From 349e9f6dc7da0c44ee80d0a73963c1c5cef87131 Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Sun, 26 Oct 2014 21:39:58 +0100 Subject: misc Signed-off-by: Florian Pritz --- application/controllers/api.php | 28 ++++++--- application/controllers/api/api_controller.php | 3 +- application/controllers/api/v1.php | 83 -------------------------- application/core/MY_Controller.php | 6 +- 4 files changed, 27 insertions(+), 93 deletions(-) delete mode 100644 application/controllers/api/v1.php diff --git a/application/controllers/api.php b/application/controllers/api.php index 626e7b91a..a7bd09f34 100644 --- a/application/controllers/api.php +++ b/application/controllers/api.php @@ -19,20 +19,34 @@ class Api extends MY_Controller { public function route() { $requested_version = $this->uri->segment(2); - $function = $this->uri->segment(3); + $controller = $this->uri->segment(3); + $function = $this->uri->segment(4); $major = intval(explode(".", $requested_version)[0]); - $class = "controllers\\api\\v".$major; - - if (!class_exists($class) || version_compare($class::get_version(), $requested_version, "<")) { - return send_json_error_reply("Requested API version is not supported"); + if (!preg_match("/^[a-zA-Z-_]+$/", $controller)) { + return send_json_error_reply("Invalid controller requested"); } if (!preg_match("/^[a-zA-Z-_]+$/", $function)) { return send_json_error_reply("Invalid function requested"); } - $controller = new $class; - return $controller->$function(); + $namespace = "controllers\\api\\v".$major; + $class = $namespace."\\".$controller; + $class_info = $namespace."\\api_info"; + + if (!class_exists($class_info) || version_compare($class_info::get_version(), $requested_version, "<")) { + return send_json_error_reply("Requested API version is not supported"); + } + + if (!class_exists($class)) { + return send_json_error_reply("Unknown controller requested"); + } + + $c= new $class; + if (!method_exists($c, $function)) { + return send_json_error_reply("Unknown function requested"); + } + return $c->$function(); } } diff --git a/application/controllers/api/api_controller.php b/application/controllers/api/api_controller.php index ca24dae59..2b9054b17 100644 --- a/application/controllers/api/api_controller.php +++ b/application/controllers/api/api_controller.php @@ -9,7 +9,6 @@ namespace controllers\api; -abstract class api_controller { - abstract static public function get_version(); +abstract class api_controller extends \CI_Controller { } diff --git a/application/controllers/api/v1.php b/application/controllers/api/v1.php deleted file mode 100644 index e6d3c56fe..000000000 --- a/application/controllers/api/v1.php +++ /dev/null @@ -1,83 +0,0 @@ - - * - * Licensed under AGPLv3 - * (see COPYING for full license text) - * - */ -namespace controllers\api; - -class v1 extends api_controller { - protected $json_enabled_functions = array( - "upload", - "get_config", - "history", - ); - - static public function get_version() - { - return "1.0.1"; - } - - public function __construct() - { - parent::__construct(); - - $this->load->model('mfile'); - $this->load->model('mmultipaste'); - } - - public function upload() - { - $this->muser->require_access("basic"); - - $files = getNormalizedFILES(); - - if (empty($files)) { - show_error("No file was uploaded or unknown error occured."); - } - - $errors = service\files::verify_uploaded_files($files); - if (!empty($errors)) { - return send_json_reply($errors, "upload-error"); - } - - $limits = $this->muser->get_upload_id_limits(); - $urls = array(); - - foreach ($files as $file) { - $id = $this->mfile->new_id($limits[0], $limits[1]); - service\files::add_file($id, $file["tmp_name"], $file["name"]); - $ids[] = $id; - $urls[] = site_url($id).'/'; - } - - return send_json_reply(array( - "ids" => $ids, - "urls" => $urls, - )); - } - - public function get_config() - { - return send_json_reply(array( - "upload_max_size" => $this->config->item("upload_max_size"), - )); - } - - public function history() - { - $this->muser->require_access("apikey"); - $history = service\files::history($this->muser->get_userid()); - return send_json_reply($history); - } - - public function delete() - { - $this->muser->require_access("apikey"); - - - } -} -# vim: set noet: diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php index 22c1a9a1a..1e724a865 100644 --- a/application/core/MY_Controller.php +++ b/application/core/MY_Controller.php @@ -58,7 +58,11 @@ class MY_Controller extends CI_Controller { static_storage("response_type", "json"); } - if (static_storage("response_type") == "json" && ! in_array($this->uri->rsegment(2), $this->json_enabled_functions)) { + // TODO: this should probably call a function in the controller that does the checking + // instead of checking if the controller name == "api" + if (static_storage("response_type") == "json" + && $this->uri->segment(1) != "api" + && ! in_array($this->uri->rsegment(2), $this->json_enabled_functions)) { show_error("Function not JSON enabled"); } -- cgit v1.2.3-24-g4f1b