master/html/APIHandler_8inc_8php_source.html

<?php


AppLocale::requireComponents(LOCALE_COMPONENT_PKP_API, LOCALE_COMPONENT_APP_API);

import('lib.pkp.classes.handler.PKPHandler');


use \Slim\App;

import('lib.pkp.classes.core.APIResponse');

import('classes.core.Services');


class APIHandler extends PKPHandler {

   protected $_app;

   protected $_request;

   protected $_endpoints = array();

   protected $_slimRequest = null;


   protected $_pathPattern;


   protected $_handlerPath = null;


   public function __construct() {

      parent::__construct();

      import('lib.pkp.classes.security.authorization.internal.ApiAuthorizationMiddleware');

      import('lib.pkp.classes.security.authorization.internal.ApiTokenDecodingMiddleware');

      import('lib.pkp.classes.security.authorization.internal.ApiCsrfMiddleware');

      $this->_app = new \Slim\App(array(

         // Load custom response handler

         'response' => function($c) {

            return new APIResponse();

         },

         'settings' => array(

            // we need access to route within middleware

            'determineRouteBeforeAppMiddleware' => true,

         )

      ));

      $this->_app->add(new ApiAuthorizationMiddleware($this));

      $this->_app->add(new ApiCsrfMiddleware($this));

      $this->_app->add(new ApiTokenDecodingMiddleware($this));

      // remove trailing slashes

      $this->_app->add(function ($request, $response, $next) {

         $uri = $request->getUri();

         $path = $uri->getPath();

         if ($path != '/' && substr($path, -1) == '/') {

            // path with trailing slashes to non-trailing counterpart

            $uri = $uri->withPath(substr($path, 0, -1));

            if($request->getMethod() == 'GET') {

               return $response->withRedirect((string)$uri, 301);

            } else {

               return $next($request->withUri($uri), $response);

            }

         }

         return $next($request, $response);

      });

      // if pathinfo is disabled, rewrite URI to match Slim's expectation

      $app = $this->getApp();

      $handler = $this;

      $this->_app->add(function($request, $response, $next) use($app, $handler) {

         $uri = $request->getUri();

         $endpoint = trim($request->getQueryParam('endpoint'));

         $pathInfoEnabled = Config::getVar('general', 'disable_path_info') ? false : true;

         $path = $uri->getPath();

         if (!$pathInfoEnabled && !is_null($endpoint) && !isset($_SERVER['PATH_INFO']) && ($path == '/')) {

            $basePath = $uri->getBasePath();

            if($request->getMethod() == 'GET') {

               $uri = $uri->withPath($basePath . $endpoint);

               return $response->withRedirect((string)$uri, 301);

            } else {

               $uri = $uri->withPath($basePath . $endpoint);

               $handler->_slimRequest = $request->withUri($uri);

               return $app->process($handler->_slimRequest, $response);

            }

         } elseif ($pathInfoEnabled) {

            // pkp/pkp-lib#4919: PKP software routes with PATH_INFO (unaffected by

            // mod_rewrite) but Slim relies on REQUEST_URI. Inject PATH_INFO into

            // Slim for consistent behavior in URL rewriting scenarios.

            $newUri = $uri->withPath($_SERVER['PATH_INFO']);

            if ($uri != $newUri) {

               $handler->_slimRequest = $request->withUri($newUri);

               return $app->process($handler->_slimRequest, $response);

            }

         }

         return $next($request, $response);

      });

      // Allow remote requests to the API

      $this->_app->add(function ($request, $response, $next) {

         $response = $response->withHeader('Access-Control-Allow-Origin', '*');

         return $next($request, $response);

      });

      $this->_request = Application::get()->getRequest();

      $this->setupEndpoints();

   }


   public function getRequest() {

      return $this->_request;

   }


   public function getSlimRequest() {

      return $this->_slimRequest;

   }


   public function setSlimRequest($slimRequest) {

      return $this->_slimRequest = $slimRequest;

   }


   public function getApp() {

      return $this->_app;

   }


   public function getEndpointPattern() {


      if (!isset($this->_pathPattern)) {

         $this->_pathPattern = '/{contextPath}/api/{version}/' . $this->_handlerPath;

      }


      return $this->_pathPattern;

   }


   public function getEntityId($parameterName) {

      assert(false);

      return null;

   }


   public function setupEndpoints() {

      $app = $this->getApp();

      $endpoints = $this->getEndpoints();

      HookRegistry::call('APIHandler::endpoints', [&$endpoints, $this]);

      foreach ($endpoints as $method => $definitions) {

         foreach ($definitions as $parameters) {

            $method = strtolower($method);

            $pattern = $parameters['pattern'];

            $handler = $parameters['handler'];

            $roles = isset($parameters['roles']) ? $parameters['roles'] : null;

            $app->$method($pattern, $handler)->setName($handler[1]);

            if (!is_null($roles) && is_array($roles)) {

               $this->addRoleAssignment($roles, $handler[1]);

            }

         }

      }

   }


   public function getEndpoints() {

      return $this->_endpoints;

   }


   public function getParameter($parameterName, $default = null) {

      $slimRequest = $this->getSlimRequest();

      if ($slimRequest == null) {

         return $default;

      }


      $route = $slimRequest->getAttribute('route');


      // we probably have an invalid url if route is null

      if (!is_null($route)) {

         $arguments = $route->getArguments();

         if (isset($arguments[$parameterName])) {

            return $arguments[$parameterName];

         }


         $queryParams = $slimRequest->getQueryParams();

         if (isset($queryParams[$parameterName])) {

            return $queryParams[$parameterName];

         }

      }


      return $default;

   }


   public function convertStringsToSchema($schema, $params) {

      $schemaService = Services::get('schema');

      $schema = $schemaService->get($schema);


      foreach ($params as $paramName => $paramValue) {

         if (!property_exists($schema->properties, $paramName)) {

            continue;

         }

         if (!empty($schema->properties->{$paramName}->multilingual)) {

            foreach ($paramValue as $localeKey => $localeValue) {

               $params[$paramName][$localeKey] = $this->_convertStringsToSchema(

                  $localeValue,

                  $schema->properties->{$paramName}->type,

                  $schema->properties->{$paramName}

               );

            }

         } else {

            $params[$paramName] = $this->_convertStringsToSchema(

               $paramValue,

               $schema->properties->{$paramName}->type,

               $schema->properties->{$paramName}

            );

         }

      }


      return $params;

   }


   private function _convertStringsToSchema($value, $type, $schema) {

      // Convert all empty strings to null except arrays (see note below)

      if (is_string($value) && !strlen($value) && $type !== 'array') {

         return null;

      }

      switch ($type) {

         case 'boolean':

            if (is_string($value)) {

               if ($value === 'true' || $value === '1') {

                  return true;

               } elseif ($value === 'false' || $value === '0') {

                  return false;

               }

            }

            break;

         case 'integer':

            if (is_string($value) && ctype_digit($value)) {

               return (int) $value;

            }

            break;

         case 'number':

            if (is_string($value) && is_numeric($value)) {

               return floatval($value);

            }

            break;

         case 'array':

            if (is_array($value)) {

               $newArray = [];

               if (is_array($schema->items)) {

                  foreach ($schema->items as $i => $itemSchema) {

                     $newArray[$i] = $this->_convertStringsToSchema($value[$i], $itemSchema->type, $itemSchema);

                  }

               } else {

                  foreach ($value as $i => $v) {

                     $newArray[$i] = $this->_convertStringsToSchema($v, $schema->items->type, $schema->items);

                  }

               }

               return $newArray;


            // An empty string is accepted as an empty array. This addresses the

            // issue where browsers strip empty arrays from post data before sending.

            // See: https://bugs.jquery.com/ticket/6481

            } elseif (is_string($value) && !strlen($value)) {

               return [];

            }

            break;

         case 'object':

            if (is_array($value)) {

               $newObject = [];

               foreach ($schema->properties as $propName => $propSchema) {

                  if (!isset($value[$propName])) {

                     continue;

                  }

                  $newObject[$propName] = $this->_convertStringsToSchema($value[$propName], $propSchema->type, $propSchema);

               }

               return $value;

            }

            break;

      }

      return $value;

   }


   protected function _validateStatDates($params, $dateStartParam = 'dateStart', $dateEndParam = 'dateEnd') {

      import('lib.pkp.classes.validation.ValidatorFactory');

      $validator = \ValidatorFactory::make(

         $params,

         [

            $dateStartParam => [

               'date_format:Y-m-d',

               'after_or_equal:' . STATISTICS_EARLIEST_DATE,

               'before_or_equal:' . $dateEndParam,

            ],

            $dateEndParam => [

               'date_format:Y-m-d',

               'before_or_equal:yesterday',

               'after_or_equal:' . $dateStartParam,

            ],

         ],

         [

            '*.date_format' => 'invalidFormat',

            $dateStartParam . '.after_or_equal' => 'tooEarly',

            $dateEndParam . '.before_or_equal' => 'tooLate',

            $dateStartParam . '.before_or_equal' => 'invalidRange',

            $dateEndParam . '.after_or_equal' => 'invalidRange',

         ]

      );


      if ($validator->fails()) {

         $errors = $validator->errors()->getMessages();

         if ((!empty($errors[$dateStartParam]) && in_array('invalidFormat', $errors[$dateStartParam]))

               || (!empty($errors[$dateEndParam]) && in_array('invalidFormat', $errors[$dateEndParam]))) {

            return 'api.stats.400.wrongDateFormat';

         }

         if (!empty($errors[$dateStartParam]) && in_array('tooEarly', $errors[$dateStartParam])) {

            return 'api.stats.400.earlyDateRange';

         }

         if (!empty($errors[$dateEndParam]) && in_array('tooLate', $errors[$dateEndParam])) {

            return 'api.stats.400.lateDateRange';

         }

         if ((!empty($errors[$dateStartParam]) && in_array('invalidRange', $errors[$dateStartParam]))

               || (!empty($errors[$dateEndParam]) && in_array('invalidRange', $errors[$dateEndParam]))) {

            return 'api.stats.400.wrongDateRange';

         }

      }


      return true;

   }

}