gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-11 00:15:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add support for cors

Browse Source
This commit is contained in:
Uwe Steinmann 2020-06-17 11:18:15 +02:00
parent fd7cca239a
commit 5dcafd65ce
1 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
restapi/index.php
View File

@ -20,6 +20,25 @@ if(USE_PHP_SESSION) {
exit; exit;
$dms->setUser($userobj); $dms->setUser($userobj);
} else { } else {
$headers = apache_request_headers();
if($settings->_apiOrigin && isset($headers['Origin'])) {
$origins = explode(',', $settings->_apiOrigin);
if(!in_array($headers['Origin'], $origins)) {
http_response_code(403);
exit;
}
}
if(isset($headers['Authorization']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) {
if($settings->_apiKey == $headers['Authorization']) {
if(!($userobj = $dms->getUser($settings->_apiUserId))) {
http_response_code(403);
exit;
}
} else {
http_response_code(403);
exit;
}
} else {
require_once("../inc/inc.ClassSession.php"); require_once("../inc/inc.ClassSession.php");
$session = new SeedDMS_Session($db); $session = new SeedDMS_Session($db);
if (isset($_COOKIE["mydms_session"])) { if (isset($_COOKIE["mydms_session"])) {
@ -50,6 +69,7 @@ if(USE_PHP_SESSION) {
} }
$dms->setUser($userobj); $dms->setUser($userobj);
} }
}
} }
require "vendor/autoload.php"; require "vendor/autoload.php";
@ -2034,12 +2054,22 @@ function clearFolderAccessList($request, $response, $args) { /* {{{ */
} /* }}} */ } /* }}} */
function echoData($request, $response) { /* {{{ */ function echoData($request, $response) { /* {{{ */
echo $request->getBody(); return $response->withJson(array('success'=>true, 'message'=>'This is the result of the echo call.', 'data'=>''), 200);
} /* }}} */ } /* }}} */
//$app = new Slim(array('mode'=>'development', '_session.handler'=>null)); //$app = new Slim(array('mode'=>'development', '_session.handler'=>null));
$app = new \Slim\App(); $app = new \Slim\App();
// Make CORS preflighted request possible
$app->options('/{routes:.+}', function ($request, $response, $args) {
return $response;
});
$app->add(function ($req, $res, $next) {
$response = $next($req, $res);
return $response
->withHeader('Access-Control-Allow-Origin', $req->getHeader('Origin'))
->withHeader('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type, Accept, Origin, Authorization')
->withHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, PATCH, OPTIONS');
});
// use post for create operation // use post for create operation
// use get for retrieval operation // use get for retrieval operation
// use put for update operation // use put for update operation
@ -2104,7 +2134,7 @@ $app->post('/categories', 'createCategory');
$app->put('/categories/{id}/name', 'changeCategoryName'); $app->put('/categories/{id}/name', 'changeCategoryName');
$app->get('/attributedefinitions', 'getAttributeDefinitions'); $app->get('/attributedefinitions', 'getAttributeDefinitions');
$app->put('/attributedefinitions/{id}/name', 'changeAttributeDefinitionName'); $app->put('/attributedefinitions/{id}/name', 'changeAttributeDefinitionName');
$app->any('/echo', 'echoData'); $app->get('/echo', 'echoData');
$app->run(); $app->run();
?> ?>