nextcloud/lib/private/legacy/OC_API.php

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Bart Visscher <bartv@thisnet.nl>
 * @author Björn Schießle <bjoern@schiessle.org>
 * @author Christoph Wurst <christoph@winzerhof-wurst.at>
 * @author Jörn Friedrich Dreyer <jfd@butonic.de>
 * @author Lukas Reschke <lukas@statuscode.ch>
 * @author Michael Gapczynski <GapczynskiM@gmail.com>
 * @author Morris Jobke <hey@morrisjobke.de>
 * @author Roeland Jago Douma <roeland@famdouma.nl>
 * @author Thomas Müller <thomas.mueller@tmit.eu>
 * @author Tom Needham <tom@owncloud.com>
 * @author Vincent Petry <pvince81@owncloud.com>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program. If not, see <http://www.gnu.org/licenses/>
 *
 */
use OCP\API;
use OCP\AppFramework\Http;

class OC_API {

	/**
	 * api actions
	 */
	protected static $actions = [];

	/**
	 * respond to a call
	 * @param \OC\OCS\Result $result
	 * @param string $format the format xml|json
	 */
	public static function respond($result, $format='xml') {
		$request = \OC::$server->getRequest();

		// Send 401 headers if unauthorised
		if ($result->getStatusCode() === API::RESPOND_UNAUTHORISED) {
			// If request comes from JS return dummy auth request
			if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
				header('WWW-Authenticate: DummyBasic realm="Authorisation Required"');
			} else {
				header('WWW-Authenticate: Basic realm="Authorisation Required"');
			}
			http_response_code(401);
		}

		foreach ($result->getHeaders() as $name => $value) {
			header($name . ': ' . $value);
		}

		$meta = $result->getMeta();
		$data = $result->getData();
		if (self::isV2($request)) {
			$statusCode = self::mapStatusCodes($result->getStatusCode());
			if (!is_null($statusCode)) {
				$meta['statuscode'] = $statusCode;
				http_response_code($statusCode);
			}
		}

		self::setContentType($format);
		$body = self::renderResult($format, $meta, $data);
		echo $body;
	}

	/**
	 * @param XMLWriter $writer
	 */
	private static function toXML($array, $writer) {
		foreach ($array as $k => $v) {
			if ($k[0] === '@') {
				$writer->writeAttribute(substr($k, 1), $v);
				continue;
			} elseif (is_numeric($k)) {
				$k = 'element';
			}
			if (is_array($v)) {
				$writer->startElement($k);
				self::toXML($v, $writer);
				$writer->endElement();
			} else {
				$writer->writeElement($k, $v);
			}
		}
	}

	/**
	 * @return string
	 */
	public static function requestedFormat() {
		$formats = ['json', 'xml'];

		$format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';
		return $format;
	}

	/**
	 * Based on the requested format the response content type is set
	 * @param string $format
	 */
	public static function setContentType($format = null) {
		$format = is_null($format) ? self::requestedFormat() : $format;
		if ($format === 'xml') {
			header('Content-type: text/xml; charset=UTF-8');
			return;
		}

		if ($format === 'json') {
			header('Content-Type: application/json; charset=utf-8');
			return;
		}

		header('Content-Type: application/octet-stream; charset=utf-8');
	}

	/**
	 * @param \OCP\IRequest $request
	 * @return bool
	 */
	protected static function isV2(\OCP\IRequest $request) {
		$script = $request->getScriptName();

		return substr($script, -11) === '/ocs/v2.php';
	}

	/**
	 * @param integer $sc
	 * @return int
	 */
	public static function mapStatusCodes($sc) {
		switch ($sc) {
			case API::RESPOND_NOT_FOUND:
				return Http::STATUS_NOT_FOUND;
			case API::RESPOND_SERVER_ERROR:
				return Http::STATUS_INTERNAL_SERVER_ERROR;
			case API::RESPOND_UNKNOWN_ERROR:
				return Http::STATUS_INTERNAL_SERVER_ERROR;
			case API::RESPOND_UNAUTHORISED:
				// already handled for v1
				return null;
			case 100:
				return Http::STATUS_OK;
		}
		// any 2xx, 4xx and 5xx will be used as is
		if ($sc >= 200 && $sc < 600) {
			return $sc;
		}

		return Http::STATUS_BAD_REQUEST;
	}

	/**
	 * @param string $format
	 * @return string
	 */
	public static function renderResult($format, $meta, $data) {
		$response = [
			'ocs' => [
				'meta' => $meta,
				'data' => $data,
			],
		];
		if ($format == 'json') {
			return OC_JSON::encode($response);
		}

		$writer = new XMLWriter();
		$writer->openMemory();
		$writer->setIndent(true);
		$writer->startDocument();
		self::toXML($response, $writer);
		$writer->endDocument();
		return $writer->outputMemory(true);
	}
}
Basic structure and functionality of api class 2012-07-29 01:40:11 +04:00			`<?php`
update licence headers via script 2015-10-05 21:54:56 +03:00			`/**`
Fix others 2016-07-21 18:07:57 +03:00			`* @copyright Copyright (c) 2016, ownCloud, Inc.`
			`*`
update licence headers via script 2015-10-05 21:54:56 +03:00			`* @author Bart Visscher <bartv@thisnet.nl>`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Björn Schießle <bjoern@schiessle.org>`
Update the license headers for Nextcloud 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-03-31 11:49:10 +03:00			`* @author Christoph Wurst <christoph@winzerhof-wurst.at>`
update licence headers via script 2015-10-05 21:54:56 +03:00			`* @author Jörn Friedrich Dreyer <jfd@butonic.de>`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Lukas Reschke <lukas@statuscode.ch>`
update licence headers via script 2015-10-05 21:54:56 +03:00			`* @author Michael Gapczynski <GapczynskiM@gmail.com>`
			`* @author Morris Jobke <hey@morrisjobke.de>`
Fix others 2016-07-21 18:07:57 +03:00			`* @author Roeland Jago Douma <roeland@famdouma.nl>`
update licence headers via script 2015-10-05 21:54:56 +03:00			`* @author Thomas Müller <thomas.mueller@tmit.eu>`
			`* @author Tom Needham <tom@owncloud.com>`
			`* @author Vincent Petry <pvince81@owncloud.com>`
			`*`
			`* @license AGPL-3.0`
			`*`
			`* This code is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License, version 3,`
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2019-12-03 21:57:53 +03:00			`* along with this program. If not, see <http://www.gnu.org/licenses/>`
update licence headers via script 2015-10-05 21:54:56 +03:00			`*`
			`*/`
Adding ocs/v2.php with status code mapper 2015-08-03 17:05:50 +03:00			`use OCP\API;`
			`use OCP\AppFramework\Http;`

Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`class OC_API {`
OAuth server implementation using oauth library 2012-08-03 04:02:31 +04:00
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`/**`
Merge branch 'master' into ocs_api Conflicts: l10n/templates/core.pot l10n/templates/files.pot l10n/templates/files_encryption.pot l10n/templates/files_external.pot l10n/templates/files_sharing.pot l10n/templates/files_versions.pot l10n/templates/lib.pot l10n/templates/settings.pot l10n/templates/user_ldap.pot l10n/templates/user_webdavauth.pot 2012-12-31 19:47:15 +04:00			`* api actions`
			`*/`
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-03-26 11:30:18 +03:00			`protected static $actions = [];`
keep response message 2014-01-13 15:27:05 +04:00
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`/**`
Merge branch 'master' into ocs_api Conflicts: l10n/templates/core.pot l10n/templates/files.pot l10n/templates/files_encryption.pot l10n/templates/files_external.pot l10n/templates/files_sharing.pot l10n/templates/files_versions.pot l10n/templates/lib.pot l10n/templates/settings.pot l10n/templates/user_ldap.pot l10n/templates/user_webdavauth.pot 2012-12-31 19:47:15 +04:00			`* respond to a call`
OC_OCS_Response is deprecated Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-09-21 18:56:00 +03:00			`* @param \OC\OCS\Result $result`
Merge branch 'master' into ocs_api Conflicts: l10n/templates/core.pot l10n/templates/files.pot l10n/templates/files_encryption.pot l10n/templates/files_external.pot l10n/templates/files_sharing.pot l10n/templates/files_versions.pot l10n/templates/lib.pot l10n/templates/settings.pot l10n/templates/user_ldap.pot l10n/templates/user_webdavauth.pot 2012-12-31 19:47:15 +04:00			`* @param string $format the format xml\|json`
			`*/`
Return 503 OCS response with requested format 2014-06-30 17:37:38 +04:00			`public static function respond($result, $format='xml') {`
Catch auth coming from JS in OCS 2016-02-15 17:38:37 +03:00			`$request = \OC::$server->getRequest();`

API: Remove api response structure from OC_OCS_Result, handle multiple registered methods for api calls 2013-01-25 16:48:59 +04:00			`// Send 401 headers if unauthorised`
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 15:19:56 +03:00			`if ($result->getStatusCode() === API::RESPOND_UNAUTHORISED) {`
Catch auth coming from JS in OCS 2016-02-15 17:38:37 +03:00			`// If request comes from JS return dummy auth request`
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 15:19:56 +03:00			`if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {`
Catch auth coming from JS in OCS 2016-02-15 17:38:37 +03:00			`header('WWW-Authenticate: DummyBasic realm="Authorisation Required"');`
			`} else {`
			`header('WWW-Authenticate: Basic realm="Authorisation Required"');`
			`}`
Replace hardcoded status headers with calls to http_response_code() Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2018-06-26 11:32:50 +03:00			`http_response_code(401);`
API: Remove api response structure from OC_OCS_Result, handle multiple registered methods for api calls 2013-01-25 16:48:59 +04:00			`}`
Adding ocs/v2.php with status code mapper 2015-08-03 17:05:50 +03:00
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 15:19:56 +03:00			`foreach ($result->getHeaders() as $name => $value) {`
Adding header support to class OC_OCS_Result 2015-08-07 14:12:43 +03:00			`header($name . ': ' . $value);`
			`}`

With V2 we should ensure that the status codes are kept in sync 2015-08-06 01:01:56 +03:00			`$meta = $result->getMeta();`
			`$data = $result->getData();`
Catch auth coming from JS in OCS 2016-02-15 17:38:37 +03:00			`if (self::isV2($request)) {`
Adding ocs/v2.php with status code mapper 2015-08-03 17:05:50 +03:00			`$statusCode = self::mapStatusCodes($result->getStatusCode());`
			`if (!is_null($statusCode)) {`
With V2 we should ensure that the status codes are kept in sync 2015-08-06 01:01:56 +03:00			`$meta['statuscode'] = $statusCode;`
Replace hardcoded status headers with calls to http_response_code() Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2018-06-26 11:32:50 +03:00			`http_response_code($statusCode);`
Adding ocs/v2.php with status code mapper 2015-08-03 17:05:50 +03:00			`}`
			`}`

Remove duplicate and unused code 2015-08-03 22:03:11 +03:00			`self::setContentType($format);`
With V2 we should ensure that the status codes are kept in sync 2015-08-06 01:01:56 +03:00			`$body = self::renderResult($format, $meta, $data);`
Remove duplicate and unused code 2015-08-03 22:03:11 +03:00			`echo $body;`
Fix odd indentation issue 2012-07-29 01:50:40 +04:00			`}`
API: Complete respond function 2012-08-01 21:48:51 +04:00
polish documentation based on scrutinizer patches 2014-02-06 19:30:58 +04:00			`/**`
			`* @param XMLWriter $writer`
			`*/`
Merge branch 'master' into ocs_api Conflicts: l10n/templates/core.pot l10n/templates/files.pot l10n/templates/files_encryption.pot l10n/templates/files_external.pot l10n/templates/files_sharing.pot l10n/templates/files_versions.pot l10n/templates/lib.pot l10n/templates/settings.pot l10n/templates/user_ldap.pot l10n/templates/user_webdavauth.pot 2012-12-31 19:47:15 +04:00			`private static function toXML($array, $writer) {`
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 15:19:56 +03:00			`foreach ($array as $k => $v) {`
API: Remove api response structure from OC_OCS_Result, handle multiple registered methods for api calls 2013-01-25 16:48:59 +04:00			`if ($k[0] === '@') {`
			`$writer->writeAttribute(substr($k, 1), $v);`
			`continue;`
Use elseif instead of else if Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 11:35:09 +03:00			`} elseif (is_numeric($k)) {`
Quick fix for xml encoding arrays 2012-08-02 19:48:09 +04:00			`$k = 'element';`
			`}`
Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-04-10 15:19:56 +03:00			`if (is_array($v)) {`
API: Complete respond function 2012-08-01 21:48:51 +04:00			`$writer->startElement($k);`
			`self::toXML($v, $writer);`
			`$writer->endElement();`
			`} else {`
			`$writer->writeElement($k, $v);`
			`}`
			`}`
API: Allow admins to access SUBADMIN api methods 2012-09-14 17:41:06 +04:00			`}`
keep response message 2014-01-13 15:27:05 +04:00
set content-type on ocs exceptions 2014-03-12 03:35:19 +04:00			`/**`
			`* @return string`
			`*/`
			`public static function requestedFormat() {`
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-03-26 11:30:18 +03:00			`$formats = ['json', 'xml'];`
set content-type on ocs exceptions 2014-03-12 03:35:19 +04:00
			`$format = !empty($_GET['format']) && in_array($_GET['format'], $formats) ? $_GET['format'] : 'xml';`
			`return $format;`
			`}`

			`/**`
			`* Based on the requested format the response content type is set`
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 2016-02-17 16:21:07 +03:00			`* @param string $format`
set content-type on ocs exceptions 2014-03-12 03:35:19 +04:00			`*/`
Remove duplicate and unused code 2015-08-03 22:03:11 +03:00			`public static function setContentType($format = null) {`
			`$format = is_null($format) ? self::requestedFormat() : $format;`
set content-type on ocs exceptions 2014-03-12 03:35:19 +04:00			`if ($format === 'xml') {`
			`header('Content-type: text/xml; charset=UTF-8');`
			`return;`
			`}`

			`if ($format === 'json') {`
			`header('Content-Type: application/json; charset=utf-8');`
			`return;`
			`}`

			`header('Content-Type: application/octet-stream; charset=utf-8');`
			`}`

Adding ocs/v2.php with status code mapper 2015-08-03 17:05:50 +03:00			`/**`
Strip directory from scriptName `\OCP\IRequest::getScriptName` will also return the directory, so if ownCloud is installed in a subfolder such as `owncloud/` it will resolve to `/owncloud/ocs/v2.php`. This made this check fail and also made it return invalid status codes. 2015-10-13 00:39:16 +03:00			`* @param \OCP\IRequest $request`
			`* @return bool`
Adding ocs/v2.php with status code mapper 2015-08-03 17:05:50 +03:00			`*/`
Strip directory from scriptName `\OCP\IRequest::getScriptName` will also return the directory, so if ownCloud is installed in a subfolder such as `owncloud/` it will resolve to `/owncloud/ocs/v2.php`. This made this check fail and also made it return invalid status codes. 2015-10-13 00:39:16 +03:00			`protected static function isV2(\OCP\IRequest $request) {`
Adding ocs/v2.php with status code mapper 2015-08-03 17:05:50 +03:00			`$script = $request->getScriptName();`
set content-type on ocs exceptions 2014-03-12 03:35:19 +04:00
Strip directory from scriptName `\OCP\IRequest::getScriptName` will also return the directory, so if ownCloud is installed in a subfolder such as `owncloud/` it will resolve to `/owncloud/ocs/v2.php`. This made this check fail and also made it return invalid status codes. 2015-10-13 00:39:16 +03:00			`return substr($script, -11) === '/ocs/v2.php';`
Adding ocs/v2.php with status code mapper 2015-08-03 17:05:50 +03:00			`}`

			`/**`
			`* @param integer $sc`
Return 200 not null - we should return consistent types 2015-08-05 12:23:29 +03:00			`* @return int`
Adding ocs/v2.php with status code mapper 2015-08-03 17:05:50 +03:00			`*/`
			`public static function mapStatusCodes($sc) {`
			`switch ($sc) {`
			`case API::RESPOND_NOT_FOUND:`
			`return Http::STATUS_NOT_FOUND;`
			`case API::RESPOND_SERVER_ERROR:`
			`return Http::STATUS_INTERNAL_SERVER_ERROR;`
			`case API::RESPOND_UNKNOWN_ERROR:`
			`return Http::STATUS_INTERNAL_SERVER_ERROR;`
			`case API::RESPOND_UNAUTHORISED:`
			`// already handled for v1`
			`return null;`
			`case 100:`
			`return Http::STATUS_OK;`
			`}`
			`// any 2xx, 4xx and 5xx will be used as is`
			`if ($sc >= 200 && $sc < 600) {`
			`return $sc;`
			`}`

Following the spec: "`statuscode`: The OCS status code of the response, everything except 100 MUST be handled as failure." 2015-08-05 18:49:44 +03:00			`return Http::STATUS_BAD_REQUEST;`
Adding ocs/v2.php with status code mapper 2015-08-03 17:05:50 +03:00			`}`
Remove duplicate and unused code 2015-08-03 22:03:11 +03:00
			`/**`
			`* @param string $format`
			`* @return string`
			`*/`
With V2 we should ensure that the status codes are kept in sync 2015-08-06 01:01:56 +03:00			`public static function renderResult($format, $meta, $data) {`
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-03-26 11:30:18 +03:00			`$response = [`
			`'ocs' => [`
With V2 we should ensure that the status codes are kept in sync 2015-08-06 01:01:56 +03:00			`'meta' => $meta,`
			`'data' => $data,`
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-03-26 11:30:18 +03:00			`],`
			`];`
Remove duplicate and unused code 2015-08-03 22:03:11 +03:00			`if ($format == 'json') {`
			`return OC_JSON::encode($response);`
			`}`

			`$writer = new XMLWriter();`
			`$writer->openMemory();`
			`$writer->setIndent(true);`
			`$writer->startDocument();`
			`self::toXML($response, $writer);`
			`$writer->endDocument();`
			`return $writer->outputMemory(true);`
			`}`
Make calling ocs/v1.php/config work 2012-07-30 23:03:41 +04:00			`}`