mirror of
https://github.com/VTECRM/vtenext.git
synced 2026-02-26 16:18:47 +00:00
153 lines
4.5 KiB
PHP
153 lines
4.5 KiB
PHP
<?php
|
|
/*************************************
|
|
* SPDX-FileCopyrightText: 2009-2020 Vtenext S.r.l. <info@vtenext.com>
|
|
* SPDX-License-Identifier: AGPL-3.0-only
|
|
************************************/
|
|
/* crmv@170283 crmv@255566 crmv@203130 */
|
|
|
|
require('../../config.inc.php');
|
|
chdir($root_directory);
|
|
|
|
// crmv@246249
|
|
require_once('include/MaintenanceMode.php');
|
|
if (MaintenanceMode::check()) {
|
|
MaintenanceMode::displayRestApi();
|
|
exit();
|
|
}
|
|
// crmv@246249e
|
|
|
|
require_once('include/utils/utils.php');
|
|
SDK::getUtils();
|
|
|
|
$allowHeaders = ['Authorization', 'Content-Type']; // crmv@341216
|
|
|
|
$VP = VTEProperties::getInstance();
|
|
if ($VP->get('performance.app_debug')) {
|
|
$allowHeaders = array_merge($allowHeaders, [
|
|
'Touch-Session-Id', 'Touch-Check-Time',
|
|
'Touch-Version-Id', 'X-App-Package',
|
|
'X-App-Version', 'X-Otp',
|
|
]);
|
|
}
|
|
|
|
header("Access-Control-Allow-Headers: " . implode(', ', $allowHeaders));
|
|
header("Access-Control-Allow-Credentials: true"); // crmv@341216
|
|
header("Access-Control-Allow-Methods: POST, OPTIONS"); // GET
|
|
header("Access-Control-Allow-Origin: *");
|
|
|
|
// crmv@341219
|
|
header("X-Frame-Options: DENY"); // REST API are not frame-able by default
|
|
header("X-Content-Type-Options: nosniff");
|
|
header("Content-Security-Policy: frame-ancestors 'none'");
|
|
// crmv@341219e
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') die();
|
|
|
|
$contentType = '';
|
|
if (function_exists('getallheaders')) {
|
|
$http_headers = getallheaders();
|
|
foreach($http_headers as $h => $v) {
|
|
if (strtolower($h) == 'content-type') {
|
|
list($contentType,) = array_map('trim', explode(";", $v));
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
//crmv@185658
|
|
elseif(PHP_SAPI == 'fpm-fcgi' && !function_exists('getallheaders')){
|
|
function getallheaders(){
|
|
$headers = array();
|
|
$copy_server = array(
|
|
'CONTENT_TYPE' => 'Content-Type',
|
|
'CONTENT_LENGTH' => 'Content-Length',
|
|
'CONTENT_MD5' => 'Content-Md5',
|
|
);
|
|
foreach ($_SERVER as $key => $value) {
|
|
if (substr($key, 0, 5) === 'HTTP_') {
|
|
$key = substr($key, 5);
|
|
if (!isset($copy_server[$key]) || !isset($_SERVER[$key])) {
|
|
$key = str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', $key))));
|
|
$headers[$key] = $value;
|
|
}
|
|
} elseif (isset($copy_server[$key])) {
|
|
$headers[$copy_server[$key]] = $value;
|
|
}
|
|
}
|
|
if (!isset($headers['Authorization'])) {
|
|
if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
|
|
$headers['Authorization'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
|
|
} elseif (isset($_SERVER['PHP_AUTH_USER'])) {
|
|
$basic_pass = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : '';
|
|
$headers['Authorization'] = 'Basic ' . base64_encode($_SERVER['PHP_AUTH_USER'] . ':' . $basic_pass);
|
|
} elseif (isset($_SERVER['PHP_AUTH_DIGEST'])) {
|
|
$headers['Authorization'] = $_SERVER['PHP_AUTH_DIGEST'];
|
|
}
|
|
}
|
|
return $headers;
|
|
}
|
|
|
|
$http_headers = getallheaders();
|
|
foreach($http_headers as $h => $v) {
|
|
if (strtolower($h) == 'content-type') {
|
|
$contentType = strtolower($v);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
//crmv@185658e
|
|
if ($contentType == 'application/json') {
|
|
$_REQUEST = $_POST = Zend_Json::decode(file_get_contents('php://input'));
|
|
}
|
|
|
|
require_once('include/RestApi/Server.php');
|
|
require_once('include/RestApi/Client.php');
|
|
require_once('include/RestApi/InternalClient.php');
|
|
use RestService\Server;
|
|
|
|
require_once('include/RestApi/v1/VTERestApi.php');
|
|
$restApi = VTERestApi::getInstance();
|
|
|
|
|
|
// crmv@341217
|
|
global $adb, $root_directory;
|
|
/** @var PearDatabase $adb */
|
|
|
|
// must be always set to false, otherwise sensitive stack traces with vte path will be returned
|
|
$adb->setDieOnError(false);
|
|
|
|
// must be always set to false, otherwise uncaught errors will generate sensitive messages with the sql query and database info
|
|
$adb->setExceptOnError(false);
|
|
|
|
// this will also catch fatal errors and parse errors, also avoiding xdebug pages
|
|
try {
|
|
$server = Server::create('/vtews', $restApi);
|
|
// $server->setDebugMode(true); // prints the debug trace, line number and file if a exception has been thrown.
|
|
|
|
$methods = $restApi->getMethods();
|
|
if (!empty($methods)) {
|
|
foreach($methods as $row) {
|
|
$server->addPostRoute($row['rest_name'],$row['rest_name']);
|
|
}
|
|
}
|
|
$server->run();
|
|
|
|
} catch (\Error $e) {
|
|
$strip = function($x) use (&$root_directory) { return str_replace($root_directory, '', $x); };
|
|
$err = [
|
|
'success' => false,
|
|
'error' => $e->getCode(),
|
|
'message' => $e->getMessage(),
|
|
'file' => $strip($e->getFile()),
|
|
// 'trace' => array_map($strip, $e->getTrace()),
|
|
];
|
|
|
|
if (!$server) {
|
|
header("Content-Type: application/json; charset=UTF-8", true, 500);
|
|
echo Zend_Json::encode($err);
|
|
return;
|
|
}
|
|
|
|
$server->getClient()->sendResponse('500', $err);
|
|
}
|
|
// crmv@341217e
|