/**
* Override base method to do some processing of incoming requests
*
* @param \CAction $action
*
* @return bool
* @throws Exception
*/
protected function _beforeAction($action)
{
/**
* fix the slash at the end, Yii removes trailing slash by default,
* but it is needed in some APIs to determine file vs folder, etc.
* 'rest/<service:[_0-9a-zA-Z-]+>/<resource:[_0-9a-zA-Z-\/. ]+>'
*/
$_path = $_service = FilterInput::get($_GET, 'path', null, FILTER_SANITIZE_STRING);
$_resource = null;
if (false !== ($_pos = strpos($_path, '/'))) {
$_service = substr($_path, 0, $_pos);
$_resource = $_pos < strlen($_path) ? substr($_path, $_pos + 1) : null;
// // fix removal of trailing slashes from resource
// if ( !empty( $this->_resource ) )
// {
// $requestUri = Yii::app()->request->requestUri;
//
// if ( ( false === strpos( $requestUri, '?' ) && '/' === substr( $requestUri, strlen( $requestUri ) - 1, 1 ) ) ||
// ( '/' === substr( $requestUri, strpos( $requestUri, '?' ) - 1, 1 ) )
// )
// {
// $this->_resource .= '/';
// }
// }
}
return array($_service, $_resource);
}
/**
*
*/
public function actionGet()
{
$_service = FilterInput::get(INPUT_GET, 'service', '');
try {
/** @var BaseFileSvc $_obj */
$_obj = ServiceHandler::getServiceObject($_service);
switch ($_obj->getType()) {
case 'Local File Storage':
case 'Remote File Storage':
$_fullPath = FilterInput::get(INPUT_GET, 'path', '');
if (!empty($_obj->privatePaths)) {
// match path pieces to public accessible
$_count = substr_count($_fullPath, '/');
$_pos = -1;
for ($_ndx = 0; $_ndx < $_count; $_ndx++) {
$_pos = strpos($_fullPath, '/', $_pos + 1);
$_piece = substr($_fullPath, 0, $_pos) . '/';
if (false !== array_search($_piece, $_obj->privatePaths)) {
$_statusHeader = 'HTTP/1.1 403 Forbidden. You have no access to this file or folder.';
header($_statusHeader);
header('Content-Type: text/html');
Pii::end();
}
}
// check for full file path
if (false !== array_search($_fullPath, $_obj->privatePaths)) {
$_statusHeader = 'HTTP/1.1 403 Forbidden. You have no access to this file or folder.';
header($_statusHeader);
header('Content-Type: text/html');
Pii::end();
}
}
$_container = substr($_fullPath, 0, strpos($_fullPath, '/'));
$_path = ltrim(substr($_fullPath, strpos($_fullPath, '/') + 1), '/');
$_obj->streamFile($_container, $_path);
Pii::end();
break;
}
$_statusHeader = 'HTTP/1.1 403 Forbidden. You have no access to this file or folder.';
header($_statusHeader);
header('Content-Type: text/html');
Pii::end();
} catch (\Exception $ex) {
die($ex->getMessage());
}
}
/**
* @return bool|string
*/
protected static function _checkExistingSession()
{
return FilterInput::cookie(self::CookiePrefix . 'session_id', false);
}
/**
* Handle inbound redirect from various services
*
* @throws DreamFactory\Platform\Exceptions\RestException
*/
public function actionAuthorize()
{
Log::debug('Inbound $REQUEST: ' . print_r($_REQUEST, true));
$_state = Storage::defrost(Option::request('state'));
$_origin = Option::get($_state, 'origin');
$_apiKey = Option::get($_state, 'api_key');
Log::debug('Inbound state: ' . print_r($_state, true));
if (empty($_origin) || empty($_apiKey)) {
Log::error('Invalid request state.');
throw new BadRequestException();
}
if ($_apiKey != ($_testKey = sha1($_origin))) {
Log::error('API Key mismatch: ' . $_apiKey . ' != ' . $_testKey);
throw new ForbiddenException();
}
$_code = FilterInput::request('code', null, FILTER_SANITIZE_STRING);
if (!empty($_code)) {
Log::debug('Inbound code received: ' . $_code . ' from ' . $_state['origin']);
} else {
if (null === Option::get($_REQUEST, 'access_token')) {
Log::error('Inbound request code missing.');
throw new RestException(HttpResponse::BadRequest);
} else {
Log::debug('Token received. Relaying to origin.');
}
}
$_redirectUri = Option::get($_state, 'redirect_uri', $_state['origin']);
$_redirectUrl = $_redirectUri . (false === strpos($_redirectUri, '?') ? '?' : '&') . \http_build_query($_REQUEST);
Log::debug('Proxying request to: ' . $_redirectUrl);
header('Location: ' . $_redirectUrl);
exit;
}
/**
* @return array
* @throws DreamFactory\Platform\Exceptions\BadRequestException
*/
protected function _parseRequest()
{
$_resourceId = strtolower(trim(FilterInput::request('resource', null, FILTER_SANITIZE_STRING)));
$_id = FilterInput::request('id', null, FILTER_SANITIZE_STRING);
if (empty($_resourceId) || empty($_resourceId) && empty($_id)) {
throw new BadRequestException(404, 'Not found.');
}
// Handle a plural request
if (false !== ($_tempId = Inflector::isPlural($_resourceId, true))) {
$_resourceId = $_tempId;
}
$this->setModelClass('DreamFactory\\Platform\\Yii\\Models\\' . Inflector::deneutralize($_resourceId));
return array($_resourceId, $_id);
}
/**
* Checks the progress of any in-flight OAuth requests
*
* @param bool $skipTokenCheck If true, assume there is no token
*
* @throws NotImplementedException
* @throws \DreamFactory\Oasys\Exceptions\RedirectRequiredException
* @return string
*/
public function checkAuthenticationProgress($skipTokenCheck = false)
{
if (false === $skipTokenCheck && $this->getConfig('access_token')) {
return true;
}
if (GrantTypes::AUTHORIZATION_CODE != $this->getConfig('grant_type')) {
throw new NotImplementedException();
}
$_code = FilterInput::get(INPUT_GET, 'code');
// No code is present, request one
if (empty($_code)) {
$_redirectUrl = $this->getAuthorizationUrl();
if (Flows::SERVER_SIDE == $this->getConfig('flow_type')) {
throw new RedirectRequiredException($_redirectUrl);
}
header('Location: ' . $_redirectUrl);
exit;
}
// Figure out where the redirect goes...
$_redirectUri = $this->getConfig('redirect_uri');
$_proxyUrl = $this->getConfig('redirect_proxy_url');
if (!empty($_proxyUrl)) {
$_redirectUri = $_proxyUrl;
}
// Got a code, now get a token
$_token = $this->requestAccessToken(GrantTypes::AUTHORIZATION_CODE, array('code' => $_code, 'redirect_uri' => $_redirectUri, 'state' => Option::request('state')));
$_info = null;
if (isset($_token, $_token['result'])) {
if (!is_string($_token['result'])) {
$_info = $_token['result'];
} else {
parse_str($_token['result'], $_info);
}
$this->_responsePayload = $_info;
}
if (!is_array($_info) && !is_object($_info) || null !== ($_error = Option::get($_info, 'error'))) {
// Error
Log::error('Error returned from oauth token request: ' . print_r($_info, true));
$this->_revokeAuthorization();
return false;
}
return $this->_processReceivedToken($_info);
}
use Kisma\Core\Utility\Curl;
use Kisma\Core\Utility\FilterInput;
/**
* @var string $content
* @var ConsoleController $this
*/
$_route = $this->route;
$_step = 'light';
$_headline = 'DSP Settings';
$_themeList = null;
// Change these to update the CDN versions used. Set to false to disable
$_bootstrapVersion = '3.1.1';
// Set to false to disable
$_bootswatchVersion = '3.1.1';
$_dataTablesVersion = '1.9.4';
$_bootswatchTheme = FilterInput::request('theme', Pii::getState('admin.default_theme', 'default'), FILTER_SANITIZE_STRING);
Pii::setState('dsp.admin_theme', $_bootswatchTheme);
$_useBootswatchThemes = 'default' != $_bootswatchTheme;
$_fontAwesomeVersion = '4.0.3';
// Set to false to disable
$_jqueryVersion = '1.11.0';
$_themes = array('Default', 'Amelia', 'Cerulean', 'Cosmo', 'Cyborg', 'Flatly', 'Journal', 'Readable', 'Simplex', 'Slate', 'Spacelab', 'United');
$_url = Curl::currentUrl(false);
foreach ($_themes as $_item) {
$_name = strtolower($_item);
$_class = $_bootswatchTheme == $_name ? 'class="active"' : null;
$_themeList .= <<<HTML
\t<li {$_class}><a href="{$_url}?theme={$_name}">{$_item}</a></li>
HTML;
}
// Our css building begins...
