1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-23 09:02:41 +00:00
Arsse/lib/REST/Miniflux/V1.php

837 lines
36 KiB
PHP
Raw Normal View History

2020-11-01 01:26:11 +00:00
<?php
/** @license MIT
* Copyright 2017 J. King, Dustin Wilson et al.
* See LICENSE and AUTHORS files for details */
declare(strict_types=1);
namespace JKingWeb\Arsse\REST\Miniflux;
use JKingWeb\Arsse\Arsse;
2020-12-02 23:00:27 +00:00
use JKingWeb\Arsse\Feed;
use JKingWeb\Arsse\Feed\Exception as FeedException;
2020-11-01 01:26:11 +00:00
use JKingWeb\Arsse\AbstractException;
2020-12-14 17:41:09 +00:00
use JKingWeb\Arsse\Context\Context;
use JKingWeb\Arsse\Db\ExceptionInput;
2020-11-01 01:26:11 +00:00
use JKingWeb\Arsse\Misc\HTTP;
2020-12-08 20:34:31 +00:00
use JKingWeb\Arsse\Misc\Date;
2021-01-20 04:17:03 +00:00
use JKingWeb\Arsse\Misc\URL;
2020-12-02 23:00:27 +00:00
use JKingWeb\Arsse\Misc\ValueInfo as V;
2020-11-01 01:26:11 +00:00
use JKingWeb\Arsse\REST\Exception;
2021-01-20 04:17:03 +00:00
use JKingWeb\Arsse\Rule\Rule;
2020-12-28 13:12:30 +00:00
use JKingWeb\Arsse\User\ExceptionConflict;
use JKingWeb\Arsse\User\Exception as UserException;
2020-11-01 01:26:11 +00:00
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Message\ResponseInterface;
use Laminas\Diactoros\Response\EmptyResponse;
2020-12-02 23:00:27 +00:00
use Laminas\Diactoros\Response\JsonResponse as Response;
2021-01-17 03:52:07 +00:00
use Laminas\Diactoros\Uri;
2020-11-01 01:26:11 +00:00
class V1 extends \JKingWeb\Arsse\REST\AbstractHandler {
2020-12-28 13:43:54 +00:00
public const VERSION = "2.0.26";
2020-12-02 23:00:27 +00:00
2020-12-01 17:08:45 +00:00
protected const ACCEPTED_TYPES_OPML = ["application/xml", "text/xml", "text/x-opml"];
protected const ACCEPTED_TYPES_JSON = ["application/json"];
protected const TOKEN_LENGTH = 32;
2020-12-02 23:00:27 +00:00
protected const VALID_JSON = [
2021-01-20 04:17:03 +00:00
// user properties which map directly to Arsse user metadata are listed separately;
// not all these properties are used by our implementation, but they are treated
// with the same strictness as in Miniflux to ease cross-compatibility
'url' => "string",
'username' => "string",
'password' => "string",
'user_agent' => "string",
'title' => "string",
'feed_url' => "string",
'category_id' => "integer",
'crawler' => "boolean",
'user_agent' => "string",
'scraper_rules' => "string",
'rewrite_rules' => "string",
'keeplist_rules' => "string",
'blocklist_rules' => "string",
'disabled' => "boolean",
'ignore_http_cache' => "boolean",
'fetch_via_proxy' => "boolean",
2020-12-02 23:00:27 +00:00
];
2020-12-28 13:12:30 +00:00
protected const USER_META_MAP = [
// Miniflux ID // Arsse ID Default value
'is_admin' => ["admin", false],
'theme' => ["theme", "light_serif"],
'language' => ["lang", "en_US"],
'timezone' => ["tz", "UTC"],
'entry_sorting_direction' => ["sort_asc", false],
'entries_per_page' => ["page_size", 100],
'keyboard_shortcuts' => ["shortcuts", true],
'show_reading_time' => ["reading_time", true],
'entry_swipe' => ["swipe", true],
'stylesheet' => ["stylesheet", ""],
2020-12-28 13:12:30 +00:00
];
2021-01-25 01:28:00 +00:00
/** A map between Miniflux's input properties and our input properties when modifiying feeds
*
* Miniflux also allows changing the following properties:
*
* - feed_url
* - username
* - password
* - user_agent
* - scraper_rules
* - rewrite_rules
* - disabled
* - ignore_http_cache
* - fetch_via_proxy
*
* These either do not apply because we have no cache or proxy,
* or cannot be changed because feeds are deduplicated and changing
* how they are fetched is not practical with our implementation.
* The properties are still checked for type and syntactic validity
* where practical, on the assumption Miniflux would also reject
* invalid values.
*/
protected const FEED_META_MAP = [
'title' => "title",
'category_id' => "folder",
'crawler' => "scrape",
'keeplist_rules' => "keep_rule",
'blocklist_rules' => "block_rule",
];
protected const CALLS = [ // handler method Admin Path Body Query Required fields
2020-12-14 17:41:09 +00:00
'/categories' => [
'GET' => ["getCategories", false, false, false, false, []],
'POST' => ["createCategory", false, false, true, false, ["title"]],
2020-12-14 17:41:09 +00:00
],
'/categories/1' => [
'PUT' => ["updateCategory", false, true, true, false, ["title"]], // title is effectively required since no other field can be changed
'DELETE' => ["deleteCategory", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/categories/1/entries' => [
'GET' => ["getCategoryEntries", false, true, false, false, []],
],
'/categories/1/entries/1' => [
'GET' => ["getCategoryEntry", false, true, false, false, []],
],
'/categories/1/feeds' => [
'GET' => ["getCategoryFeeds", false, true, false, false, []],
],
2020-12-14 17:41:09 +00:00
'/categories/1/mark-all-as-read' => [
'PUT' => ["markCategory", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/discover' => [
'POST' => ["discoverSubscriptions", false, false, true, false, ["url"]],
2020-12-14 17:41:09 +00:00
],
'/entries' => [
'GET' => ["getEntries", false, false, false, true, []],
'PUT' => ["updateEntries", false, false, true, false, []],
2020-12-14 17:41:09 +00:00
],
'/entries/1' => [
'GET' => ["getEntry", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/entries/1/bookmark' => [
'PUT' => ["toggleEntryBookmark", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/export' => [
'GET' => ["opmlExport", false, false, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/feeds' => [
'GET' => ["getFeeds", false, false, false, false, []],
2021-01-20 04:17:03 +00:00
'POST' => ["createFeed", false, false, true, false, ["feed_url", "category_id"]],
2020-12-14 17:41:09 +00:00
],
'/feeds/1' => [
'GET' => ["getFeed", false, true, false, false, []],
'PUT' => ["updateFeed", false, true, true, false, []],
'DELETE' => ["deleteFeed", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/feeds/1/entries' => [
'GET' => ["getFeedEntries", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/feeds/1/entries/1' => [
'GET' => ["getFeedEntry", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/feeds/1/icon' => [
'GET' => ["getFeedIcon", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/feeds/1/mark-all-as-read' => [
'PUT' => ["markFeed", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/feeds/1/refresh' => [
'PUT' => ["refreshFeed", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/feeds/refresh' => [
'PUT' => ["refreshAllFeeds", false, false, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/import' => [
'POST' => ["opmlImport", false, false, true, false, []],
2020-12-14 17:41:09 +00:00
],
'/me' => [
'GET' => ["getCurrentUser", false, false, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/users' => [
'GET' => ["getUsers", true, false, false, false, []],
'POST' => ["createUser", true, false, true, false, ["username", "password"]],
2020-12-14 17:41:09 +00:00
],
'/users/1' => [
'GET' => ["getUserByNum", true, true, false, false, []],
'PUT' => ["updateUserByNum", false, true, true, false, []], // requires admin for users other than self
'DELETE' => ["deleteUserByNum", true, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/users/1/mark-all-as-read' => [
'PUT' => ["markUserByNum", false, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
'/users/*' => [
'GET' => ["getUserById", true, true, false, false, []],
2020-12-14 17:41:09 +00:00
],
2020-11-01 01:26:11 +00:00
];
public function __construct() {
}
2020-11-23 14:31:50 +00:00
protected function authenticate(ServerRequestInterface $req): bool {
// first check any tokens; this is what Miniflux does
if ($req->hasHeader("X-Auth-Token")) {
$t = $req->getHeader("X-Auth-Token")[0]; // consider only the first token
if (strlen($t)) { // and only if it is not blank
2020-11-23 14:31:50 +00:00
try {
$d = Arsse::$db->tokenLookup("miniflux.login", $t);
} catch (ExceptionInput $e) {
return false;
}
Arsse::$user->id = $d['user'];
2020-11-23 14:31:50 +00:00
return true;
}
}
2020-12-22 21:13:12 +00:00
// next check HTTP auth
2020-11-01 01:26:11 +00:00
if ($req->getAttribute("authenticated", false)) {
Arsse::$user->id = $req->getAttribute("authenticatedUser");
return true;
2020-11-23 14:31:50 +00:00
}
return false;
}
public function dispatch(ServerRequestInterface $req): ResponseInterface {
// try to authenticate
if (!$this->authenticate($req)) {
return new ErrorResponse("401", 401);
2020-11-01 01:26:11 +00:00
}
// get the request path only; this is assumed to already be normalized
$target = parse_url($req->getRequestTarget())['path'] ?? "";
2020-11-02 00:09:17 +00:00
$method = $req->getMethod();
2020-11-01 01:26:11 +00:00
// handle HTTP OPTIONS requests
2020-11-02 00:09:17 +00:00
if ($method === "OPTIONS") {
2020-11-01 01:26:11 +00:00
return $this->handleHTTPOptions($target);
}
2020-11-02 00:09:17 +00:00
$func = $this->chooseCall($target, $method);
if ($func instanceof ResponseInterface) {
return $func;
2020-12-14 17:41:09 +00:00
} else {
[$func, $reqAdmin, $reqPath, $reqBody, $reqQuery, $reqFields] = $func;
}
2020-12-14 17:41:09 +00:00
if ($reqAdmin && !$this->isAdmin()) {
2020-12-08 20:34:31 +00:00
return new ErrorResponse("403", 403);
}
2020-12-14 17:41:09 +00:00
$args = [];
if ($reqPath) {
$args[] = explode("/", ltrim($target, "/"));
}
if ($reqBody) {
if ($func === "opmlImport") {
if (!HTTP::matchType($req, "", ...[self::ACCEPTED_TYPES_OPML])) {
return new ErrorResponse("", 415, ['Accept' => implode(", ", self::ACCEPTED_TYPES_OPML)]);
}
$args[] = (string) $req->getBody();
} else {
$data = (string) $req->getBody();
if (strlen($data)) {
$data = @json_decode($data, true);
if (json_last_error() !== \JSON_ERROR_NONE) {
// if the body could not be parsed as JSON, return "400 Bad Request"
return new ErrorResponse(["InvalidBodyJSON", json_last_error_msg()], 400);
}
} else {
$data = [];
}
$data = $this->normalizeBody((array) $data, $reqFields);
2020-12-14 17:41:09 +00:00
if ($data instanceof ResponseInterface) {
return $data;
}
2020-12-02 23:00:27 +00:00
}
2020-12-14 17:41:09 +00:00
$args[] = $data;
}
if ($reqQuery) {
$args[] = $req->getQueryParams();
2020-11-02 00:09:17 +00:00
}
try {
2020-12-14 17:41:09 +00:00
return $this->$func(...$args);
2021-01-23 23:01:23 +00:00
// @codeCoverageIgnoreStart
2020-11-02 00:09:17 +00:00
} catch (Exception $e) {
// if there was a REST exception return 400
return new EmptyResponse(400);
} catch (AbstractException $e) {
// if there was any other Arsse exception return 500
return new EmptyResponse(500);
}
// @codeCoverageIgnoreEnd
2020-11-01 01:26:11 +00:00
}
2020-12-14 17:41:09 +00:00
protected function chooseCall(string $url, string $method) {
// // normalize the URL path: change any IDs to 1 for easier comparison
$url = $this->normalizePathIds($url);
// normalize the HTTP method to uppercase
$method = strtoupper($method);
// we now evaluate the supplied URL against every supported path for the selected scope
if (isset(self::CALLS[$url])) {
// if the path is supported, make sure the method is allowed
if (isset(self::CALLS[$url][$method])) {
// if it is allowed, return the object method to run, assuming the method exists
assert(method_exists($this, self::CALLS[$url][$method][0]), new \Exception("Method is not implemented"));
return self::CALLS[$url][$method];
} else {
// otherwise return 405
return new EmptyResponse(405, ['Allow' => implode(", ", array_keys(self::CALLS[$url]))]);
}
} else {
// if the path is not supported, return 404
return new EmptyResponse(404);
}
}
2020-11-01 01:26:11 +00:00
protected function normalizePathIds(string $url): string {
$path = explode("/", $url);
// any path components which are database IDs (integers greater than zero) should be replaced with "1", for easier comparison (we don't care about the specific ID)
for ($a = 0; $a < sizeof($path); $a++) {
2020-12-02 23:00:27 +00:00
if (V::id($path[$a])) {
2020-11-01 01:26:11 +00:00
$path[$a] = "1";
}
}
2020-11-02 00:09:17 +00:00
// handle special case "Get User By User Name", which can have any non-numeric string, non-empty as the last component
if (sizeof($path) === 3 && $path[0] === "" && $path[1] === "users" && !preg_match("/^(?:\d+)?$/", $path[2])) {
$path[2] = "*";
}
2020-11-01 01:26:11 +00:00
return implode("/", $path);
}
protected function normalizeBody(array $body, array $req) {
2020-12-14 17:41:09 +00:00
// Miniflux does not attempt to coerce values into different types
foreach (self::VALID_JSON as $k => $t) {
if (!isset($body[$k])) {
$body[$k] = null;
} elseif (gettype($body[$k]) !== $t) {
2020-12-28 13:12:30 +00:00
return new ErrorResponse(["InvalidInputType", 'field' => $k, 'expected' => $t, 'actual' => gettype($body[$k])], 422);
2021-01-20 23:28:51 +00:00
} elseif (
(in_array($k, ["keeplist_rules", "blocklist_rules"]) && !Rule::validate($body[$k])) ||
(in_array($k, ["url", "feed_url"]) && !URL::absolute($body[$k])) ||
($k === "category_id" && $body[$k] < 1)
) {
2021-01-20 04:17:03 +00:00
return new ErrorResponse(["InvalidInputValue", 'field' => $k], 422);
2020-12-28 13:12:30 +00:00
}
}
//normalize user-specific input
2021-01-08 20:47:19 +00:00
foreach (self::USER_META_MAP as $k => [,$d]) {
2020-12-28 13:12:30 +00:00
$t = gettype($d);
if (!isset($body[$k])) {
$body[$k] = null;
2020-12-30 22:01:17 +00:00
} elseif ($k === "entry_sorting_direction") {
if (!in_array($body[$k], ["asc", "desc"])) {
return new ErrorResponse(["InvalidInputValue", 'field' => $k], 422);
}
2020-12-28 13:12:30 +00:00
} elseif (gettype($body[$k]) !== $t) {
return new ErrorResponse(["InvalidInputType", 'field' => $k, 'expected' => $t, 'actual' => gettype($body[$k])], 422);
2020-12-14 17:41:09 +00:00
}
}
// check for any missing required values
foreach ($req as $k) {
if (!isset($body[$k])) {
return new ErrorResponse(["MissingInputValue", 'field' => $k], 422);
}
}
2020-12-14 17:41:09 +00:00
return $body;
}
2020-11-01 01:26:11 +00:00
protected function handleHTTPOptions(string $url): ResponseInterface {
// normalize the URL path: change any IDs to 1 for easier comparison
$url = $this->normalizePathIDs($url);
2020-12-14 17:41:09 +00:00
if (isset(self::CALLS[$url])) {
2020-11-01 01:26:11 +00:00
// if the path is supported, respond with the allowed methods and other metadata
2020-12-14 17:41:09 +00:00
$allowed = array_keys(self::CALLS[$url]);
2020-11-01 01:26:11 +00:00
// if GET is allowed, so is HEAD
if (in_array("GET", $allowed)) {
array_unshift($allowed, "HEAD");
}
return new EmptyResponse(204, [
2020-12-01 17:08:45 +00:00
'Allow' => implode(", ", $allowed),
2020-11-02 00:09:17 +00:00
'Accept' => implode(", ", $url === "/import" ? self::ACCEPTED_TYPES_OPML : self::ACCEPTED_TYPES_JSON),
2020-11-01 01:26:11 +00:00
]);
} else {
// if the path is not supported, return 404
return new EmptyResponse(404);
}
}
2020-12-08 20:34:31 +00:00
protected function listUsers(array $users, bool $reportMissing): array {
$out = [];
2020-12-10 04:39:29 +00:00
$now = Date::transform($this->now(), "iso8601m");
2020-12-08 20:34:31 +00:00
foreach ($users as $u) {
try {
$info = Arsse::$user->propertiesGet($u, true);
} catch (UserException $e) {
if ($reportMissing) {
throw $e;
} else {
continue;
}
}
2020-12-28 13:12:30 +00:00
$entry = [
2020-12-08 20:34:31 +00:00
'id' => $info['num'],
'username' => $u,
'last_login_at' => $now,
'google_id' => "",
'openid_connect_id' => "",
2020-12-08 20:34:31 +00:00
];
foreach (self::USER_META_MAP as $ext => [$int, $default]) {
$entry[$ext] = $info[$int] ?? $default;
2020-12-28 13:12:30 +00:00
}
$entry['entry_sorting_direction'] = ($entry['entry_sorting_direction']) ? "asc" : "desc";
$out[] = $entry;
2020-12-08 20:34:31 +00:00
}
return $out;
}
2020-12-31 18:57:36 +00:00
protected function editUser(string $user, array $data): array {
// map Miniflux properties to internal metadata properties
$in = [];
2021-01-08 20:47:19 +00:00
foreach (self::USER_META_MAP as $i => [$o,]) {
2020-12-31 18:57:36 +00:00
if (isset($data[$i])) {
if ($i === "entry_sorting_direction") {
$in[$o] = $data[$i] === "asc";
} else {
$in[$o] = $data[$i];
}
}
}
// make any requested changes
$tr = Arsse::$user->begin();
if ($in) {
Arsse::$user->propertiesSet($user, $in);
}
// read out the newly-modified user and commit the changes
$out = $this->listUsers([$user], true)[0];
$tr->commit();
// add the input password if a password change was requested
if (isset($data['password'])) {
$out['password'] = $data['password'];
}
return $out;
}
2020-12-14 17:41:09 +00:00
protected function discoverSubscriptions(array $data): ResponseInterface {
2020-12-02 23:00:27 +00:00
try {
$list = Feed::discoverAll((string) $data['url'], (string) $data['username'], (string) $data['password']);
} catch (FeedException $e) {
$msg = [
2020-12-11 18:31:35 +00:00
10502 => "Fetch404",
10506 => "Fetch403",
10507 => "Fetch401",
2021-01-23 17:00:11 +00:00
10521 => "Fetch404",
2020-12-11 18:31:35 +00:00
][$e->getCode()] ?? "FetchOther";
2021-01-20 04:17:03 +00:00
return new ErrorResponse($msg, 502);
2020-12-02 23:00:27 +00:00
}
$out = [];
2020-12-22 21:13:12 +00:00
foreach ($list as $url) {
2020-12-02 23:00:27 +00:00
// TODO: This needs to be refined once PicoFeed is replaced
$out[] = ['title' => "Feed", 'type' => "rss", 'url' => $url];
}
return new Response($out);
}
2020-12-14 17:41:09 +00:00
protected function getUsers(): ResponseInterface {
2020-12-28 13:12:30 +00:00
$tr = Arsse::$user->begin();
2020-12-08 20:34:31 +00:00
return new Response($this->listUsers(Arsse::$user->list(), false));
}
2020-12-14 17:41:09 +00:00
protected function getUserById(array $path): ResponseInterface {
2020-12-08 20:34:31 +00:00
try {
2020-12-10 04:39:29 +00:00
return new Response($this->listUsers([$path[1]], true)[0] ?? new \stdClass);
2020-12-08 20:34:31 +00:00
} catch (UserException $e) {
return new ErrorResponse("404", 404);
}
}
2020-12-14 17:41:09 +00:00
protected function getUserByNum(array $path): ResponseInterface {
try {
$user = Arsse::$user->lookup((int) $path[1]);
return new Response($this->listUsers([$user], true)[0] ?? new \stdClass);
} catch (UserException $e) {
return new ErrorResponse("404", 404);
}
2020-12-08 20:34:31 +00:00
}
2020-12-22 21:13:12 +00:00
2020-12-14 17:41:09 +00:00
protected function getCurrentUser(): ResponseInterface {
2020-12-08 20:34:31 +00:00
return new Response($this->listUsers([Arsse::$user->id], false)[0] ?? new \stdClass);
}
2020-12-31 18:57:36 +00:00
protected function createUser(array $data): ResponseInterface {
try {
$tr = Arsse::$user->begin();
$data['password'] = Arsse::$user->add($data['username'], $data['password']);
$out = $this->editUser($data['username'], $data);
$tr->commit();
} catch (UserException $e) {
switch ($e->getCode()) {
case 10403:
return new ErrorResponse(["DuplicateUser", 'user' => $data['username']], 409);
case 10441:
return new ErrorResponse(["InvalidInputValue", 'field' => "timezone"], 422);
case 10443:
return new ErrorResponse(["InvalidInputValue", 'field' => "entries_per_page"], 422);
case 10444:
return new ErrorResponse(["InvalidInputValue", 'field' => "username"], 422);
}
throw $e; // @codeCoverageIgnore
}
return new Response($out, 201);
}
2020-12-30 22:01:17 +00:00
protected function updateUserByNum(array $path, array $data): ResponseInterface {
// this function is restricted to admins unless the affected user and calling user are the same
$user = Arsse::$user->propertiesGet(Arsse::$user->id, false);
if (((int) $path[1]) === $user['num']) {
if ($data['is_admin'] && !$user['admin']) {
// non-admins should not be able to set themselves as admin
return new ErrorResponse("InvalidElevation", 403);
}
$user = Arsse::$user->id;
} elseif (!$user['admin']) {
return new ErrorResponse("403", 403);
} else {
try {
$user = Arsse::$user->lookup((int) $path[1]);
} catch (ExceptionConflict $e) {
return new ErrorResponse("404", 404);
2020-12-28 13:12:30 +00:00
}
}
// make any requested changes
try {
$tr = Arsse::$user->begin();
if (isset($data['username'])) {
Arsse::$user->rename($user, $data['username']);
$user = $data['username'];
}
if (isset($data['password'])) {
Arsse::$user->passwordSet($user, $data['password']);
}
2020-12-31 18:57:36 +00:00
$out = $this->editUser($user, $data);
2020-12-28 13:12:30 +00:00
$tr->commit();
} catch (UserException $e) {
switch ($e->getCode()) {
case 10403:
return new ErrorResponse(["DuplicateUser", 'user' => $data['username']], 409);
2020-12-30 22:01:17 +00:00
case 10441:
return new ErrorResponse(["InvalidInputValue", 'field' => "timezone"], 422);
2020-12-28 13:12:30 +00:00
case 10443:
2020-12-30 22:01:17 +00:00
return new ErrorResponse(["InvalidInputValue", 'field' => "entries_per_page"], 422);
2020-12-28 13:12:30 +00:00
case 10444:
2020-12-30 22:01:17 +00:00
return new ErrorResponse(["InvalidInputValue", 'field' => "username"], 422);
2020-12-28 13:12:30 +00:00
}
throw $e; // @codeCoverageIgnore
}
return new Response($out);
}
2020-12-31 22:03:08 +00:00
protected function deleteUserByNum(array $path): ResponseInterface {
try {
Arsse::$user->remove(Arsse::$user->lookup((int) $path[1]));
} catch (ExceptionConflict $e) {
return new ErrorResponse("404", 404);
}
return new EmptyResponse(204);
}
protected function markUserByNum(array $path): ResponseInterface {
// this function is restricted to the logged-in user
$user = Arsse::$user->propertiesGet(Arsse::$user->id, false);
if (((int) $path[1]) !== $user['num']) {
return new ErrorResponse("403", 403);
}
Arsse::$db->articleMark(Arsse::$user->id, ['read' => true], (new Context)->hidden(false));
return new EmptyResponse(204);
}
/** Returns a useful subset of user metadata
*
* The following keys are included:
*
* - "num": The user's numeric ID,
* - "root": The effective name of the root folder
*/
protected function userMeta(string $user): array {
2020-12-11 18:31:35 +00:00
$meta = Arsse::$user->propertiesGet(Arsse::$user->id, false);
return [
'num' => $meta['num'],
'root' => $meta['root_folder_name'] ?? Arsse::$lang->msg("API.Miniflux.DefaultCategoryName")
];
}
protected function getCategories(): ResponseInterface {
$out = [];
2020-12-11 18:31:35 +00:00
// add the root folder as a category
$meta = $this->userMeta(Arsse::$user->id);
$out[] = ['id' => 1, 'title' => $meta['root'], 'user_id' => $meta['num']];
2020-12-11 18:31:35 +00:00
// add other top folders as categories
foreach (Arsse::$db->folderList(Arsse::$user->id, null, false) as $f) {
// always add 1 to the ID since the root folder will always be 1 instead of 0.
$out[] = ['id' => $f['id'] + 1, 'title' => $f['name'], 'user_id' => $meta['num']];
2020-12-11 18:31:35 +00:00
}
return new Response($out);
}
2020-12-14 17:41:09 +00:00
protected function createCategory(array $data): ResponseInterface {
2020-12-12 04:47:13 +00:00
try {
$id = Arsse::$db->folderAdd(Arsse::$user->id, ['name' => (string) $data['title']]);
} catch (ExceptionInput $e) {
if ($e->getCode() === 10236) {
return new ErrorResponse(["DuplicateCategory", 'title' => $data['title']], 409);
2020-12-12 04:47:13 +00:00
} else {
return new ErrorResponse(["InvalidCategory", 'title' => $data['title']], 422);
2020-12-12 04:47:13 +00:00
}
}
$meta = Arsse::$user->propertiesGet(Arsse::$user->id, false);
2020-12-28 13:12:30 +00:00
return new Response(['id' => $id + 1, 'title' => $data['title'], 'user_id' => $meta['num']], 201);
2020-12-12 04:47:13 +00:00
}
2020-12-14 17:41:09 +00:00
protected function updateCategory(array $path, array $data): ResponseInterface {
2020-12-13 17:56:57 +00:00
// category IDs in Miniflux are always greater than 1; we have folder 0, so we decrement category IDs by 1 to get the folder ID
2020-12-12 04:47:13 +00:00
$folder = $path[1] - 1;
$title = $data['title'] ?? "";
try {
if ($folder === 0) {
2020-12-13 17:56:57 +00:00
// folder 0 doesn't actually exist in the database, so its name is kept as user metadata
2020-12-12 04:47:13 +00:00
if (!strlen(trim($title))) {
throw new ExceptionInput("whitespace");
}
$title = Arsse::$user->propertiesSet(Arsse::$user->id, ['root_folder_name' => $title])['root_folder_name'];
} else {
Arsse::$db->folderPropertiesSet(Arsse::$user->id, $folder, ['name' => $title]);
}
} catch (ExceptionInput $e) {
if ($e->getCode() === 10236) {
return new ErrorResponse(["DuplicateCategory", 'title' => $title], 409);
2020-12-14 03:10:34 +00:00
} elseif (in_array($e->getCode(), [10237, 10239])) {
2020-12-12 04:47:13 +00:00
return new ErrorResponse("404", 404);
} else {
return new ErrorResponse(["InvalidCategory", 'title' => $title], 422);
2020-12-12 04:47:13 +00:00
}
}
$meta = Arsse::$user->propertiesGet(Arsse::$user->id, false);
return new Response(['id' => (int) $path[1], 'title' => $title, 'user_id' => $meta['num']]);
}
2020-12-14 17:41:09 +00:00
protected function deleteCategory(array $path): ResponseInterface {
2020-12-14 03:10:34 +00:00
try {
$folder = $path[1] - 1;
if ($folder !== 0) {
Arsse::$db->folderRemove(Arsse::$user->id, $folder);
} else {
// if we're deleting from the root folder, delete each child subscription individually
2020-12-22 21:13:12 +00:00
// otherwise we'd be deleting the entire tree
2020-12-14 03:10:34 +00:00
$tr = Arsse::$db->begin();
foreach (Arsse::$db->subscriptionList(Arsse::$user->id, null, false) as $sub) {
Arsse::$db->subscriptionRemove(Arsse::$user->id, $sub['id']);
}
$tr->commit();
}
} catch (ExceptionInput $e) {
return new ErrorResponse("404", 404);
}
return new EmptyResponse(204);
}
2020-12-14 17:41:09 +00:00
protected function markCategory(array $path): ResponseInterface {
$folder = $path[1] - 1;
$c = new Context;
if ($folder === 0) {
// if we're marking the root folder don't also mark its child folders, since Miniflux organizes it as a peer of other folders
$c = $c->folderShallow($folder);
} else {
$c = $c->folder($folder);
}
try {
Arsse::$db->articleMark(Arsse::$user->id, ['read' => true], $c);
} catch (ExceptionInput $e) {
return new ErrorResponse("404", 404);
}
return new EmptyResponse(204);
}
protected function transformFeed(array $sub, int $uid, string $rootName): array {
2021-01-17 18:02:31 +00:00
$url = new Uri($sub['url']);
return [
'id' => (int) $sub['id'],
'user_id' => $uid,
2021-01-17 18:02:31 +00:00
'feed_url' => (string) $url->withUserInfo(""),
'site_url' => (string) $sub['source'],
'title' => (string) $sub['title'],
'checked_at' => Date::transform($sub['updated'], "iso8601m", "sql"),
'next_check_at' => Date::transform($sub['next_fetch'], "iso8601m", "sql") ?? "0001-01-01T00:00:00.000000Z",
'etag_header' => (string) $sub['etag'],
'last_modified_header' => (string) Date::transform($sub['edited'], "http", "sql"),
'parsing_error_message' => (string) $sub['err_msg'],
'parsing_error_count' => (int) $sub['err_count'],
'scraper_rules' => "",
'rewrite_rules' => "",
'crawler' => (bool) $sub['scrape'],
'blocklist_rules' => (string) $sub['block_rule'],
'keeplist_rules' => (string) $sub['keep_rule'],
'user_agent' => "",
'username' => rawurldecode(explode(":", $url->getUserInfo(), 2)[0] ?? ""),
'password' => rawurldecode(explode(":", $url->getUserInfo(), 2)[1] ?? ""),
'disabled' => false,
'ignore_http_cache' => false,
'fetch_via_proxy' => false,
'category' => [
'id' => (int) $sub['top_folder'] + 1,
'title' => $sub['top_folder_name'] ?? $rootName,
'user_id' => $uid,
],
2021-01-17 18:02:31 +00:00
'icon' => $sub['icon_id'] ? ['feed_id' => (int) $sub['id'], 'icon_id' => (int) $sub['icon_id']] : null,
];
}
protected function getFeeds(): ResponseInterface {
$out = [];
$tr = Arsse::$db->begin();
$meta = $this->userMeta(Arsse::$user->id);
2021-01-17 03:52:07 +00:00
foreach (Arsse::$db->subscriptionList(Arsse::$user->id) as $r) {
$out[] = $this->transformFeed($r, $meta['num'], $meta['root']);
2021-01-17 03:52:07 +00:00
}
2021-01-17 18:02:31 +00:00
return new Response($out);
2021-01-17 03:52:07 +00:00
}
protected function getCategoryFeeds(array $path): ResponseInterface {
// transform the category number into a folder number by subtracting one
$folder = ((int) $path[1]) - 1;
// unless the folder is root, list recursive
$recursive = $folder > 0;
$out = [];
$tr = Arsse::$db->begin();
// get the list of subscriptions, or bail
try {
$meta = $this->userMeta(Arsse::$user->id);
foreach (Arsse::$db->subscriptionList(Arsse::$user->id, $folder, $recursive) as $r) {
$out[] = $this->transformFeed($r, $meta['num'], $meta['root']);
}
} catch (ExceptionInput $e) {
// the folder does not exist
return new ErrorResponse("404", 404);
}
return new Response($out);
}
2021-01-24 18:54:54 +00:00
protected function getFeed(array $path): ResponseInterface {
$tr = Arsse::$db->begin();
$meta = $this->userMeta(Arsse::$user->id);
2021-01-24 18:54:54 +00:00
try {
$sub = Arsse::$db->subscriptionPropertiesGet(Arsse::$user->id, (int) $path[1]);
return new Response($this->transformFeed($sub, $meta['num'], $meta['root']));
2021-01-24 18:54:54 +00:00
} catch (ExceptionInput $e) {
return new ErrorResponse("404", 404);
}
}
2021-01-20 04:17:03 +00:00
protected function createFeed(array $data): ResponseInterface {
try {
Arsse::$db->feedAdd($data['feed_url'], (string) $data['username'], (string) $data['password'], false, (bool) $data['crawler']);
$tr = Arsse::$db->begin();
$id = Arsse::$db->subscriptionAdd(Arsse::$user->id, $data['feed_url'], (string) $data['username'], (string) $data['password'], false, (bool) $data['crawler']);
2021-01-23 23:01:23 +00:00
Arsse::$db->subscriptionPropertiesSet(Arsse::$user->id, $id, ['folder' => $data['category_id'] - 1, 'scrape' => (bool) $data['crawler']]);
2021-01-20 04:17:03 +00:00
$tr->commit();
2021-01-23 23:01:23 +00:00
if (strlen($data['keeplist_rules'] ?? "") || strlen($data['blocklist_rules'] ?? "")) {
// we do rules separately so as not to tie up the database
Arsse::$db->subscriptionPropertiesSet(Arsse::$user->id, $id, ['keep_rule' => $data['keeplist_rules'], 'block_rule' => $data['blocklist_rules']]);
}
2021-01-20 04:17:03 +00:00
} catch (FeedException $e) {
$msg = [
10502 => "Fetch404",
10506 => "Fetch403",
10507 => "Fetch401",
2021-01-23 17:00:11 +00:00
10521 => "Fetch404",
10522 => "FetchFormat",
2021-01-20 04:17:03 +00:00
][$e->getCode()] ?? "FetchOther";
return new ErrorResponse($msg, 502);
} catch (ExceptionInput $e) {
switch ($e->getCode()) {
case 10235:
return new ErrorResponse("MissingCategory", 422);
case 10236:
return new ErrorResponse("DuplicateFeed", 409);
}
}
return new Response(['feed_id' => $id], 201);
}
2021-01-25 01:28:00 +00:00
protected function updateFeed(array $path, array $data): ResponseInterface {
$in = [];
foreach (self::FEED_META_MAP as $from => $to) {
if (isset($data[$from])) {
$in[$to] = $data[$from];
}
}
if (isset($in['folder'])) {
$in['folder'] -= 1;
}
try {
Arsse::$db->subscriptionPropertiesSet(Arsse::$user->id, (int) $path[1], $in);
} catch (ExceptionInput $e) {
switch ($e->getCode()) {
case 10231:
case 10232:
return new ErrorResponse("InvalidTitle", 422);
case 10235:
return new ErrorResponse("MissingCategory", 422);
case 10239:
return new ErrorResponse("404", 404);
}
}
2021-01-25 02:12:32 +00:00
return $this->getFeed($path);
}
protected function deleteFeed(array $path): ResponseInterface {
try {
Arsse::$db->subscriptionRemove(Arsse::$user->id, (int) $path[1]);
return new EmptyResponse(204);
} catch (ExceptionInput $e) {
return new ErrorResponse("404", 404);
}
2021-01-25 01:28:00 +00:00
}
2021-01-25 02:53:45 +00:00
protected function getFeedIcon(array $path): ResponseInterface {
try {
$icon = Arsse::$db->subscriptionIcon(Arsse::$user->id, (int) $path[1]);
} catch (ExceptionInput $e) {
return new ErrorResponse("404", 404);
}
if (!$icon || !$icon['type'] || !$icon['data']) {
2021-01-25 02:53:45 +00:00
return new ErrorResponse("404", 404);
}
return new Response([
'id' => $icon['id'],
'data' => $icon['type'].";base64,".base64_encode($icon['data']),
'mime_type' => $icon['type'],
2021-01-25 02:53:45 +00:00
]);
}
2020-11-23 14:31:50 +00:00
public static function tokenGenerate(string $user, string $label): string {
// Miniflux produces tokens in base64url alphabet
$t = str_replace(["+", "/"], ["-", "_"], base64_encode(random_bytes(self::TOKEN_LENGTH)));
2020-11-23 14:31:50 +00:00
return Arsse::$db->tokenCreate($user, "miniflux.login", $t, null, $label);
}
public static function tokenList(string $user): array {
if (!Arsse::$db->userExists($user)) {
2020-12-28 13:12:30 +00:00
throw new ExceptionConflict("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
2020-11-23 14:31:50 +00:00
}
$out = [];
foreach (Arsse::$db->tokenList($user, "miniflux.login") as $r) {
$out[] = ['label' => $r['data'], 'id' => $r['id']];
}
return $out;
}
2020-11-01 01:26:11 +00:00
}