File: /var/www/uileague/wp-content/themes/uileague/api-data.php
<?php
/* Template Name: Api Data */
date_default_timezone_set('PRC');
get_header('cross');
include_once 'JwtAuth.php';
include_once 'ApiStatus.php';
// show_php_error();
class Autoloader
{
public static function myAutoload($name)
{
$ver = isset($_REQUEST['v']) ? intval($_REQUEST['v']) : 0; //接口版本
$class_path = str_replace('\\', DIRECTORY_SEPARATOR, $name);
$file_path = $class_path; // $verArr[0]; // piece1
if (intval($ver) > 0) {
$file = get_stylesheet_directory() . '/api/v' . $ver . '/' . $file_path . '.php';
} else {
$file = get_stylesheet_directory() . '/api/' . $file_path . '.php';
}
if (file_exists($file)) {
if (intval($ver) > 0) {
$infilename = 'api/v' . $ver . '/' . $file_path . '.php';
} else {
$infilename = 'api/' . $file_path . '.php';
}
include_once($infilename);
if (class_exists($file_path, false)) {
return true;
}
} else {
$result = new stdClass();
$result->rc = ApiStatus::ERR_URL[0];
$result->msg = ApiStatus::ERR_URL[1];
echo_json($result);
die();
}
return false;
}
}
spl_autoload_register('Autoloader::myAutoload');
class App
{
public $c;
public $a;
public function run()
{
$c = isset($_REQUEST['c']) ? htmlspecialchars($_REQUEST['c']) : "Index"; //url提供类名字的变量名
$a = isset($_REQUEST['a']) ? htmlspecialchars($_REQUEST['a']) : "Index"; //url提供方法名字的变量名
$c = ucfirst($c);
if ($c == "Exception") $c = "AppException";
if (class_exists($c) && method_exists($c, $a)) {
$o = new $c();
$o->$a();
} else {
$result = new stdClass();
$result->request = $_REQUEST;
$result->rc = ApiStatus::ERR_URL[0];
$result->msg = ApiStatus::ERR_URL[1];
echo_json($result);
die();
}
}
}
class Controller
{
public $result;
public $wpuid;
public $uid;
public function __construct()
{
$this->result = new stdClass();
$this->result->rc = ApiStatus::ERR_URL[0];
$this->result->msg = ApiStatus::ERR_URL[1];
$debugmod = isset($_REQUEST['debugmod']) ? intval($_REQUEST['debugmod']) : 0;
$c = isset($_REQUEST['c']) ? htmlspecialchars($_REQUEST['c']) : "Index";
$a = isset($_REQUEST['a']) ? htmlspecialchars($_REQUEST['a']) : "Index";
// 排除不需要 token 验证的
$noNeedTokenControllers = ["Team", "Players", "TeamPts", "Matches", "Banners", "News", "League", "MatchesPlayers", "InviteReferee"];
$noNeedTokenAtions = ['getList', 'getPositionList', 'getTmpList', 'get', 'getLatestList'];
if ($debugmod != 3 && !(in_array($c, $noNeedTokenControllers) && in_array($a, $noNeedTokenAtions))) {
$this->checktoken();
}
}
function __destruct()
{
echo_json($this->result);
}
public function can_do($permission, callable $func, $specialId = 0)
{
if (empty($this->wpuid)) {
$user = UserHelper::get_by_id($this->uid);
if (is_array($permission)) {
$has_permission = count($permission) > 0;
foreach ($permission as $p) {
$has_permission = $has_permission && Permissions::contains($user->role, $p);
}
} else {
$has_permission = Permissions::contains($user->role, $permission);
}
// 是 company 用户,且拥有权限
if ($user != null && $has_permission) {
$func();
} else if ($user != null && $specialId == $this->uid && $specialId > 0) {
// 特例,如果是当前用户,即使没有权限修改用户,但也允许更新自己的资料
$func();
} else {
$this->result->rc = ApiStatus::ERR_NO_PERMISSION[0];
$this->result->msg = ApiStatus::ERR_NO_PERMISSION[1];
$this->result->data = $this->uid;
}
} else {
// 是 ego 管理员
if (user_can($this->wpuid, "manage_options")) {
$func();
} else {
$this->result->rc = ApiStatus::ERR_NO_PERMISSION[0];
$this->result->msg = ApiStatus::ERR_NO_PERMISSION[1];
$this->result->data = $this->wpuid;
}
}
}
public function admin_can_do(callable $func)
{
if (user_can($this->wpuid, "manage_options")) {
$func();
} else {
$this->result->rc = ApiStatus::ERR_NO_PERMISSION[0];
$this->result->msg = ApiStatus::ERR_NO_PERMISSION[1];
$this->result->data = $this->wpuid;
}
}
public function checktoken()
{
$istrueToken = false; //token是否為真
$postToken = isset($_REQUEST['token']) ? htmlspecialchars($_REQUEST['token']) : '';
$postBearerToken = $this->getBearerToken();
if (!empty($postBearerToken)) {
$this->access_token = $postToken = $postBearerToken;
}
$Tokennums = substr_count($postToken, '.');
if ($Tokennums != 2) {
$this->result->rc = ApiStatus::ERR_TOKEN[0];
$this->result->msg = ApiStatus::ERR_TOKEN[1];
die();
} else {
$jwtAuth = JwtAuth::getInstance();
$jwtAuth->setToken($postToken);
if ($jwtAuth->validate() && ($jwtAuth->verify()->uid || $jwtAuth->verify()->wpuid)) {
$istrueToken = true;
}
if ($istrueToken) {
$outObj = $jwtAuth->verify(); //在token获取uid
$this->wpuid = $outObj->wpuid; //在token获取uid
$this->uid = $outObj->uid; //在token获取uid
} else {
$this->result->rc = ApiStatus::ERR_TOKEN[0];
$this->result->msg = ApiStatus::ERR_TOKEN[1];
die();
}
}
}
/**
* Get header Authorization
* */
private function getAuthorizationHeader()
{
$headers = null;
if (isset($_SERVER['Authorization'])) {
$headers = trim($_SERVER["Authorization"]);
} else if (isset($_SERVER['HTTP_AUTHORIZATION'])) { //Nginx or fast CGI
$headers = trim($_SERVER["HTTP_AUTHORIZATION"]);
} elseif (function_exists('apache_request_headers')) {
$requestHeaders = apache_request_headers();
// Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization)
$requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
//print_r($requestHeaders);
if (isset($requestHeaders['Authorization'])) {
$headers = trim($requestHeaders['Authorization']);
}
}
return $headers;
}
/**
* get access token from header
* */
private function getBearerToken()
{
$headers = $this->getAuthorizationHeader();
// HEADER: Get the access token from the header
if (!empty($headers)) {
if (preg_match('/Bearer\s(\S+)/', $headers, $matches)) {
return $matches[1];
}
}
return null;
}
}
$app = new App();
$app->run();