From 88b21461358b9478c8f3a0dfea237c27c012cc05 Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Sat, 24 Nov 2018 12:32:59 -0700
Subject: [PATCH] Implement Nextcloud Notes API, close #2

---
 .htaccess              |   5 ++
 action.php             |  10 ++--
 database.mwb           | Bin 6602 -> 7096 bytes
 lib/Note.lib.php       | 113 +++++++++++++++++++++++++++++++++++++----
 lib/nextcloudnotes.php | 112 ++++++++++++++++++++++++++++++++++++++++
 5 files changed, 226 insertions(+), 14 deletions(-)
 create mode 100644 .htaccess
 create mode 100644 lib/nextcloudnotes.php

diff --git a/.htaccess b/.htaccess
new file mode 100644
index 0000000..b91932b
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,5 @@
+# Rewrite for Nextcloud Notes API
+<IfModule mod_rewrite.c>
+    RewriteEngine on
+    RewriteRule index.php/apps/notes/api/v0.2 lib/nextcloudnotes.php [PT]
+</IfModule>
\ No newline at end of file
diff --git a/action.php b/action.php
index f5d196e..e983f9f 100644
--- a/action.php
+++ b/action.php
@@ -35,13 +35,13 @@ switch ($VARS['action']) {
         header('Location: index.php');
         die("Logged out.");
     case "savenote":
-        if (empty($VARS['content']) || empty($VARS['noteid'])) {
-            die($Strings->get("invalid parameters"));
+        if (!isset($VARS['content']) || empty($VARS['noteid'])) {
+            die($Strings->get("invalid parameters", false));
         }
         http_response_code(204);
         $note = Note::loadNote($VARS['noteid']);
-        if ($note->getOwnerID() != $_SESSION['uid']) {
-            die($Strings->get("invalid parameters"));
+        if (!$note->hasWriteAccess(new User($_SESSION['uid']))) {
+            die($Strings->get("invalid parameters", false));
         }
         $note->setText($VARS['content']);
         $note->setColor($VARS['color']);
@@ -52,7 +52,7 @@ switch ($VARS['action']) {
             die($Strings->get("invalid parameters"));
         }
         $note = Note::loadNote($VARS['noteid']);
-        if ($note->getOwnerID() != $_SESSION['uid']) {
+        if (!$note->hasWriteAccess(new User($_SESSION['uid']))) {
             die($Strings->get("invalid parameters"));
         }
         $note->deleteNote();
diff --git a/database.mwb b/database.mwb
index 62603e01f9322c4d8c98733750d5550e58b62294..63826da0208122210eea1bfb5df0559dcd614130 100644
GIT binary patch
delta 7002
zcmZvhbxhpRx9zdwPH}g);_g<wSSeDxv@povQ1}*i8K5}D-HO{#DDDg}xVsdmxZVC<
z-hFwwxhL7@Bs(knug}R&)*2RQ5dn16kx^bFARwS4=$m+J;vRw}CrJ?ycoY#4@c(sf
zoUJ`TwodLmATKK(Z;<1$nX%WFa9zMe4eZ=Mt+mx!=%z?}z^$WHLj0U$WSmJ`nhs+)
zqLs~b(J<f%fr(i+MU{ZgQJv&6fpID}{#CBdN8)ctzaAeJZhY4)Ul;J*0td23SZFWO
z_Z!j3gfL2#p$<xAY1IJngfm)SE&CE_?8FBf@jw}BQw^2QA2-iL%JC%FN8zhV`?9CG
z*u{Up2N%%#cJQtRrgoc~b2U7Nc!FWkNo<WtJqWkAJJZ-jfZ^Be+;FN#vxU$$tA%h_
z%8G(+NPpf&M0Z|=eOxXAz(!Us9$rVA`$Sgqtc})P&oi9AlVNx5FOC6qiE&)NioQ?o
zbt&s}Ayy-_p%z(X%zAd$k=+|?wQ*ZGVO4Y29xmn3u`%;hn*6;3hDg1(4m{>lb(yB(
zF|xk)RPY$bCsXO-WpceJxm};O<4<lS!)2fyMK}`Fl7GSGe2a_@s9DxTYEx7Ii1{jH
z#B0~};VgCPv*HUqYC%HojbESf&gXRbc%IoI8|(WcB}cTQFRkH01LC&#B+N#A50Amx
zh$PRYk;1^8Vi#5wH{j_{ZSdRBl;#UKbl}(vC8t_Wwn3V-{n2UF^m~v!1)dxW-gJxP
z^BXlg-g>X|--`jj5?|%VO`iTnZk>3C86k}^g4k9jO&izBUox>T7xyLJ@O8^preIa>
zV0uIqLqU)*9TqH9(ZH-I0x8V)q})enyyx6#`?s@hnidJF({s7tuP?T>j<|I(E+e<O
z2@K;jKW#aHobqrxmuTFezi$~ZQp)BN|H{W47UO#aD(Ec(A)kYSiku?f)|k7icSwrM
z_@pT1B?g7p#jSs2Z$cK}-`s>K;|8lZ#MCu^MxpM`F5K40zoT_JSEp#zfP|Y)(_t42
z+|Z5Zlos-ds=8uvInUBz+)>wH)0DfKuG{v^6A~*BB3$tq>TBvU5mZ77$K4Rt21GWd
z#jyK_dZN$(U5vn>)?kAO7Z)Z+9_SQxV!rEs+%!!6$$~}a8ovgFDt^zYqgFGR&!Ju{
z>ukzxL8e1^jOogeNnEHVihYD`C)W>oKizcogq6ce5TjPAx703_A47kQDTkDO&r?lm
zjr-<pH+l?xHlMoAHFCta>@Ithq!Et*XX~BdW40$C`R^tBH7p4oN`+rRQYP0YKY`r4
zQ&KiVK~?f|K6o!O+%efSm@DK9BDz_E?~wEMY2^p~ezN}5vOOWgl9@QSKUMvSXVqx^
zn(fx~JW;$oOsVf|Dt;QJ!4>*1yyq9$XqzkX`QsQZk~TAulq!!Hx3wj2r^pA*302nD
z2XUW(ZWraaoq@j7be`*4{hc(3lj&_Mv5n!nq$F-P3PU(K)88yR<RqaZr>;j2&G(!n
zoTo$8yJS(<=1^95=s?bm&C0R2GpUcZ@MzqP_-esUN6bg@%>qVgd(Jj4a_Vz`x=lUB
zDn@DF&4+=xqfP)SgUFHiQv#*b<1zg1R3ZWxy!Cg+?N#885l1bwkX16mF(NIDLzE#z
zMk=xHGQ)m)tqv&c61BnNk*|E{op5inpfWeM8B?{iuO2?Pak5wA;F-z6G1E<zL|;2n
zks=}3453m#91}i}$2rKAS$Aez%jogzD;>`}56tt*{dTAPcSoX0oD^(Gb74J0R{+<w
z@D1q|V!@8BU)0;uM)0G!2hW&?GrTl9+ST^cv4DVmI?~@ArjHJ7=~qfUXow_)6`O2;
ze=myO`)_&_mmTC)wPTeH>NIK3NF^_kI!MM|N8(hTM*%pD5&eiHwstMMyd0xOMUv&+
zaz8BByY|wBu&Hbma493OU{lYQVZe|(c|^HYG}>QAQtvJNo6Fz{Nt4Q9@tUTh`TVh|
zVTbE4BXCfaS_aqqIx|M2E8$y>Zwtcrnq0#J*K@dk=feW0brMlyTHpYIyQSjPyR6MC
z-K3}UEB(QQwZWvY3~ZPt@jRP3XO%G5STg-l!#z%8+wYS(|G6)A1B3)PFTg9viH+Os
z`HL157C@EPX_;xCZDDF#Hp>k?X4PmA{TriJQIGb(rS<X-j=^X_kH<VMjFWh!L9=JN
zhRqx2{A`hg);C9RAtwk*>P(J@7=jBC?>R$9YeAEou-3OGnpz74y_WR291E$Z1{lIp
z+u!70<TN&uEi{;yMhu6?0hty|C`-m%R|W)qz$ezbwwjr6U;Bjrp^2>f(xo-B{~`m*
zjYg4JfRSi*WSE=Be!_!F;bW4Stv>sTV$7@#6}iD}NIbQ2in+a=>e*Ms{uqK`n#g{-
zq$+SZ(wluV(lEu3n*Fh9CV;#`p<mFs(-AM7?(5lCBI&-$B1^$Apa)^8s}QH#?B~$y
zIfUF?rB_I|SyX#V$Yca8T>+yh#ALJTEOc-2^YW(oRvHBIz=865Vz*6m0&3&A(LqOZ
z>g1$A*++TfCFNKBxeKUKnq#3$58ec?(PN$rzwI;(L=X&UTk4-q2%f(+GKypogCr7H
zrc67|Y^orLmEe7b0sR4^{F@{Q+--E2Ilt^m+}@<b6D9QaA}z~OdV5kPJAk)8WjTWP
z%CAZBBM9jH5UPKtRpMb{)0OpE=*=3GqQISCDG=|Nr8nkS9Yb+54As-*QH!$JLHuGf
z$M$3>8w(f`TEf>R!*9Ax;iXcum0%OeIPPeex1`Ju!J(WCAVEnih>W?cukfK||8=}{
zPVE`DCsL2S_0hXiB|8L0i7Y-)jy;X5V6-rkoFJbWRg|5!zBHD2v=zFz`u3#cVcHNI
zyOi!D*XO@gvwTRO30?X@_E2Hp&o169SivGuri)|J4Us<OFJ11Qd8lSb=otM0S!SiD
zga7t%8M<sJ;FLP}5J>3bVRX>sc51~?bJBf+T|&Jy{uDUQGYTzzu(OZhG}VNDYu5Vw
z#%5qrvqNJ10NFJcQwZj|jtkC>QmBeUmcT9C>2i;r;9Gt>HEpV{M+JkdqA^Gr;Y&;v
zuu5$_8BY*bc35@bfy4Sp@YnQ0>aGgnp4jH`1~c-3ec6NgQ^wklBY!g65>7h?@l@O0
zqC)dM>DR8QRwUH8->_W2x&9OP(>s)r>+hUQcYY(Qo-!}@=2Qvr2Z_(rgaCK(ed3G>
z9%;JRok_q$=SR;}mI&?%uHsR26Ht5si~2q#$ADrclU{_n72-?GYe`&7B<FWiH>pM)
zThmJ$zznl>6cRe$UI^T$TOFMn(`_`N>(G#fISV~sOGY#<Hg&<Xp`g&;iN*wtXZx20
zypVZJi*@_9nk3_i!#v@^o7S48zvfirIK*KeN0+|oLf4Son-v!{T=k3dNS~*XC9NBG
z_Z=yS+p`t!oT|RETH&*2ddPy@Fj8~^E^FTcK%NY-ABeF1*QQHbLot{9p_-|hE4F&|
zV=EpDa9XL%wrrz0TRpD@xS6m=s-~ID6Wmr0xOM!Jq{P3<ktv?4OSs0J*_L*9d{MT>
zkkfYP5lRxp5<krcD4dnyKT15e_Ve*`J(WZ{z~_q3r(^=#CT`MvZiMqejAM>7%E7>?
zi*zB~T}PR}{jp(1Wa99L)RW&P&N;$`7rYqYxY%i&6G{n;p(T@V*3&i+7Ez3?5VgF!
zY>wYf$eG*!KETh8^Li!Ut-0>AT1qLy;O5<(HY4J4uK71;j3PmkUS!!@#aVYFm!!O?
z?nP9%@p@EsN-v^rs_HafuJg;NSR8@YdJoHrxuZ7!R;OmCr+_C<*&xE6Lg&2m4^>4f
z;9Ss|Tpeo|$626nnoHsVzoK$4S`^Hd4&0k~Ytg5zvlonFMM*EMbCAQft1soGiU*5Y
zC!(!H>C5O<Td@2hqx=Y$+Cdg-Vlv(?%-=%qRxwvrPWCoVue};{6|I1x<^kGa^sEo5
z;pnCbNAEZLi8A`t);8dqEU9>ol;Gefd0Ldm2!qYiGVy^tHgNBhsFiDZK`0WwrdT><
zgaTD~X1(n&p~&-{+vdO{cAPW&a+hK(CA{rAKN9lotpN29>-S&<OqGIdrU%4(3-VU)
z0a3sA3sHvc%v+f*kgIP%HK6!T(^G1f%%;HFTtua4b)Rjisk%JK9p+M}N@M^r>NrN*
z785bvkr8^4w12w$gYK_FL)Fvw#`T$smhXr09a1Blk-|SdtqB=rCQq_4aeK~~F6<7j
zD;*K=So^|g@?nPX{V#b@@h2Y_SB=icyvU{nNwxYW-trJ>acP;o4uIQ!OIUBWqKp!I
zrd%n8gs5bRZ@MxvO0J!7))#B_&)Bsc^`hq0Mb@D$v-Hzdq;}%b4U@E*p;y#x44%T*
z<^k3{WYpE9Zx@SD5sEB4EoZOT`@jB$(rSq^_*b@Ay8g=)S`n_|xXY-xf**5`ZFK={
z++=3U5>fmkDYW6R2jGP2y{?nD7{xMQa(f4Pz=Lqhg3y%E4aD6RF+g-m$+%cYrFBWR
zb@q>5HG}G@T5FWW@#~#MKke2i-0OHSC+4bI4)q%D{z&!)=4{H++o<O2#7(oy9$iUP
zc_&f>=U06a&a&q)AEPL*#_W9WTT8a*-NO@4?;-h%!>|w!T!2aD*5Adq*^g=eh!KNB
z=T4T1Ec9~_(tP*?Op9p#e7&7{y20eUQjFdAI#DXHa0rBnZC{Hg8Ba@PD3g5ucy>!~
zY(I)OdL`e5g=HcaPn1klyzoTwwJSIFt5d!Kb>KJxu}g2cSXQ>un_n)H*L<lC!^H7v
zc_`AC6tAfAzyM`00Sqgcf1-Rdr5*~~EMk7ly-3+YSN#yjxSZokc2?&!Kck+2C)Tsl
zPKDTdkU2pVWkOt%kXgh8?!!1^g`T$<cw#HivMg7gGHvgTt`qXz)V5;mX$~waA6D)R
zGRxihQ$Z`u4w)l9DcF5mHmS!?`jqq`!sxqY!abCM07z?4zjR$3<5=zE^Cf66Dl*c*
z;2cS_(Q@`@Ou*yzWyS7joc0Z4H|9w;;-$Cz)sH@}h6%k+y)_v4bH}Xz*H!x2^FV*7
zU}<BAwr6Ash<X_j9RPzpJXWo&Lie&TA8e%R#pUqbDXuUnghYQWYZrkh1>Bpoi@xk~
zt;!aS1E?iE(OZ{5RCgzeVb#6(qrXd2iMSHWO!Bc_`S8#$5uLJ{J)?o<%5ueF4!=tE
zeiDk(Ve-Z1pV~%VGbWW3pOb2H7DGB-*Iwq#K4@cdPH%K?u9hb?_#f&w6W*fU3wHmQ
z7Sm;`3YAy$tI)Z)X4gOda7Jkl?^}2D_L9>d1|0L=U96VFN!m6~OEebr1Lx)AlRIV#
zxZQgyM1rA#9NE~N1fawalEsG3IMGp_=zVM=ksiU)alyOwMMY26(dItKiWmJx|IIO~
z(xl4@BIRT8&bG(dhvVB_8*gL(k(B^8@&%HnDh|WO=7TZ)BhRx3kUFu%)17yG)%y}-
zpr*k1p-fjAOoeC1j=PeDbR!lTy|J)xhoEp&0)AD7$7ti_Fz`4R$9u|yD$+Ck1m|4#
z&(=DhV~?rLxfkrb{`AmL&e6AxqaW3>aAZ=fdhl<nfqppWF1TQRpQY4Nr_|iau->nr
z*b)Kz@wIyRL3o_h;Rl=I2(p3W8bqA{X|50>2=e@;XwZ#EZ;j!}h0TekuxQly>=W5o
zRJlI0?oYO|$>f+^G&$@A6qaW0lJ8zz&hMV{Yi3jZ_4-QMs&jb^y!5_DV_}rOon^jl
za%3sb#5a`wIHxF=@QKAV3}X<dh&oiemNHC@cpS@(p*?@~0<)tw=dbo&e&t{jVDph9
zRL8_IAHXb7!9u-O0514qAvn-ya-=Qv+j;@|i;|tHznM5@)J}G{8U}T*gICYg>TJ}b
zDg^~Rnn?R$3w)18aU3o&BqD@%;aG65FWhJ%pz#Y*)#yXqZz;uCaPBW3T5>^e^+ie-
zEfVo4Zq9$T=-&NU=AtlK!#C{*7%<=?s+}KOd1|NqZ-JmL%nLLr^d0UY1Ej7lu^nB=
zE3Kuru01BCl6t3n(n5Wx?f18;IGi(G^e+_3__4ts*WGuydCjQ~iWv}y<%``6Im#gu
zKV#R^?9t0mHPSLs{FrsSi(E%ku_@|*CTpSmP$t5gF<0%ZwFYn95XVjf=sbdL-qML&
z1esq0kFiC=v_HiPJhY&i8Kj_G63hG=%@R;4Mw}L!>QnmYufks^Y03)u%>$=#>h*rN
z5Is_7B_Z$OS(50bS-^eDbJdwC<+8bSl)pv(b+=m(wtJ=GzYzp$stWF>b_zE?L_1&i
zK|%_@6<|0%Gk-roh}j4MWCMd8=TQ+w0^>VEJ2%LqSZUG>``t8s=>DW!%uKrpAdAL{
zR<3RF<D!;1Ja>1T$vYA}4+v`g`awM{OkH^VM5rmbJ`Qvhn;lVN+M$(Ih035!-zi3<
zKK)n_OK08lh4sl(hQLaNR<Vv%SctFW5|Erjp2y?T3QD$_vS34iDaS)d)^?zK64Uv9
zF*QSB+j`y*oVlLdd6U%L?vZ-bdy-%IQ~zAr`AYpJ7zkE-h_Ev?ycvxlb(8zr6Wz!t
zD~zH?O!C5Bp3m7<i5Zs1p1}|mR(4o!UtY%sF;8GuAZP}$)xBvm9G6&yrv?Aktl9Sy
z-w13vDV=etds6~v<b{xKzZ~!Fr$@Hik56saYG^LxGja&)RNfW!TPF5QQ3Yp^1BWy4
zF<n<%;E*9<m5Ik3K*irP&Lkn?hmYAcftvo~zC;;PCas-^=|z2<)CV!lFZy&23)i9i
z@Z`~|x@;_VLY@$YbY$3SnsGE%)2X#pj$~AGL~&Va0(zQCBJMMAA%hC%HLpBt!#8#r
zn+4mDS*DhT2FjjI!IlpUrh;<f^eP-b;O*a>3#koqe5wsr%irl0zXQVaw7=-<x_B(K
z-T8WJVMI5ci6H{zi}*SnEUQ*x_a@0Pgj8GN?-R*QYz2_ju{Llvha7F6!j5_~T>Y>8
zo`kEu1O6xm1_F!6G!(WpU5<P<cw>gQI1bq|q}s?2;+SUJa*I26##pf=_<bC8RV{6W
z6yeo$UqZ><h&Ob8f<lkP5}7G0J*v3Oylj(9|0EB2$}L{KoDaTQRUl){u{DNC11x4@
zzvIzxj^Zs<iz{j>M8qCnQW2I`>WS)(nTpR=0dPF=EN>$1SZ|>)RMYN<h=zxO)d<6N
zhDKiC{-EWnnzcArcYgtBsTyX5aw?T(!s~*_{Tr{;o{y*d+E9qCksG#B#f!4?EY~q|
z?fuA97==wOqEJ(Q1*)O@XChBKz0ygcmG7_T!Wxn9+5R~X2eq}m?^WArB-+_A<-!pI
zfJ>D1e)90Qe_8xcD4d-aZpm*9!a%qum^A{9I18@sdTX#}_Tc5P-4Bb!?cwo17?L$#
z>GdER>-|LHxH?OMUnH2(`@6{)Pot;{IrtokpyZH9)Ug)_q9f()KPFPD;p3QQDySVq
zZhlgGsDzz-(UcVo8=6R448s*>v3b7<18k{{1Q6qYDy#>O-1%xThrbEoiOpUzI33de
zAXcbOuYuHG(jw4r8B&^EO=x&f&X;OSGLk~CYgw)=rDhEt_gHRM<Lrl<oXmjc3b=W`
zURfgDH(TVjTDPrRtx$c-Rwj6c9WhVa$X;EWNBPxr$O#sKnEsia19y_~IZ}dHfVp7B
zhK*pOfqh9$$_mskMY`khXVYS0QF-RcW0rMI&SOhjT!55JJ&!yZ-rU3*T?!TDk1Zy|
zc@ohA24B<k*PlZ?cM7`S6N#nKDaYG`lRgHe=u&>3Ym#-videGxe8b$^HeNnS#+Uwg
zLSBM7Q!+e|GDWjd38*NrMO?w>0<3?X#SzRIf))U^B(%CgKHn@~x^f4|m0un2h90j;
z^=H%M(fXa61F?z#RO+{$3Kkejf`0iI#<0u+cxAGFYKEfaFR1Kty!rlhBHBEsxiD&a
ziEgBSo@?H+sF}(JiZaFr41(2RRerX6A+jC<jWbve)q6wtdn{Xzfmzo|Aa}yIAO_lm
zF(Oe>dl?aw#HV&~ps6%DOw@FnnOGc^NS~h1^friTC@6mz(}z&Q*l3Pxat=6@G~u1R
zCo6cQ#h_qPNMhC%)O=)>BR%6Z77+xUGY1~3i`)^yOuinbR2D$H!&3x0elAgt?nba$
zCMzN^H(=&e(9m!<N9!+s8G39LRC=(vs=qNt<<>FR0nfyFQ}tWCZqzoYZKUacz+3Sp
z-;?S5$`IMFBJ)W4-*Eu~g6zMzKz#d39ra&K@Sj5YSB}os4*Yy?1m7V1w+<aa^`EX$
z2$*tC0+G-Gyzd&pRmHA+&BWZ_lUmf;h>8vob>Y>=77|5HRu11YJed}-j4Wt_oPVdE
zc71p5M*NM)s+niY_Z6x4G0AMe=h?GTaY80G9Bt*Z2E9oLVq_l1g{*EDGCCrH2{fh4
z>*TDw`il6>uSxdlWJ#XEP=@tsst%&c1mxs@P;<Kkkk^$MAdjR+97Q15E*fH_6@{|9
zatGOJIF~63pRe>*%~vmSj*`0<f-?q)suQxUhlz1<XCn0FE+-&T5sU@7<Ap45J{ol*
z5JQn$RsAP2{V3&V{CfVB0N|Y(u10++N&RYH{`ApO{>fTvx_sRUn~Z8b6}PX{pRrA(
zyF&nml1co@?WJHX2Y6t?Y>yLKoKjfK#>qT&j~k&cE7NkYwVrdDGErV8TGfH3-5qXI
z$Q8V&>9c6QucHW+9ixK2^TKG?XaR*n+xG)<Wr~Yi4-ER^4G4}@POA0}#(@KG4tvqz
zcpTV3m3CQo?HJGZxN-=z{CvbznJk18rv(%fXoSo17BUq}XF<PpM2zQX6{KNLB*r=-
z)3X{h3q(!;H}u^eE2XS*rCU$RZXcUDcUIn#7iVc7gi5d?YKj+(Pue>Zi!sw<ER*NF
z3=Hm^<zg8*Dt;Yac3*BB+!TCP>NP<@%pQ<QuafcpTPP$N7B4YywiGm%0u?u?NCq4}
zRKEuuvssAW9N1o`YmaX#Eqc{w9vm*n)urZW-@JfHzmZ06$ESPo=VaXcQObak*e>%=
z#)h%vvpZ%q4<<P5f<*WkaE2Afz-6DhcMsEkIg5ZSFFm=0Ykz7hUiCKcd6{t)*7(2D
zQAb32jr>28t$&d6C?@?O<9qkN;rox^|8trGU;bra|AG1cpYs1eM*1hBLO{U!zv}-y
UO@XXrNg#4+q)v*Y7;@?V0&f*vu>b%7

delta 6504
zcmZu$WlY?UvRz<tcZV%rbZPNorC5Q5Qrs4IcPa40-MzRwZE-K|6j-Dbx8l;`4)1?&
z-hFu=?j$FZ%$&@plT2n#i{R*M;DaIxm;?j@VSpN3Tw#~|EX}B7Aka7m5{TfRs+psy
zyS=%C8@Iiu3AdNM-LZk5>y|*B|KwMvThXK3quQ|Rv7a%`zKHS4%_UtA0dJQ;2;1u&
znT>&_vqOBzk3`JTBuKq=X3p%XNo++6R&LkxxcPx!pM5SngDpu094G+aHzc2WH@f10
zJDXrIO-$kM9!y4hrZqg~hrU4C-dVY~X9-G!drKSJW;c1!!Ovlc<WS@rFDJ^y;WwPb
zYCfYIrz+^^hIxVMg~1&<R*!*3E?xwzs#wWIpqrbGu@r?r9bO|Ffwo)Mqj=M#*mN)0
z-pCb3#4z@eg)+(^?A`)M@=$emSuAme8<Mi8=64$!<mLz$rPrS%Xwl(9E-(K2$N&m<
zLbG;4QB0V1aiP~CENgh!)56=?^^}hITTDI>d-b_AW`h|LME|i%nwa1qP9IeMn^hcH
zJFj0`>6=|{3Yl&mq1toD(~Wd~yS-B8$zR_L&U#}&N?S}9leIu$HFLq|wBc3aJd7$&
z%tBTY(mz-AJhtBC{7Y$?r*v_|)dh}AyFkR+30l#n3MPK|kYSe@0KIpe#LYcO*_TVv
zC!ahg{|?T$-C|jMxWs+|x3a%&)aaFASubFj|K*TpaN&Z2TzDzGv~Bs?S>t6?{yVyu
z7<yLcg{N1_rT9R-<>|(#v!3bCF}Gb0TvVHOP1?R$J4A-_bO`y<!EN%5%2&^@8nmo!
zWPApG{4lVc4x*vrEt&K#jRtON;b>c*xO%;Ven`=uFX8^u#v-|IS{90u{N~O~e$jYQ
znvC4!uQN=1H=0!UmzcwVjr>5zKyXAdX_q21TSvw!U?T(UbwUxF0!qY!+7xN!7gpBV
zHn+}9{tujWQazy`k@Ly0f}WIW=`-pG$qg%R0z_|yb4v;9Fg=pe)Z#28mN&xreBZ{R
z8zw_=SZ4l0Cc0Fed-`Jj1Z=}llM*IRskaL1wu0amgK6ayNucr{+N%6AiPGPKlG}!n
zMB^R$(y;-On4}>=LTP49!3<PwRP6Af-n&7?KI4~lOfD30^;3$EMx!6DnBgzcL~c0B
zlT;IBG}4p;S6g+vp$SaASRU*HSkp{2V5pQ%k~8Pe;U<4y#G#NB?|XL}x#qA`!d}%E
z@(BhK{g-y*5je?EWJc+sapadb7z`j{5?oc6Mt0!DzSx(Aj{L1viLa$u_M}rtuC&nt
zWYwn_jTT!BKOrHnREuNpSLo15SDYAm+X(LP$8s`oBFaae+ti1NN*Qyi;2ZYKj=_Tl
zKBpk#0v|RVqt(;y@_ncA1^2Bg=twKcg2)jm_hm$_n1J5ij>nh+!=N|VX4==FFe24&
z?+!4<=R!wWct?amL)SOOLt|;C=dbUZdtid^sxd*if7CnK38_ck-FGHn8E*U>8Irp)
z4%L}CK^rz??bU74c2@D=Tl&xt-z!$o*LmG7*4fud+b^b=GLCmGvRpLKiDM|TUW6hJ
zCN)Tl!MhR1{=47Arl)}Jd(nN}{AZ!7%MaiK9Rwj=t{_R)^hv}3lMsfhdjv%Uj4MV2
zTr4RmqlGI+UW|t%0Xrz8mP~&GUhbS#5zLNd$eSwhr^%nht`(ZHJv;rCZapeqXgG5@
z&fJQQWI=Se0R?==rAwjDuc_8Lb9GI_b@o$4p|_~8C+b#A6P*TrrEGFn?S@A>Kz5iG
zH6yiRK2xmxuR+zVDs8uU))eF$;&7G}tqGejod0)_l{Mz)7r9A+<?J6si<|Y=W2HnV
z;>B&dArx)>icKU{7n~pAwfa12W4g(FI^WE+`?M~VBVq#gm80AVMu#rvseEu$jRb!e
zBhhfj7>3Z0B<8&LIK62ZA&c~30?dAGjuMAuQtY+iRhxfJ)uc|d7{zec?R;C~@D0@V
zNB0MfcAIn`;5_0~Cv$%Tl)*9b!cGj!VU@~O`j+j-df+7<3M=PTO5%!o%R5fqXQ|Oh
z2BX&8ETu&ZChE_kBdx8p`nk(b6NB;8Ytmov3*TpP*|o+tY%=05OQ`i{1HZ_Mf{qRw
z=Eg~42;}8uM?`}eh2mx#CPJm2-zuG@7)cK-)uq%CWgK?f7JB1$P>whqT@RBVG9^NQ
zhX6!#DCXq!HVf65?M_p+m3$M6d{nJsWLSYD?TJZY;@IMmR2?_MiY|#CI>pU&C{;I_
zaP(yJH}Bs6FhXg)F7K)Uz!jWnQChxiQF1fuj2`n~<Tk|}&e%C7e|$lVN#C&=#=~oC
zOA<Q;=@y4tzuOSk-i@-wXn7lr2j1fs9=S$?exyLTN#WvvR;S0jO=$s#P4v30G=)U5
z3+_SaWWoj2lqV9m&=$(f>2|wjc?zmiRNoe@*<JUGI2(KCjVB`mfzHcVCc;O&(-B+g
z(8_qrOz9Fwt;j*)ge21Hv>Cg(Bf0LzNxGT**yjvHgdTwvFIe^FOzcg5Xsus%022${
zI@#Ox9szZS;R+t-I_~VMMSV$m9Ha%16N;>v-v=W|k}i(8xkk7`$RefvXCnM|t{K|`
zK^=2`%$$jpa@<J3AIcE=I1~)Qm{eKVH)~o;N`Em}D0`+2clYFD`dh9azl^Z*kb)%v
zw#a1LI3^jzWXUI6rNnlA;-*_~Xux5J#pM$5sBsJ&V<C%0afIlWRhqqgkd;x35YZ15
z)!VZC8IG_LYo*t{KkDOT=w!kQY%>D+-V1FBK;c=Pd_sUkC~6P2Irp&z{o-%YISDAO
zVZjS@bg7_P^dT(@v{$W1ao*2c9Byia0a4iwJlAClV_bWs0d1Yj?ak>+31e!Z29%Ck
zgNpnstNwSdqYLRWRZaCbY=}_p+Hyw{?DYgMzZ71dt6xYds`ulec;cbp_G!{I_I2Z-
zSo1<xHcbJ}CZY?zp=lCoxBP4GC@*uhd6B6ibg_+KRh94$AEw|1tE`~Teq0tkkS|YS
zRt>%To?M{6<WCYAbcJyLJk-bG>~=)XVteq*Jmvs?OFzdsLb9mE65l0PpBbUX2-uPN
z$vmxb&pifqwnSvp*{Ym&L!8;@tYUP_#r9eo2nRsl#A`lfa^(4*p|$f{<@Wd)PQ{HY
zRlgGZx`EW#aoc&>4AT#`tL-9-QW4iz@+|<6!D@P!lE0J^^Eh|eGqSL<eiv0MjRdA}
zl{ygFK*i#sa;;A2KG19;QU<A((6dZ2hv(UIYAqpj-`_8aHX&u7`;C;p$Ii@&<Bb)_
zd<3{v6V5LPOqmAb>3<%F*izuCs@jnjaaPq>OEsW`3v9#J2tBIObkU5^Z7Z;Kq7Aq%
zcWf$_<oN0J6<7Kt+jS4Vq_w?SwLl*&cb^Na{PxFucKKuIvG{6fRq07(1!ZLgOz~C8
zm&`j?Ew$$8gEpIkFPUxsZrPFrD5>!Q|5PU7F#C_`Zkd@y)LGS~Y5n+BrQ8<&?LG&v
zSv4&&IOUd&<VKzNV^uU9YcTJ0h%_$JcwYiWQ}kUhHvI{+BHTCr^EJpofwH1JC+2R_
z%Hm^$FPxQLw`<O(u()pCX$3rz`SA%=miwD)+kh!ba)M|lijW{|$2@2Ystjb1WG>=s
z=KA)Wpk&Re{dE7<c^=Hrd2YLL^DBq0s!#9KX|5=>vbwx(q;CXQ^&+Man{(8<L-f-(
zv#C^HP>vj@Jo2;<w!9*t%~k$Odfl<qhorCY+CvZT6^FUI$Aja55QUhe-0e6`8!j<s
z>bJr8%t8X{f%p|eysWvoQu9E>O#*`xWdx1&dta*o9{JsOnEg}kw+RZ*PNvE$TeACv
zI)pwO?>L-IVVlKAY@sTI67DLu2~;{soGu>`sv%RvJgkfg9UbGtKATn(>^zJYk(4fH
zfOk}PC{YZvgHVBW_604B)4}%^B-J0QPI3oXN3SN5gUtzN77iz-4FZW|W#YOHph8Sm
z&tRu0Q&;RJC7sPM2_WV%Bd_n2E0mg7bxYPJwZqD#_+yP{@V>lw2@Q>c5EUtFkKFHI
znbCpQgA08MFR6~%cO3h?=TM$*Sdwk(4tdMo3W)6Z)oUEY#=Qz@tHhc%t{-8LA>|sb
zTKkK*JX)$gH_YsU+XIhxS;KxFVti8P=9>?ne22X(wu$DZBdjhMO{AzXDq-F>%oShj
zC1cJiik2h%pIWb9>*>rP*ZPJ!d0qW^+Qz)x!NNU=o9&RV_u#C|5EpN4S?}bsIu=md
zsj8sPu$g0!jgFk*%CH{%X}j3KVO-O^-nnMyD3HIR&NEp7*96vQ)~Ijz#?%|)QN+)D
zEXx8WZ}_@BJzabdWkX_P>c`iEoyO0FfJd|KRM{W;3uF5P3E~TLY*jH%+&BGhA~?%v
zIDBjLD5!Eb@;D?ku4PbyBQdn7poa|#ZG?jp|Iym3hW2*ahZ{uK3jY-UHK7}7F(5MK
zUawGq=hBSi0@Qeh>l-Z&qDyf@6I;|0u&-%dP9ucx(OXGz|2R&loZMX;PdKC7F4;5p
z>wUsF?GBkJ3-(ePc5kcp;ef3A0}=D?kBl$if+0CUUKiGor>nas2d4q#v$nuh>fiTW
zmy;)+_~2td@LPj-c^Kd#C~O&YImHoV9V9~Y@Xdq@XeWivW|N5d4Z|g;e+!_Z+0^2T
z#?uQ|`#T(*7Y)THZO7dZx^@u!Ee!3<ABs$&EnRpd^No11cekuvC4!t2sNS8Z`D5dV
zGy9Zz$Q0kTwM>7XP%tH53$EFnsD2VGM0C+>)L&nv?UF{W+tCn0U!m_pgGn^v%ycbB
zgVxajP~%+^&C6wvhzZePy37dXvA%RL$c8xNCjBL4?WR939jd8kB)MbT*zp^B(Pf0z
zEa@HdBUae))uu&-+DM{e(Am9^mv{TDqJD1BIEG8QMGuQgqAvGW?jp#gw>blwwbl;G
zVosPpeUa5mPesM}3@lAD>m=dMIVlKFX1p>5;KNaNiKA9W!_?Io5^_t$2uddLI_5d8
znwURVEZ;l#eK?t}NE-4Cu3AIa@&w4A)1BkCFYfLN2l}xlg-NeQd@S6hAbWfVw0xC-
zOJknGcFWh{Rq@oy&-K3o6mqU7(b8GT0rJpiV(rF*`}O9h+uQ?^&+2MTDi!Rk_X7FA
z$2FcWDks_+kqsJG+UYS|ZXZ%#H)Q=)nZKUXtERF}uFYEvDI%$j&eI%H!Qz<S7~EW~
zOm6TyP;Vw`LGq*89NrINOZh2PP~54(=6z36>A~fNLgl_7LBDKBl=@1qJf)+Vy)m@l
zX6U7wfCi*#iqYKh(h9rp@4*iU^@oxfpa;JYmNX@mbtOn3w_r|~W4gJMaW|LBlBb_F
zd=j$Ilwlv6SJ|Xu#~C2f*&=Q}`z89YiXOcycR3gDOQmD$5<WBIQg4&SK;@Nyz0$zR
zUDryZdTl+BcT`J$$am<+XDh)!>S@39PABr6U|F}H@`j6(zdvG#=}N6NXjU!}z;16e
zeX<?Wx=w#w>RIqVAf@}RTy}FvQd*mL$Jc&kdEZc3*>8rzF4Jpw#idq!`On4^m=v6{
z6SDW_6I30WmYr$Yp}1o=eo%10XK8kr92+Q*HsJn(0wOU};XiGK=$cxepJ{Qpi`}zd
za=pTn+w@`N(wGR6=(So@FR|GN(9YASU}G5G82u5k#x6@Py52))BHKKJHttKY?Ba9o
zsO}|ghi&@$@{)6PU%H!1GRhsKyw2}L2vOg{KRc1KKs-~RScWF7ILYiHj?0miK^|Ir
zu@A+b0;b!zj@VBnNth)Ar&>J57iI+@@vFi3<X@rPhdJ#=BuIb{i}Vv<@67S&Bc~-N
z=;~X_t`qh4&kd7KP!a>j4}IE;UWx_Vap1Nbd0YuQWf+gVoPJgp$ANv~j5<Qvof@Jz
zgK86*N#=k7i#$Nnz!+>r2&v!?#E#<swm`Jpg{{Bh`Y72czu#;-^uoU_{OJWowX}a3
ztCY8*3n>cQw@EKIGvzYC-f+s6D6oDXig^9eX0=X{SpoOW90c-A_pigGD}RJfH&;UF
zCrk#!E~T_vt?tH{XG~p4h#;88O@T&(<(O4_Wm?P?aHw8ir+9$jVWyKcoeBQO-M=UP
zw7*ec<eT5yystHj{I!j3XW7l$AwoQHu}$Tou0u5L>3hrIq70yXMw6eHC*L)_JR1D6
zy&)cn<6m&)#5kBdn#MgAW&Hc+ZO&Ya?VfVheWhkhSF+zmNb`csklL9J#*Ac^7X4)?
zH3LRX-yjO!JD$tnmS+*PK-eZ_;?IuV)mrJ$#rG|N$5OLl$Yg=>MWJ0&t<>>i(2DWh
z%uPuF&h4r)O9ueWsX?fEt%y(=t>V*n61dlkD~xATs<O376)Tx=E4eN(alF@G`dVA^
zPgrQ^6*a+KpyUP7h;+Z)HsQ~#zkP;#M5)1(<)o|F8^p<BcM$nNLAU2o<%}Y^-%K<!
zr}{Scn~Niil+2MsY{vvNb0v5%7VghEUdiS8uAB7h{n0=muL$eY%j}kpi4s3q9`347
zJA=`mA>T&^6tEL;d(=a3C1f<*WYRTypnNiF(g>)A0Vzy_jQJJTD;b8ugQm&`nDnal
zeAZ0dJZAk`ml)e%uEiD6NK)%T{+!c;h3sc3OrDYFrOBz+D4s7Sre|xFa2E=>*a_Hv
z9w}@=M@E2YnxIT!;Gl8#QrNlim4f6idCiVHFl542fUDG)ZNTDX&A=5S){OIuM#5W~
zufjz)v<7n`0W~?7RY{4fa9MK+^0J=;3R=x*mRWz{v2~@~sl^=fN!*8ZrBzW3irO>k
zY6x5des|d1!S?+Nr*W)7C1PK7NW`;k6%96aJ1@XK5mbfR+ln#GEBxWKK^(lC;Gy2R
z)2QiPr3=f@eIyMN-&d9CYmWZ;L#xkKKI3c1B<MzQ&Ld!Sz^Z1z<RYGpl0|5!k(X7i
zVblVREUkz7ck)8p9oIrQ|G?eR`2kGV(SuOkqh^ImtB(^ogX-N?$->?Drn9RIFQV=&
zHaB3oB$|(XWKXs#QRmw>IA-FTb6oGROoJYZLW6>!g%IZkO$y;tB6qbo%+zJs)YmD?
zXHU%I3WLk@im#c!bHIH`TtV^=Ud#@Pf~9#?H$kath#{Zfa7a{YPHODVyqvmYD(|Ay
zB6CEp1yX#TpLL7kkab3?D&wa&evL-w8#;j3<!1WaNV&sjn|fotKZ4y}%Wv?F6@IRv
z2NI{Pgv$UMapsA7p`4}y98oVP?sSB~5E$KiG$G$iFEhD6y&w2~al3}X@#^&3oYjcH
z+gds65P2eL6wfnxK78rzyd-%!=Jt+lT++9W$|WqZH4gl7y`tBQSzvsrU5K|d`T)>3
zC~fgZe;{|NMb!aH!92vKuq?=dll3ZFBdtyr;n<CVtD3a_y&pSD8JJIZcxNE!?k7TJ
zKFT4Zy?TLMm`I%+_C9GSH>xnT$ofI~y_(EOf|4o`GmXKRP-iOX84PM}V89FLK37I_
zexCEmkiE?-Wot9Ds$+^OjRc6?kN}A!_jfZpjzs0FZdtp#SzdFr?_Jh5WTLa2oY}~f
zP;Q(lm<gSTbwejL@b$)4I!28}@8MB-hSl&ZQ4R;tD3Ox7y=G8Aaf3~Kr74H%pDkE(
z?$E-}S3`N+;Zv1o{Qta{L7+1ySD3GpRX^%KZ{>dh{15CLsZ4DJ1YScy|KVYP%$;3f
zGGZ61%E=-W5Wu!1BFdD%Ex5JOsv^7J+gc^15?vb6)<nJZ(w$hYYL<_21m1#oL*R@3
z9YgCoCOQ~Bn=dr2XBd;|An!<M;`v!Rv1IrCCc+pXQ`<u=P%$YFWFP?lrH}#z^!rdg
ztkWHCF6x5-S>zv`*KZ<q9+Jk##sd2`9zH3UF#q@w4+QYzg`XRKARledA5-=v8sLlB
z%NF7F1$RRK8eh0fz;CZUCQUy)gSEGugq8xBPO!!<$dj%m?)P?`g!C{b0X)m-bHfKL
z=?x?{=}mM2(Pe_qS8<n<dabVnhfG?1+?YCA>67=fE7ef-*co2A^QmZ(*o>rAK^FSL
zqM-%D!1SePu8HTb!<bJ_%ihy}dfw+IU{<RfVRkSTxXSkW2_Z-f)bub`Xd8CsMf)1R
zB`&GZ+Syd5&d0-6&XkIG&IBFc7~3{AEFCNF$*;_e@Waqo?AYu$RXhkanRLRo>UF>~
z1bZPV{j;GnT7Myh(OWts$q1Rc#2N;(k`o6Dz<Hq-m(YRT<~3nK(2`G8O$KQNJke-$
zI|jahy*Xp{>Le%TT5D7oGtzN#;StdMA{Xx0V)D+p!m`Y{Ib~h+DRvY5U4{IV=R|-)
z+;5dKx7V^$?dCCXp3d97LN$@fr9l0777W#Exe&Sk!AkC&FmY_hYtQ`V{nc6Y{*&Q`
z3D&p4jR!7xdeqn^RWYXhhj<M>H_M)pt%U{7FWyoPq+0c%goujt<{PfZ+{}4L>o2xV
z<I4kcuR1CM4U*<n_)tuf*L??Ws6QwoA(No|H=`qYfeQNZzlrl7ef~R|0$=~*h}b!r
m+W!9`|0h%Ae@HYS5cdDF|CO2ob;*+TsA-WA6v;l+;{O8(1YhX@

diff --git a/lib/Note.lib.php b/lib/Note.lib.php
index 410e6d2..71887c9 100644
--- a/lib/Note.lib.php
+++ b/lib/Note.lib.php
@@ -11,6 +11,8 @@ class Note {
     private $noteid;
     private $ownerid;
     private $content = "";
+    private $title = "";
+    private $modified = "";
     private $color = "FFFFFF";
 
     /**
@@ -40,9 +42,13 @@ class Note {
             throw new NoSuchNoteException();
         }
 
-        $notedata = $database->get('notes', ['noteid', 'ownerid', 'color', 'content'], ['noteid' => $noteid]);
+        $notedata = $database->get('notes', ['noteid', 'ownerid', 'color', 'content', 'title', 'modified'], ['noteid' => $noteid]);
 
-        return new Note($notedata['content'], $notedata['color'], $notedata['ownerid'], $notedata['noteid']);
+        $note = new Note($notedata['content'], $notedata['color'], $notedata['ownerid'], $notedata['noteid']);
+        $note->setTitle(is_null($notedata['title']) ? "" : $notedata['title']);
+        $note->setModified(is_null($notedata['modified']) ? date("Y-m-d H:i:s") : $notedata['modified']);
+
+        return $note;
     }
 
     /**
@@ -57,9 +63,11 @@ class Note {
         global $database;
 
         $data = [
-            'ownerid' => $this->ownerid,
-            'color' => $this->color,
-            'content' => $this->content
+            'ownerid' => $this->getOwnerID(),
+            'color' => $this->getColor(),
+            'content' => $this->getText(),
+            'title' => $this->getTitle(),
+            'modified' => $this->getModified()
         ];
 
         // We can't UPDATE the database, so use save as for INSERT
@@ -142,6 +150,34 @@ class Note {
         return new User($this->ownerid);
     }
 
+    /**
+     * Get the note title
+     * @return string
+     */
+    public function getTitle(): string {
+        global $Strings;
+        $title = $this->title;
+        if (empty($title)) {
+            if (empty($this->getText())) {
+                $title = $Strings->get("New note", false);
+            } else {
+                $title = explode("\n", $this->getText())[0];
+            }
+        }
+        return $title;
+    }
+
+    /**
+     * Get the last modified date/time as "Y-m-d H:i:s"
+     * @return string
+     */
+    public function getModified(): string {
+        if (empty($this->modified)) {
+            return date("Y-m-d H:i:s");
+        }
+        return date("Y-m-d H:i:s", strtotime($this->modified));
+    }
+
     /**
      * Set the note content
      * @param string $markdown
@@ -174,6 +210,22 @@ class Note {
         $this->ownerid = $owner->getUID();
     }
 
+    /**
+     * Set the note title
+     * @param string $title
+     */
+    public function setTitle(string $title) {
+        $this->title = $title;
+    }
+
+    /**
+     * Set the last modified date/time
+     * @param string $datetime
+     */
+    public function setModified(string $datetime) {
+        $this->modified = date("Y-m-d H:i:s", strtotime($datetime));
+    }
+
     /**
      * Get this note as an array.
      * @return string
@@ -181,9 +233,11 @@ class Note {
     public function toArray(): array {
         $owner = new User($this->ownerid);
         $arr = [
-            'noteid' => $this->noteid,
-            'color' => $this->color,
-            'content' => $this->content,
+            'noteid' => $this->getID(),
+            'color' => $this->getColor(),
+            'content' => $this->getText(),
+            'title' => $this->getTitle(),
+            'modified' => $this->getModified(),
             'owner' => [
                 'uid' => $owner->getUID(),
                 'username' => $owner->getUsername(),
@@ -194,13 +248,54 @@ class Note {
         return $arr;
     }
 
+    /**
+     * Get an array suitable for returning via the Nextcloud Notes API
+     * https://github.com/nextcloud/notes/wiki/Notes-0.2#get-a-note
+     * @return array
+     */
+    public function toNextcloud(): array {
+        return [
+            "id" => $this->getID(),
+            "modified" => strtotime($this->getModified()),
+            "title" => $this->getTitle(),
+            "category" => null,
+            "content" => $this->getText(),
+            "favorite" => false
+        ];
+    }
+
+    /**
+     * Check whether the given User has read access to this note.
+     * @param User $user
+     */
+    public function hasReadAccess(User $user): bool {
+        if ($this->getOwnerID() == $user->getUID()) {
+            return true;
+        }
+        return false;
+    }
+
+    /**
+     * Check whether the given User has write access to this note.
+     * @param User $user
+     */
+    public function hasWriteAccess(User $user): bool {
+        if ($this->getOwnerID() == $user->getUID()) {
+            return true;
+        }
+        return false;
+    }
+
     /**
      * Read an array with the structure from toArray().
      * @param array $arr
      * @return \Note A Note constructed from the array data.
      */
     public static function fromArray(array $arr): Note {
-        return new Note($arr['content'], $arr['color'], $arr['owner']['uid'], $arr['noteid']);
+        $note = new Note($arr['content'], $arr['color'], $arr['owner']['uid'], $arr['noteid']);
+        $note->setTitle($arr['title']);
+        $note->setModified($arr['modified']);
+        return $note;
     }
 
 }
diff --git a/lib/nextcloudnotes.php b/lib/nextcloudnotes.php
new file mode 100644
index 0000000..abe047c
--- /dev/null
+++ b/lib/nextcloudnotes.php
@@ -0,0 +1,112 @@
+<?php
+
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+require __DIR__ . "/../required.php";
+
+header("Content-Security-Policy: default-src '*';");
+header('Access-Control-Allow-Origin: *');
+
+// Get the API route/action
+$route = explode("/", substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], "api/v0.2/") + 9));
+
+// HTTP authentication
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    header('WWW-Authenticate: Basic realm="' . SITE_TITLE . '"');
+    header('HTTP/1.0 401 Unauthorized');
+    exit;
+} else {
+    $user = User::byUsername($_SERVER['PHP_AUTH_USER']);
+    if (!$user->checkPassword($_SERVER['PHP_AUTH_PW'])) {
+        header('HTTP/1.0 401 Unauthorized');
+        die($Strings->get("login incorrect"));
+    }
+}
+
+header("Content-Type: application/json");
+
+$requestdata = $_GET;
+$requestbody = file_get_contents('php://input');
+$requestjson = json_decode($requestbody, TRUE);
+if (json_last_error() == JSON_ERROR_NONE) {
+    $requestdata = array_merge($requestdata, $requestjson);
+}
+
+switch ($_SERVER['REQUEST_METHOD']) {
+    case "GET":
+        if (count($route) == 1) {
+            $noteids = $database->select('notes', 'noteid', ['ownerid' => $user->getUID()]);
+            $notes = [];
+            foreach ($noteids as $n) {
+                $notes[] = Note::loadNote($n)->toNextcloud();
+            }
+            exit(json_encode($notes));
+        } else if (count($route) == 2 && is_numeric($route[1])) {
+            try {
+                $note = Note::loadNote($route[1]);
+                if ($note->getOwner()->getUID() == $user->getUID()) {
+                    exit(json_encode($note->toNextcloud()));
+                } else {
+                    http_response_code(401);
+                }
+            } catch (NoSuchNoteException $ex) {
+                http_response_code(404);
+            }
+        }
+        break;
+    case "POST":
+        $note = new Note($requestdata['content']);
+
+        if (empty($requestdata['modified']) || !is_numeric($requestdata['modified'])) {
+            $note->setModified(date("Y-m-d H:i:s"));
+        } else {
+            $note->setModified($requestdata['modified']);
+        }
+
+        $note->setOwner($user);
+
+        $note->saveNote();
+
+        exit(json_encode($note->toNextcloud()));
+        break;
+    case "PUT":
+        if (count($route) == 2 && is_numeric($route[1])) {
+            try {
+                $note = Note::loadNote($route[1]);
+                if ($note->hasWriteAccess($user)) {
+                    $note->setText($requestdata['content']);
+                    if (empty($requestdata['modified']) || !is_numeric($requestdata['modified'])) {
+                        $note->setModified(date("Y-m-d H:i:s"));
+                    } else {
+                        $note->setModified($requestdata['modified']);
+                    }
+                    $note->saveNote();
+                    exit(json_encode($note->toNextcloud()));
+                } else {
+                    http_response_code(401);
+                }
+            } catch (NoSuchNoteException $ex) {
+                http_response_code(404);
+            }
+        }
+        break;
+    case "DELETE":
+        if (count($route) == 2 && is_numeric($route[1])) {
+            try {
+                $note = Note::loadNote($route[1]);
+                if ($note->hasWriteAccess($user)) {
+                    $note->deleteNote();
+                    exit;
+                } else {
+                    http_response_code(401);
+                }
+            } catch (NoSuchNoteException $ex) {
+                http_response_code(404);
+            }
+        }
+        break;
+}
\ No newline at end of file