Etusivu Tutki Apua
Kirjaudu sisään
iProspective
/
dolibarr
3
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: b41ac00b98
Branchit Tagit
dolibarr
/
htdocs
/
api
/
index.php

index.php 12 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287 
  1. <?php
    2. 

  2. /* Copyright (C) 2015	Jean-François Ferry		<jfefe@aternatik.fr>
    3. 

  3.  * Copyright (C) 2016	Laurent Destailleur		<eldy@users.sourceforge.net>
    4. 

  4.  * Copyright (C) 2017	Regis Houssin			<regis.houssin@inodbox.com>
    5. 

  5.  *
    6. 

  6.  * This program is free software; you can redistribute it and/or modify
    7. 

  7.  * it under the terms of the GNU General Public License as published by
    8. 

  8.  * the Free Software Foundation; either version 3 of the License, or
    9. 

  9.  * (at your option) any later version.
    10. 

  10.  *
    11. 

  11.  * This program is distributed in the hope that it will be useful,
    12. 

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14. 

  14.  * GNU General Public License for more details.
    15. 

  15.  *
    16. 

  16.  * You should have received a copy of the GNU General Public License
    17. 

  17.  * along with this program. If not, see <https://www.gnu.org/licenses/>.
    18. 

  18.  */
    19. 

  19. 

  20. /**
    21. 

  21.  * 	\defgroup   api     Module DolibarrApi
    22. 

  22.  *  \brief      API loader
    23. 

  23.  *				Search files htdocs/<module>/class/api_<module>.class.php
    24. 

  24.  *  \file       htdocs/api/index.php
    25. 

  25.  */
    26. 

  26. 

  27. use Luracast\Restler\Format\UploadFormat;
    28. 

  28. 

  29. if (!defined('NOCSRFCHECK'))    define('NOCSRFCHECK', '1'); // Do not check anti CSRF attack test
    30. 

  30. if (!defined('NOTOKENRENEWAL')) define('NOTOKENRENEWAL', '1'); // Do not check anti POST attack test
    31. 

  31. if (!defined('NOREQUIREMENU'))  define('NOREQUIREMENU', '1'); // If there is no need to load and show top and left menu
    32. 

  32. if (!defined('NOREQUIREHTML'))  define('NOREQUIREHTML', '1'); // If we don't need to load the html.form.class.php
    33. 

  33. if (!defined('NOREQUIREAJAX'))  define('NOREQUIREAJAX', '1'); // Do not load ajax.lib.php library
    34. 

  34. if (!defined("NOLOGIN"))        define("NOLOGIN", '1'); // If this page is public (can be called outside logged session)
    35. 

  35. 

  36. 

  37. // Force entity if a value is provided into HTTP header. Otherwise, will use the entity of user of token used.
    38. 

  38. if (!empty($_SERVER['HTTP_DOLAPIENTITY'])) define("DOLENTITY", (int) $_SERVER['HTTP_DOLAPIENTITY']);
    39. 

  39. 

  40. 

  41. $res = 0;
    42. 

  42. if (!$res && file_exists("../main.inc.php")) $res = include '../main.inc.php';
    43. 

  43. if (!$res) die("Include of main fails");
    44. 

  44. 

  45. require_once DOL_DOCUMENT_ROOT.'/includes/restler/framework/Luracast/Restler/AutoLoader.php';
    46. 

  46. 

  47. call_user_func(function () {
    48. 

  48.     $loader = Luracast\Restler\AutoLoader::instance();
    49. 

  49.     spl_autoload_register($loader);
    50. 

  50.     return $loader;
    51. 

  51. });
    52. 

  52. 

  53. require_once DOL_DOCUMENT_ROOT.'/api/class/api.class.php';
    54. 

  54. require_once DOL_DOCUMENT_ROOT.'/api/class/api_access.class.php';
    55. 

  55. require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
    56. 

  56. 

  57. 

  58. $url = $_SERVER['PHP_SELF'];
    59. 

  59. if (preg_match('/api\/index\.php$/', $url)) {	// sometimes $_SERVER['PHP_SELF'] is 'api\/index\.php' instead of 'api\/index\.php/explorer.php' or 'api\/index\.php/method'
    60. 

  60. 	$url = $_SERVER['PHP_SELF'].$_SERVER['PATH_INFO'];
    61. 

  61. }
    62. 

  62. // Fix for some NGINX setups (this should not be required even with NGINX, however setup of NGINX are often mysterious and this may help is such cases)
    63. 

  63. if (!empty($conf->global->MAIN_NGINX_FIX))
    64. 

  64. {
    65. 

  65. 	$url = (isset($_SERVER['SCRIPT_URI']) && $_SERVER["SCRIPT_URI"] !== null) ? $_SERVER["SCRIPT_URI"] : $_SERVER['PHP_SELF'];
    66. 

  66. }
    67. 

  67. 

  68. // Enable and test if module Api is enabled
    69. 

  69. if (empty($conf->global->MAIN_MODULE_API))
    70. 

  70. {
    71. 

  71.     $langs->load("admin");
    72. 

  72.     dol_syslog("Call Dolibarr API interfaces with module REST disabled");
    73. 

  73.     print $langs->trans("WarningModuleNotActive", 'Api').'.<br><br>';
    74. 

  74.     print $langs->trans("ToActivateModule");
    75. 

  75.     exit;
    76. 

  76. }
    77. 

  77. 

  78. // Test if explorer is not disabled
    79. 

  79. if (preg_match('/api\/index\.php\/explorer/', $url) && !empty($conf->global->API_EXPLORER_DISABLED))
    80. 

  80. {
    81. 

  81.     $langs->load("admin");
    82. 

  82.     dol_syslog("Call Dolibarr API interfaces with module REST disabled");
    83. 

  83.     print $langs->trans("WarningAPIExplorerDisabled").'.<br><br>';
    84. 

  84.     exit;
    85. 

  85. }
    86. 

  86. 

  87. 

  88. // This 2 lines are usefull only if we want to exclude some Urls from the explorer
    89. 

  89. //use Luracast\Restler\Explorer;
    90. 

  90. //Explorer::$excludedPaths = array('/categories');
    91. 

  91. 

  92. 

  93. // Analyze URLs
    94. 

  94. // index.php/explorer                           do a redirect to index.php/explorer/
    95. 

  95. // index.php/explorer/                          called by swagger to build explorer page
    96. 

  96. // index.php/explorer/.../....png|.css|.js      called by swagger for resources to build explorer page
    97. 

  97. // index.php/explorer/resources.json            called by swagger to get list of all services
    98. 

  98. // index.php/explorer/resources.json/xxx        called by swagger to get detail of services xxx
    99. 

  99. // index.php/xxx                                called by any REST client to run API
    100. 

  100. 

  101. 

  102. $reg = array();
    103. 

  103. preg_match('/index\.php\/([^\/]+)(.*)$/', $url, $reg);
    104. 

  104. // .../index.php/categories?sortfield=t.rowid&sortorder=ASC
    105. 

  105. 

  106. 

  107. // When in production mode, a file api/temp/routes.php is created with the API available of current call.
    108. 

  108. // But, if we set $refreshcache to false, so it may have only one API in the routes.php file if we make a call for one API without
    109. 

  109. // using the explorer. And when we make another call for another API, the API is not into the api/temp/routes.php and a 404 is returned.
    110. 

  110. // So we force refresh to each call.
    111. 

  111. $refreshcache = (empty($conf->global->API_PRODUCTION_DO_NOT_ALWAYS_REFRESH_CACHE) ? true : false);
    112. 

  112. if (!empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || $reg[2] == '/swagger.json/root' || $reg[2] == '/resources.json' || $reg[2] == '/resources.json/root'))
    113. 

  113. {
    114. 

  114.     $refreshcache = true;
    115. 

  115. }
    116. 

  116. 

  117. $api = new DolibarrApi($db, '', $refreshcache);
    118. 

  118. //var_dump($api->r->apiVersionMap);
    119. 

  119. 

  120. // Enable the Restler API Explorer.
    121. 

  121. // See https://github.com/Luracast/Restler-API-Explorer for more info.
    122. 

  122. $api->r->addAPIClass('Luracast\\Restler\\Explorer');
    123. 

  123. 

  124. $api->r->setSupportedFormats('JsonFormat', 'XmlFormat', 'UploadFormat'); // 'YamlFormat'
    125. 

  125. $api->r->addAuthenticationClass('DolibarrApiAccess', '');
    126. 

  126. 

  127. // Define accepted mime types
    128. 

  128. UploadFormat::$allowedMimeTypes = array('image/jpeg', 'image/png', 'text/plain', 'application/octet-stream');
    129. 

  129. 

  130. 

  131. // Restrict API to some IPs
    132. 

  132. if (!empty($conf->global->API_RESTRICT_ON_IP))
    133. 

  133. {
    134. 

  134. 	$allowedip = explode(' ', $conf->global->API_RESTRICT_ON_IP);
    135. 

  135. 	$ipremote = getUserRemoteIP();
    136. 

  136. 	if (!in_array($ipremote, $allowedip))
    137. 

  137. 	{
    138. 

  138. 		dol_syslog('Remote ip is '.$ipremote.', not into list '.$conf->global->API_RESTRICT_ON_IP);
    139. 

  139. 		print 'APIs are not allowed from the IP '.$ipremote;
    140. 

  140. 		header('HTTP/1.1 503 API not allowed from your IP '.$ipremote);
    141. 

  141. 		//print $conf->global->API_RESTRICT_ON_IP;
    142. 

  142. 		exit(0);
    143. 

  143. 	}
    144. 

  144. }
    145. 

  145. 

  146. 

  147. // Call Explorer file for all APIs definitions (this part is slow)
    148. 

  148. if (!empty($reg[1]) && $reg[1] == 'explorer' && ($reg[2] == '/swagger.json' || $reg[2] == '/swagger.json/root' || $reg[2] == '/resources.json' || $reg[2] == '/resources.json/root'))
    149. 

  149. {
    150. 

  150.     // Scan all API files to load them
    151. 

  151. 

  152.     $listofapis = array();
    153. 

  153. 

  154.     $modulesdir = dolGetModulesDirs();
    155. 

  155.     foreach ($modulesdir as $dir)
    156. 

  156.     {
    157. 

  157.         // Search available module
    158. 

  158.         dol_syslog("Scan directory ".$dir." for module descriptor files, then search for API files");
    159. 

  159. 

  160.         $handle = @opendir(dol_osencode($dir));
    161. 

  161.         if (is_resource($handle))
    162. 

  162.         {
    163. 

  163.             while (($file = readdir($handle)) !== false)
    164. 

  164.             {
    165. 

  165.             	$regmod = array();
    166. 

  166.                 if (is_readable($dir.$file) && preg_match("/^mod(.*)\.class\.php$/i", $file, $regmod))
    167. 

  167.                 {
    168. 

  168.                     $module = strtolower($regmod[1]);
    169. 

  169.                     $moduledirforclass = getModuleDirForApiClass($module);
    170. 

  170.                     $modulenameforenabled = $module;
    171. 

  171.                     if ($module == 'propale') { $modulenameforenabled = 'propal'; }
    172. 

  172.                     if ($module == 'supplierproposal') { $modulenameforenabled = 'supplier_proposal'; }
    173. 

  173.                     if ($module == 'ficheinter') { $modulenameforenabled = 'ficheinter'; }
    174. 

  174. 

  175.                     dol_syslog("Found module file ".$file." - module=".$module." - modulenameforenabled=".$modulenameforenabled." - moduledirforclass=".$moduledirforclass);
    176. 

  176. 

  177.                     // Defined if module is enabled
    178. 

  178.                     $enabled = true;
    179. 

  179.                     if (empty($conf->$modulenameforenabled->enabled)) $enabled = false;
    180. 

  180. 

  181.                     if ($enabled)
    182. 

  182.                     {
    183. 

  183.                         // If exists, load the API class for enable module
    184. 

  184.                         // Search files named api_<object>.class.php into /htdocs/<module>/class directory
    185. 

  185.                         // @todo : use getElementProperties() function ?
    186. 

  186.                         $dir_part = dol_buildpath('/'.$moduledirforclass.'/class/');
    187. 

  187. 

  188.                         $handle_part = @opendir(dol_osencode($dir_part));
    189. 

  189.                         if (is_resource($handle_part))
    190. 

  190.                         {
    191. 

  191.                             while (($file_searched = readdir($handle_part)) !== false)
    192. 

  192.                             {
    193. 

  193.                                 if ($file_searched == 'api_access.class.php') continue;
    194. 

  194. 

  195.                                 $regapi = array();
    196. 

  196.                                 if (is_readable($dir_part.$file_searched) && preg_match("/^api_(.*)\.class\.php$/i", $file_searched, $regapi))
    197. 

  197.                                 {
    198. 

  198.                                     $classname = ucwords($regapi[1]);
    199. 

  199.                                     $classname = str_replace('_', '', $classname);
    200. 

  200.                                     require_once $dir_part.$file_searched;
    201. 

  201.                                     if (class_exists($classname.'Api'))
    202. 

  202.                                     {
    203. 

  203.                                         //dol_syslog("Found API by index.php: classname=".$classname."Api for module ".$dir." into ".$dir_part.$file_searched);
    204. 

  204.                                         $listofapis[strtolower($classname.'Api')] = $classname.'Api';
    205. 

  205.                                     } elseif (class_exists($classname))
    206. 

  206.                                     {
    207. 

  207.                                         //dol_syslog("Found API by index.php: classname=".$classname." for module ".$dir." into ".$dir_part.$file_searched);
    208. 

  208.                                         $listofapis[strtolower($classname)] = $classname;
    209. 

  209.                                     } else {
    210. 

  210.                                         dol_syslog("We found an api_xxx file (".$file_searched.") but class ".$classname." does not exists after loading file", LOG_WARNING);
    211. 

  211.                                     }
    212. 

  212.                                 }
    213. 

  213.                             }
    214. 

  214.                         }
    215. 

  215.                     }
    216. 

  216.                 }
    217. 

  217.             }
    218. 

  218.         }
    219. 

  219.     }
    220. 

  220. 

  221.     // Sort the classes before adding them to Restler.
    222. 

  222.     // The Restler API Explorer shows the classes in the order they are added and it's a mess if they are not sorted.
    223. 

  223.     asort($listofapis);
    224. 

  224.     foreach ($listofapis as $apiname => $classname)
    225. 

  225.     {
    226. 

  226.         $api->r->addAPIClass($classname, $apiname);
    227. 

  227.     }
    228. 

  228.     //var_dump($api->r);
    229. 

  229. }
    230. 

  230. 

  231. // Call one APIs or one definition of an API
    232. 

  232. $regbis = array();
    233. 

  233. if (!empty($reg[1]) && ($reg[1] != 'explorer' || ($reg[2] != '/swagger.json' && $reg[2] != '/resources.json' && preg_match('/^\/(swagger|resources)\.json\/(.+)$/', $reg[2], $regbis) && $regbis[2] != 'root')))
    234. 

  234. {
    235. 

  235.     $module = $reg[1];
    236. 

  236.     if ($module == 'explorer')  // If we call page to explore details of a service
    237. 

  237.     {
    238. 

  238.         $module = $regbis[2];
    239. 

  239.     }
    240. 

  240. 

  241.     $module = strtolower($module);
    242. 

  242.     $moduledirforclass = getModuleDirForApiClass($module);
    243. 

  243. 

  244.     // Load a dedicated API file
    245. 

  245.     dol_syslog("Load a dedicated API file module=".$module." moduledirforclass=".$moduledirforclass);
    246. 

  246. 

  247. 	$tmpmodule = $module;
    248. 

  248. 	if ($tmpmodule != 'api')
    249. 

  249. 		$tmpmodule = preg_replace('/api$/i', '', $tmpmodule);
    250. 

  250. 	$classfile = str_replace('_', '', $tmpmodule);
    251. 

  251. 	if ($module == 'supplierproposals')
    252. 

  252. 		$classfile = 'supplier_proposals';
    253. 

  253. 	if ($module == 'supplierorders')
    254. 

  254. 		$classfile = 'supplier_orders';
    255. 

  255. 	if ($module == 'supplierinvoices')
    256. 

  256. 		$classfile = 'supplier_invoices';
    257. 

  257. 	if ($module == 'ficheinter')
    258. 

  258. 		$classfile = 'interventions';
    259. 

  259. 	if ($module == 'interventions')
    260. 

  260. 		$classfile = 'interventions';
    261. 

  261. 

  262. 	$dir_part_file = dol_buildpath('/'.$moduledirforclass.'/class/api_'.$classfile.'.class.php', 0, 2);
    263. 

  263. 

  264. 	$classname = ucwords($module);
    265. 

  265. 

  266. 	dol_syslog('Search api file /'.$moduledirforclass.'/class/api_'.$classfile.'.class.php => dir_part_file='.$dir_part_file.' classname='.$classname);
    267. 

  267. 

  268. 	$res = false;
    269. 

  269. 	if ($dir_part_file)
    270. 

  270. 		$res = include_once $dir_part_file;
    271. 

  271. 	if (!$res) {
    272. 

  272. 	    dol_syslog('Failed to make include_once '.$dir_part_file, LOG_WARNING);
    273. 

  273. 		print 'API not found (failed to include API file)';
    274. 

  274. 		header('HTTP/1.1 501 API not found (failed to include API file)');
    275. 

  275. 		exit(0);
    276. 

  276. 	}
    277. 

  277. 

  278. 	if (class_exists($classname))
    279. 

  279. 		$api->r->addAPIClass($classname);
    280. 

  280. }
    281. 

  281. 

  282. //var_dump($api->r->apiVersionMap);
    283. 

  283. //exit;
    284. 

  284. 

  285. // Call API (we suppose we found it).
    286. 

  286. // The handle will use the file api/temp/routes.php to get data to run the API. If the file exists and the entry for API is not found, it will return 404.
    287. 

  287. $api->r->handle();
    288.