Fixes + ApiKeys

.htaccess

@@ -3,3 +3,4 @@ Options -Indexes
 
 RewriteEngine On
 RewriteRule ^api/(.*)?$ index.php?api=$1&$2 [L,QSA]
+RewriteRule ^(?!((js|css|img|fonts|api)($|\/)))(.*)?$ index.php?site=$1&$2 [L,QSA]

core/Api/CreateApiKey.class.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace Api;
+
+class CreateApiKey extends Request {
+
+  public function __construct($user, $externCall = false) {
+    parent::__construct($user, $externCall, array());
+    $this->apiKeyAllowed = false;
+    $this->loginRequired = true;
+  }
+
+  public function execute($values = array()) {
+
+    if(!parent::execute($values)) {
+      return false;
+    }
+
+    $apiKey = generateRandomString(64);
+    $query = "INSERT INTO ApiKey (uidUser, api_key, valid_until) VALUES (?,?,(SELECT DATE_ADD(now(), INTERVAL 30 DAY)))";
+    $request = new ExecuteStatement($this->user);
+    $this->success = $request->execute(array("query" => $query, $this->user->getId(), $apiKey));
+    $this->lastError = $request->getLastError();
+    $this->result["api_key"] = $apiKey;
+    $this->result["valid_until"] = "TODO";
+    $this->result["uid"] = $this->user->getSQL()->getLastInsertId();
+    return $this->success;
+  }
+};
+
+?>

core/Api/External/RequestData.class.php

@@ -0,0 +1,82 @@
+<?php
+
+namespace Api\External;
+use \Api\Parameter\Parameter;
+use \Api\Parameter\StringType;
+
+class RequestData extends \Api\Request {
+
+  public function __construct($user, $externCall = false) {
+    parent::__construct($user, $externCall, array(
+      "url" => new StringType("url", 256)
+    ));
+    $this->isPublic = false;
+  }
+
+  private function requestURL() {
+    $url = $this->getParam("url");
+
+    $ckfile = tempnam("/tmp", 'cookiename');
+    $ch = curl_init();
+    curl_setopt($ch, CURLOPT_URL, $url);
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+    // curl_setopt($ch, CURLOPT_HEADER, 1);
+    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+    curl_setopt($ch, CURLOPT_COOKIESESSION, true);
+    curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
+    curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
+    $data = curl_exec($ch);
+    $statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
+
+    $success = false;
+    if(curl_errno($ch)) {
+      $this->lastError = curl_error($ch);
+    } else if($statusCode != 200) {
+      $this->lastError = "External Site returned status code: " . $statusCode;
+    } else {
+      $this->result["data"] = $data;
+      $this->result["cached"] = false;
+      $success = true;
+    }
+
+    unlink($ckfile);
+    curl_close ($ch);
+    return $success;
+  }
+
+  public function execute($values = array()) {
+    if(!parent::execute($values)) {
+      return false;
+    }
+
+    $url = $this->getParam("url");
+    $expires = $this->getParam("expires");
+
+    $query = "SELECT data, expires FROM ExternalSiteCache WHERE url=?";
+    $req = new \Api\ExecuteSelect($this->user);
+    $this->success = $req->execute(array("query" => $query, $url));
+    $this->lastError = $req->getLastError();
+
+    if($this->success) {
+      $mustRevalidate = true;
+
+      if(!empty($req->getResult()['rows'])) {
+        $row = $req->getResult()['rows'][0];
+        if($row["expires"] == null || !isinPast($row["expires"])) {
+          $mustRevalidate = false;
+          $this->result["data"] = $row["data"];
+          $this->result["expires"] = $row["expires"];
+          $this->result["cached"] = true;
+        }
+      }
+
+      if($mustRevalidate) {
+        $this->success = $this->requestURL();
+      }
+    }
+
+    return $this->success;
+  }
+};
+
+?>

core/Api/External/WriteData.class.php

@@ -0,0 +1,44 @@
+<?php
+
+namespace Api\External;
+use Api\Parameter\Parameter;
+use Api\Parameter\StringType;
+
+class WriteData extends \Api\Request {
+
+  public function __construct($user, $externCall = false) {
+    parent::__construct($user, $externCall, array(
+      "url" => new StringType("url", 256),
+      "data" => new StringType("data", -1),
+      "expires" => new Parameter("expires", Parameter::TYPE_INT, false, 0),
+    ));
+    $this->isPublic = false;
+  }
+
+  public function execute($values = array()) {
+    if(!parent::execute($values)) {
+      return false;
+    }
+
+    $url = $this->getParam("url");
+    $data = $this->getParam("data");
+    $expires = $this->getParam("expires");
+
+    if($expires > 0) {
+      $expires = getDateTime(new \DateTime("+${expires} seconds"));
+    } else {
+      $expires = null;
+    }
+
+    $query = "INSERT INTO ExternalSiteCache (url, data, expires) VALUES(?,?,?)
+      ON DUPLICATE KEY UPDATE data=?, expires=?";
+
+    $request = new \Api\ExecuteStatement($this->user);
+    $this->success = $request->execute(array("query" => $query, $url, $data, $expires, $data, $expires));
+    $this->lastError = $request->getLastError();
+
+    return $this->lastError;
+  }
+}
+
+?>

core/Api/GetApiKeys.class.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace Api;
+
+class GetApiKeys extends Request {
+
+  public function __construct($user, $externCall = false) {
+    parent::__construct($user, $externCall, array());
+    $this->loginRequired = true;
+  }
+
+  public function execute($values = array()) {
+    if(!parent::execute($values)) {
+      return false;
+    }
+
+    $query = "SELECT ApiKey.uid, ApiKey.api_key, ApiKey.valid_until
+              FROM ApiKey
+              WHERE ApiKey.uidUser = ?
+              AND ApiKey.valid_until > now()";
+    $request = new ExecuteSelect($this->user);
+    $this->success = $request->execute(array("query" => $query, $this->user->getId()));
+    $this->lastError = $request->getLastError();
+
+    if($this->success) {
+      $this->result["api_keys"] = $request->getResult()['rows'];
+    }
+
+    return $this->success;
+  }
+};
+
+?>

core/Api/RefreshApiKey.class.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Api;
+use \Api\Parameter\Parameter;
+
+class RefreshApiKey extends Request {
+
+  public function __construct($user, $externCall = false) {
+    parent::__construct($user, $externCall, array(
+      "id" => new Parameter("id", Parameter::TYPE_INT),
+    ));
+    $this->loginRequired = true;
+  }
+
+  private function apiKeyExists() {
+    $id = $this->getParam("id");
+    $query = "SELECT * FROM ApiKey WHERE uid = ? AND uidUser = ? AND valid_until > now()";
+    $request = new ExecuteSelect($this->user);
+    $this->success = $request->execute(array("query" => $query, $id, $this->user->getId()));
+    $this->lastError = $request->getLastError();
+
+    if($this->success && count($request->getResult()['rows']) == 0) {
+      $this->success = false;
+      $this->lastError = "This API-Key does not exist.";
+    }
+
+    return $this->success;
+  }
+
+  public function execute($values = array()) {
+    if(!parent::execute($values)) {
+      return false;
+    }
+
+    $id = $this->getParam("id");
+    if(!$this->apiKeyExists())
+      return false;
+
+    $query = "UPDATE ApiKey SET valid_until = (SELECT DATE_ADD(now(), INTERVAL 30 DAY)) WHERE uid = ? AND uidUser = ? AND valid_until > now()";
+    $request = new ExecuteStatement($this->user);
+    $this->success = $request->execute(array("query" => $query, $id, $this->user->getId()));
+    $this->lastError = $request->getLastError();
+
+    return $this->success;
+  }
+};
+
+?>

core/Api/RevokeApiKey.class.php

@@ -0,0 +1,48 @@
+<?php
+
+namespace Api;
+use \Api\Parameter\Parameter;
+
+class RevokeApiKey extends Request {
+
+  public function __construct($user, $externCall = false) {
+    parent::__construct($user, $externCall, array(
+      "id" => new Parameter("id", Parameter::TYPE_INT),
+    ));
+    $this->loginRequired = true;
+  }
+
+  private function apiKeyExists() {
+    $id = $this->getParam("id");
+    $query = "SELECT * FROM ApiKey WHERE uid = ? AND uidUser = ? AND valid_until > now()";
+    $request = new ExecuteSelect($this->user);
+    $this->success = $request->execute(array("query" => $query, $id, $this->user->getId()));
+    $this->lastError = $request->getLastError();
+
+    if($this->success && count($request->getResult()['rows']) == 0) {
+      $this->success = false;
+      $this->lastError = "This API-Key does not exist.";
+    }
+
+    return $this->success;
+  }
+
+  public function execute($aValues = array()) {
+    if(!parent::execute($aValues)) {
+      return false;
+    }
+
+    $id = $this->getParam("id");
+    if(!$this->apiKeyExists())
+      return false;
+
+    $query = "DELETE FROM ApiKey WHERE valid_until < now() OR (uid = ? AND uidUser = ?)";
+    $request = new ExecuteStatement($this->user);
+    $this->success = $request->execute(array("query" => $query, $id, $this->user->getId()));
+    $this->lastError = $request->getLastError();
+
+    return $this->success;
+  }
+};
+
+?>

core/Api/SendMail.class.php

@@ -0,0 +1,58 @@
+<?php
+
+namespace Api;
+use Api\Parameter\Parameter;
+use Api\Parameter\StringType;
+
+class SendMail extends Request {
+
+  public function __construct($user, $externCall = false) {
+    parent::__construct($user, $externCall, array(
+      'from' => new Parameter('from', Parameter::TYPE_EMAIL),
+      'to' => new Parameter('to', Parameter::TYPE_EMAIL),
+      'subject'  => new StringType('subject', -1),
+      'body' => new StringType('body', -1),
+      'fromName' => new StringType('fromName', -1, true, ''),
+      'replyTo' => new Parameter('to', Parameter::TYPE_EMAIL, true, ''),
+    ));
+    $this->isPublic = false;
+  }
+
+  public function execute($values = array()) {
+    if(!parent::execute($values)) {
+      return false;
+    }
+
+    $mailData = getMailData();
+    $mail = new \External\PHPMailer\PHPMailer;
+    $mail->IsSMTP();
+    $mail->setFrom($this->getParam('from'), $this->getParam('fromName'));
+    $mail->addAddress($this->getParam('to'));
+    $mail->Subject = $this->getParam('subject');
+    $mail->SMTPDebug = 0;
+    $mail->Host = $mailData->getHost();
+    $mail->Port = $mailData->getPort();
+    $mail->SMTPAuth = true;
+    $mail->Username = $mailData->getLogin();
+    $mail->Password = $mailData->getPassword();
+    $mail->SMTPSecure = 'tls';
+    $mail->IsHTML(true);
+    $mail->CharSet = 'UTF-8';
+    $mail->Body = $this->getParam('body');
+
+    $replyTo = $this->getParam('replyTo');
+    if(!is_null($replyTo) && !empty($replyTo)) {
+      $mail->AddReplyTo($replyTo, $this->getParam('fromName'));
+    }
+
+    $this->success = @$mail->Send();
+    if (!$this->success) {
+      $this->lastError = 'Error sending Mail: ' . $mail->ErrorInfo;
+      error_log("sendMail() failed: " . $mail->ErrorInfo);
+    }
+
+    return $this->success;
+  }
+};
+
+?>

core/Documents/Install.class.php

@@ -685,13 +685,13 @@ namespace Documents\Install {
         die(json_encode($response));
       }
 
-      if($this->currentStep == self::CHECKING_REQUIRMENTS) {
+      /*if($this->currentStep == self::CHECKING_REQUIRMENTS) {
         $this->getDocument()->getHead()->addJSCode("
           $(document).ready(function() {
             retry();
           });
         ");
-      }
+      }*/
 
       $progressSidebar = $this->createProgressSidebar();
       $progressMainview = $this->createProgessMainview();

core/Views/Login.class.php

@@ -43,7 +43,7 @@ class Login extends \View {
             <div class=\"alert alert-danger hidden\" role=\"alert\" id=\"loginError\"></div>
           </form>
           <span class=\"subtitle flags-container\"><span class=\"flags\">$flags</span></span>
-          <span class=\"subtitle\"><a class=\"link\" href=\"$protocol://$domain\">$iconBack$backToStartPage</a></span>
+          <span class=\"subtitle\"><a class=\"link\" href=\"$protocol://$domain\">$iconBack&nbsp;$backToStartPage</a></span>
           $accountCreated
         </div>
       </div>";

core/core.php

@@ -25,7 +25,7 @@
   }
 
   function getProtocol() {
-    return stripos($_SERVER['SERVER_PROTOCOL'],'https') === 0 ? 'https://' : 'http://';
+    return stripos($_SERVER['SERVER_PROTOCOL'],'https') === 0 ? 'https' : 'http';
   }
 
   function includeDir($dir, $aIgnore = array(), $recursive = false) {

index.php

@@ -41,14 +41,19 @@ if(isset($_GET["api"]) && is_string($_GET["api"])) {
       header("403 Forbidden");
       $response = "";
     } else if(!preg_match("/[a-zA-Z]+(\/[a-zA-Z]+)*/", $apiFunction)) {
+      header("400 Bad Request");
       $response = createError("Invalid Method");
     } else {
       $apiFunction = strtoupper($apiFunction[0]) . substr($apiFunction, 1);
+      $apiFunction = str_replace("/", "\\", $apiFunction);
       $class = "\\Api\\$apiFunction";
       $file = getClassPath($class);
       if(!file_exists($file)) {
         header("404 Not Found");
         $response = createError("Not found");
+      } else if(!is_subclass_of($class, \Api\Request::class)) {
+        header("400 Bad Request");
+        $response = createError("Inalid Method");
       } else {
         $request = new $class($user, true);
         $success = $request->execute();