nextcloud/lib/private/OCS/ApiHelper.php

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-only
 */

namespace OC\OCS;

use OC\AppFramework\OCS\V1Response;
use OC\AppFramework\OCS\V2Response;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;
use OCP\IRequest;
use OCP\Server;

class ApiHelper {
	/**
	 * Respond to a call
	 * @psalm-taint-escape html
	 * @param int $overrideHttpStatusCode force the HTTP status code, only used for the special case of maintenance mode which return 503 even for v1
	 */
	public static function respond(int $statusCode, string $statusMessage, array $headers = [], ?int $overrideHttpStatusCode = null): void {
		$request = Server::get(IRequest::class);
		$format = $request->getParam('format', 'xml');
		if (self::isV2($request)) {
			$response = new V2Response(new DataResponse([], $statusCode, $headers), $format, $statusMessage);
		} else {
			$response = new V1Response(new DataResponse([], $statusCode, $headers), $format, $statusMessage);
		}

		// Send 401 headers if unauthorised
		if ($response->getOCSStatus() === OCSController::RESPOND_UNAUTHORISED) {
			// If request comes from JS return dummy auth request
			if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {
				header('WWW-Authenticate: DummyBasic realm="Authorisation Required"');
			} else {
				header('WWW-Authenticate: Basic realm="Authorisation Required"');
			}
			http_response_code(401);
		}

		foreach ($response->getHeaders() as $name => $value) {
			header($name . ': ' . $value);
		}

		http_response_code($overrideHttpStatusCode ?? $response->getStatus());

		self::setContentType($format);
		$body = $response->render();
		echo $body;
	}

	/**
	 * Based on the requested format the response content type is set
	 */
	public static function setContentType(?string $format = null): void {
		$format ??= Server::get(IRequest::class)->getParam('format', 'xml');
		if ($format === 'xml') {
			header('Content-type: text/xml; charset=UTF-8');
			return;
		}

		if ($format === 'json') {
			header('Content-Type: application/json; charset=utf-8');
			return;
		}

		header('Content-Type: application/octet-stream; charset=utf-8');
	}

	protected static function isV2(IRequest $request): bool {
		$script = $request->getScriptName();

		return str_ends_with($script, '/ocs/v2.php');
	}
}
Basic structure and functionality of api class 2012-07-28 17:40:11 -04:00			`<?php`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-23 03:26:56 -04:00
fix: Remove duplicated code in \OC\OCS\ApiHelper, use Response classes instead Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-03 08:56:26 -04:00			`declare(strict_types=1);`

update licence headers via script 2015-10-05 14:54:56 -04:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-23 03:26:56 -04:00			`* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-only`
update licence headers via script 2015-10-05 14:54:56 -04:00			`*/`
fix: Move OC_API into \OC\ApiHelper in standard namespace It’s only used by ocs/v1.php Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-02 11:06:20 -04:00
fix: Move ApiHelper to \OC\OCS next to related classes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-02 11:44:46 -04:00			`namespace OC\OCS;`
fix: Move OC_API into \OC\ApiHelper in standard namespace It’s only used by ocs/v1.php Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-02 11:06:20 -04:00
fix: Remove duplicated code in \OC\OCS\ApiHelper, use Response classes instead Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-03 08:56:26 -04:00			`use OC\AppFramework\OCS\V1Response;`
			`use OC\AppFramework\OCS\V2Response;`
			`use OCP\AppFramework\Http\DataResponse;`
fix: A bit of code cleanup in OC\AppFramework\OCS\ApiHelper Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-02 11:28:06 -04:00			`use OCP\AppFramework\OCSController;`
			`use OCP\IRequest;`
			`use OCP\Server;`
Adding ocs/v2.php with status code mapper 2015-08-03 10:05:50 -04:00
fix: Move OC_API into \OC\ApiHelper in standard namespace It’s only used by ocs/v1.php Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-02 11:06:20 -04:00			`class ApiHelper {`
Fix odd indentation issue 2012-07-28 17:50:40 -04:00			`/**`
fix: Remove duplicated code in \OC\OCS\ApiHelper, use Response classes instead Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-03 08:56:26 -04:00			`* Respond to a call`
Add sanitizers for JSON output Those functions set proper content-types that prevent rendering of data. Therefore it's safe to mark them as sanitizers. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2020-12-11 16:23:11 -05:00			`* @psalm-taint-escape html`
chore: Make parameter name more explicit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-09 04:45:41 -04:00			`* @param int $overrideHttpStatusCode force the HTTP status code, only used for the special case of maintenance mode which return 503 even for v1`
Merge branch 'master' into ocs_api Conflicts: l10n/templates/core.pot l10n/templates/files.pot l10n/templates/files_encryption.pot l10n/templates/files_external.pot l10n/templates/files_sharing.pot l10n/templates/files_versions.pot l10n/templates/lib.pot l10n/templates/settings.pot l10n/templates/user_ldap.pot l10n/templates/user_webdavauth.pot 2012-12-31 10:47:15 -05:00			`*/`
chore: Make parameter name more explicit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-09 04:45:41 -04:00			`public static function respond(int $statusCode, string $statusMessage, array $headers = [], ?int $overrideHttpStatusCode = null): void {`
fix: A bit of code cleanup in OC\AppFramework\OCS\ApiHelper Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-02 11:28:06 -04:00			`$request = Server::get(IRequest::class);`
fix: Remove duplicated code in \OC\OCS\ApiHelper, use Response classes instead Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-03 08:56:26 -04:00			`$format = $request->getParam('format', 'xml');`
			`if (self::isV2($request)) {`
			`$response = new V2Response(new DataResponse([], $statusCode, $headers), $format, $statusMessage);`
			`} else {`
			`$response = new V1Response(new DataResponse([], $statusCode, $headers), $format, $statusMessage);`
			`}`
Catch auth coming from JS in OCS 2016-02-15 09:38:37 -05:00
API: Remove api response structure from OC_OCS_Result, handle multiple registered methods for api calls 2013-01-25 07:48:59 -05:00			`// Send 401 headers if unauthorised`
fix: Remove duplicated code in \OC\OCS\ApiHelper, use Response classes instead Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-03 08:56:26 -04:00			`if ($response->getOCSStatus() === OCSController::RESPOND_UNAUTHORISED) {`
Catch auth coming from JS in OCS 2016-02-15 09:38:37 -05:00			`// If request comes from JS return dummy auth request`
			`if ($request->getHeader('X-Requested-With') === 'XMLHttpRequest') {`
			`header('WWW-Authenticate: DummyBasic realm="Authorisation Required"');`
			`} else {`
			`header('WWW-Authenticate: Basic realm="Authorisation Required"');`
			`}`
Replace hardcoded status headers with calls to http_response_code() Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2018-06-26 04:32:50 -04:00			`http_response_code(401);`
API: Remove api response structure from OC_OCS_Result, handle multiple registered methods for api calls 2013-01-25 07:48:59 -05:00			`}`
Adding ocs/v2.php with status code mapper 2015-08-03 10:05:50 -04:00
fix: Remove duplicated code in \OC\OCS\ApiHelper, use Response classes instead Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-03 08:56:26 -04:00			`foreach ($response->getHeaders() as $name => $value) {`
Adding header support to class OC_OCS_Result 2015-08-07 07:12:43 -04:00			`header($name . ': ' . $value);`
			`}`

chore: Make parameter name more explicit Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-09 04:45:41 -04:00			`http_response_code($overrideHttpStatusCode ?? $response->getStatus());`
Adding ocs/v2.php with status code mapper 2015-08-03 10:05:50 -04:00
Remove duplicate and unused code 2015-08-03 15:03:11 -04:00			`self::setContentType($format);`
fix: Remove duplicated code in \OC\OCS\ApiHelper, use Response classes instead Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-03 08:56:26 -04:00			`$body = $response->render();`
Remove duplicate and unused code 2015-08-03 15:03:11 -04:00			`echo $body;`
Fix odd indentation issue 2012-07-28 17:50:40 -04:00			`}`
API: Complete respond function 2012-08-01 13:48:51 -04:00
set content-type on ocs exceptions 2014-03-11 19:35:19 -04:00			`/**`
			`* Based on the requested format the response content type is set`
			`*/`
fix: A bit of code cleanup in OC\AppFramework\OCS\ApiHelper Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-02 11:28:06 -04:00			`public static function setContentType(?string $format = null): void {`
fix: Remove duplicated code in \OC\OCS\ApiHelper, use Response classes instead Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-03 08:56:26 -04:00			`$format ??= Server::get(IRequest::class)->getParam('format', 'xml');`
set content-type on ocs exceptions 2014-03-11 19:35:19 -04:00			`if ($format === 'xml') {`
			`header('Content-type: text/xml; charset=UTF-8');`
			`return;`
			`}`

			`if ($format === 'json') {`
			`header('Content-Type: application/json; charset=utf-8');`
			`return;`
			`}`

			`header('Content-Type: application/octet-stream; charset=utf-8');`
			`}`

fix: A bit of code cleanup in OC\AppFramework\OCS\ApiHelper Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-09-02 11:28:06 -04:00			`protected static function isV2(IRequest $request): bool {`
Adding ocs/v2.php with status code mapper 2015-08-03 10:05:50 -04:00			`$script = $request->getScriptName();`
set content-type on ocs exceptions 2014-03-11 19:35:19 -04:00
Refactor "substr" calls to improve code readability Signed-off-by: Hamid Dehnavi <hamid.dev.pro@gmail.com> 2023-07-06 21:24:20 -04:00			`return str_ends_with($script, '/ocs/v2.php');`
Adding ocs/v2.php with status code mapper 2015-08-03 10:05:50 -04:00			`}`
Make calling ocs/v1.php/config work 2012-07-30 15:03:41 -04:00			`}`