nextcloud/lib/api.php

<?php
/**
* ownCloud
*
* @author Tom Needham
* @author Michael Gapczynski
* @author Bart Visscher
* @copyright 2012 Tom Needham tom@owncloud.com
* @copyright 2012 Michael Gapczynski mtgap@owncloud.com
* @copyright 2012 Bart Visscher bartv@thisnet.nl
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
*
*/

class OC_API {

	/**
	 * API authentication levels
	 */
	const GUEST_AUTH = 0;
	const USER_AUTH = 1;
	const SUBADMIN_AUTH = 2;
	const ADMIN_AUTH = 3;

	private static $server;

	/**
	 * initialises the OAuth store and server
	 */
	private static function init() {
		self::$server = new OC_OAuth_Server(new OC_OAuth_Store());
	}
	
	/**
	* api actions
	*/
	protected static $actions = array();
	
	/**
	* registers an api call
	* @param string $method the http method
	* @param string $url the url to match
	* @param callable $action the function to run
	* @param string $app the id of the app registering the call
	* @param int $authlevel the level of authentication required for the call
	* @param array $defaults
	* @param array $requirements
	*/
	public static function register($method, $url, $action, $app, 
				$authlevel = OC_API::USER_AUTH,
				$defaults = array(),
				$requirements = array()){
		$name = strtolower($method).$url;
		$name = str_replace(array('/', '{', '}'), '_', $name);
		if(!isset(self::$actions[$name])){
			OC::getRouter()->useCollection('ocs');
			OC::getRouter()->create($name, $url)
				->method($method)
				->action('OC_API', 'call');
			self::$actions[$name] = array();
		}
		self::$actions[$name] = array('app' => $app, 'action' => $action, 'authlevel' => $authlevel);
	}
	
	/**
	* handles an api call
	* @param array $parameters
	*/
	public static function call($parameters){
		// Prepare the request variables
		if($_SERVER['REQUEST_METHOD'] == 'PUT'){
			parse_str(file_get_contents("php://input"), $_PUT);
		} else if($_SERVER['REQUEST_METHOD'] == 'DELETE'){
			parse_str(file_get_contents("php://input"), $_DELETE);
		}
		$name = $parameters['_route'];
		// Loop through registered actions
		if(is_callable(self::$actions[$name]['action'])){
			$response = call_user_func(self::$actions[$name]['action'], $parameters);
		} else {
			$response = new OC_OCS_Result(null, 998, 'Internal server error.');
		} 
		// Send the response
		$formats = array('json', 'xml');
		$format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';
		self::respond($response, $format);
		// logout the user to be stateless
		OC_User::logout();
	}
	
	/**
	 * authenticate the api call
	 * @param array $action the action details as supplied to OC_API::register()
	 * @return bool
	 */
	private static function isAuthorised($action){
		$level = $action['authlevel'];
		switch($level){
			case OC_API::GUEST_AUTH:
				// Anyone can access
				return true;
				break;
			case OC_API::USER_AUTH:
				// User required
				return self::loginUser();
				break;
			case OC_API::SUBADMIN_AUTH:
				// Check for subadmin
				$user = self::loginUser();
				if(!$user){
					return false;
				} else {
					$subadmin = OC_SubAdmin::isSubAdmin($user);
					$admin = OC_Group::inGroup($user, 'admin');
					if($subadmin || $admin){
						return true;
					} else {
						return false;
					}
				}
				break;
			case OC_API::ADMIN_AUTH:
				// Check for admin
				$user = self::loginUser();
				if(!$user){
					return false;
				} else {
					return OC_Group::inGroup($user, 'admin');
				}
				break;
			default:
				// oops looks like invalid level supplied
				return false;
				break;
		}
	} 
	
	/**
	 * http basic auth
	 * @return string|false (username, or false on failure)
	 */
	private static function loginUser(){
		$authuser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';
		$authpw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
		return OC_User::login($authuser, $authpw) ? $authuser : false;
	}
	
	/**
	* respond to a call
	* @param int|array $result the result from the api method
	* @param string $format the format xml|json
	*/
	private static function respond($result, $format='xml'){
		$response = array('ocs' => $result->getResult());
		if ($format == 'json') {
			OC_JSON::encodedPrint($response);
		} else if ($format == 'xml') {
			header('Content-type: text/xml; charset=UTF-8');
			$writer = new XMLWriter();
			$writer->openMemory();
			$writer->setIndent( true );
			$writer->startDocument();
			self::toXML($response, $writer);
			$writer->endDocument();
			echo $writer->outputMemory(true);
		} else {
			var_dump($format, $response);
		}
	}

	private static function toXML($array, $writer){
		foreach($array as $k => $v) {
			if (is_numeric($k)) {
				$k = 'element';
			}
			if (is_array($v)) {
				$writer->startElement($k);
				self::toXML($v, $writer);
				$writer->endElement();
			} else {
				$writer->writeElement($k, $v);
			}
		}
	}
	
}
Basic structure and functionality of api class 2012-07-29 01:40:11 +04:00			`<?php`
			`/**`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`* ownCloud`
			`*`
			`* @author Tom Needham`
			`* @author Michael Gapczynski`
			`* @author Bart Visscher`
			`* @copyright 2012 Tom Needham tom@owncloud.com`
			`* @copyright 2012 Michael Gapczynski mtgap@owncloud.com`
			`* @copyright 2012 Bart Visscher bartv@thisnet.nl`
			`*`
			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE`
			`* License as published by the Free Software Foundation; either`
			`* version 3 of the License, or any later version.`
			`*`
			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU AFFERO GENERAL PUBLIC LICENSE for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public`
			`* License along with this library. If not, see <http://www.gnu.org/licenses/>.`
			`*`
			`*/`
Move OAuth classes into lib/oauth 2012-08-03 15:47:05 +04:00
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`class OC_API {`
OAuth server implementation using oauth library 2012-08-03 04:02:31 +04:00
API: Require api calls to register the required auth level 2012-09-13 13:41:20 +04:00			`/**`
			`* API authentication levels`
			`*/`
			`const GUEST_AUTH = 0;`
			`const USER_AUTH = 1;`
			`const SUBADMIN_AUTH = 2;`
			`const ADMIN_AUTH = 3;`

OAuth server implementation using oauth library 2012-08-03 04:02:31 +04:00			`private static $server;`

			`/**`
			`* initialises the OAuth store and server`
			`*/`
			`private static function init() {`
Move OAuth classes into lib/oauth 2012-08-03 15:47:05 +04:00			`self::$server = new OC_OAuth_Server(new OC_OAuth_Store());`
OAuth server implementation using oauth library 2012-08-03 04:02:31 +04:00			`}`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00
			`/**`
			`* api actions`
			`*/`
Add core routes and include them in OC_API::call() 2012-07-30 14:56:21 +04:00			`protected static $actions = array();`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00
			`/**`
			`* registers an api call`
			`* @param string $method the http method`
			`* @param string $url the url to match`
			`* @param callable $action the function to run`
Record the app that is registering a call to use later with OAuth 2012-07-30 16:56:01 +04:00			`* @param string $app the id of the app registering the call`
API: Require api calls to register the required auth level 2012-09-13 13:41:20 +04:00			`* @param int $authlevel the level of authentication required for the call`
			`* @param array $defaults`
			`* @param array $requirements`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`*/`
API: Require api calls to register the required auth level 2012-09-13 13:41:20 +04:00			`public static function register($method, $url, $action, $app,`
			`$authlevel = OC_API::USER_AUTH,`
Fix /privatedata/getattribute route 2012-08-01 01:26:15 +04:00			`$defaults = array(),`
			`$requirements = array()){`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`$name = strtolower($method).$url;`
Fix OC_API::register 2012-07-30 22:52:47 +04:00			`$name = str_replace(array('/', '{', '}'), '_', $name);`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`if(!isset(self::$actions[$name])){`
Routing: combine all routes into one set 2012-08-02 23:51:31 +04:00			`OC::getRouter()->useCollection('ocs');`
API: Specify the response format using a GET parameter 2012-12-12 02:36:46 +04:00			`OC::getRouter()->create($name, $url)`
API: set request method for registered urls 2012-08-01 00:34:35 +04:00			`->method($method)`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`->action('OC_API', 'call');`
			`self::$actions[$name] = array();`
			`}`
API: Further tidying, implement OC_OCS_Result object for api results. 2012-12-12 20:50:25 +04:00			`self::$actions[$name] = array('app' => $app, 'action' => $action, 'authlevel' => $authlevel);`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`}`

			`/**`
			`* handles an api call`
			`* @param array $parameters`
			`*/`
Add core routes and include them in OC_API::call() 2012-07-30 14:56:21 +04:00			`public static function call($parameters){`
API: Parse PUT and DELETE variables 2012-09-17 16:08:17 +04:00			`// Prepare the request variables`
			`if($_SERVER['REQUEST_METHOD'] == 'PUT'){`
			`parse_str(file_get_contents("php://input"), $_PUT);`
			`} else if($_SERVER['REQUEST_METHOD'] == 'DELETE'){`
			`parse_str(file_get_contents("php://input"), $_DELETE);`
			`}`
Make calling ocs/v1.php/config work 2012-07-30 23:03:41 +04:00			`$name = $parameters['_route'];`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`// Loop through registered actions`
API: Further tidying, implement OC_OCS_Result object for api results. 2012-12-12 20:50:25 +04:00			`if(is_callable(self::$actions[$name]['action'])){`
			`$response = call_user_func(self::$actions[$name]['action'], $parameters);`
			`} else {`
			`$response = new OC_OCS_Result(null, 998, 'Internal server error.');`
			`}`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`// Send the response`
API: Specify the response format using a GET parameter 2012-12-12 02:36:46 +04:00			`$formats = array('json', 'xml');`
			`$format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';`
			`self::respond($response, $format);`
API: Use http authentication, check the auth level required 2012-09-13 19:18:38 +04:00			`// logout the user to be stateless`
Logout the user at the end of a call to be stateless 2012-08-01 17:39:05 +04:00			`OC_User::logout();`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`}`

API: Require api calls to register the required auth level 2012-09-13 13:41:20 +04:00			`/**`
			`* authenticate the api call`
			`* @param array $action the action details as supplied to OC_API::register()`
			`* @return bool`
			`*/`
API: Use http authentication, check the auth level required 2012-09-13 19:18:38 +04:00			`private static function isAuthorised($action){`
API: Require api calls to register the required auth level 2012-09-13 13:41:20 +04:00			`$level = $action['authlevel'];`
			`switch($level){`
			`case OC_API::GUEST_AUTH:`
			`// Anyone can access`
			`return true;`
			`break;`
			`case OC_API::USER_AUTH:`
			`// User required`
API: Use http authentication, check the auth level required 2012-09-13 19:18:38 +04:00			`return self::loginUser();`
API: Require api calls to register the required auth level 2012-09-13 13:41:20 +04:00			`break;`
			`case OC_API::SUBADMIN_AUTH:`
			`// Check for subadmin`
API: Use http authentication, check the auth level required 2012-09-13 19:18:38 +04:00			`$user = self::loginUser();`
			`if(!$user){`
			`return false;`
			`} else {`
API: Allow admins to access SUBADMIN api methods 2012-09-14 17:41:06 +04:00			`$subadmin = OC_SubAdmin::isSubAdmin($user);`
			`$admin = OC_Group::inGroup($user, 'admin');`
			`if($subadmin \|\| $admin){`
			`return true;`
			`} else {`
			`return false;`
			`}`
API: Use http authentication, check the auth level required 2012-09-13 19:18:38 +04:00			`}`
API: Require api calls to register the required auth level 2012-09-13 13:41:20 +04:00			`break;`
			`case OC_API::ADMIN_AUTH:`
			`// Check for admin`
API: Use http authentication, check the auth level required 2012-09-13 19:18:38 +04:00			`$user = self::loginUser();`
			`if(!$user){`
			`return false;`
			`} else {`
			`return OC_Group::inGroup($user, 'admin');`
			`}`
API: Require api calls to register the required auth level 2012-09-13 13:41:20 +04:00			`break;`
			`default:`
			`// oops looks like invalid level supplied`
			`return false;`
			`break;`
			`}`
			`}`

			`/**`
API: Use http authentication, check the auth level required 2012-09-13 19:18:38 +04:00			`* http basic auth`
			`* @return string\|false (username, or false on failure)`
API: Require api calls to register the required auth level 2012-09-13 13:41:20 +04:00			`*/`
API: Use http authentication, check the auth level required 2012-09-13 19:18:38 +04:00			`private static function loginUser(){`
			`$authuser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : '';`
			`$authpw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';`
			`return OC_User::login($authuser, $authpw) ? $authuser : false;`
API: Require api calls to register the required auth level 2012-09-13 13:41:20 +04:00			`}`

Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`/**`
			`* respond to a call`
API: Further tidying, implement OC_OCS_Result object for api results. 2012-12-12 20:50:25 +04:00			`* @param int\|array $result the result from the api method`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`* @param string $format the format xml\|json`
			`*/`
API: Further tidying, implement OC_OCS_Result object for api results. 2012-12-12 20:50:25 +04:00			`private static function respond($result, $format='xml'){`
			`$response = array('ocs' => $result->getResult());`
Make calling ocs/v1.php/config work 2012-07-30 23:03:41 +04:00			`if ($format == 'json') {`
API: Complete respond function 2012-08-01 21:48:51 +04:00			`OC_JSON::encodedPrint($response);`
			`} else if ($format == 'xml') {`
			`header('Content-type: text/xml; charset=UTF-8');`
			`$writer = new XMLWriter();`
			`$writer->openMemory();`
			`$writer->setIndent( true );`
			`$writer->startDocument();`
			`self::toXML($response, $writer);`
			`$writer->endDocument();`
			`echo $writer->outputMemory(true);`
Make calling ocs/v1.php/config work 2012-07-30 23:03:41 +04:00			`} else {`
			`var_dump($format, $response);`
			`}`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`}`
API: Complete respond function 2012-08-01 21:48:51 +04:00
			`private static function toXML($array, $writer){`
			`foreach($array as $k => $v) {`
Quick fix for xml encoding arrays 2012-08-02 19:48:09 +04:00			`if (is_numeric($k)) {`
			`$k = 'element';`
			`}`
API: Complete respond function 2012-08-01 21:48:51 +04:00			`if (is_array($v)) {`
			`$writer->startElement($k);`
			`self::toXML($v, $writer);`
			`$writer->endElement();`
			`} else {`
			`$writer->writeElement($k, $v);`
			`}`
			`}`
API: Allow admins to access SUBADMIN api methods 2012-09-14 17:41:06 +04:00			`}`
API: add OC_API::checkLoggedIn() 2012-08-01 17:37:00 +04:00
Make calling ocs/v1.php/config work 2012-07-30 23:03:41 +04:00			`}`