summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
Diffstat (limited to 'application')
-rw-r--r--application/controllers/api.php28
-rw-r--r--application/controllers/api/api_controller.php3
-rw-r--r--application/controllers/api/v1.php83
-rw-r--r--application/core/MY_Controller.php6
4 files changed, 27 insertions, 93 deletions
diff --git a/application/controllers/api.php b/application/controllers/api.php
index 626e7b91a..a7bd09f34 100644
--- a/application/controllers/api.php
+++ b/application/controllers/api.php
@@ -19,20 +19,34 @@ class Api extends MY_Controller {
public function route() {
$requested_version = $this->uri->segment(2);
- $function = $this->uri->segment(3);
+ $controller = $this->uri->segment(3);
+ $function = $this->uri->segment(4);
$major = intval(explode(".", $requested_version)[0]);
- $class = "controllers\\api\\v".$major;
-
- if (!class_exists($class) || version_compare($class::get_version(), $requested_version, "<")) {
- return send_json_error_reply("Requested API version is not supported");
+ if (!preg_match("/^[a-zA-Z-_]+$/", $controller)) {
+ return send_json_error_reply("Invalid controller requested");
}
if (!preg_match("/^[a-zA-Z-_]+$/", $function)) {
return send_json_error_reply("Invalid function requested");
}
- $controller = new $class;
- return $controller->$function();
+ $namespace = "controllers\\api\\v".$major;
+ $class = $namespace."\\".$controller;
+ $class_info = $namespace."\\api_info";
+
+ if (!class_exists($class_info) || version_compare($class_info::get_version(), $requested_version, "<")) {
+ return send_json_error_reply("Requested API version is not supported");
+ }
+
+ if (!class_exists($class)) {
+ return send_json_error_reply("Unknown controller requested");
+ }
+
+ $c= new $class;
+ if (!method_exists($c, $function)) {
+ return send_json_error_reply("Unknown function requested");
+ }
+ return $c->$function();
}
}
diff --git a/application/controllers/api/api_controller.php b/application/controllers/api/api_controller.php
index ca24dae59..2b9054b17 100644
--- a/application/controllers/api/api_controller.php
+++ b/application/controllers/api/api_controller.php
@@ -9,7 +9,6 @@
namespace controllers\api;
-abstract class api_controller {
- abstract static public function get_version();
+abstract class api_controller extends \CI_Controller {
}
diff --git a/application/controllers/api/v1.php b/application/controllers/api/v1.php
deleted file mode 100644
index e6d3c56fe..000000000
--- a/application/controllers/api/v1.php
+++ /dev/null
@@ -1,83 +0,0 @@
-<?php
-/*
- * Copyright 2014 Florian "Bluewind" Pritz <bluewind@server-speed.net>
- *
- * Licensed under AGPLv3
- * (see COPYING for full license text)
- *
- */
-namespace controllers\api;
-
-class v1 extends api_controller {
- protected $json_enabled_functions = array(
- "upload",
- "get_config",
- "history",
- );
-
- static public function get_version()
- {
- return "1.0.1";
- }
-
- public function __construct()
- {
- parent::__construct();
-
- $this->load->model('mfile');
- $this->load->model('mmultipaste');
- }
-
- public function upload()
- {
- $this->muser->require_access("basic");
-
- $files = getNormalizedFILES();
-
- if (empty($files)) {
- show_error("No file was uploaded or unknown error occured.");
- }
-
- $errors = service\files::verify_uploaded_files($files);
- if (!empty($errors)) {
- return send_json_reply($errors, "upload-error");
- }
-
- $limits = $this->muser->get_upload_id_limits();
- $urls = array();
-
- foreach ($files as $file) {
- $id = $this->mfile->new_id($limits[0], $limits[1]);
- service\files::add_file($id, $file["tmp_name"], $file["name"]);
- $ids[] = $id;
- $urls[] = site_url($id).'/';
- }
-
- return send_json_reply(array(
- "ids" => $ids,
- "urls" => $urls,
- ));
- }
-
- public function get_config()
- {
- return send_json_reply(array(
- "upload_max_size" => $this->config->item("upload_max_size"),
- ));
- }
-
- public function history()
- {
- $this->muser->require_access("apikey");
- $history = service\files::history($this->muser->get_userid());
- return send_json_reply($history);
- }
-
- public function delete()
- {
- $this->muser->require_access("apikey");
-
-
- }
-}
-# vim: set noet:
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php
index 22c1a9a1a..1e724a865 100644
--- a/application/core/MY_Controller.php
+++ b/application/core/MY_Controller.php
@@ -58,7 +58,11 @@ class MY_Controller extends CI_Controller {
static_storage("response_type", "json");
}
- if (static_storage("response_type") == "json" && ! in_array($this->uri->rsegment(2), $this->json_enabled_functions)) {
+ // TODO: this should probably call a function in the controller that does the checking
+ // instead of checking if the controller name == "api"
+ if (static_storage("response_type") == "json"
+ && $this->uri->segment(1) != "api"
+ && ! in_array($this->uri->rsegment(2), $this->json_enabled_functions)) {
show_error("Function not JSON enabled");
}