wallabag/src/Wallabag/ApiBundle/Controller/WallabagRestController.php

<?php

namespace Wallabag\ApiBundle\Controller;

use Doctrine\ORM\EntityManagerInterface;
use FOS\RestBundle\Controller\AbstractFOSRestController;
use JMS\Serializer\SerializationContext;
use JMS\Serializer\SerializerInterface;
use Nelmio\ApiDocBundle\Annotation\Operation;
use Swagger\Annotations as SWG;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Contracts\Translation\TranslatorInterface;
use Wallabag\UserBundle\Entity\User;

class WallabagRestController extends AbstractFOSRestController
{
    protected EntityManagerInterface $entityManager;
    protected SerializerInterface $serializer;
    protected AuthorizationCheckerInterface $authorizationChecker;
    protected TokenStorageInterface $tokenStorage;
    protected TranslatorInterface $translator;

    public function __construct(EntityManagerInterface $entityManager, SerializerInterface $serializer, AuthorizationCheckerInterface $authorizationChecker, TokenStorageInterface $tokenStorage, TranslatorInterface $translator)
    {
        $this->entityManager = $entityManager;
        $this->serializer = $serializer;
        $this->authorizationChecker = $authorizationChecker;
        $this->tokenStorage = $tokenStorage;
        $this->translator = $translator;
    }

    /**
     * Retrieve version number.
     *
     * @Operation(
     *     tags={"Informations"},
     *     summary="Retrieve version number.",
     *     @SWG\Response(
     *         response="200",
     *         description="Returned when successful"
     *     )
     * )
     *
     * @deprecated Should use info endpoint instead
     *
     * @Route("/api/version.{_format}", methods={"GET"}, name="api_get_version", defaults={"_format": "json"})
     *
     * @return JsonResponse
     */
    public function getVersionAction()
    {
        $version = $this->getParameter('wallabag_core.version');
        $json = $this->serializer->serialize($version, 'json');

        return (new JsonResponse())->setJson($json);
    }

    /**
     * Retrieve information about the wallabag instance.
     *
     * @Operation(
     *     tags={"Informations"},
     *     summary="Retrieve information about the wallabag instance.",
     *     @SWG\Response(
     *         response="200",
     *         description="Returned when successful"
     *     )
     * )
     *
     * @Route("/api/info.{_format}", methods={"GET"}, name="api_get_info", defaults={"_format": "json"})
     *
     * @return JsonResponse
     */
    public function getInfoAction()
    {
        $info = [
            'appname' => 'wallabag',
            'version' => $this->getParameter('wallabag_core.version'),
            'allowed_registration' => $this->getParameter('fosuser_registration'),
        ];

        return (new JsonResponse())->setJson($this->serializer->serialize($info, 'json'));
    }

    protected function validateAuthentication()
    {
        if (false === $this->authorizationChecker->isGranted('IS_AUTHENTICATED_FULLY')) {
            throw new AccessDeniedException();
        }
    }

    /**
     * Validate that the first id is equal to the second one.
     * If not, throw exception. It means a user try to access information from an other user.
     *
     * @param int $requestUserId User id from the requested source
     */
    protected function validateUserAccess($requestUserId)
    {
        $user = $this->tokenStorage->getToken()->getUser();
        \assert($user instanceof User);

        if ($requestUserId !== $user->getId()) {
            throw $this->createAccessDeniedException('Access forbidden. Entry user id: ' . $requestUserId . ', logged user id: ' . $user->getId());
        }
    }

    /**
     * Shortcut to send data serialized in json.
     *
     * @param mixed $data
     *
     * @return JsonResponse
     */
    protected function sendResponse($data)
    {
        // https://github.com/schmittjoh/JMSSerializerBundle/issues/293
        $context = new SerializationContext();
        $context->setSerializeNull(true);

        $json = $this->serializer->serialize($data, 'json', $context);

        return (new JsonResponse())->setJson($json);
    }
}
routing for API, trying to respect #414 2015-01-29 15:56:58 +00:00			`<?php`

Move API stuff in ApiBundle 2015-03-29 08:53:10 +00:00			`namespace Wallabag\ApiBundle\Controller;`
routing for API, trying to respect #414 2015-01-29 15:56:58 +00:00
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 09:37:22 +00:00			`use Doctrine\ORM\EntityManagerInterface;`
Fix some Scrutinizer issues 2019-05-29 10:00:23 +00:00			`use FOS\RestBundle\Controller\AbstractFOSRestController;`
Factorize sendResponse between Api controllers And run newer cs fixer 2018-10-24 18:11:45 +00:00			`use JMS\Serializer\SerializationContext;`
Use FQCN instead of service alias 2022-08-28 00:01:46 +00:00			`use JMS\Serializer\SerializerInterface;`
Update to nelmio/api-doc 3.0 Convert ApiDoc to Swagger 2022-11-06 12:00:41 +00:00			`use Nelmio\ApiDocBundle\Annotation\Operation;`
			`use Swagger\Annotations as SWG;`
Fix rest controller merge 2016-11-03 16:29:16 +00:00			`use Symfony\Component\HttpFoundation\JsonResponse;`
Re-create all API routes 2022-11-23 11:44:55 +00:00			`use Symfony\Component\Routing\Annotation\Route;`
Use FQCN instead of service alias 2022-08-28 00:01:46 +00:00			`use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;`
			`use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;`
Cleanup 2016-11-03 17:01:25 +00:00			`use Symfony\Component\Security\Core\Exception\AccessDeniedException;`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 09:37:22 +00:00			`use Symfony\Contracts\Translation\TranslatorInterface;`
Cleanup 2022-11-23 14:51:33 +00:00			`use Wallabag\UserBundle\Entity\User;`
routing for API, trying to respect #414 2015-01-29 15:56:58 +00:00
Fix some Scrutinizer issues 2019-05-29 10:00:23 +00:00			`class WallabagRestController extends AbstractFOSRestController`
routing for API, trying to respect #414 2015-01-29 15:56:58 +00:00			`{`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 09:37:22 +00:00			`protected EntityManagerInterface $entityManager;`
			`protected SerializerInterface $serializer;`
			`protected AuthorizationCheckerInterface $authorizationChecker;`
			`protected TokenStorageInterface $tokenStorage;`
			`protected TranslatorInterface $translator;`

			`public function __construct(EntityManagerInterface $entityManager, SerializerInterface $serializer, AuthorizationCheckerInterface $authorizationChecker, TokenStorageInterface $tokenStorage, TranslatorInterface $translator)`
			`{`
			`$this->entityManager = $entityManager;`
			`$this->serializer = $serializer;`
			`$this->authorizationChecker = $authorizationChecker;`
			`$this->tokenStorage = $tokenStorage;`
			`$this->translator = $translator;`
			`}`

Add version in API 2016-03-07 14:00:03 +00:00			`/**`
typos & cs 2016-03-08 08:22:25 +00:00			`* Retrieve version number.`
			`*`
Update to nelmio/api-doc 3.0 Convert ApiDoc to Swagger 2022-11-06 12:00:41 +00:00			`* @Operation(`
			`* tags={"Informations"},`
			`* summary="Retrieve version number.",`
			`* @SWG\Response(`
			`* response="200",`
			`* description="Returned when successful"`
			`* )`
			`* )`
Add version in API 2016-03-07 14:00:03 +00:00			`*`
Add a new endpoint to retrieve information from the wallabag instance Useful for api client which required some information. We might add more inside them in the future. The endpoint /api/version should be avoided now as it contains not so much information rather the version. 2019-01-15 09:17:11 +00:00			`* @deprecated Should use info endpoint instead`
			`*`
Re-create all API routes 2022-11-23 11:44:55 +00:00			`* @Route("/api/version.{_format}", methods={"GET"}, name="api_get_version", defaults={"_format": "json"})`
			`*`
Re-user JsonResponse Since Symfony 3.1 we can define the json of a JsonResonse using `->setJson()` 2016-09-08 10:03:09 +00:00			`* @return JsonResponse`
Add version in API 2016-03-07 14:00:03 +00:00			`*/`
			`public function getVersionAction()`
			`{`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 09:37:22 +00:00			`$version = $this->getParameter('wallabag_core.version');`
			`$json = $this->serializer->serialize($version, 'json');`
Fix rest controller merge 2016-11-03 16:29:16 +00:00
Re-user JsonResponse Since Symfony 3.1 we can define the json of a JsonResonse using `->setJson()` 2016-09-08 10:03:09 +00:00			`return (new JsonResponse())->setJson($json);`
Add version in API 2016-03-07 14:00:03 +00:00			`}`
Move API stuff in ApiBundle 2015-03-29 08:53:10 +00:00
Add a new endpoint to retrieve information from the wallabag instance Useful for api client which required some information. We might add more inside them in the future. The endpoint /api/version should be avoided now as it contains not so much information rather the version. 2019-01-15 09:17:11 +00:00			`/**`
			`* Retrieve information about the wallabag instance.`
			`*`
Update to nelmio/api-doc 3.0 Convert ApiDoc to Swagger 2022-11-06 12:00:41 +00:00			`* @Operation(`
			`* tags={"Informations"},`
			`* summary="Retrieve information about the wallabag instance.",`
			`* @SWG\Response(`
			`* response="200",`
			`* description="Returned when successful"`
			`* )`
			`* )`
Add a new endpoint to retrieve information from the wallabag instance Useful for api client which required some information. We might add more inside them in the future. The endpoint /api/version should be avoided now as it contains not so much information rather the version. 2019-01-15 09:17:11 +00:00			`*`
Re-create all API routes 2022-11-23 11:44:55 +00:00			`* @Route("/api/info.{_format}", methods={"GET"}, name="api_get_info", defaults={"_format": "json"})`
			`*`
Add a new endpoint to retrieve information from the wallabag instance Useful for api client which required some information. We might add more inside them in the future. The endpoint /api/version should be avoided now as it contains not so much information rather the version. 2019-01-15 09:17:11 +00:00			`* @return JsonResponse`
			`*/`
			`public function getInfoAction()`
			`{`
			`$info = [`
			`'appname' => 'wallabag',`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 09:37:22 +00:00			`'version' => $this->getParameter('wallabag_core.version'),`
			`'allowed_registration' => $this->getParameter('fosuser_registration'),`
Add a new endpoint to retrieve information from the wallabag instance Useful for api client which required some information. We might add more inside them in the future. The endpoint /api/version should be avoided now as it contains not so much information rather the version. 2019-01-15 09:17:11 +00:00			`];`

Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 09:37:22 +00:00			`return (new JsonResponse())->setJson($this->serializer->serialize($info, 'json'));`
Add a new endpoint to retrieve information from the wallabag instance Useful for api client which required some information. We might add more inside them in the future. The endpoint /api/version should be avoided now as it contains not so much information rather the version. 2019-01-15 09:17:11 +00:00			`}`

Exploded WallabagRestController into many controllers Fix #2503 2016-10-28 12:46:30 +00:00			`protected function validateAuthentication()`
Ensure orphan tag are remove in API When the association between a tag and an entry is removed, if the tag doesn’t have other entries, we can remove it. Also add more tests for that part and ensure TagControllerTest is isolated from the rest of the test suite (finally!) 2016-10-07 21:31:53 +00:00			`{`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 09:37:22 +00:00			`if (false === $this->authorizationChecker->isGranted('IS_AUTHENTICATED_FULLY')) {`
check authentication on each API route 2015-09-29 12:57:46 +00:00			`throw new AccessDeniedException();`
Ensure orphan tag are remove in API When the association between a tag and an entry is removed, if the tag doesn’t have other entries, we can remove it. Also add more tests for that part and ensure TagControllerTest is isolated from the rest of the test suite (finally!) 2016-10-07 21:31:53 +00:00			`}`
			`}`

Move API stuff in ApiBundle 2015-03-29 08:53:10 +00:00			`/**`
			`* Validate that the first id is equal to the second one.`
CS 2015-05-30 11:52:26 +00:00			`* If not, throw exception. It means a user try to access information from an other user.`
Move API stuff in ApiBundle 2015-03-29 08:53:10 +00:00			`*`
CS 2015-05-30 11:52:26 +00:00			`* @param int $requestUserId User id from the requested source`
Move API stuff in ApiBundle 2015-03-29 08:53:10 +00:00			`*/`
Exploded WallabagRestController into many controllers Fix #2503 2016-10-28 12:46:30 +00:00			`protected function validateUserAccess($requestUserId)`
Move API stuff in ApiBundle 2015-03-29 08:53:10 +00:00			`{`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 09:37:22 +00:00			`$user = $this->tokenStorage->getToken()->getUser();`
Cleanup 2022-11-23 14:51:33 +00:00			`\assert($user instanceof User);`
Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 09:37:22 +00:00
Add a real configuration for CS-Fixer 2017-07-01 07:52:38 +00:00			`if ($requestUserId !== $user->getId()) {`
			`throw $this->createAccessDeniedException('Access forbidden. Entry user id: ' . $requestUserId . ', logged user id: ' . $user->getId());`
Move API stuff in ApiBundle 2015-03-29 08:53:10 +00:00			`}`
			`}`
Factorize sendResponse between Api controllers And run newer cs fixer 2018-10-24 18:11:45 +00:00
			`/**`
			`* Shortcut to send data serialized in json.`
			`*`
			`* @param mixed $data`
			`*`
			`* @return JsonResponse`
			`*/`
			`protected function sendResponse($data)`
			`{`
			`// https://github.com/schmittjoh/JMSSerializerBundle/issues/293`
			`$context = new SerializationContext();`
			`$context->setSerializeNull(true);`

Move to controller as a service Mostly using autowiring to inject deps. The only tricky part was for import because all producer use the same class and have a different alias. So we must write them down in the service definition, autowiring doesn't work in that case. Usually: - if a controller has a constructor, it means injected services are at least re-used once in actions - otherwise, service are injected per action 2022-12-19 09:37:22 +00:00			`$json = $this->serializer->serialize($data, 'json', $context);`
Factorize sendResponse between Api controllers And run newer cs fixer 2018-10-24 18:11:45 +00:00
			`return (new JsonResponse())->setJson($json);`
			`}`
CS 2015-01-31 18:09:34 +00:00			`}`