WebSVN – oidplus – Blame – /trunk/plugins/viathinksoft/raPages/911_rest_api/OIDplusPageRaRestApi.class.php

Rev	Author	Line No.	Line
1265	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
		5	* Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft
		6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
		20	// ATTENTION: If you change something, please make sure that the changes
		21	// are synchronous with OIDplusPageAdminRestApi
		22
		23	namespace ViaThinkSoft\OIDplus;
		24
		25	// phpcs:disable PSR1.Files.SideEffects
		26	\defined('INSIDE_OIDPLUS') or die;
		27	// phpcs:enable PSR1.Files.SideEffects
		28
		29	class OIDplusPageRaRestApi extends OIDplusPagePluginRa {
		30
		31	/**
		32	* @param string $actionID
		33	* @param array $params
		34	* @return array
		35	* @throws OIDplusException
		36	*/
		37	public function action(string $actionID, array $params): array {
		38	if ($actionID == 'blacklistJWT') {
		39	if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_REST_USER', true)) {
		40	throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_REST_USER'));
		41	}
		42
		43	_CheckParamExists($params, 'user');
		44	$ra_email = $params['user'];
		45
		46	if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) {
1266	daniel-mar	47	throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), null, 401);
1265	daniel-mar	48	}
		49
		50	$gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_REST;
		51	$sub = $ra_email;
		52
		53	OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub);
		54
		55	return array("status" => 0);
		56	} else {
		57	return parent::action($actionID, $params);
		58	}
		59	}
		60
		61	/**
		62	* @param string $id
		63	* @param array $out
		64	* @param bool $handled
		65	* @return void
		66	* @throws OIDplusException
		67	*/
		68	public function gui(string $id, array &$out, bool &$handled) {
1272	daniel-mar	69	$tmp = explode('$',$id);
		70	$classname = $tmp[1] ?? '';
1265	daniel-mar	71
1272	daniel-mar	72	$parts = explode('.',$tmp[0],2);
		73	if ($parts[0] != 'oidplus:rest_api_information_ra') return;
		74	$handled = true;
		75
		76	if (str_starts_with($classname, 'endpoints:')) {
		77	$plugin = OIDplus::getPluginByOid(explode(':',$classname)[1]);
		78	if (!$plugin \|\| !($plugin instanceof INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_9)) throw new OIDplusException(_L("No endpoints for this plugin found"), null, 404);
		79	$out['title'] = _L('REST API').' - '.$plugin->getManifest()->getName() . ' ' . _L('Endpoints');
		80	$out['icon'] = file_exists(__DIR__.'/img/endpoints_icon.png') ? OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png' : '';
		81	$out['text'] = '<p><a '.OIDplus::gui()->link('oidplus:rest_api_information_ra').'><img src="img/arrow_back.png" width="16" alt="'._L('Go back').'"> '._L('Go back').'</a></p>';
		82	$out['text'] .= $plugin->restApiInfo('html');
		83	} else {
1265	daniel-mar	84	$ra_email = explode('$',$id)[1];
		85
		86	$out['title'] = _L('REST API');
		87	$out['icon'] = file_exists(__DIR__.'/img/main_icon.png') ? OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png' : '';
		88
		89	if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) {
1266	daniel-mar	90	throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), $out['title'], 401);
1265	daniel-mar	91	}
		92
		93	if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_REST_USER', true)) {
		94	throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_REST_USER'), $out['title']);
		95	}
		96
1270	daniel-mar	97	if (is_null(OIDplus::getPluginByOid("1.3.6.1.4.1.37476.2.5.2.4.1.2"))) { // OIDplusPagePublicRestApi
		98	throw new OIDplusException(_L('The administrator has disabled this feature. (Plugin %1).','OIDplusPagePublicRestApi'), $out['title']);
1271	daniel-mar	99	}
1270	daniel-mar	100
1265	daniel-mar	101	$gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_REST;
		102	$sub = $ra_email;
		103
		104	$authSimulation = new OIDplusAuthContentStoreJWT();
		105	$authSimulation->raLogin($ra_email);
		106	$authSimulation->setValue('oidplus_generator', $gen);
		107	$token = $authSimulation->getJWTToken();
		108
		109	$out['text'] .= '<p>'._L('You can make automated calls to your OIDplus account by calling an REST API.').'</p>';
		110	$out['text'] .= '<h2>'._L('Endpoints').'</h2>';
		111	$endpoints = '';
		112	foreach (OIDplus::getAllPlugins() as $plugin) {
		113	if ($plugin instanceof INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_9) {
1272	daniel-mar	114	$link = 'oidplus:rest_api_information_ra$endpoints:'.$plugin->getManifest()->getOid();
		115	$endpoints .= '<li><a '.OIDplus::gui()->link($link).'>'.htmlentities($plugin->getManifest()->getName()).'</a></li>';
1265	daniel-mar	116	}
		117	}
		118	if ($endpoints) {
1272	daniel-mar	119	$out['text'] .= '<p>'._L('The following installed plugins are offering REST endpoints:').'</p>';
		120	$out['text'] .= '<p><ul>'.$endpoints.'</ul></p>';
1265	daniel-mar	121	} else {
		122	$out['text'] .= '<p>'._L('No installed plugin offers a REST functionality').'</p>';
		123	}
		124	$out['text'] .= '<h2>'._L('Authentication').'</h2>';
		125	$out['text'] .= '<p>'._L('The authentication is done via the following HTTP header:').'</p>';
		126	$out['text'] .= '<p><pre id="oidplus_auth_jwt">';
		127	$out['text'] .= 'Authentication: Bearer '.htmlentities($token)."\n";
		128	$out['text'] .= '</pre></p>';
		129	$out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(oidplus_auth_jwt)"></p>';
		130	$out['text'] .= '<p>'._L('Please keep this information confidential!').'</p>';
		131	$out['text'] .= '<p>'._L('The JWT-token (secret!) will automatically perform a one-time-login to fulfill the request. The other fields are the normal fields which are called during the usual operation of OIDplus.').'</p>';
		132
		133	$out['text'] .= '<h2>'._L('Blacklisted tokens').'</h2>';
		134	$bl_time = OIDplusAuthContentStoreJWT::jwtGetBlacklistTime($gen, $sub);
		135	if ($bl_time == 0) {
		136	$out['text'] .= '<p>'._L('None of the previously generated JWT tokens have been blacklisted.').'</p>';
		137	} else {
		138	$out['text'] .= '<p>'._L('All tokens generated before %1 have been blacklisted.',date('d F Y, H:i:s',$bl_time+1)).'</p>';
		139	}
		140	$out['text'] .= '<button type="button" name="btn_blacklist_jwt" id="btn_blacklist_jwt" class="btn btn-danger btn-xs" onclick="OIDplusPageRaRestApi.blacklistJWT('.js_escape($ra_email).')">'._L('Blacklist all previously generated tokens').'</button>';
		141	}
		142	}
		143
		144	/**
		145	* @param array $json
		146	* @param string\|null $ra_email
		147	* @param bool $nonjs
		148	* @param string $req_goto
		149	* @return bool
		150	* @throws OIDplusException
		151	*/
		152	public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool {
		153	if (!$ra_email) return false;
		154	if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) return false;
		155
		156	if (file_exists(__DIR__.'/img/main_icon16.png')) {
		157	$tree_icon = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png';
		158	} else {
		159	$tree_icon = null; // default icon (folder)
		160	}
		161
1272	daniel-mar	162	if (file_exists(__DIR__.'/img/endpoints_icon16.png')) {
		163	$tree_icon_endpoints = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/endpoints_icon16.png';
		164	} else {
		165	$tree_icon_endpoints = null; // default icon (folder)
		166	}
		167
		168	$submenu = array();
		169	foreach (OIDplus::getAllPlugins() as $plugin) {
		170	if ($plugin instanceof INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_9) {
		171	$submenu[] = [
		172	'id' => 'oidplus:rest_api_information_ra$endpoints:'.$plugin->getManifest()->getOid(),
		173	'icon' => $tree_icon_endpoints,
		174	'text' => $plugin->getManifest()->getName() . ' ' . _L('Endpoints')
		175	];
		176	}
		177	}
		178
1265	daniel-mar	179	$json[] = array(
1272	daniel-mar	180	'id' => 'oidplus:rest_api_information_ra',
1265	daniel-mar	181	'icon' => $tree_icon,
1272	daniel-mar	182	'text' => _L('REST API'),
		183	'children' => $submenu
1265	daniel-mar	184	);
		185
		186	return true;
		187	}
		188
		189	/**
		190	* @param string $request
		191	* @return array\|false
		192	*/
		193	public function tree_search(string $request) {
		194	return false;
		195	}
		196	}

Subversion Repositories oidplus

oidplus/trunk/plugins/viathinksoft/raPages/911_rest_api/OIDplusPageRaRestApi.class.php – Rev 1272