chore: update core

Marco Cesarato · Marco Cesarato · commit 6037b9016e8d · 2021-05-03T10:00:45.000+02:00
- Add new filter with examples
- Add check if primary key already exists on insert and add hooks to bypass failed error
- Add counter to every request to check if at least one is executed
- Improve logger date with microtime
- Improve code quality
- Fix some issues and old methods calling
- BREAKING CHANGES: `custom_api_call` renamed to `endpoint` and `public_endpoint`
diff --git a/includes/classes/API.php b/includes/classes/API.php
diff --git a/includes/classes/Auth.php b/includes/classes/Auth.php
@@ -16,7 +16,9 @@
 class Auth
 {
     /**
-     * @var string token storage table name
+     * Tokens storage table.
+     *
+     * @var string
      */
     public static $api_table = 'api_auth';
 
@@ -40,11 +42,24 @@ class Auth
      * @var Request
      */
     public static $settings;
-
-    public $user = [];
+    /**
+     * User data.
+     *
+     * @var object
+     */
+    public $user;
+    /**
+     * Account associated to the user.
+     *
+     * @var object
+     */
+    public $account;
     public $user_id;
     public $is_admin = false;
     public $authenticated = false;
+    /**
+     * @var PDO
+     */
     private $db;
     private $table_free = [];
     private $table_readonly = [];
@@ -63,7 +78,7 @@ public function __construct()
     /**
      * Get user row.
      *
-     * @return array
+     * @return object
      */
     public static function getUser()
     {
@@ -113,7 +128,7 @@ public function validate($query)
             $this->checkAPITable();
         }
 
-        if (!empty($this->query['check_counter']) && $this->validateToken($this->query['token']) && $this->is_admin) {
+        if (!empty($this->query['check_counter']) && $this->validateToken($this->query['token']) && $this->isAdmin()) {
             $this->checkCounter();
         } elseif (!empty($this->query['check_token']) && $this->validateToken($this->query['check_token'])) {
             $this->checkToken();
@@ -165,7 +180,7 @@ public function validate($query)
                 if ($user_row[$users_columns['password']] == $password) {
                     $token = $this->generateToken($user_row[$users_columns['id']], $user_row[$users_columns['username']]);
                     $this->user_id = $user_row[$users_columns['id']];
-                    $this->is_admin = !empty($users_columns['admin']) ? $user_row[key(reset($users_columns['admin']))] : false;
+                    $this->setIsAdmin(!empty($users_columns['admin']) ? $user_row[key(reset($users_columns['admin']))] : false);
                     // Render
                     $results = [
                         (object)[
@@ -301,7 +316,7 @@ private function validateToken($token)
                     $this->user = $user_row;
                     $this->user_id = $user_row['id'];
                     if (!empty($users_columns['admin'])) {
-                        $this->is_admin = (($user_row[key($users_columns['admin'])] == reset($users_columns['admin'])) ? true : false);
+                        $this->setIsAdmin(($user_row[key($users_columns['admin'])] == reset($users_columns['admin'])) ? true : false);
                     }
                     $this->authenticated = true;
 
@@ -367,7 +382,7 @@ public function generateToken($user_id, $user_name)
     {
         $this->db = $this->getAPIDatabase();
         try {
-            $token = md5(uniqid(rand(), true));
+            $token = md5(uniqid(mt_rand(), true));
             $sth = $this->db->prepare('INSERT INTO ' . self::$api_table . ' (token,user_id,user_name,user_agent) VALUES (:token,:user_id,:user_name,:user_agent)');
             $sth->bindParam(':token', $token);
             $sth->bindParam(':user_name', $user_name);
@@ -398,7 +413,7 @@ public function permissionSQL($table, $permission)
         $sql = '';
 
         // All allowed
-        if ($this->is_admin == true) {
+        if ($this->isAdmin()) {
             $sql = "'1' = '1'";
         }
 
@@ -524,7 +539,43 @@ public function canDelete($table)
      */
     private function needIncrementCounter()
     {
-        return !(!empty($this->query['docs']) || !empty($this->query['check_token']) || !empty($this->query['check_counter']) || !empty($this->query['user_id']) && !empty($this->query['password']));
+        return !(
+            !empty($this->query['docs']) ||
+            !empty($this->query['check_token']) ||
+            !empty($this->query['check_counter']) ||
+            (
+                !empty($this->query['user_id']) &&
+                !empty($this->query['password'])
+            )
+        );
+    }
+
+    /**
+     * @return bool
+     */
+    public function isAuthenticated()
+    {
+        return !empty(self::getUser());
+    }
+
+    /**
+     * @return bool
+     */
+    public function isAdmin()
+    {
+        return $this->is_admin === true;
+    }
+
+    /**
+     * @param  bool  $is_admin
+     *
+     * @return self
+     */
+    public function setIsAdmin($is_admin)
+    {
+        $this->is_admin = $is_admin;
+
+        return $this;
     }
 }
 
diff --git a/includes/classes/Logger.php b/includes/classes/Logger.php
@@ -20,7 +20,7 @@ class Logger
     protected $file;
     protected $params = [];
     protected $options = [
-        'dateFormat' => 'd-M-Y H:i:s',
+        'dateFormat' => 'd-M-Y H:i:s.u',
         'onlyMessage' => false,
     ];
     protected $cache = '';
@@ -133,8 +133,12 @@ public function writeLog($message, $severity)
         $method = Request::method();
         // Grab the url path ( for troubleshooting )
         $path = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
+
         // Grab time - based on timezone in php.ini
-        $time = date($this->params['dateFormat']);
+        $t = microtime(true);
+        $micro = sprintf('%06d', ($t - floor($t)) * 1000000);
+        $d = new DateTime(date('Y-m-d H:i:s.' . $micro, $t));
+        $time = $d->format($this->params['dateFormat']);
 
         $ip = Request::getIPAddress();
 
diff --git a/includes/classes/Request.php b/includes/classes/Request.php
@@ -70,17 +70,17 @@ public static function getParams($sanitize = true)
         // Auth
         if (!empty($params['auth'])) {
             if (empty($params['user_id'])) {
-                $params['user_id'] = (!empty($_SERVER['HTTP_AUTH_ACCOUNT']) ? $_SERVER['HTTP_AUTH_ACCOUNT'] : uniqid(rand(), true));
+                $params['user_id'] = (!empty($_SERVER['HTTP_AUTH_ACCOUNT']) ? $_SERVER['HTTP_AUTH_ACCOUNT'] : uniqid(mt_rand(), true));
             }
             if (empty($params['password'])) {
-                $params['password'] = (!empty($_SERVER['HTTP_AUTH_PASSWORD']) ? $_SERVER['HTTP_AUTH_PASSWORD'] : uniqid(rand(), true));
+                $params['password'] = (!empty($_SERVER['HTTP_AUTH_PASSWORD']) ? $_SERVER['HTTP_AUTH_PASSWORD'] : uniqid(mt_rand(), true));
             }
             unset($params['token']);
         }
 
         // Check token
         if (!empty($params['check_auth']) && empty($params['check_token'])) {
-            $params['check_token'] = (!empty($_SERVER['HTTP_ACCESS_TOKEN']) ? $_SERVER['HTTP_ACCESS_TOKEN'] : uniqid(rand(), true));
+            $params['check_token'] = (!empty($_SERVER['HTTP_ACCESS_TOKEN']) ? $_SERVER['HTTP_ACCESS_TOKEN'] : uniqid(mt_rand(), true));
             unset($params['token']);
         }
 
@@ -283,12 +283,12 @@ public static function getIPAddress()
                     if (preg_match('/^::ffff:(\d+\.\d+\.\d+\.\d+)$/', $ip, $matches)) {
                         $ip = $matches[1];
                     }
-                    if ($ip == '::1') {
+                    if ($ip === '::1') {
                         $ip = '127.0.0.1';
                     }
-                    if ($ip == '127.0.0.1' || self::isPrivateIP($ip)) {
+                    if ($ip === '127.0.0.1' || self::isPrivateIP($ip)) {
                         $ip = $_SERVER['REMOTE_ADDR'];
-                        if ($ip == '::1') {
+                        if ($ip === '::1') {
                             $ip = '127.0.0.1';
                         }
 
@@ -449,7 +449,7 @@ public static function getAllIPAddress()
                     if (preg_match('/^::ffff:(\d+\.\d+\.\d+\.\d+)$/', $ip, $matches)) {
                         $ip = $matches[1];
                     }
-                    if ($ip == '::1') {
+                    if ($ip === '::1') {
                         $ips[] = '127.0.0.1';
                     } elseif (self::validateIPAddress($ip)) {
                         $ips[] = $ip;
@@ -471,13 +471,10 @@ public static function getAllIPAddress()
      * @param      $params mixed data to sanitize
      *
      * @return     $params sanitized data
-     *
-     * @author     Marco Cesarato <cesarato.developer@gmail.com>
      */
     private static function sanitizeParams($params)
     {
         foreach ($params as $key => $value) {
-            $value = trim_all($value);
             $value = self::sanitizeRXSS($value);
             $value = self::sanitizeStriptags($value);
             $value = self::sanitizeHtmlentities($value);
diff --git a/includes/classes/Response.php b/includes/classes/Response.php
@@ -15,12 +15,8 @@ class Response
     public static $instance;
     public $input;
 
-    public function __construct()
-    {
-    }
-
     /**
-     * Return success reponse.
+     * Return success response.
      *
      * @return array
      */
@@ -45,35 +41,52 @@ public static function created()
 
     /**
      * Return failed response.
+     *
+     * @return array
      */
     public static function failed()
     {
-        self::error('Bad request', 400);
+        $message = 'Bad request';
+        $code = 400;
+
+        self::error($message, $code);
+
+        return ['response' => (object)['status' => $code, 'message' => $message]];
     }
 
     /**
      * Return failed response.
      *
      * @param string $msg
+     *
+     * @return array
      */
     public static function noPermissions($msg = '')
     {
-        self::error('No permissions ' . $msg, 403);
+        $message = 'No permissions ' . $msg;
+        $code = 403;
+
+        self::error($message, $code);
+
+        return ['response' => (object)['status' => $code, 'message' => $message]];
     }
 
     /**
      * Halt the program with an "Internal server error" and the specified message.
      *
      * @param string|object $error the error or a (PDO) exception object
      * @param int           $code  (optional) the error code with which to respond
-     * @param bool          $custom_call
+     * @param bool          $internal if true will fallback to the first endpoint available
+     *
+     * @return array
      */
-    public static function error($error, $code = 500, $custom_call = false)
+    public static function error($error, $code = 500, $internal = false)
     {
         $hooks = Hooks::getInstance();
-        if ($custom_call) {
-            $hooks->do_action('custom_api_call');
+        if ($internal) {
+            $hooks->do_action('endpoint');
         }
+        $hooks->do_action('public_endpoint');
         $hooks->do_action('on_error', $error, $code);
 
         $api = API::getInstance();
@@ -83,15 +96,17 @@ public static function error($error, $code = 500, $custom_call = false)
             $results = [
                 'response' => (object)['status' => 400, 'message' => $message],
             ];
-            $logger->error($code . ' - ' . $error);
+            $logger->error('ERROR_' . $code . ': ' . $error);
             $api->render($results);
         }
         http_response_code($code);
         $error = trim($error);
-        $logger->error($code . ' - ' . $error);
+        $logger->error('ERROR_' . $code . ': ' . $error);
         $results = [
             'response' => (object)['status' => $code, 'message' => Request::sanitizeHtmlentities($error)],
         ];
         $api->render($results);
+
+        return ['response' => (object)['status' => $code, 'message' => $error]];
     }
 }
diff --git a/includes/functions.php b/includes/functions.php
@@ -62,12 +62,9 @@ function array_to_object($array)
 function is_https()
 {
     if (isset($_SERVER['HTTP_HOST'])) {
-        if (((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443)
-           || !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
-            return true;
-        }
-
-        return false;
+        return ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443) ||
+               (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') ||
+               (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] === 'on');
     }
 
     return false;
@@ -130,7 +127,9 @@ function trim_all($arr, $charlist = ' ')
 {
     if (is_string($arr)) {
         return trim($arr, $charlist);
-    } elseif (is_array($arr)) {
+    }
+
+    if (is_array($arr)) {
         foreach ($arr as $key => $value) {
             if (is_array($value)) {
                 $result[$key] = trim_all($value, $charlist);
@@ -140,13 +139,13 @@ function trim_all($arr, $charlist = ' ')
         }
 
         return $result;
-    } else {
-        return $arr;
     }
+
+    return $arr;
 }
 
 /**
- * Recusively travserses through an array to propegate SimpleXML objects.
+ * Recursively traverses through an array to propagate SimpleXML objects.
  *
  * @param array  $array the array to parse
  * @param object $xml   the Simple XML object (must be at least a single empty node)
diff --git a/plugins/actions.php b/plugins/actions.php
@@ -8,11 +8,11 @@
 use marcocesarato\DatabaseAPI\Response;
 
 /**
- * Custom API Call.
+ * Endpoint.
  *
  * @param $query
  */
-function action_custom_api_call($query)
+function action_endpoint($query)
 {
     $api = API::getInstance();
     $api->query['part_1'] = $api->query['db'];
diff --git a/plugins/custom/example.hooks.php b/plugins/custom/example.hooks.php
@@ -11,11 +11,11 @@
 $hooks = Hooks::getInstance();
 
 /**
- * Custom API Call.
+ * Endpoint example.
  *
  * @return mixed or die (with mixed return just skip to next action until 404 error)
  */
-function action_custom_api_call_example()
+function action_endpoint_example()
 {
     $user = Auth::getUser(); // User row
     $api = API::getInstance(); // PDO Object
@@ -35,4 +35,7 @@ function action_custom_api_call_example()
     }*/
 }
 
-$hooks->add_action('custom_api_call', 'action_custom_api_call_example');
+// Private
+$hooks->add_action('endpoint', 'action_endpoint_example');
+// Public
+$hooks->add_action('public_endpoint', 'action_endpoint_example');
diff --git a/plugins/filters.php b/plugins/filters.php
diff --git a/plugins/loader.php b/plugins/loader.php

Original file line number	Diff line number	Diff line change
`@@ -70,17 +70,17 @@ public static function getParams($sanitize = true)`
`70`	`70`	`// Auth`
`71`	`71`	`if (!empty($params['auth'])) {`
`72`	`72`	`if (empty($params['user_id'])) {`
`73`		`- $params['user_id'] = (!empty($_SERVER['HTTP_AUTH_ACCOUNT']) ? $_SERVER['HTTP_AUTH_ACCOUNT'] : uniqid(rand(), true));`
	`73`	`+ $params['user_id'] = (!empty($_SERVER['HTTP_AUTH_ACCOUNT']) ? $_SERVER['HTTP_AUTH_ACCOUNT'] : uniqid(mt_rand(), true));`
`74`	`74`	`}`
`75`	`75`	`if (empty($params['password'])) {`
`76`		`- $params['password'] = (!empty($_SERVER['HTTP_AUTH_PASSWORD']) ? $_SERVER['HTTP_AUTH_PASSWORD'] : uniqid(rand(), true));`
	`76`	`+ $params['password'] = (!empty($_SERVER['HTTP_AUTH_PASSWORD']) ? $_SERVER['HTTP_AUTH_PASSWORD'] : uniqid(mt_rand(), true));`
`77`	`77`	`}`
`78`	`78`	`unset($params['token']);`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`// Check token`
`82`	`82`	`if (!empty($params['check_auth']) && empty($params['check_token'])) {`
`83`		`- $params['check_token'] = (!empty($_SERVER['HTTP_ACCESS_TOKEN']) ? $_SERVER['HTTP_ACCESS_TOKEN'] : uniqid(rand(), true));`
	`83`	`+ $params['check_token'] = (!empty($_SERVER['HTTP_ACCESS_TOKEN']) ? $_SERVER['HTTP_ACCESS_TOKEN'] : uniqid(mt_rand(), true));`
`84`	`84`	`unset($params['token']);`
`85`	`85`	`}`
`86`	`86`
`@@ -283,12 +283,12 @@ public static function getIPAddress()`
`283`	`283`	`if (preg_match('/^::ffff:(\d+\.\d+\.\d+\.\d+)$/', $ip, $matches)) {`
`284`	`284`	`$ip = $matches[1];`
`285`	`285`	`}`
`286`		`- if ($ip == '::1') {`
	`286`	`+ if ($ip === '::1') {`
`287`	`287`	`$ip = '127.0.0.1';`
`288`	`288`	`}`
`289`		`- if ($ip == '127.0.0.1' \|\| self::isPrivateIP($ip)) {`
	`289`	`+ if ($ip === '127.0.0.1' \|\| self::isPrivateIP($ip)) {`
`290`	`290`	`$ip = $_SERVER['REMOTE_ADDR'];`
`291`		`- if ($ip == '::1') {`
	`291`	`+ if ($ip === '::1') {`
`292`	`292`	`$ip = '127.0.0.1';`
`293`	`293`	`}`
`294`	`294`
`@@ -449,7 +449,7 @@ public static function getAllIPAddress()`
`449`	`449`	`if (preg_match('/^::ffff:(\d+\.\d+\.\d+\.\d+)$/', $ip, $matches)) {`
`450`	`450`	`$ip = $matches[1];`
`451`	`451`	`}`
`452`		`- if ($ip == '::1') {`
	`452`	`+ if ($ip === '::1') {`
`453`	`453`	`$ips[] = '127.0.0.1';`
`454`	`454`	`} elseif (self::validateIPAddress($ip)) {`
`455`	`455`	`$ips[] = $ip;`
`@@ -471,13 +471,10 @@ public static function getAllIPAddress()`
`471`	`471`	`* @param $params mixed data to sanitize`
`472`	`472`	`*`
`473`	`473`	`* @return $params sanitized data`
`474`		`- *`
`475`		`- * @author Marco Cesarato <cesarato.developer@gmail.com>`
`476`	`474`	`*/`
`477`	`475`	`private static function sanitizeParams($params)`
`478`	`476`	`{`
`479`	`477`	`foreach ($params as $key => $value) {`
`480`		`- $value = trim_all($value);`
`481`	`478`	`$value = self::sanitizeRXSS($value);`
`482`	`479`	`$value = self::sanitizeStriptags($value);`
`483`	`480`	`$value = self::sanitizeHtmlentities($value);`
Original file line number	Diff line number	Diff line change
`@@ -62,12 +62,9 @@ function array_to_object($array)`
`62`	`62`	`function is_https()`
`63`	`63`	`{`
`64`	`64`	`if (isset($_SERVER['HTTP_HOST'])) {`
`65`		`- if (((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') \|\| $_SERVER['SERVER_PORT'] == 443)`
`66`		`- \|\| !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' \|\| !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {`
`67`		`- return true;`
`68`		`- }`
`69`		`-`
`70`		`- return false;`
	`65`	`+ return ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') \|\| $_SERVER['SERVER_PORT'] == 443) \|\|`
	`66`	`+ (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') \|\|`
	`67`	`+ (!empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] === 'on');`
`71`	`68`	`}`
`72`	`69`
`73`	`70`	`return false;`
`@@ -130,7 +127,9 @@ function trim_all($arr, $charlist = ' ')`
`130`	`127`	`{`
`131`	`128`	`if (is_string($arr)) {`
`132`	`129`	`return trim($arr, $charlist);`
`133`		`- } elseif (is_array($arr)) {`
	`130`	`+ }`
	`131`	`+`
	`132`	`+ if (is_array($arr)) {`
`134`	`133`	`foreach ($arr as $key => $value) {`
`135`	`134`	`if (is_array($value)) {`
`136`	`135`	`$result[$key] = trim_all($value, $charlist);`
`@@ -140,13 +139,13 @@ function trim_all($arr, $charlist = ' ')`
`140`	`139`	`}`
`141`	`140`
`142`	`141`	`return $result;`
`143`		`- } else {`
`144`		`- return $arr;`
`145`	`142`	`}`
	`143`	`+`
	`144`	`+ return $arr;`
`146`	`145`	`}`
`147`	`146`
`148`	`147`	`/**`
`149`		`- * Recusively travserses through an array to propegate SimpleXML objects.`
	`148`	`+ * Recursively traverses through an array to propagate SimpleXML objects.`
`150`	`149`	`*`
`151`	`150`	`* @param array $array the array to parse`
`152`	`151`	`* @param object $xml the Simple XML object (must be at least a single empty node)`
Original file line number	Diff line number	Diff line change
`@@ -8,11 +8,11 @@`
`8`	`8`	`use marcocesarato\DatabaseAPI\Response;`
`9`	`9`
`10`	`10`	`/**`
`11`		`- * Custom API Call.`
	`11`	`+ * Endpoint.`
`12`	`12`	`*`
`13`	`13`	`* @param $query`
`14`	`14`	`*/`
`15`		`-function action_custom_api_call($query)`
	`15`	`+function action_endpoint($query)`
`16`	`16`	`{`
`17`	`17`	`$api = API::getInstance();`
`18`	`18`	`$api->query['part_1'] = $api->query['db'];`