diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2012-03-23 10:02:01 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2012-03-23 10:02:01 +0100 |
| commit | a2b7fdb8e14f02aff9ab4b1b5646f640123ec0c7 (patch) | |
| tree | 676ba2c0959bb1d99c34074a9ac4043862d91871 /inc | |
| parent | 7518cd81d69733d64ee5c80a8e5df4fcaa33246d (diff) | |
| parent | b967e5fc8fd93226eba7926c13b73b93878f182b (diff) | |
| download | rpg-a2b7fdb8e14f02aff9ab4b1b5646f640123ec0c7.tar.gz rpg-a2b7fdb8e14f02aff9ab4b1b5646f640123ec0c7.tar.bz2 | |
Merge branch 'master' of https://github.com/dom-mel/dokuwiki into pull-request-87
* 'master' of https://github.com/dom-mel/dokuwiki: (38 commits)
removed requires, changed conf check in xmlrpc.php
removed require_once for autoloaded fulltext.php
updated comment
added dokuwiki.getXMLRPCAPIVersion and wiki.getRPCVersionSupported
added RPC_CALL_ADD event.
replaced $HTTP_RAW_POST_DATA with http_get_raw_post_data function
changed error code for unauthorized method calls.
typo fixes
moved plugin and core method calls to seperate function
corrected comment
added getapi methods to remote plugin
removed unused class
fixed testcase
refactored RemoteAccessDenied to RemoteAccessDeniedException
adjusted test cases
delegate file and date transformation to remote library
treat null as empty array
added missing getTime
added missing getVersion
set login as public method
...
Diffstat (limited to 'inc')
| -rw-r--r-- | inc/IXR_Library.php | 7 | ||||
| -rw-r--r-- | inc/RemoteAPICore.php | 767 | ||||
| -rw-r--r-- | inc/auth.php | 2 | ||||
| -rw-r--r-- | inc/httputils.php | 8 | ||||
| -rw-r--r-- | inc/init.php | 2 | ||||
| -rw-r--r-- | inc/load.php | 5 | ||||
| -rw-r--r-- | inc/remote.php | 253 |
7 files changed, 1038 insertions, 6 deletions
diff --git a/inc/IXR_Library.php b/inc/IXR_Library.php index 80b534b2e..d1e877813 100644 --- a/inc/IXR_Library.php +++ b/inc/IXR_Library.php @@ -302,11 +302,12 @@ class IXR_Server { } function serve($data = false) { if (!$data) { - global $HTTP_RAW_POST_DATA; - if (!$HTTP_RAW_POST_DATA) { + + $postData = trim(http_get_raw_post_data()); + if (!$postData) { die('XML-RPC server accepts POST requests only.'); } - $data = $HTTP_RAW_POST_DATA; + $data = $postData; } $this->message = new IXR_Message($data); if (!$this->message->parse()) { diff --git a/inc/RemoteAPICore.php b/inc/RemoteAPICore.php new file mode 100644 index 000000000..450c6f39e --- /dev/null +++ b/inc/RemoteAPICore.php @@ -0,0 +1,767 @@ +<?php + +/** + * Increased whenever the API is changed + */ +define('DOKU_API_VERSION', 7); + +class RemoteAPICore { + + private $api; + + public function __construct(RemoteAPI $api) { + $this->api = $api; + } + + function __getRemoteInfo() { + return array( + 'dokuwiki.getVersion' => array( + 'args' => array(), + 'return' => 'string', + 'doc' => 'Returns the running DokuWiki version.' + ), 'dokuwiki.login' => array( + 'args' => array('string', 'string'), + 'return' => 'int', + 'doc' => 'Tries to login with the given credentials and sets auth cookies.', + 'public' => '1' + ), 'dokuwiki.getPagelist' => array( + 'args' => array('string', 'array'), + 'return' => 'array', + 'doc' => 'List all pages within the given namespace.', + 'name' => 'readNamespace' + ), 'dokuwiki.search' => array( + 'args' => array('string'), + 'return' => 'array', + 'doc' => 'Perform a fulltext search and return a list of matching pages' + ), 'dokuwiki.getTime' => array( + 'args' => array(), + 'return' => 'int', + 'doc' => 'Returns the current time at the remote wiki server as Unix timestamp.', + ), 'dokuwiki.setLocks' => array( + 'args' => array('array'), + 'return' => 'array', + 'doc' => 'Lock or unlock pages.' + ), 'dokuwiki.getTitle' => array( + 'args' => array(), + 'return' => 'string', + 'doc' => 'Returns the wiki title.' + ), 'dokuwiki.appendPage' => array( + 'args' => array('string', 'string', 'array'), + 'return' => 'int', + 'doc' => 'Append text to a wiki page.' + ), 'wiki.getPage' => array( + 'args' => array('string'), + 'return' => 'string', + 'doc' => 'Get the raw Wiki text of page, latest version.', + 'name' => 'rawPage', + ), 'wiki.getPageVersion' => array( + 'args' => array('string', 'int'), + 'name' => 'rawPage', + 'return' => 'string', + 'doc' => 'Return a raw wiki page' + ), 'wiki.getPageHTML' => array( + 'args' => array('string'), + 'return' => 'string', + 'doc' => 'Return page in rendered HTML, latest version.', + 'name' => 'htmlPage' + ), 'wiki.getPageHTMLVersion' => array( + 'args' => array('string', 'int'), + 'return' => 'string', + 'doc' => 'Return page in rendered HTML.', + 'name' => 'htmlPage' + ), 'wiki.getAllPages' => array( + 'args' => array(), + 'return' => 'array', + 'doc' => 'Returns a list of all pages. The result is an array of utf8 pagenames.', + 'name' => 'listPages' + ), 'wiki.getAttachments' => array( + 'args' => array('string', 'array'), + 'return' => 'array', + 'doc' => 'Returns a list of all media files.', + 'name' => 'listAttachments' + ), 'wiki.getBackLinks' => array( + 'args' => array('string'), + 'return' => 'array', + 'doc' => 'Returns the pages that link to this page.', + 'name' => 'listBackLinks' + ), 'wiki.getPageInfo' => array( + 'args' => array('string'), + 'return' => 'array', + 'doc' => 'Returns a struct with infos about the page.', + 'name' => 'pageInfo' + ), 'wiki.getPageInfoVersion' => array( + 'args' => array('string', 'int'), + 'return' => 'array', + 'doc' => 'Returns a struct with infos about the page.', + 'name' => 'pageInfo' + ), 'wiki.getPageVersions' => array( + 'args' => array('string', 'int'), + 'return' => 'array', + 'doc' => 'Returns the available revisions of the page.', + 'name' => 'pageVersions' + ), 'wiki.putPage' => array( + 'args' => array('string', 'string', 'array'), + 'return' => 'int', + 'doc' => 'Saves a wiki page.' + ), 'wiki.listLinks' => array( + 'args' => array('string'), + 'return' => 'array', + 'doc' => 'Lists all links contained in a wiki page.' + ), 'wiki.getRecentChanges' => array( + 'args' => array('int'), + 'return' => 'array', + 'Returns a struct about all recent changes since given timestamp.' + ), 'wiki.getRecentMediaChanges' => array( + 'args' => array('int'), + 'return' => 'array', + 'Returns a struct about all recent media changes since given timestamp.' + ), 'wiki.aclCheck' => array( + 'args' => array('string'), + 'return' => 'int', + 'doc' => 'Returns the permissions of a given wiki page.' + ), 'wiki.putAttachment' => array( + 'args' => array('string', 'file', 'array'), + 'return' => 'array', + 'doc' => 'Upload a file to the wiki.' + ), 'wiki.deleteAttachment' => array( + 'args' => array('string'), + 'return' => 'int', + 'doc' => 'Delete a file from the wiki.' + ), 'wiki.getAttachment' => array( + 'args' => array('string'), + 'doc' => 'Return a media file', + 'return' => 'file', + 'name' => 'getAttachment', + ), 'wiki.getAttachmentInfo' => array( + 'args' => array('string'), + 'return' => 'array', + 'doc' => 'Returns a struct with infos about the attachment.' + ), 'dokuwiki.getXMLRPCAPIVersion' => array( + 'args' => array(), + 'name' => 'getAPIVersion', + 'return' => 'int', + 'doc' => 'Returns the XMLRPC API version.', + 'public' => '1', + ), 'wiki.getRPCVersionSupported' => array( + 'args' => array(), + 'name' => 'wiki_RPCVersion', + 'return' => 'int', + 'doc' => 'Returns 2 with the supported RPC API version.', + 'public' => '1' + ), + + ); + } + + function getVersion() { + return getVersion(); + } + + function getTime() { + return time(); + } + + /** + * Return a raw wiki page + * @param string $id wiki page id + * @param string $rev revision number of the page + * @return page text. + */ + function rawPage($id,$rev=''){ + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_READ){ + throw new RemoteAccessDeniedException('You are not allowed to read this file', 111); + } + $text = rawWiki($id,$rev); + if(!$text) { + return pageTemplate($id); + } else { + return $text; + } + } + + /** + * Return a media file + * + * @author Gina Haeussge <osd@foosel.net> + * @param string $id file id + * @return media file + */ + function getAttachment($id){ + $id = cleanID($id); + if (auth_quickaclcheck(getNS($id).':*') < AUTH_READ) { + throw new RemoteAccessDeniedException('You are not allowed to read this file', 211); + } + + $file = mediaFN($id); + if (!@ file_exists($file)) { + throw new RemoteException('The requested file does not exist', 221); + } + + $data = io_readFile($file, false); + return $this->api->toFile($data); + } + + /** + * Return info about a media file + * + * @author Gina Haeussge <osd@foosel.net> + */ + function getAttachmentInfo($id){ + $id = cleanID($id); + $info = array( + 'lastModified' => $this->api->toDate(0), + 'size' => 0, + ); + + $file = mediaFN($id); + if ((auth_quickaclcheck(getNS($id).':*') >= AUTH_READ) && file_exists($file)){ + $info['lastModified'] = $this->api->toDate(filemtime($file)); + $info['size'] = filesize($file); + } + + return $info; + } + + /** + * Return a wiki page rendered to html + */ + function htmlPage($id,$rev=''){ + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_READ){ + throw new RemoteAccessDeniedException('You are not allowed to read this page', 111); + } + return p_wiki_xhtml($id,$rev,false); + } + + /** + * List all pages - we use the indexer list here + */ + function listPages(){ + $list = array(); + $pages = idx_get_indexer()->getPages(); + $pages = array_filter(array_filter($pages,'isVisiblePage'),'page_exists'); + + foreach(array_keys($pages) as $idx) { + $perm = auth_quickaclcheck($pages[$idx]); + if($perm < AUTH_READ) { + continue; + } + $page = array(); + $page['id'] = trim($pages[$idx]); + $page['perms'] = $perm; + $page['size'] = @filesize(wikiFN($pages[$idx])); + $page['lastModified'] = $this->api->toDate(@filemtime(wikiFN($pages[$idx]))); + $list[] = $page; + } + + return $list; + } + + /** + * List all pages in the given namespace (and below) + */ + function readNamespace($ns,$opts){ + global $conf; + + if(!is_array($opts)) $opts=array(); + + $ns = cleanID($ns); + $dir = utf8_encodeFN(str_replace(':', '/', $ns)); + $data = array(); + $opts['skipacl'] = 0; // no ACL skipping for XMLRPC + search($data, $conf['datadir'], 'search_allpages', $opts, $dir); + return $data; + } + + /** + * List all pages in the given namespace (and below) + */ + function search($query){ + $regex = ''; + $data = ft_pageSearch($query,$regex); + $pages = array(); + + // prepare additional data + $idx = 0; + foreach($data as $id => $score){ + $file = wikiFN($id); + + if($idx < FT_SNIPPET_NUMBER){ + $snippet = ft_snippet($id,$regex); + $idx++; + }else{ + $snippet = ''; + } + + $pages[] = array( + 'id' => $id, + 'score' => intval($score), + 'rev' => filemtime($file), + 'mtime' => filemtime($file), + 'size' => filesize($file), + 'snippet' => $snippet, + ); + } + return $pages; + } + + /** + * Returns the wiki title. + */ + function getTitle(){ + global $conf; + return $conf['title']; + } + + /** + * List all media files. + * + * Available options are 'recursive' for also including the subnamespaces + * in the listing, and 'pattern' for filtering the returned files against + * a regular expression matching their name. + * + * @author Gina Haeussge <osd@foosel.net> + */ + function listAttachments($ns, $options = array()) { + global $conf; + + $ns = cleanID($ns); + + if (!is_array($options)) $options = array(); + $options['skipacl'] = 0; // no ACL skipping for XMLRPC + + + if(auth_quickaclcheck($ns.':*') >= AUTH_READ) { + $dir = utf8_encodeFN(str_replace(':', '/', $ns)); + + $data = array(); + search($data, $conf['mediadir'], 'search_media', $options, $dir); + $len = count($data); + if(!$len) return array(); + + for($i=0; $i<$len; $i++) { + unset($data[$i]['meta']); + $data[$i]['lastModified'] = $this->api->toDate($data[$i]['mtime']); + } + return $data; + } else { + throw new RemoteAccessDeniedException('You are not allowed to list media files.', 215); + } + } + + /** + * Return a list of backlinks + */ + function listBackLinks($id){ + return ft_backlinks(cleanID($id)); + } + + /** + * Return some basic data about a page + */ + function pageInfo($id,$rev=''){ + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_READ){ + throw new RemoteAccessDeniedException('You are not allowed to read this page', 111); + } + $file = wikiFN($id,$rev); + $time = @filemtime($file); + if(!$time){ + throw new RemoteException(10, 'The requested page does not exist', 121); + } + + $info = getRevisionInfo($id, $time, 1024); + + $data = array( + 'name' => $id, + 'lastModified' => $this->api->toDate($time), + 'author' => (($info['user']) ? $info['user'] : $info['ip']), + 'version' => $time + ); + + return ($data); + } + + /** + * Save a wiki page + * + * @author Michael Klier <chi@chimeric.de> + */ + function putPage($id, $text, $params) { + global $TEXT; + global $lang; + + $id = cleanID($id); + $TEXT = cleanText($text); + $sum = $params['sum']; + $minor = $params['minor']; + + if(empty($id)) { + throw new RemoteException('Empty page ID', 131); + } + + if(!page_exists($id) && trim($TEXT) == '' ) { + throw new RemoteException('Refusing to write an empty new wiki page', 132); + } + + if(auth_quickaclcheck($id) < AUTH_EDIT) { + throw new RemoteAccessDeniedException('You are not allowed to edit this page', 112); + } + + // Check, if page is locked + if(checklock($id)) { + throw new RemoteException('The page is currently locked', 133); + } + + // SPAM check + if(checkwordblock()) { + throw new RemoteException('Positive wordblock check', 134); + } + + // autoset summary on new pages + if(!page_exists($id) && empty($sum)) { + $sum = $lang['created']; + } + + // autoset summary on deleted pages + if(page_exists($id) && empty($TEXT) && empty($sum)) { + $sum = $lang['deleted']; + } + + lock($id); + + saveWikiText($id,$TEXT,$sum,$minor); + + unlock($id); + + // run the indexer if page wasn't indexed yet + idx_addPage($id); + + return 0; + } + + /** + * Appends text to a wiki page. + */ + function appendPage($id, $text, $params) { + $currentpage = $this->rawPage($id); + if (!is_string($currentpage)) { + return $currentpage; + } + return $this->putPage($id, $currentpage.$text, $params); + } + + /** + * Uploads a file to the wiki. + * + * Michael Klier <chi@chimeric.de> + */ + function putAttachment($id, $file, $params) { + $id = cleanID($id); + $auth = auth_quickaclcheck(getNS($id).':*'); + + if(!isset($id)) { + throw new RemoteException('Filename not given.', 231); + } + + global $conf; + + $ftmp = $conf['tmpdir'] . '/' . md5($id.clientIP()); + + // save temporary file + @unlink($ftmp); + io_saveFile($ftmp, $file->getValue()); + + $res = media_save(array('name' => $ftmp), $id, $params['ow'], $auth, 'rename'); + if (is_array($res)) { + throw new RemoteException($res[0], -$res[1]); + } else { + return $res; + } + } + + /** + * Deletes a file from the wiki. + * + * @author Gina Haeussge <osd@foosel.net> + */ + function deleteAttachment($id){ + $id = cleanID($id); + $auth = auth_quickaclcheck(getNS($id).':*'); + $res = media_delete($id, $auth); + if ($res & DOKU_MEDIA_DELETED) { + return 0; + } elseif ($res & DOKU_MEDIA_NOT_AUTH) { + throw new RemoteAccessDeniedException('You don\'t have permissions to delete files.', 212); + } elseif ($res & DOKU_MEDIA_INUSE) { + throw new RemoteException('File is still referenced', 232); + } else { + throw new RemoteException('Could not delete file', 233); + } + } + + /** + * Returns the permissions of a given wiki page + */ + function aclCheck($id) { + $id = cleanID($id); + return auth_quickaclcheck($id); + } + + /** + * Lists all links contained in a wiki page + * + * @author Michael Klier <chi@chimeric.de> + */ + function listLinks($id) { + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_READ){ + throw new RemoteAccessDeniedException('You are not allowed to read this page', 111); + } + $links = array(); + + // resolve page instructions + $ins = p_cached_instructions(wikiFN($id)); + + // instantiate new Renderer - needed for interwiki links + include(DOKU_INC.'inc/parser/xhtml.php'); + $Renderer = new Doku_Renderer_xhtml(); + $Renderer->interwiki = getInterwiki(); + + // parse parse instructions + foreach($ins as $in) { + $link = array(); + switch($in[0]) { + case 'internallink': + $link['type'] = 'local'; + $link['page'] = $in[1][0]; + $link['href'] = wl($in[1][0]); + array_push($links,$link); + break; + case 'externallink': + $link['type'] = 'extern'; + $link['page'] = $in[1][0]; + $link['href'] = $in[1][0]; + array_push($links,$link); + break; + case 'interwikilink': + $url = $Renderer->_resolveInterWiki($in[1][2],$in[1][3]); + $link['type'] = 'extern'; + $link['page'] = $url; + $link['href'] = $url; + array_push($links,$link); + break; + } + } + + return ($links); + } + + /** + * Returns a list of recent changes since give timestamp + * + * @author Michael Hamann <michael@content-space.de> + * @author Michael Klier <chi@chimeric.de> + */ + function getRecentChanges($timestamp) { + if(strlen($timestamp) != 10) { + throw new RemoteException('The provided value is not a valid timestamp', 311); + } + + $recents = getRecentsSince($timestamp); + + $changes = array(); + + foreach ($recents as $recent) { + $change = array(); + $change['name'] = $recent['id']; + $change['lastModified'] = $this->api->toDate($recent['date']); + $change['author'] = $recent['user']; + $change['version'] = $recent['date']; + $change['perms'] = $recent['perms']; + $change['size'] = @filesize(wikiFN($recent['id'])); + array_push($changes, $change); + } + + if (!empty($changes)) { + return $changes; + } else { + // in case we still have nothing at this point + return new RemoteException('There are no changes in the specified timeframe', 321); + } + } + + /** + * Returns a list of recent media changes since give timestamp + * + * @author Michael Hamann <michael@content-space.de> + * @author Michael Klier <chi@chimeric.de> + */ + function getRecentMediaChanges($timestamp) { + if(strlen($timestamp) != 10) + throw new RemoteException('The provided value is not a valid timestamp', 311); + + $recents = getRecentsSince($timestamp, null, '', RECENTS_MEDIA_CHANGES); + + $changes = array(); + + foreach ($recents as $recent) { + $change = array(); + $change['name'] = $recent['id']; + $change['lastModified'] = $this->api->toDate($recent['date']); + $change['author'] = $recent['user']; + $change['version'] = $recent['date']; + $change['perms'] = $recent['perms']; + $change['size'] = @filesize(mediaFN($recent['id'])); + array_push($changes, $change); + } + + if (!empty($changes)) { + return $changes; + } else { + // in case we still have nothing at this point + throw new RemoteException('There are no changes in the specified timeframe', 321); + } + } + + /** + * Returns a list of available revisions of a given wiki page + * + * @author Michael Klier <chi@chimeric.de> + */ + function pageVersions($id, $first) { + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_READ) { + throw new RemoteAccessDeniedException('You are not allowed to read this page', 111); + } + global $conf; + + $versions = array(); + + if(empty($id)) { + throw new RemoteException('Empty page ID', 131); + } + + $revisions = getRevisions($id, $first, $conf['recent']+1); + + if(count($revisions)==0 && $first!=0) { + $first=0; + $revisions = getRevisions($id, $first, $conf['recent']+1); + } + + if(count($revisions)>0 && $first==0) { + array_unshift($revisions, ''); // include current revision + array_pop($revisions); // remove extra log entry + } + + if(count($revisions) > $conf['recent']) { + array_pop($revisions); // remove extra log entry + } + + if(!empty($revisions)) { + foreach($revisions as $rev) { + $file = wikiFN($id,$rev); + $time = @filemtime($file); + // we check if the page actually exists, if this is not the + // case this can lead to less pages being returned than + // specified via $conf['recent'] + if($time){ + $info = getRevisionInfo($id, $time, 1024); + if(!empty($info)) { + $data['user'] = $info['user']; + $data['ip'] = $info['ip']; + $data['type'] = $info['type']; + $data['sum'] = $info['sum']; + $data['modified'] = $this->api->toDate($info['date']); + $data['version'] = $info['date']; + array_push($versions, $data); + } + } + } + return $versions; + } else { + return array(); + } + } + + /** + * The version of Wiki RPC API supported + */ + function wiki_RPCVersion(){ + return 2; + } + + + /** + * Locks or unlocks a given batch of pages + * + * Give an associative array with two keys: lock and unlock. Both should contain a + * list of pages to lock or unlock + * + * Returns an associative array with the keys locked, lockfail, unlocked and + * unlockfail, each containing lists of pages. + */ + function setLocks($set){ + $locked = array(); + $lockfail = array(); + $unlocked = array(); + $unlockfail = array(); + + foreach((array) $set['lock'] as $id){ + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_EDIT || checklock($id)){ + $lockfail[] = $id; + }else{ + lock($id); + $locked[] = $id; + } + } + + foreach((array) $set['unlock'] as $id){ + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_EDIT || !unlock($id)){ + $unlockfail[] = $id; + }else{ + $unlocked[] = $id; + } + } + + return array( + 'locked' => $locked, + 'lockfail' => $lockfail, + 'unlocked' => $unlocked, + 'unlockfail' => $unlockfail, + ); + } + + function getAPIVersion(){ + return DOKU_API_VERSION; + } + + function login($user,$pass){ + global $conf; + global $auth; + if(!$conf['useacl']) return 0; + if(!$auth) return 0; + + @session_start(); // reopen session for login + if($auth->canDo('external')){ + $ok = $auth->trustExternal($user,$pass,false); + }else{ + $evdata = array( + 'user' => $user, + 'password' => $pass, + 'sticky' => false, + 'silent' => true, + ); + $ok = trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper'); + } + session_write_close(); // we're done with the session + + return $ok; + } + + +} + diff --git a/inc/auth.php b/inc/auth.php index cd0f612aa..59ef1cb54 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -422,7 +422,7 @@ function auth_isadmin($user=null,$groups=null){ * @param $memberlist string commaseparated list of allowed users and groups * @param $user string user to match against * @param $groups array groups the user is member of - * @returns bool true for membership acknowledged + * @return bool true for membership acknowledged */ function auth_isMember($memberlist,$user,array $groups){ global $auth; diff --git a/inc/httputils.php b/inc/httputils.php index 0ad97a9a1..b815f3ca6 100644 --- a/inc/httputils.php +++ b/inc/httputils.php @@ -249,3 +249,11 @@ function http_cached_finish($file, $content) { print $content; } } + +function http_get_raw_post_data() { + static $postData = null; + if ($postData === null) { + $postData = file_get_contents('php://input'); + } + return $postData; +} diff --git a/inc/init.php b/inc/init.php index cfd023e95..d57e12d7b 100644 --- a/inc/init.php +++ b/inc/init.php @@ -190,7 +190,7 @@ init_paths(); init_files(); // setup plugin controller class (can be overwritten in preload.php) -$plugin_types = array('admin','syntax','action','renderer', 'helper'); +$plugin_types = array('admin','syntax','action','renderer', 'helper','remote'); global $plugin_controller_class, $plugin_controller; if (empty($plugin_controller_class)) $plugin_controller_class = 'Doku_Plugin_Controller'; diff --git a/inc/load.php b/inc/load.php index d30397f6e..f3ab5bcdd 100644 --- a/inc/load.php +++ b/inc/load.php @@ -76,10 +76,13 @@ function load_autoload($name){ 'SafeFN' => DOKU_INC.'inc/SafeFN.class.php', 'Sitemapper' => DOKU_INC.'inc/Sitemapper.php', 'PassHash' => DOKU_INC.'inc/PassHash.class.php', + 'RemoteAPI' => DOKU_INC.'inc/remote.php', + 'RemoteAPICore' => DOKU_INC.'inc/RemoteAPICore.php', 'DokuWiki_Action_Plugin' => DOKU_PLUGIN.'action.php', 'DokuWiki_Admin_Plugin' => DOKU_PLUGIN.'admin.php', 'DokuWiki_Syntax_Plugin' => DOKU_PLUGIN.'syntax.php', + 'DokuWiki_Remote_Plugin' => DOKU_PLUGIN.'remote.php', ); @@ -89,7 +92,7 @@ function load_autoload($name){ } // Plugin loading - if(preg_match('/^(helper|syntax|action|admin|renderer)_plugin_([^_]+)(?:_([^_]+))?$/', + if(preg_match('/^(helper|syntax|action|admin|renderer|remote)_plugin_([^_]+)(?:_([^_]+))?$/', $name, $m)) { //try to load the wanted plugin file // include, but be silent. Maybe some other autoloader has an idea diff --git a/inc/remote.php b/inc/remote.php new file mode 100644 index 000000000..2ef28afd2 --- /dev/null +++ b/inc/remote.php @@ -0,0 +1,253 @@ +<?php + +if (!defined('DOKU_INC')) die(); + +class RemoteException extends Exception {} +class RemoteAccessDeniedException extends RemoteException {} + +/** + * This class provides information about remote access to the wiki. + * + * == Types of methods == + * There are two types of remote methods. The first is the core methods. + * These are always available and provided by dokuwiki. + * The other is plugin methods. These are provided by remote plugins. + * + * == Information structure == + * The information about methods will be given in an array with the following structure: + * array( + * 'method.remoteName' => array( + * 'args' => array( + * 'type eg. string|int|...|date|file', + * ) + * 'name' => 'method name in class', + * 'return' => 'type', + * 'public' => 1/0 - method bypass default group check (used by login) + * ['doc' = 'method documentation'], + * ) + * ) + * + * plugin names are formed the following: + * core methods begin by a 'dokuwiki' or 'wiki' followed by a . and the method name itself. + * i.e.: dokuwiki.version or wiki.getPage + * + * plugin methods are formed like 'plugin.<plugin name>.<method name>'. + * i.e.: plugin.clock.getTime or plugin.clock_gmt.getTime + * + * @throws RemoteException + */ +class RemoteAPI { + + /** + * @var RemoteAPICore + */ + private $coreMethods = null; + + /** + * @var array remote methods provided by dokuwiki plugins - will be filled lazy via + * {@see RemoteAPI#getPluginMethods} + */ + private $pluginMethods = null; + + /** + * @var array contains custom calls to the api. Plugins can use the XML_CALL_REGISTER event. + * The data inside is 'custom.call.something' => array('plugin name', 'remote method name') + * + * The remote method name is the same as in the remote name returned by _getMethods(). + */ + private $pluginCustomCalls = null; + + private $dateTransformation; + private $fileTransformation; + + public function __construct() { + $this->dateTransformation = array($this, 'dummyTransformation'); + $this->fileTransformation = array($this, 'dummyTransformation'); + } + + /** + * Get all available methods with remote access. + * + * @return array with information to all available methods + */ + public function getMethods() { + return array_merge($this->getCoreMethods(), $this->getPluginMethods()); + } + + /** + * call a method via remote api. + * + * @param string $method name of the method to call. + * @param array $args arguments to pass to the given method + * @return mixed result of method call, must be a primitive type. + */ + public function call($method, $args = array()) { + if ($args === null) { + $args = array(); + } + list($type, $pluginName, $call) = explode('.', $method, 3); + if ($type === 'plugin') { + return $this->callPlugin($pluginName, $method, $args); + } + if ($this->coreMethodExist($method)) { + return $this->callCoreMethod($method, $args); + } + return $this->callCustomCallPlugin($method, $args); + } + + private function coreMethodExist($name) { + $coreMethods = $this->getCoreMethods(); + return array_key_exists($name, $coreMethods); + } + + private function callCustomCallPlugin($method, $args) { + $customCalls = $this->getCustomCallPlugins(); + if (!array_key_exists($method, $customCalls)) { + throw new RemoteException('Method does not exist', -32603); + } + $customCall = $customCalls[$method]; + return $this->callPlugin($customCall[0], $customCall[1], $args); + } + + private function getCustomCallPlugins() { + if ($this->pluginCustomCalls === null) { + $data = array(); + trigger_event('RPC_CALL_ADD', $data); + $this->pluginCustomCalls = $data; + } + return $this->pluginCustomCalls; + } + + private function callPlugin($pluginName, $method, $args) { + $plugin = plugin_load('remote', $pluginName); + $methods = $this->getPluginMethods(); + if (!$plugin) { + throw new RemoteException('Method does not exist', -32603); + } + $this->checkAccess($methods[$method]); + $name = $this->getMethodName($methods, $method); + return call_user_func_array(array($plugin, $name), $args); + } + + private function callCoreMethod($method, $args) { + $coreMethods = $this->getCoreMethods(); + $this->checkAccess($coreMethods[$method]); + if (!isset($coreMethods[$method])) { + throw new RemoteException('Method does not exist', -32603); + } + $this->checkArgumentLength($coreMethods[$method], $args); + return call_user_func_array(array($this->coreMethods, $this->getMethodName($coreMethods, $method)), $args); + } + + private function checkAccess($methodMeta) { + if (!isset($methodMeta['public'])) { + $this->forceAccess(); + } else{ + if ($methodMeta['public'] == '0') { + $this->forceAccess(); + } + } + } + + private function checkArgumentLength($method, $args) { + if (count($method['args']) < count($args)) { + throw new RemoteException('Method does not exist - wrong parameter count.', -32603); + } + } + + private function getMethodName($methodMeta, $method) { + if (isset($methodMeta[$method]['name'])) { + return $methodMeta[$method]['name']; + } + $method = explode('.', $method); + return $method[count($method)-1]; + } + + /** + * @return bool true if the current user has access to remote api. + */ + public function hasAccess() { + global $conf; + global $USERINFO; + if (!$conf['remote']) { + return false; + } + if(!$conf['useacl']) { + return true; + } + if(trim($conf['remoteuser']) == '') { + return true; + } + + return auth_isMember($conf['remoteuser'], $_SERVER['REMOTE_USER'], (array) $USERINFO['grps']); + } + + /** + * @throws RemoteException On denied access. + * @return void + */ + public function forceAccess() { + if (!$this->hasAccess()) { + throw new RemoteAccessDeniedException('server error. not authorized to call method', -32604); + } + } + + /** + * @return array all plugin methods. + */ + public function getPluginMethods() { + if ($this->pluginMethods === null) { + $this->pluginMethods = array(); + $plugins = plugin_list('remote'); + + foreach ($plugins as $pluginName) { + $plugin = plugin_load('remote', $pluginName); + if (!is_subclass_of($plugin, 'DokuWiki_Remote_Plugin')) { + throw new RemoteException("Plugin $pluginName does not implement DokuWiki_Remote_Plugin"); + } + + $methods = $plugin->_getMethods(); + foreach ($methods as $method => $meta) { + $this->pluginMethods["plugin.$pluginName.$method"] = $meta; + } + } + } + return $this->pluginMethods; + } + + /** + * @param RemoteAPICore $apiCore this parameter is used for testing. Here you can pass a non-default RemoteAPICore + * instance. (for mocking) + * @return array all core methods. + */ + public function getCoreMethods($apiCore = null) { + if ($this->coreMethods === null) { + if ($apiCore === null) { + $this->coreMethods = new RemoteAPICore($this); + } else { + $this->coreMethods = $apiCore; + } + } + return $this->coreMethods->__getRemoteInfo(); + } + + public function toFile($data) { + return call_user_func($this->fileTransformation, $data); + } + + public function toDate($data) { + return call_user_func($this->dateTransformation, $data); + } + + public function dummyTransformation($data) { + return $data; + } + + public function setDateTransformation($dateTransformation) { + $this->dateTransformation = $dateTransformation; + } + + public function setFileTransformation($fileTransformation) { + $this->fileTransformation = $fileTransformation; + } +} |