2016-12-15 10:13:00 +01:00
|
|
|
<?php
|
|
|
|
namespace Shaarli\Api;
|
|
|
|
|
|
|
|
use Shaarli\Api\Exceptions\ApiAuthorizationException;
|
2019-01-12 23:55:38 +01:00
|
|
|
use Shaarli\Http\Base64Url;
|
2016-12-15 10:13:00 +01:00
|
|
|
|
|
|
|
/**
|
2017-01-04 11:41:05 +01:00
|
|
|
* REST API utilities
|
2016-12-15 10:13:00 +01:00
|
|
|
*/
|
|
|
|
class ApiUtils
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Validates a JWT token authenticity.
|
|
|
|
*
|
2018-12-03 00:16:10 +01:00
|
|
|
* @param string $token JWT token extracted from the headers.
|
2016-12-15 10:13:00 +01:00
|
|
|
* @param string $secret API secret set in the settings.
|
|
|
|
*
|
2019-08-10 12:31:32 +02:00
|
|
|
* @return bool true on success
|
|
|
|
*
|
2016-12-15 10:13:00 +01:00
|
|
|
* @throws ApiAuthorizationException the token is not valid.
|
|
|
|
*/
|
|
|
|
public static function validateJwtToken($token, $secret)
|
|
|
|
{
|
|
|
|
$parts = explode('.', $token);
|
|
|
|
if (count($parts) != 3 || strlen($parts[0]) == 0 || strlen($parts[1]) == 0) {
|
|
|
|
throw new ApiAuthorizationException('Malformed JWT token');
|
|
|
|
}
|
|
|
|
|
2017-01-04 11:41:05 +01:00
|
|
|
$genSign = Base64Url::encode(hash_hmac('sha512', $parts[0] .'.'. $parts[1], $secret, true));
|
2016-12-15 10:13:00 +01:00
|
|
|
if ($parts[2] != $genSign) {
|
|
|
|
throw new ApiAuthorizationException('Invalid JWT signature');
|
|
|
|
}
|
|
|
|
|
2017-01-04 11:41:05 +01:00
|
|
|
$header = json_decode(Base64Url::decode($parts[0]));
|
2016-12-15 10:13:00 +01:00
|
|
|
if ($header === null) {
|
|
|
|
throw new ApiAuthorizationException('Invalid JWT header');
|
|
|
|
}
|
|
|
|
|
2017-01-04 11:41:05 +01:00
|
|
|
$payload = json_decode(Base64Url::decode($parts[1]));
|
2016-12-15 10:13:00 +01:00
|
|
|
if ($payload === null) {
|
|
|
|
throw new ApiAuthorizationException('Invalid JWT payload');
|
|
|
|
}
|
|
|
|
|
|
|
|
if (empty($payload->iat)
|
|
|
|
|| $payload->iat > time()
|
|
|
|
|| time() - $payload->iat > ApiMiddleware::$TOKEN_DURATION
|
|
|
|
) {
|
|
|
|
throw new ApiAuthorizationException('Invalid JWT issued time');
|
|
|
|
}
|
2019-08-10 12:31:32 +02:00
|
|
|
|
|
|
|
return true;
|
2016-12-15 10:13:00 +01:00
|
|
|
}
|
2016-12-22 14:36:45 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Format a Link for the REST API.
|
|
|
|
*
|
2018-12-03 00:16:10 +01:00
|
|
|
* @param array $link Link data read from the datastore.
|
2016-12-22 14:36:45 +01:00
|
|
|
* @param string $indexUrl Shaarli's index URL (used for relative URL).
|
|
|
|
*
|
|
|
|
* @return array Link data formatted for the REST API.
|
|
|
|
*/
|
|
|
|
public static function formatLink($link, $indexUrl)
|
|
|
|
{
|
|
|
|
$out['id'] = $link['id'];
|
|
|
|
// Not an internal link
|
2019-02-09 14:13:08 +01:00
|
|
|
if (! is_note($link['url'])) {
|
2016-12-22 14:36:45 +01:00
|
|
|
$out['url'] = $link['url'];
|
|
|
|
} else {
|
|
|
|
$out['url'] = $indexUrl . $link['url'];
|
|
|
|
}
|
|
|
|
$out['shorturl'] = $link['shorturl'];
|
|
|
|
$out['title'] = $link['title'];
|
|
|
|
$out['description'] = $link['description'];
|
|
|
|
$out['tags'] = preg_split('/\s+/', $link['tags'], -1, PREG_SPLIT_NO_EMPTY);
|
|
|
|
$out['private'] = $link['private'] == true;
|
|
|
|
$out['created'] = $link['created']->format(\DateTime::ATOM);
|
|
|
|
if (! empty($link['updated'])) {
|
|
|
|
$out['updated'] = $link['updated']->format(\DateTime::ATOM);
|
|
|
|
} else {
|
|
|
|
$out['updated'] = '';
|
|
|
|
}
|
|
|
|
return $out;
|
|
|
|
}
|
2017-01-05 15:58:24 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Convert a link given through a request, to a valid link for LinkDB.
|
|
|
|
*
|
|
|
|
* If no URL is provided, it will generate a local note URL.
|
|
|
|
* If no title is provided, it will use the URL as title.
|
|
|
|
*
|
|
|
|
* @param array $input Request Link.
|
|
|
|
* @param bool $defaultPrivate Request Link.
|
|
|
|
*
|
|
|
|
* @return array Formatted link.
|
|
|
|
*/
|
|
|
|
public static function buildLinkFromRequest($input, $defaultPrivate)
|
|
|
|
{
|
|
|
|
$input['url'] = ! empty($input['url']) ? cleanup_url($input['url']) : '';
|
|
|
|
if (isset($input['private'])) {
|
|
|
|
$private = filter_var($input['private'], FILTER_VALIDATE_BOOLEAN);
|
|
|
|
} else {
|
|
|
|
$private = $defaultPrivate;
|
|
|
|
}
|
|
|
|
|
|
|
|
$link = [
|
|
|
|
'title' => ! empty($input['title']) ? $input['title'] : $input['url'],
|
|
|
|
'url' => $input['url'],
|
|
|
|
'description' => ! empty($input['description']) ? $input['description'] : '',
|
|
|
|
'tags' => ! empty($input['tags']) ? implode(' ', $input['tags']) : '',
|
|
|
|
'private' => $private,
|
|
|
|
'created' => new \DateTime(),
|
|
|
|
];
|
|
|
|
return $link;
|
|
|
|
}
|
2017-04-01 11:11:25 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Update link fields using an updated link object.
|
|
|
|
*
|
|
|
|
* @param array $oldLink data
|
|
|
|
* @param array $newLink data
|
|
|
|
*
|
|
|
|
* @return array $oldLink updated with $newLink values
|
|
|
|
*/
|
|
|
|
public static function updateLink($oldLink, $newLink)
|
|
|
|
{
|
|
|
|
foreach (['title', 'url', 'description', 'tags', 'private'] as $field) {
|
|
|
|
$oldLink[$field] = $newLink[$field];
|
|
|
|
}
|
|
|
|
$oldLink['updated'] = new \DateTime();
|
|
|
|
|
|
|
|
if (empty($oldLink['url'])) {
|
|
|
|
$oldLink['url'] = '?' . $oldLink['shorturl'];
|
|
|
|
}
|
|
|
|
|
|
|
|
if (empty($oldLink['title'])) {
|
|
|
|
$oldLink['title'] = $oldLink['url'];
|
|
|
|
}
|
|
|
|
|
|
|
|
return $oldLink;
|
|
|
|
}
|
2018-05-19 15:04:04 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Format a Tag for the REST API.
|
|
|
|
*
|
|
|
|
* @param string $tag Tag name
|
|
|
|
* @param int $occurrences Number of links using this tag
|
|
|
|
*
|
|
|
|
* @return array Link data formatted for the REST API.
|
|
|
|
*/
|
|
|
|
public static function formatTag($tag, $occurences)
|
|
|
|
{
|
|
|
|
return [
|
|
|
|
'name' => $tag,
|
|
|
|
'occurrences' => $occurences,
|
|
|
|
];
|
|
|
|
}
|
2016-12-15 10:13:00 +01:00
|
|
|
}
|