You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

112 lines
3.7 KiB
PHP

<?php
/*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
require __DIR__ . "/../required.php";
header("Content-Security-Policy: default-src '*';");
header('Access-Control-Allow-Origin: *');
// Get the API route/action
$route = explode("/", substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], "api/v0.2/") + 9));
// HTTP authentication
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="' . SITE_TITLE . '"');
header('HTTP/1.0 401 Unauthorized');
exit;
} else {
$user = User::byUsername($_SERVER['PHP_AUTH_USER']);
if (!$user->checkPassword($_SERVER['PHP_AUTH_PW'])) {
header('HTTP/1.0 401 Unauthorized');
die($Strings->get("login incorrect"));
}
}
header("Content-Type: application/json");
$requestdata = $_GET;
$requestbody = file_get_contents('php://input');
$requestjson = json_decode($requestbody, TRUE);
if (json_last_error() == JSON_ERROR_NONE) {
$requestdata = array_merge($requestdata, $requestjson);
}
switch ($_SERVER['REQUEST_METHOD']) {
case "GET":
if (count($route) == 1) {
$noteids = $database->select('notes', 'noteid', ['ownerid' => $user->getUID()]);
$notes = [];
foreach ($noteids as $n) {
$notes[] = Note::loadNote($n)->toNextcloud();
}
exit(json_encode($notes));
} else if (count($route) == 2 && is_numeric($route[1])) {
try {
$note = Note::loadNote($route[1]);
if ($note->getOwner()->getUID() == $user->getUID()) {
exit(json_encode($note->toNextcloud()));
} else {
http_response_code(401);
}
} catch (NoSuchNoteException $ex) {
http_response_code(404);
}
}
break;
case "POST":
$note = new Note($requestdata['content']);
if (empty($requestdata['modified']) || !is_numeric($requestdata['modified'])) {
$note->setModified(date("Y-m-d H:i:s"));
} else {
$note->setModified($requestdata['modified']);
}
$note->setOwner($user);
$note->saveNote();
exit(json_encode($note->toNextcloud()));
break;
case "PUT":
if (count($route) == 2 && is_numeric($route[1])) {
try {
$note = Note::loadNote($route[1]);
if ($note->hasWriteAccess($user)) {
$note->setText($requestdata['content']);
if (empty($requestdata['modified']) || !is_numeric($requestdata['modified'])) {
$note->setModified(date("Y-m-d H:i:s"));
} else {
$note->setModified($requestdata['modified']);
}
$note->saveNote();
exit(json_encode($note->toNextcloud()));
} else {
http_response_code(401);
}
} catch (NoSuchNoteException $ex) {
http_response_code(404);
}
}
break;
case "DELETE":
if (count($route) == 2 && is_numeric($route[1])) {
try {
$note = Note::loadNote($route[1]);
if ($note->hasWriteAccess($user)) {
$note->deleteNote();
exit;
} else {
http_response_code(401);
}
} catch (NoSuchNoteException $ex) {
http_response_code(404);
}
}
break;
}