mirror of
https://github.com/Combodo/iTop.git
synced 2026-02-13 15:34:12 +01:00
282 lines
9.1 KiB
PHP
282 lines
9.1 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Copyright (C) 2013-2024 Combodo SAS
|
|
*
|
|
* This file is part of iTop.
|
|
*
|
|
* iTop is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* iTop is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
*/
|
|
|
|
use Combodo\iTop\Application\WebPage\JsonPage;
|
|
use Combodo\iTop\Application\WebPage\JsonPPage;
|
|
|
|
require_once(__DIR__.'/../approot.inc.php');
|
|
require_once(APPROOT.'/application/application.inc.php');
|
|
require_once(APPROOT.'/application/loginwebpage.class.inc.php');
|
|
require_once(APPROOT.'/application/startup.inc.php');
|
|
|
|
require_once(APPROOT.'core/restservices.class.inc.php');
|
|
|
|
/**
|
|
* Result structure that is specific to the hardcoded verb 'list_operations'
|
|
*/
|
|
class RestResultListOperations extends RestResult
|
|
{
|
|
public $version;
|
|
public $operations;
|
|
|
|
public function AddOperation($sVerb, $sDescription, $sServiceProviderClass)
|
|
{
|
|
$this->operations[] = [
|
|
'verb' => $sVerb,
|
|
'description' => $sDescription,
|
|
'extension' => $sServiceProviderClass,
|
|
];
|
|
}
|
|
}
|
|
|
|
if (!function_exists('json_last_error_msg')) {
|
|
function json_last_error_msg()
|
|
{
|
|
static $ERRORS = [
|
|
JSON_ERROR_NONE => 'No error',
|
|
JSON_ERROR_DEPTH => 'Maximum stack depth exceeded',
|
|
JSON_ERROR_STATE_MISMATCH => 'State mismatch (invalid or malformed JSON)',
|
|
JSON_ERROR_CTRL_CHAR => 'Control character error, possibly incorrectly encoded',
|
|
JSON_ERROR_SYNTAX => 'Syntax error',
|
|
JSON_ERROR_UTF8 => 'Malformed UTF-8 characters, possibly incorrectly encoded',
|
|
];
|
|
|
|
$error = json_last_error();
|
|
return isset($ERRORS[$error]) ? $ERRORS[$error] : 'Unknown error';
|
|
}
|
|
}
|
|
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Main
|
|
//
|
|
$oCtx = new ContextTag(ContextTag::TAG_REST);
|
|
|
|
$sVersion = utils::ReadParam('version', null, false, 'raw_data');
|
|
$sOperation = utils::ReadParam('operation', null);
|
|
|
|
//read json_data parameter via as a string (standard behaviour)
|
|
$sJsonString = utils::ReadParam('json_data', null, false, 'raw_data');
|
|
|
|
if (empty($sJsonString)) {
|
|
//N °3455: read json_data parameter via a file passed by http protocol
|
|
if (isset($_FILES['json_data']['tmp_name'])) {
|
|
$sTmpFilePath = $_FILES['json_data']['tmp_name'];
|
|
if (is_file($sTmpFilePath)) {
|
|
$sValue = file_get_contents($sTmpFilePath);
|
|
unlink($sTmpFilePath);
|
|
if (! empty($sValue)) {
|
|
$sJsonString = utils::Sanitize($sValue, null, 'raw_data');
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
$sProvider = '';
|
|
|
|
$oKPI = new ExecutionKPI();
|
|
try {
|
|
utils::UseParamFile();
|
|
|
|
$oKPI->ComputeAndReport('Data model loaded');
|
|
|
|
// N°6358 - force credentials for REST calls
|
|
LoginWebPage::ResetSession(true);
|
|
$iRet = LoginWebPage::DoLogin(false, false, LoginWebPage::EXIT_RETURN);
|
|
$oKPI->ComputeAndReport('User login');
|
|
|
|
if ($iRet == LoginWebPage::EXIT_CODE_OK) {
|
|
// Extra validation of the profile
|
|
if ((MetaModel::GetConfig()->Get('secure_rest_services') == true) && !UserRights::HasProfile('REST Services User')) {
|
|
// Web services access is limited to the users with the profile REST Web Services
|
|
$iRet = LoginWebPage::EXIT_CODE_NOTAUTHORIZED;
|
|
}
|
|
}
|
|
if ($iRet != LoginWebPage::EXIT_CODE_OK) {
|
|
switch ($iRet) {
|
|
case LoginWebPage::EXIT_CODE_MISSINGLOGIN:
|
|
throw new Exception("Missing parameter 'auth_user'", RestResult::MISSING_AUTH_USER);
|
|
break;
|
|
|
|
case LoginWebPage::EXIT_CODE_MISSINGPASSWORD:
|
|
throw new Exception("Missing parameter 'auth_pwd'", RestResult::MISSING_AUTH_PWD);
|
|
break;
|
|
|
|
case LoginWebPage::EXIT_CODE_WRONGCREDENTIALS:
|
|
throw new Exception("Invalid login", RestResult::UNAUTHORIZED);
|
|
break;
|
|
|
|
case LoginWebPage::EXIT_CODE_PORTALUSERNOTAUTHORIZED:
|
|
throw new Exception("Portal user is not allowed", RestResult::UNAUTHORIZED);
|
|
break;
|
|
|
|
case LoginWebPage::EXIT_CODE_NOTAUTHORIZED:
|
|
throw new Exception("This user is not authorized to use the web services. (The profile REST Services User is required to access the REST web services)", RestResult::UNAUTHORIZED);
|
|
break;
|
|
|
|
default:
|
|
throw new Exception("Unknown authentication error (retCode=$iRet)", RestResult::UNAUTHORIZED);
|
|
}
|
|
}
|
|
|
|
if ($sVersion == null) {
|
|
throw new Exception("Missing parameter 'version' (e.g. '1.0')", RestResult::MISSING_VERSION);
|
|
}
|
|
|
|
if ($sJsonString == null) {
|
|
throw new Exception("Missing parameter 'json_data'", RestResult::MISSING_JSON);
|
|
}
|
|
|
|
if (is_string($sJsonString)) {
|
|
$aJsonData = @json_decode($sJsonString);
|
|
} elseif (is_array($sJsonString)) {
|
|
$aJsonData = (object) $sJsonString;
|
|
$sJsonString = json_encode($aJsonData);
|
|
} else {
|
|
$aJsonData = null;
|
|
}
|
|
|
|
if ($aJsonData == null) {
|
|
throw new Exception('Parameter json_data is not a valid JSON structure', RestResult::INVALID_JSON);
|
|
}
|
|
|
|
$oKPI->ComputeAndReport('Parameters validated');
|
|
|
|
/** @var iRestServiceProvider[] $aProviders */
|
|
$oKPI = new ExecutionKPI();
|
|
$aProviders = [];
|
|
foreach (get_declared_classes() as $sPHPClass) {
|
|
$oRefClass = new ReflectionClass($sPHPClass);
|
|
if ($oRefClass->implementsInterface('iRestServiceProvider')) {
|
|
$aProviders[] = new $sPHPClass();
|
|
}
|
|
}
|
|
|
|
$aOpToRestService = []; // verb => $oRestServiceProvider
|
|
/** @var iRestServiceProvider $oRestSP */
|
|
foreach ($aProviders as $oRestSP) {
|
|
$aOperations = $oRestSP->ListOperations($sVersion);
|
|
foreach ($aOperations as $aOpData) {
|
|
$aOpToRestService[$aOpData['verb']] =
|
|
[
|
|
'service_provider' => $oRestSP,
|
|
'description' => $aOpData['description'],
|
|
];
|
|
}
|
|
}
|
|
$oKPI->ComputeAndReport('iRestServiceProvider loaded with operations');
|
|
|
|
if (count($aOpToRestService) == 0) {
|
|
throw new Exception("There is no service available for version '$sVersion'", RestResult::UNSUPPORTED_VERSION);
|
|
}
|
|
|
|
$sOperation = RestUtils::GetMandatoryParam($aJsonData, 'operation');
|
|
if ($sOperation == 'list_operations') {
|
|
$oResult = new RestResultListOperations();
|
|
$oResult->message = "Operations: ".count($aOpToRestService);
|
|
$oResult->version = $sVersion;
|
|
foreach ($aOpToRestService as $sVerb => $aOpData) {
|
|
$oResult->AddOperation($sVerb, $aOpData['description'], get_class($aOpData['service_provider']));
|
|
}
|
|
} else {
|
|
if (!array_key_exists($sOperation, $aOpToRestService)) {
|
|
throw new Exception("Unknown verb '$sOperation' in version '$sVersion'", RestResult::UNKNOWN_OPERATION);
|
|
}
|
|
/** @var iRestServiceProvider $oRS */
|
|
$oRS = $aOpToRestService[$sOperation]['service_provider'];
|
|
$sProvider = get_class($oRS);
|
|
|
|
if ($oRS instanceof iRestInputSanitizer) {
|
|
$sSanitizedJsonInput = $oRS->SanitizeJsonInput($sJsonString);
|
|
}
|
|
|
|
CMDBObject::SetTrackOrigin('webservice-rest');
|
|
$oResult = $oRS->ExecOperation($sVersion, $sOperation, $aJsonData);
|
|
}
|
|
$oKPI->ComputeAndReport('Operation finished');
|
|
} catch (Exception $e) {
|
|
$oResult = new RestResult();
|
|
if ($e->GetCode() == 0) {
|
|
$oResult->code = RestResult::INTERNAL_ERROR;
|
|
} else {
|
|
$oResult->code = $e->GetCode();
|
|
}
|
|
$oResult->message = "Error: ".$e->GetMessage();
|
|
$oKPI->ComputeAndReport('Exception catched');
|
|
}
|
|
|
|
// Output the results
|
|
//
|
|
$sResponse = json_encode($oResult);
|
|
|
|
if ($sResponse === false) {
|
|
$oJsonIssue = new RestResult();
|
|
$oJsonIssue->code = RestResult::INTERNAL_ERROR;
|
|
$oJsonIssue->message = 'json encoding failed with message: '.json_last_error_msg().'. Full response structure for debugging purposes (print_r+bin2hex): '.bin2hex(print_r($oResult, true));
|
|
$sResponse = json_encode($oJsonIssue);
|
|
}
|
|
|
|
$sCallback = utils::ReadParam('callback', null);
|
|
if ($sCallback == null) {
|
|
$oP = new JsonPage();
|
|
} else {
|
|
$oP = new JsonPPage($sCallback);
|
|
}
|
|
$oP->add_header('Access-Control-Allow-Origin: *');
|
|
$oP->SetData(json_decode($sResponse, true));
|
|
$oP->SetOutputDataOnly(true);
|
|
$oP->Output();
|
|
ExecutionKPI::ReportStats();
|
|
|
|
// Log usage
|
|
//
|
|
if (MetaModel::GetConfig()->Get('log_rest_service')) {
|
|
$oLog = new EventRestService();
|
|
$oLog->SetTrim('userinfo', UserRights::GetUser());
|
|
$oLog->Set('version', $sVersion);
|
|
$oLog->Set('operation', $sOperation);
|
|
$oLog->SetTrim('json_input', $sSanitizedJsonInput ?? $sJsonString);
|
|
|
|
$oLog->Set('provider', $sProvider);
|
|
$sMessage = $oResult->message;
|
|
if (empty($oResult->message)) {
|
|
$sMessage = 'Ok';
|
|
}
|
|
$oLog->SetTrim('message', $sMessage);
|
|
$oLog->Set('code', $oResult->code);
|
|
$oResult->SanitizeContent();
|
|
$iUnescapeSlashAndUnicode = JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE;
|
|
$sJsonOuputWithPrettyPrinting = json_encode($oResult, $iUnescapeSlashAndUnicode | JSON_PRETTY_PRINT);
|
|
$sJsonOutputWithoutPrettyPrinting = json_encode($oResult, $iUnescapeSlashAndUnicode);
|
|
!StringFitsInLogField($sJsonOuputWithPrettyPrinting) ?
|
|
$oLog->SetTrim('json_output', $sJsonOutputWithoutPrettyPrinting) : // too long, we don't make it pretty
|
|
$oLog->SetTrim('json_output', $sJsonOuputWithPrettyPrinting);
|
|
|
|
$oLog->DBInsertNoReload();
|
|
}
|
|
|
|
/**
|
|
* @deprecated - will be removed in 3.3.0
|
|
*/
|
|
function StringFitsInLogField(string $sLog): bool
|
|
{
|
|
return mb_strlen($sLog) <= 16383; // hardcoded value, see N°8260
|
|
}
|