openrat-cms

OpenRat Content Management System
git clone http://git.code.weiherhei.de/openrat-cms.git
Log | Files | Refs | README

commit 60dd7571571801e3b3fe6b5d3c709bf4098609fa
parent c04e098940263b3d2d059a02b2147df02b40605f
Author: Jan Dankert <develop@jandankert.de>
Date:   Mon, 26 Oct 2020 09:48:01 +0100

No trace-output in the API in production mode.

Diffstat:
Mmodules/cms/Dispatcher.class.php | 6++++--
Mmodules/cms/api/API.class.php | 48++++++++++++++++++++++++++----------------------
Mmodules/cms/base/Startup.class.php | 3++-
3 files changed, 32 insertions(+), 25 deletions(-)

diff --git a/modules/cms/Dispatcher.class.php b/modules/cms/Dispatcher.class.php @@ -18,6 +18,7 @@ use database\Database; use cms\update\Update; use language\Messages; use modules\cms\base\HttpRequest; +use util\exception\ValidationException; use util\Http; use logger\Logger; use LogicException; @@ -119,7 +120,7 @@ class Dispatcher // Weitere Variablen anreichern. $result['session'] = array('name' => session_name(), 'id' => session_id(), 'token' => Session::token()); $result['version'] = Startup::VERSION; - $result['api'] = '2'; + $result['api'] = Startup::API_LEVEL; $result['output']['_token'] = Session::token(); $result['output']['_id' ] = $this->request->id; @@ -318,8 +319,9 @@ class Dispatcher $method->invokeArgs($do,$params); // <== Executing the Action } - catch (\util\exception\ValidationException $ve) + catch (ValidationException $ve) { + // The validation exception is catched here $do->addValidationError( $ve->fieldName,$ve->key ); } catch (\ReflectionException $re) diff --git a/modules/cms/api/API.class.php b/modules/cms/api/API.class.php @@ -32,6 +32,24 @@ class API */ public static function execute() { + $createDataWithError = function( $status, $message, $cause ) { + + Logger::warn($cause); + API::sendHTTPStatus($status, $message); + + $data = [ + 'status' => $status, + 'message' => $message + ]; + + // Traces only in DEVELOPMENT mode + // for security reasons, because traces may contain sensitive information. + if (!defined('DEVELOPMENT') || DEVELOPMENT) + $data['cause'] = API::exceptionToArray($cause); + + return $data; + }; + try { $request = new RequestParams(); @@ -42,29 +60,15 @@ class API $data = $dispatcher->doAction(); } catch (BadMethodCallException $e) { - Logger::warn($e); - - API::sendHTTPStatus(204, 'Method not found'); - $data = array('status' => 204) + API::exceptionToArray( $e ); + $data = $createDataWithError( 204, 'Method not found' , $e ); } catch (ObjectNotFoundException $e) { - Logger::warn($e); - - API::sendHTTPStatus(204, 'Object not found'); - $data = array('status' => 204)+ API::exceptionToArray( $e ); + $data = $createDataWithError( 204, 'Object not found' , $e ); } catch (UIException $e) { - Logger::warn($e); - - API::sendHTTPStatus(500, 'Internal CMS Error'); - $data = array('status' => 500)+ API::exceptionToArray( $e ); + $data = $createDataWithError( 500, 'Internal CMS Error', $e ); } catch (SecurityException $e) { - Logger::warn($e); - //Logger::info('API request not allowed: ' . $e->getMessage()); - API::sendHTTPStatus(403, 'Forbidden'); - $data = array('status' => 403)+ API::exceptionToArray( $e ); + $data = $createDataWithError( 403, 'Forbidden' , $e ); } catch (Exception $e) { - Logger::warn($e); - API::sendHTTPStatus(500, 'Internal Server Error'); - $data = array('status' => 500)+ API::exceptionToArray( $e ); + $data = $createDataWithError( 500, 'Internal Server Error', $e ); } @@ -72,7 +76,7 @@ class API Logger::trace('Output' . "\n" . print_r($data, true)); // Weitere Variablen anreichern. - $data['session'] = array('name' => session_name(), 'id' => session_id(), 'token' => Session::token()); + $data['session'] = ['name' => session_name(), 'id' => session_id(), 'token' => Session::token()]; $data['version'] = Startup::VERSION; $data['api'] = '2'; @@ -209,8 +213,8 @@ class API ); // the cause of the exception is another exception. - if ( $e->getPrevious() != null ) - $data['previous'] = API::exceptionToArray($e->getPrevious() ); + if ( $e->getPrevious() ) + $data['cause'] = API::exceptionToArray($e->getPrevious() ); return $data; } diff --git a/modules/cms/base/Startup.class.php b/modules/cms/base/Startup.class.php @@ -23,9 +23,10 @@ use util\exception\ValidationException; class Startup { - private static $START_TIME; + private static $START_TIME; const MIN_VERSION = '5.4'; // minimum required PHP version. + const API_LEVEL = '2'; // public API version. const IMG_EXT = '.gif'; const IMG_ICON_EXT = '.png';