--- /tmp/dsg/dolibarr/htdocs/api/github_19.0.3_index.php +++ /tmp/dsg/dolibarr/htdocs/api/client_index.php @@ -5 +4,0 @@ - * Copyright (C) 2021 Alexis LAURIER @@ -30,24 +29,8 @@ -if (!defined('NOCSRFCHECK')) { - define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test -} -if (!defined('NOTOKENRENEWAL')) { - define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test -} -if (!defined('NOREQUIREMENU')) { - define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu -} -if (!defined('NOREQUIREHTML')) { - define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php -} -if (!defined('NOREQUIREAJAX')) { - define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library -} -if (!defined("NOLOGIN")) { - define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) -} -if (!defined("NOSESSION")) { - define("NOSESSION", '1'); -} -if (!defined("NODEFAULTVALUES")) { - define("NODEFAULTVALUES", '1'); -} +if (!defined('NOCSRFCHECK')) define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test +if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test +if (!defined('NOREQUIREMENU')) define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu +if (!defined('NOREQUIREHTML')) define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php +if (!defined('NOREQUIREAJAX')) define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library +if (!defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is public (can be called outside logged session) +if (!defined("NOSESSION")) define("NOSESSION", '1'); + @@ -56,26 +39 @@ -if (!empty($_SERVER['HTTP_DOLAPIENTITY'])) { - define("DOLENTITY", (int) $_SERVER['HTTP_DOLAPIENTITY']); -} - -// Response for preflight requests (used by browser when into a CORS context) -if (!empty($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'OPTIONS' && !empty($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'])) { - header('Access-Control-Allow-Origin: *'); - header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); - header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY'); - http_response_code(204); - exit; -} - -// When we request url to get the json file, we accept Cross site so we can include the descriptor into an external tool. -if (preg_match('/\/explorer\/swagger\.json/', $_SERVER["PHP_SELF"])) { - header('Access-Control-Allow-Origin: *'); - header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); - header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY'); -} -// When we request url to get an API, we accept Cross site so we can make js API call inside another website -if (preg_match('/\/api\/index\.php/', $_SERVER["PHP_SELF"])) { - header('Access-Control-Allow-Origin: *'); - header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE'); - header('Access-Control-Allow-Headers: Content-Type, Authorization, api_key, DOLAPIKEY'); -} -header('X-Frame-Options: SAMEORIGIN'); +if (!empty($_SERVER['HTTP_DOLAPIENTITY'])) define("DOLENTITY", (int) $_SERVER['HTTP_DOLAPIENTITY']); @@ -85,6 +43,2 @@ -if (!$res && file_exists("../main.inc.php")) { - $res = include '../main.inc.php'; -} -if (!$res) { - die("Include of main fails"); -} +if (!$res && file_exists("../main.inc.php")) $res = include '../main.inc.php'; +if (!$res) die("Include of main fails"); @@ -95,3 +49,3 @@ - $loader = Luracast\Restler\AutoLoader::instance(); - spl_autoload_register($loader); - return $loader; + $loader = Luracast\Restler\AutoLoader::instance(); + spl_autoload_register($loader); + return $loader; @@ -107 +61 @@ - $url = $_SERVER['PHP_SELF'].(empty($_SERVER['PATH_INFO']) ? $_SERVER['ORIG_PATH_INFO'] : $_SERVER['PATH_INFO']); + $url = $_SERVER['PHP_SELF'].$_SERVER['PATH_INFO']; @@ -110 +64,2 @@ -if (getDolGlobalString('MAIN_NGINX_FIX')) { +if (!empty($conf->global->MAIN_NGINX_FIX)) +{ @@ -115,7 +70,8 @@ -if (!isModEnabled('api')) { - $langs->load("admin"); - dol_syslog("Call of Dolibarr API interfaces with module API REST are disabled"); - print $langs->trans("WarningModuleNotActive", 'Api').'.

'; - print $langs->trans("ToActivateModule"); - //session_destroy(); - exit(0); +if (empty($conf->global->MAIN_MODULE_API)) +{ + $langs->load("admin"); + dol_syslog("Call Dolibarr API interfaces with module REST disabled"); + print $langs->trans("WarningModuleNotActive", 'Api').'.

'; + print $langs->trans("ToActivateModule"); + //session_destroy(); + exit(0); @@ -125,6 +81,7 @@ -if (preg_match('/api\/index\.php\/explorer/', $url) && getDolGlobalString('API_EXPLORER_DISABLED')) { - $langs->load("admin"); - dol_syslog("Call Dolibarr API interfaces with module API REST disabled"); - print $langs->trans("WarningAPIExplorerDisabled").'.

'; - //session_destroy(); - exit(0); +if (preg_match('/api\/index\.php\/explorer/', $url) && !empty($conf->global->API_EXPLORER_DISABLED)) +{ + $langs->load("admin"); + dol_syslog("Call Dolibarr API interfaces with module REST disabled"); + print $langs->trans("WarningAPIExplorerDisabled").'.

'; + //session_destroy(); + exit(0); @@ -141 +98 @@ -// index.php/explorer/ called by swagger to build explorer page index.php/explorer/index.html +// index.php/explorer/ called by swagger to build explorer page @@ -157,7 +114,4 @@ -$refreshcache = (!getDolGlobalString('API_PRODUCTION_DO_NOT_ALWAYS_REFRESH_CACHE') ? true : false); -if (!empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || $reg[2] == '/swagger.json/root' || $reg[2] == '/resources.json' || $reg[2] == '/resources.json/root')) { - $refreshcache = true; - if (!is_writable($conf->api->dir_temp)) { - print 'Erreur temp dir api/temp not writable'; - exit(0); - } +$refreshcache = (empty($conf->global->API_PRODUCTION_DO_NOT_ALWAYS_REFRESH_CACHE) ? true : false); +if (!empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || $reg[2] == '/swagger.json/root' || $reg[2] == '/resources.json' || $reg[2] == '/resources.json/root')) +{ + $refreshcache = true; @@ -168,19 +121,0 @@ - -// If MAIN_API_DEBUG is set to 1, we save logs into file "dolibarr_api.log" -if (getDolGlobalString('MAIN_API_DEBUG')) { - $r = $api->r; - $r->onCall(function () use ($r) { - // Don't log Luracast Restler Explorer recources calls - //if (!preg_match('/^explorer/', $r->url)) { - // 'method' => $api->r->requestMethod, - // 'url' => $api->r->url, - // 'route' => $api->r->apiMethodInfo->className.'::'.$api->r->apiMethodInfo->methodName, - // 'version' => $api->r->getRequestedApiVersion(), - // 'data' => $api->r->getRequestData(), - //dol_syslog("Debug API input ".var_export($r, true), LOG_DEBUG, 0, '_api'); - dol_syslog("Debug API url ".var_export($r->url, true), LOG_DEBUG, 0, '_api'); - dol_syslog("Debug API input ".var_export($r->getRequestData(), true), LOG_DEBUG, 0, '_api'); - //} - }); -} - @@ -200,2 +135,3 @@ -if (getDolGlobalString('API_RESTRICT_ON_IP')) { - $allowedip = explode(' ', getDolGlobalString('API_RESTRICT_ON_IP')); +if (!empty($conf->global->API_RESTRICT_ON_IP)) +{ + $allowedip = explode(' ', $conf->global->API_RESTRICT_ON_IP); @@ -203,2 +139,3 @@ - if (!in_array($ipremote, $allowedip)) { - dol_syslog('Remote ip is '.$ipremote.', not into list ' . getDolGlobalString('API_RESTRICT_ON_IP')); + if (!in_array($ipremote, $allowedip)) + { + dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->API_RESTRICT_ON_IP); @@ -214,86 +151,84 @@ -if (!empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || $reg[2] == '/swagger.json/root' || $reg[2] == '/resources.json' || $reg[2] == '/resources.json/root')) { - // Scan all API files to load them - - $listofapis = array(); - - $modulesdir = dolGetModulesDirs(); - foreach ($modulesdir as $dir) { - // Search available module - dol_syslog("Scan directory ".$dir." for module descriptor files, then search for API files"); - - $handle = @opendir(dol_osencode($dir)); - if (is_resource($handle)) { - while (($file = readdir($handle)) !== false) { - $regmod = array(); - if (is_readable($dir.$file) && preg_match("/^mod(.*)\.class\.php$/i", $file, $regmod)) { - $module = strtolower($regmod[1]); - $moduledirforclass = getModuleDirForApiClass($module); - $modulenameforenabled = $module; - if ($module == 'propale') { - $modulenameforenabled = 'propal'; - } - if ($module == 'supplierproposal') { - $modulenameforenabled = 'supplier_proposal'; - } - if ($module == 'ficheinter') { - $modulenameforenabled = 'ficheinter'; - } - - dol_syslog("Found module file ".$file." - module=".$module." - modulenameforenabled=".$modulenameforenabled." - moduledirforclass=".$moduledirforclass); - - // Defined if module is enabled - $enabled = true; - if (!isModEnabled($modulenameforenabled)) { - $enabled = false; - } - - if ($enabled) { - // If exists, load the API class for enable module - // Search files named api_.class.php into /htdocs//class directory - // @todo : use getElementProperties() function ? - $dir_part = dol_buildpath('/'.$moduledirforclass.'/class/'); - - $handle_part = @opendir(dol_osencode($dir_part)); - if (is_resource($handle_part)) { - while (($file_searched = readdir($handle_part)) !== false) { - if ($file_searched == 'api_access.class.php') { - continue; - } - - //$conf->global->MAIN_MODULE_API_LOGIN_DISABLED = 1; - if ($file_searched == 'api_login.class.php' && getDolGlobalString('MAIN_MODULE_API_LOGIN_DISABLED')) { - continue; - } - - //dol_syslog("We scan to search api file with into ".$dir_part.$file_searched); - - $regapi = array(); - if (is_readable($dir_part.$file_searched) && preg_match("/^api_(.*)\.class\.php$/i", $file_searched, $regapi)) { - $classname = ucwords($regapi[1]); - $classname = str_replace('_', '', $classname); - require_once $dir_part.$file_searched; - if (class_exists($classname.'Api')) { - //dol_syslog("Found API by index.php: classname=".$classname."Api for module ".$dir." into ".$dir_part.$file_searched); - $listofapis[strtolower($classname.'Api')] = $classname.'Api'; - } elseif (class_exists($classname)) { - //dol_syslog("Found API by index.php: classname=".$classname." for module ".$dir." into ".$dir_part.$file_searched); - $listofapis[strtolower($classname)] = $classname; - } else { - dol_syslog("We found an api_xxx file (".$file_searched.") but class ".$classname." does not exists after loading file", LOG_WARNING); - } - } - } - } - } - } - } - } - } - - // Sort the classes before adding them to Restler. - // The Restler API Explorer shows the classes in the order they are added and it's a mess if they are not sorted. - asort($listofapis); - foreach ($listofapis as $apiname => $classname) { - $api->r->addAPIClass($classname, $apiname); - } - //var_dump($api->r); +if (!empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || $reg[2] == '/swagger.json/root' || $reg[2] == '/resources.json' || $reg[2] == '/resources.json/root')) +{ + // Scan all API files to load them + + $listofapis = array(); + + $modulesdir = dolGetModulesDirs(); + foreach ($modulesdir as $dir) + { + // Search available module + dol_syslog("Scan directory ".$dir." for module descriptor files, then search for API files"); + + $handle = @opendir(dol_osencode($dir)); + if (is_resource($handle)) + { + while (($file = readdir($handle)) !== false) + { + $regmod = array(); + if (is_readable($dir.$file) && preg_match("/^mod(.*)\.class\.php$/i", $file, $regmod)) + { + $module = strtolower($regmod[1]); + $moduledirforclass = getModuleDirForApiClass($module); + $modulenameforenabled = $module; + if ($module == 'propale') { $modulenameforenabled = 'propal'; } + if ($module == 'supplierproposal') { $modulenameforenabled = 'supplier_proposal'; } + if ($module == 'ficheinter') { $modulenameforenabled = 'ficheinter'; } + + dol_syslog("Found module file ".$file." - module=".$module." - modulenameforenabled=".$modulenameforenabled." - moduledirforclass=".$moduledirforclass); + + // Defined if module is enabled + $enabled = true; + if (empty($conf->$modulenameforenabled->enabled)) $enabled = false; + + if ($enabled) + { + // If exists, load the API class for enable module + // Search files named api_.class.php into /htdocs//class directory + // @todo : use getElementProperties() function ? + $dir_part = dol_buildpath('/'.$moduledirforclass.'/class/'); + + $handle_part = @opendir(dol_osencode($dir_part)); + if (is_resource($handle_part)) + { + while (($file_searched = readdir($handle_part)) !== false) + { + if ($file_searched == 'api_access.class.php') continue; + + $regapi = array(); + if (is_readable($dir_part.$file_searched) && preg_match("/^api_(.*)\.class\.php$/i", $file_searched, $regapi)) + { + $classname = ucwords($regapi[1]); + $classname = str_replace('_', '', $classname); + require_once $dir_part.$file_searched; + if (class_exists($classname.'Api')) + { + //dol_syslog("Found API by index.php: classname=".$classname."Api for module ".$dir." into ".$dir_part.$file_searched); + $listofapis[strtolower($classname.'Api')] = $classname.'Api'; + } + elseif (class_exists($classname)) + { + //dol_syslog("Found API by index.php: classname=".$classname." for module ".$dir." into ".$dir_part.$file_searched); + $listofapis[strtolower($classname)] = $classname; + } + else + { + dol_syslog("We found an api_xxx file (".$file_searched.") but class ".$classname." does not exists after loading file", LOG_WARNING); + } + } + } + } + } + } + } + } + } + + // Sort the classes before adding them to Restler. + // The Restler API Explorer shows the classes in the order they are added and it's a mess if they are not sorted. + asort($listofapis); + foreach ($listofapis as $apiname => $classname) + { + $api->r->addAPIClass($classname, $apiname); + } + //var_dump($api->r); @@ -304,14 +239,16 @@ -if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' && $reg[2] != '/resources.json' && preg_match('/^\/(swagger|resources)\.json\/(.+)$/', $reg[2], $regbis) && $regbis[2] != 'root'))) { - $moduleobject = $reg[1]; - if ($moduleobject == 'explorer') { // If we call page to explore details of a service - $moduleobject = $regbis[2]; - } - - $moduleobject = strtolower($moduleobject); - $moduledirforclass = getModuleDirForApiClass($moduleobject); - - // Load a dedicated API file - dol_syslog("Load a dedicated API file moduleobject=".$moduleobject." moduledirforclass=".$moduledirforclass); - - $tmpmodule = $moduleobject; - if ($tmpmodule != 'api') { +if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' && $reg[2] != '/resources.json' && preg_match('/^\/(swagger|resources)\.json\/(.+)$/', $reg[2], $regbis) && $regbis[2] != 'root'))) +{ + $moduleobject = $reg[1]; + if ($moduleobject == 'explorer') // If we call page to explore details of a service + { + $moduleobject = $regbis[2]; + } + + $moduleobject = strtolower($moduleobject); + $moduledirforclass = getModuleDirForApiClass($moduleobject); + + // Load a dedicated API file + dol_syslog("Load a dedicated API file moduleobject=".$moduleobject." moduledirforclass=".$moduledirforclass); + + $tmpmodule = $moduleobject; + if ($tmpmodule != 'api') @@ -319 +255,0 @@ - } @@ -321,3 +257 @@ - - // Special cases that does not match name rules conventions - if ($moduleobject == 'supplierproposals') { + if ($module == 'supplierproposals') @@ -325,2 +259 @@ - } - if ($moduleobject == 'supplierorders') { + if ($module == 'supplierorders') @@ -328,2 +261 @@ - } - if ($moduleobject == 'supplierinvoices') { + if ($module == 'supplierinvoices') @@ -331,2 +263 @@ - } - if ($moduleobject == 'ficheinter') { + if ($module == 'ficheinter') @@ -334,2 +265 @@ - } - if ($moduleobject == 'interventions') { + if ($module == 'interventions') @@ -337 +266,0 @@ - } @@ -343,24 +272 @@ - // Test rules on endpoints. For example: - // $conf->global->API_ENDPOINT_RULES = 'endpoint1:1,endpoint2:1,...' - if (getDolGlobalString('API_ENDPOINT_RULES')) { - $listofendpoints = explode(',', getDolGlobalString('API_ENDPOINT_RULES')); - $endpointisallowed = false; - - foreach ($listofendpoints as $endpointrule) { - $tmparray = explode(':', $endpointrule); - if (($classfile == $tmparray[0] || $classfile.'api' == $tmparray[0]) && $tmparray[1] == 1) { - $endpointisallowed = true; - break; - } - } - - if (! $endpointisallowed) { - dol_syslog('The API with endpoint /'.$classfile.' is forbidden by config API_ENDPOINT_RULES', LOG_WARNING); - print 'The API with endpoint /'.$classfile.' is forbidden by config API_ENDPOINT_RULES'; - header('HTTP/1.1 501 API is forbidden by API_ENDPOINT_RULES'); - //session_destroy(); - exit(0); - } - } - - dol_syslog('Search api file /'.$moduledirforclass.'/class/api_'.$classfile.'.class.php => dir_part_file='.$dir_part_file.', classname='.$classname); + dol_syslog('Search api file /'.$moduledirforclass.'/class/api_'.$classfile.'.class.php => dir_part_file='.$dir_part_file.' classname='.$classname); @@ -369 +275 @@ - if ($dir_part_file) { + if ($dir_part_file) @@ -371 +276,0 @@ - } @@ -373 +278 @@ - dol_syslog('Failed to make include_once '.$dir_part_file, LOG_WARNING); + dol_syslog('Failed to make include_once '.$dir_part_file, LOG_WARNING); @@ -380 +285 @@ - if (class_exists($classname)) { + if (class_exists($classname)) @@ -382 +286,0 @@ - } @@ -389,23 +292,0 @@ -// We do not want that restler outputs data if we use native compression (default behaviour) but we want to have it returned into a string. -// If API_DISABLE_COMPRESSION is set, returnResponse is false => It use default handling so output result directly. -$usecompression = (!getDolGlobalString('API_DISABLE_COMPRESSION') && !empty($_SERVER['HTTP_ACCEPT_ENCODING'])); -$foundonealgorithm = 0; -if ($usecompression) { - if (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'br') !== false && function_exists('brotli_compress')) { - $foundonealgorithm++; - } - if (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'bz') !== false && function_exists('bzcompress')) { - $foundonealgorithm++; - } - if (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false && function_exists('gzencode')) { - $foundonealgorithm++; - } - if (!$foundonealgorithm) { - $usecompression = false; - } -} - -//dol_syslog('We found some compression algoithm: '.$foundonealgorithm.' -> usecompression='.$usecompression, LOG_DEBUG); - -Luracast\Restler\Defaults::$returnResponse = $usecompression; - @@ -414,22 +295,5 @@ -$result = $api->r->handle(); - -if (Luracast\Restler\Defaults::$returnResponse) { - // We try to compress the data received data - if (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'br') !== false && function_exists('brotli_compress') && defined('BROTLI_TEXT')) { - header('Content-Encoding: br'); - $result = brotli_compress($result, 11, constant('BROTLI_TEXT')); - } elseif (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'bz') !== false && function_exists('bzcompress')) { - header('Content-Encoding: bz'); - $result = bzcompress($result, 9); - } elseif (strpos($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') !== false && function_exists('gzencode')) { - header('Content-Encoding: gzip'); - $result = gzencode($result, 9); - } else { - header('Content-Encoding: text/html'); - print "No compression method found. Try to disable compression by adding API_DISABLE_COMPRESSION=1"; - exit(0); - } - - // Restler did not output data yet, we return it now - echo $result; -} + +//Luracast\Restler\Defaults::$returnResponse = true; +//print $api->r->handle(); + +$api->r->handle();