@ -109,26 +109,25 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
const FATAL_ERR = [
const FATAL_ERR = [
'seq' => null,
'seq' => null,
'status' => 1,
'status' => 1,
'content' => ['error' => "NOT_LOGGED_IN"],
'content' => ['error' => "MALFORMED_INPUT"],
];
];
public function __construct() {
public function __construct() {
}
}
public function dispatch(\JKingWeb\Arsse\REST\Request $req): Response {
public function dispatch(\JKingWeb\Arsse\REST\Request $req): Response {
if ($req->method != "POST") {
if ($req->method=="OPTIONS") {
// only POST requests are allowed
// respond to OPTIONS rquests; the response is a fib, as we technically accept any type or method
return new Response(405, self::FATAL_ERR, "application/json", ["Allow: POST"]);
return new Response(204, "", "", [
"Allow: POST",
"Accept: application/json, text/json",
]);
}
}
if ($req->body) {
if ($req->body) {
// only JSON entities are allowed
// only JSON entities are allowed, but Content-Type is ignored, as is request method
if (!preg_match("<^application/json\b|^$>", $req->type)) {
return new Response(415, self::FATAL_ERR, "application/json", ['Accept: application/json']);
}
$data = @json_decode($req->body, true);
$data = @json_decode($req->body, true);
if (json_last_error() != \JSON_ERROR_NONE || !is_array($data)) {
if (json_last_error() != \JSON_ERROR_NONE || !is_array($data)) {
// non-JSON input indicates an error
return new Response(200, self::FATAL_ERR);
return new Response(400, self::FATAL_ERR);
}
}
try {
try {
// normalize input
// normalize input
@ -144,16 +143,8 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
}
}
$method = "op".ucfirst($data['op']);
$method = "op".ucfirst($data['op']);
if (!method_exists($this, $method)) {
if (!method_exists($this, $method)) {
// because method names are supposed to be case insensitive, we need to try a bit harder to match
// TT-RSS operations are case-insensitive by dint of PHP method names being case-insensitive; this will only trigger if the method really doesn't exist
$method = strtolower($method);
throw new Exception("UNKNOWN_METHOD", ['method' => $data['op']]);