription($body->description)) {
throw new InvalidField('description');
} else {
$user_app->description = $body->description;
}
}
$user_app->save();
Tool::endWithJson($user_app);
});
$user_delete_app = Tool::makeEndpoint(function ($id) use($app, $resourceServer) {
OAuthHelper::needsScopes(['user', 'user:apps']);
$body = Tool::getBody();
$user_id = $resourceServer->getAccessToken()->getSession()->getOwnerId();
$user = User::where('id', '=', $user_id)->first();
$user_app = $user->apps()->find($id);
if ($user_app) {
$user_app->delete();
$app->halt(200);
} else {
throw new ResourceNotFound('App', $id);
}
});
// HTTP REST Map
$app->get('/user/apps', $user_apps);
$app->get('/user/apps/:id', $user_app);
$app->put('/user/apps/:id', $user_edit_app);
$app->delete('/user/apps/:id', $user_delete_app);
$app->post('/user/apps', $user_declare_app);
$app->options('/user/apps', function () {
});
$app->options('/user/apps/:id', function ($id) {
<?php
/**
* Search
*
* This REST module hooks on
* following URLs
*
* /search
*/
use API\Core\Tool;
use Illuminate\Database\Capsule\Manager as DB;
use API\OAuthServer\OAuthHelper;
// Minimal length of search string
$search_min_length = 2;
$search = Tool::makeEndpoint(function () use($app) {
OAuthHelper::needsScopes(['plugins:search']);
global $search_min_length, $allowed_languages;
$body = Tool::getBody();
if ($body == NULL || !isset($body->query_string) || strlen($body->query_string) < $search_min_length) {
Tool::endWithJson(["error" => "Your search string needs to " . "have at least " . $search_min_length . " chars"], 400);
}
$query_string = $body->query_string;
$_search = Tool::paginateCollection(\API\Model\Plugin::short()->with('authors', 'versions', 'descriptions')->withAverageNote()->descWithLang(Tool::getRequestLang())->where('active', '=', true)->where(function ($q) use($query_string) {
return $q->where('name', 'LIKE', "%{$query_string}%")->orWhere('key', 'LIKE', "%{$query_string}%")->orWhere('plugin_description.short_description', 'LIKE', "%{$query_string}%")->orWhere('plugin_description.long_description', 'LIKE', "%{$query_string}%");
})->orderBy('download_count', 'DESC')->orderBy('note', 'DESC')->orderBy('name', 'ASC'));
Tool::endWithJson($_search);
});
$app->post('/search', $search);
$app->options('/search', function () {
});
use API\OAuthServer\OAuthHelper;
// Initialisation of Database (Illuminate)
// and webapp global object
\API\Core\DB::initCapsule();
$app = new \Slim\Slim();
// Instantiating the Resource Server
$resourceServer = new \League\OAuth2\Server\ResourceServer(OAuthHelper::getSessionStorage(), OAuthHelper::getAccessTokenStorage(), OAuthHelper::getClientStorage(), OAuthHelper::getScopeStorage());
// Loading all REST modules
// with their endpoints like that:
// inside 'src/endpoints'
$dir_endpoints = opendir('src/endpoints');
while ($ent = readdir($dir_endpoints)) {
// For each .php file
if (preg_match('/^(.*)\\.php$/', $ent, $m)) {
$endpoint = $m[0];
// Read the file with PHP
require 'src/endpoints/' . $endpoint;
}
}
closedir($dir_endpoints);
// JSON 404 response
$app->notFound(Tool::makeEndpoint(function () {
throw new \API\Exception\InvalidEndpoint();
}));
// Welcoming browsers when they reach /api
$app->get('/', function () use($app) {
$app->halt(200);
//echo file_get_contents(__DIR__.'/welcome.html');
});
// Ready to serve with Slim
$app->run();
if (!$author) {
throw new \API\Exception\ResourceNotFound('Author', $id);
}
Tool::endWithJson(Tool::paginateCollection(\API\Model\Plugin::with('versions', 'authors', 'descriptions')->short()->withAverageNote()->descWithLang(Tool::getRequestLang())->whereAuthor($author->id)));
});
$claim_authorship = Tool::makeEndpoint(function () use($app, $resourceServer) {
OAuthHelper::needsScopes(['user']);
$body = Tool::getBody();
$user_id = $resourceServer->getAccessToken()->getSession()->getOwnerId();
$user = User::where('id', '=', $user_id)->first();
// We ensure the recatpcha_response
// is provided as a string
if (!isset($body->recaptcha_response) || gettype($body->recaptcha_response) != 'string') {
throw new InvalidRecaptcha();
}
// and we verify it with recaptcha
Tool::assertRecaptchaValid($body->recaptcha_response);
if (!isset($body->author) || gettype($body->author) != 'string' || strlen($body->author) > 90) {
throw new InvalidField('author');
}
if (!($author = Author::where('name', '=', $body->author)->first())) {
throw new ResourceNotFound('Author', $body->author);
}
$mailer = new Mailer();
$mailer->sendMail('authorship_claim.html', Tool::getConfig()['msg_alerts']['local_admins'], 'User ' . $user->username . ' claim authorship', ['user' => $user->toArray(), 'author' => $author->toArray()]);
$app->halt(200);
});
// HTTP REST Map
$app->get('/author', $all);
$app->get('/author/top', $top);
$app->get('/author/:id', $single);
$app->get('/author/:id/plugin', $author_plugins);
$submit = Tool::makeEndpoint(function () use($app) {
OAuthHelper::needsScopes(['plugin:submit']);
$user = OAuthHelper::currentlyAuthed();
$body = Tool::getBody();
$recaptcha = new ReCaptcha(Tool::getConfig()['recaptcha_secret']);
$resp = $recaptcha->verify($body->recaptcha_response);
if (!$resp->isSuccess()) {
throw new InvalidRecaptcha();
}
if (!isset($body->plugin_url) || gettype($body->plugin_url) != 'string') {
throw new InvalidField('plugin_url');
}
// Quickly validating
if (Plugin::where('xml_url', '=', $body->plugin_url)->count() > 0) {
throw new UnavailableName('XML_URL', $body->plugin_url);
}
$xml = @file_get_contents($body->plugin_url);
if (!$xml) {
throw new InvalidXML('url', $body->plugin_url);
}
$xml = new ValidableXMLPluginDescription($xml);
$xml->validate();
$xml = $xml->contents;
if (Plugin::where('key', '=', $xml->key)->count() > 0) {
throw new UnavailableName('Plugin', $xml->key);
}
$plugin = new Plugin();
$plugin->xml_url = $body->plugin_url;
$plugin->date_added = DB::raw('NOW()');
$plugin->active = false;
$plugin->download_count = 0;
$plugin->save();
$plugin->permissions()->attach($user);
$user = $plugin->permissions()->where('user_id', '=', $user->id)->first();
$user->pivot['admin'] = true;
$user->pivot->save();
$mailer = new Mailer();
$mailer->sendMail('plugin_submission.html', Tool::getConfig()['msg_alerts']['local_admins'], '[PLUGIN SUBMISSION] ' . $xml->name . ' (' . $xml->key . ')', ['plugin_xml' => (array) $xml]);
Tool::endWithJson(["success" => true]);
});
$externalAccount->delete();
}
$app->halt(200);
});
/**
* Returns the complete list of emails
* that are available through the
* external accounts
*/
$oauth_external_emails = Tool::makeEndpoint(function () use($app, $resourceServer) {
OAuthHelper::needsScopes(['user']);
$user = OAuthHelper::currentlyAuthed();
$externalAccounts = $user->externalAccounts()->get();
$emails = [];
foreach ($externalAccounts as $externalAccount) {
$oAuth = new OAuthClient($externalAccount->service);
$_emails = $oAuth->getEmails($externalAccount->token);
foreach ($_emails as $email) {
$emails[] = ["email" => $email, "service" => $externalAccount->service];
}
}
Tool::endWithJson($emails);
});
$app->get('/user/external_accounts', $user_external_accounts);
$app->delete('/user/external_accounts/:id', $user_delete_external_account);
$app->get('/oauth/available_emails', $oauth_external_emails);
$app->get('/oauth/associate/:service', $user_associate_external_account);
$app->post('/oauth/authorize', $authorize);
$app->options('/user/external_accounts', function () {
});
$app->options('/oauth/available_emails', function () {
});
