Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-03 07:04:07 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ed0d95b77469db4591c63f3a93dc7df40cc0e68e
sysPass/lib/SP/Api/ApiRequest.php
nuxsmin 2cbaed9965 * [MOD] Improved CSS & JS resources handling. 
* [MOD] Improved bootstrap workflow. Work in progress.
2018-02-08 23:10:12 +01:00

255 lines
6.6 KiB
PHP
Raw Blame History

<?php
/**
* sysPass
*
* @author nuxsmin
* @link http://syspass.org
* @copyright 2012-2017, Rubén Domínguez nuxsmin@$syspass.org
*
* This file is part of sysPass.
*
* sysPass is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* sysPass is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
*/
namespace SP\Api;
defined('APP_ROOT') || die();
use ReflectionClass;
use SP\Core\Exceptions\InvalidArgumentException;
use SP\Core\Exceptions\SPException;
use SP\DataModel\TrackData;
use SP\Http\Request;
use SP\Mgmt\Tracks\Track;
use SP\Util\Json;
/**
* Class ApiRequest encargada de atender la peticiones a la API de sysPass
*
* Procesa peticiones en formato JSON-RPC 2.0
*
* {"jsonrpc": "2.0", "method": "subtract", "params": {"minuend": 42, "subtrahend": 23}, "id": 3}
*
* @see http://www.jsonrpc.org/specification
* @package SP
*/
class ApiRequest
{
/**
* Constantes de acciones
*/
const ACTION = 'action';
const AUTH_TOKEN = 'authToken';
const TIME_TRACKING_MAX_ATTEMPTS = 5;
const TIME_TRACKING = 300;
/**
* @var \stdClass
*/
private $data;
/** @var string */
private $verb;
/** @var ReflectionClass */
private $ApiReflection;
/**
* Devolver un error formateado en JSON-RPC 2.0
*
* @param \Exception|SPException $e
* @return string
* @throws \SP\Core\Exceptions\SPException
*/
public function formatJsonError($e)
{
$data = function () use ($e) {
$class = get_class($e);
if ($class === SPException::class
|| $class === InvalidArgumentException::class
) {
$hint = $e->getHint();
return is_array($hint) ? $hint : __($hint);
}
return '';
};
$code = $e->getCode();
$error = [
'jsonrpc' => '2.0',
'error' => [
'code' => $code,
'message' => __($e->getMessage()),
'data' => $data()
],
'id' => ($code === -32700 || $code === -32600) ? null : $this->getId()
];
return Json::getJson($error);
}
/**
* Devielve el Id de la petición
*
* @return int
*/
public function getId()
{
return (int)$this->data->id;
}
/**
* Obtiene una nueva instancia de la Api
*
* @return SyspassApi
* @throws \SP\Core\Exceptions\SPException
*/
public function runApi()
{
$this->init();
return $this->ApiReflection->getMethod($this->data->method)->invoke(new SyspassApi($this->data));
}
/**
* Inicializar la API
*
* @throws SPException
*/
protected function init()
{
try {
$this->checkTracking();
$this->analyzeRequestMethod();
$this->getRequestData();
$this->checkBasicData();
$this->checkAction();
} catch (SPException $e) {
throw $e;
}
}
/**
* Comprobar los intentos de login
*
* @throws \SP\Core\Exceptions\AuthException
* @throws \SP\Core\Exceptions\SPException
*/
private function checkTracking()
{
try {
$TrackData = new TrackData();
$TrackData->setSource('API');
$TrackData->setTrackIp($_SERVER['REMOTE_ADDR']);
$attempts = count(Track::getItem($TrackData)->getTracksForClientFromTime(time() - self::TIME_TRACKING));
} catch (SPException $e) {
throw new SPException(__('Error interno', false), SPException::ERROR, __FUNCTION__, -32601);
}
if ($attempts >= self::TIME_TRACKING_MAX_ATTEMPTS) {
ApiUtil::addTracking();
sleep(0.3 * $attempts);
throw new SPException(__('Intentos excedidos', false), SPException::INFO, '', -32601);
}
}
/**
* Analizar y establecer el método HTTP a utilizar
*
* @throws \SP\Core\Exceptions\SPException
*/
private function analyzeRequestMethod()
{
$requestMethod = $_SERVER['REQUEST_METHOD'];
// Sólo se permiten estos métodos
switch ($requestMethod) {
case 'GET':
case 'POST':
case 'PUT':
case 'DELETE':
$this->verb = $requestMethod;
break;
default:
throw new SPException(__('Método inválido', false), SPException::WARNING, '', -32600);
}
}
/**
* Obtener los datos de la petición
*
* Comprueba que el JSON esté bien formado
*
* @throws \SP\Core\Exceptions\SPException
*/
private function getRequestData()
{
$request = file_get_contents('php://input');
$data = json_decode(Request::parse($request, '', true));
if (!is_object($data) || json_last_error() !== JSON_ERROR_NONE) {
throw new SPException(__('Datos inválidos', false), SPException::WARNING, '', -32700);
}
if (!isset($data->jsonrpc, $data->method, $data->params, $data->id)) {
throw new SPException(__('Formato incorrecto', false), SPException::WARNING, '', -32600);
}
$this->data = $data;
}
/**
* Comprobar los datos básicos de la petición
*
* @throws \SP\Core\Exceptions\SPException
*/
private function checkBasicData()
{
if (!isset($this->data->params->authToken)) {
throw new SPException(__('Parámetros incorrectos', false), SPException::WARNING, '', -32602);
}
}
/**
* Comprobar si la API tiene implementada dicha acción
*
* @throws \SP\Core\Exceptions\SPException
*/
private function checkAction()
{
$this->ApiReflection = new ReflectionClass(SyspassApi::class);
if (!$this->ApiReflection->hasMethod($this->data->method)) {
ApiUtil::addTracking();
throw new SPException(__('Acción Inválida', false), SPException::WARNING, '', -32601);
}
}
/**
* Obtener el id de la acción
*
* @return int
*/
public function getAction()
{
return $this->data->method;
}
}
Reference in New Issue View Git Blame Copy Permalink