You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
123 lines
4.1 KiB
PHP
123 lines
4.1 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*/
|
|
|
|
require __DIR__ . "/../required.php";
|
|
|
|
header("Content-Security-Policy: default-src '*';");
|
|
header('Access-Control-Allow-Origin: *');
|
|
|
|
// Get the API route/action
|
|
$route = explode("/", substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], "api/v0.2/") + 9));
|
|
|
|
// HTTP authentication
|
|
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
|
header('WWW-Authenticate: Basic realm="' . SITE_TITLE . '"');
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
exit;
|
|
} else {
|
|
$user = User::byUsername($_SERVER['PHP_AUTH_USER']);
|
|
if (!$user->checkPassword($_SERVER['PHP_AUTH_PW'])) {
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
die($Strings->get("login incorrect"));
|
|
}
|
|
}
|
|
|
|
header("Content-Type: application/json");
|
|
|
|
$requestdata = $_GET;
|
|
$requestbody = file_get_contents('php://input');
|
|
$requestjson = json_decode($requestbody, TRUE);
|
|
if (json_last_error() == JSON_ERROR_NONE) {
|
|
$requestdata = array_merge($requestdata, $requestjson);
|
|
}
|
|
|
|
file_put_contents("/var/www/html/debug.log", var_export($requestdata, true));
|
|
|
|
switch ($_SERVER['REQUEST_METHOD']) {
|
|
case "GET":
|
|
if (count($route) == 1) {
|
|
$noteids = $database->select('notes', 'noteid', ['ownerid' => $user->getUID()]);
|
|
$notes = [];
|
|
foreach ($noteids as $n) {
|
|
$notes[] = Note::loadNote($n)->toNextcloud();
|
|
}
|
|
exit(json_encode($notes));
|
|
} else if (count($route) == 2 && is_numeric($route[1])) {
|
|
try {
|
|
$note = Note::loadNote($route[1]);
|
|
if ($note->getOwner()->getUID() == $user->getUID()) {
|
|
exit(json_encode($note->toNextcloud()));
|
|
} else {
|
|
http_response_code(401);
|
|
}
|
|
} catch (NoSuchNoteException $ex) {
|
|
http_response_code(404);
|
|
}
|
|
}
|
|
break;
|
|
case "POST":
|
|
$note = new Note($requestdata['content']);
|
|
|
|
if (empty($requestdata['modified']) || !is_numeric($requestdata['modified'])) {
|
|
$note->setModified(date("Y-m-d H:i:s"));
|
|
} else {
|
|
$note->setModified($requestdata['modified']);
|
|
}
|
|
|
|
if (!empty($requestdata['favorite']) && $requestdata['favorite'] == true) {
|
|
$note->setFavorite(true);
|
|
}
|
|
|
|
$note->setOwner($user);
|
|
|
|
$note->saveNote();
|
|
|
|
exit(json_encode($note->toNextcloud()));
|
|
break;
|
|
case "PUT":
|
|
if (count($route) == 2 && is_numeric($route[1])) {
|
|
try {
|
|
$note = Note::loadNote($route[1]);
|
|
if ($note->hasWriteAccess($user)) {
|
|
$note->setText($requestdata['content']);
|
|
if (empty($requestdata['modified']) || !is_numeric($requestdata['modified'])) {
|
|
$note->setModified(date("Y-m-d H:i:s"));
|
|
} else {
|
|
$note->setModified($requestdata['modified']);
|
|
}
|
|
if (!empty($requestdata['favorite']) && $requestdata['favorite'] == true) {
|
|
$note->setFavorite(true);
|
|
} else {
|
|
$note->setFavorite(false);
|
|
}
|
|
$note->saveNote();
|
|
exit(json_encode($note->toNextcloud()));
|
|
} else {
|
|
http_response_code(401);
|
|
}
|
|
} catch (NoSuchNoteException $ex) {
|
|
http_response_code(404);
|
|
}
|
|
}
|
|
break;
|
|
case "DELETE":
|
|
if (count($route) == 2 && is_numeric($route[1])) {
|
|
try {
|
|
$note = Note::loadNote($route[1]);
|
|
if ($note->hasWriteAccess($user)) {
|
|
$note->deleteNote();
|
|
exit;
|
|
} else {
|
|
http_response_code(401);
|
|
}
|
|
} catch (NoSuchNoteException $ex) {
|
|
http_response_code(404);
|
|
}
|
|
}
|
|
break;
|
|
} |