From 487164335599b79681e45b9d3af00bb866890b12 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Tue, 30 Jun 2015 16:11:10 -0700
Subject: [PATCH] CRM-16757 - Split extern/cxn.php into createApiServer() and
 CRM_Cxn_ApiRouter

---
 CRM/Cxn/ApiRouter.php | 94 +++++++++++++++++++++++++++++++++++++++++++
 CRM/Cxn/BAO/Cxn.php   | 13 ++++++
 extern/cxn.php        | 56 ++------------------------
 3 files changed, 110 insertions(+), 53 deletions(-)
 create mode 100644 CRM/Cxn/ApiRouter.php

diff --git a/CRM/Cxn/ApiRouter.php b/CRM/Cxn/ApiRouter.php
new file mode 100644
index 0000000000..c9aa1ebbd8
--- /dev/null
+++ b/CRM/Cxn/ApiRouter.php
@@ -0,0 +1,94 @@
+<?php
+/*
+ +--------------------------------------------------------------------+
+ | CiviCRM version 4.6                                                |
+ +--------------------------------------------------------------------+
+ | Copyright (C) 2011 Marty Wright                                    |
+ | Licensed to CiviCRM under the Academic Free License version 3.0.   |
+ +--------------------------------------------------------------------+
+ | This file is a part of CiviCRM.                                    |
+ |                                                                    |
+ | CiviCRM is free software; you can copy, modify, and distribute it  |
+ | under the terms of the GNU Affero General Public License           |
+ | Version 3, 19 November 2007 and the CiviCRM Licensing Exception.   |
+ |                                                                    |
+ | CiviCRM is distributed in the hope that it will be useful, but     |
+ | WITHOUT ANY WARRANTY; without even the implied warranty of         |
+ | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.               |
+ | See the GNU Affero General Public License for more details.        |
+ |                                                                    |
+ | You should have received a copy of the GNU Affero General Public   |
+ | License and the CiviCRM Licensing Exception along                  |
+ | with this program; if not, contact CiviCRM LLC                     |
+ | at info[AT]civicrm[DOT]org. If you have questions about the        |
+ | GNU Affero General Public License or the licensing of CiviCRM,     |
+ | see the CiviCRM license FAQ at http://civicrm.org/licensing        |
+ +--------------------------------------------------------------------+
+ */
+
+/**
+ * Class CRM_Cxn_ApiRouter
+ *
+ * The ApiRouter receives an incoming API request from CiviConnect,
+ * validates it, configures permissions, and sends it to the API layer.
+ */
+class CRM_Cxn_ApiRouter {
+
+  /**
+   * @param array $cxn
+   * @param string $entity
+   * @param string $action
+   * @param array $params
+   * @return mixed
+   */
+  public static function route($cxn, $entity, $action, $params) {
+    $SUPER_PERM = array('administer CiviCRM');
+
+    require_once 'api/v3/utils.php';
+
+    // FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()?
+    if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'enableSSL') &&
+      !CRM_Utils_System::isSSL() &&
+      strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https'
+    ) {
+      return civicrm_api3_create_error('System policy requires HTTPS.');
+    }
+
+    // Note: $cxn and cxnId are authenticated before router is called.
+    $dao = new CRM_Cxn_DAO_Cxn();
+    $dao->cxn_id = $cxn['cxnId'];
+    if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) {
+      return civicrm_api3_create_error('Failed to lookup connection authorizations.');
+    }
+    if (!$dao->is_active) {
+      return civicrm_api3_create_error('Connection is inactive.');
+    }
+    if (!is_string($entity) || !is_string($action) || !is_array($params)) {
+      return civicrm_api3_create_error('API parameters are malformed.');
+    }
+    if (
+      empty($cxn['perm']['api'])
+      || !is_array($cxn['perm']['api'])
+      || empty($cxn['perm']['grant'])
+      || !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant']))
+    ) {
+      return civicrm_api3_create_error('Connection has no permissions.');
+    }
+
+    $whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']);
+    Civi\Core\Container::singleton()
+      ->get('dispatcher')
+      ->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist));
+    CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp();
+    if ($cxn['perm']['grant'] === '*') {
+      CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM);
+    }
+    else {
+      CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']);
+    }
+
+    $params['check_permissions'] = 'whitelist';
+    return civicrm_api($entity, $action, $params);
+  }
+
+}
diff --git a/CRM/Cxn/BAO/Cxn.php b/CRM/Cxn/BAO/Cxn.php
index d65b42c3a0..f41cb576c0 100644
--- a/CRM/Cxn/BAO/Cxn.php
+++ b/CRM/Cxn/BAO/Cxn.php
@@ -166,4 +166,17 @@ class CRM_Cxn_BAO_Cxn extends CRM_Cxn_DAO_Cxn {
     return $client;
   }
 
+  /**
+   * Construct a server for handling API requests.
+   *
+   * @return \Civi\Cxn\Rpc\ApiServer
+   */
+  public static function createApiServer() {
+    $cxnStore = new CRM_Cxn_CiviCxnStore();
+    $apiServer = new \Civi\Cxn\Rpc\ApiServer($cxnStore);
+    $apiServer->setLog(new CRM_Utils_SystemLogger());
+    $apiServer->setRouter(array('CRM_Cxn_ApiRouter', 'route'));
+    return $apiServer;
+  }
+
 }
diff --git a/extern/cxn.php b/extern/cxn.php
index 543e385e3a..6d0d439923 100644
--- a/extern/cxn.php
+++ b/extern/cxn.php
@@ -30,56 +30,6 @@ $config = CRM_Core_Config::singleton();
 
 CRM_Utils_System::loadBootStrap(array(), FALSE);
 
-$apiServer = new \Civi\Cxn\Rpc\ApiServer(new CRM_Cxn_CiviCxnStore());
-$apiServer->setLog(new CRM_Utils_SystemLogger());
-$apiServer->setRouter(function ($cxn, $entity, $action, $params) {
-  $SUPER_PERM = array('administer CiviCRM');
-
-  require_once 'api/v3/utils.php';
-
-  // FIXME: Shouldn't the X-Forwarded-Proto check be part of CRM_Utils_System::isSSL()?
-  if (CRM_Core_BAO_Setting::getItem(CRM_Core_BAO_Setting::SYSTEM_PREFERENCES_NAME, 'enableSSL') &&
-    !CRM_Utils_System::isSSL() &&
-    strtolower(CRM_Utils_Array::value('X_FORWARDED_PROTO', CRM_Utils_System::getRequestHeaders())) != 'https'
-  ) {
-    return civicrm_api3_create_error('System policy requires HTTPS.');
-  }
-
-  // Note: $cxn and cxnId are authenticated before router is called.
-  $dao = new CRM_Cxn_DAO_Cxn();
-  $dao->cxn_id = $cxn['cxnId'];
-  if (empty($cxn['cxnId']) || !$dao->find(TRUE) || !$dao->cxn_id) {
-    return civicrm_api3_create_error('Failed to lookup connection authorizations.');
-  }
-  if (!$dao->is_active) {
-    return civicrm_api3_create_error('Connection is inactive.');
-  }
-  if (!is_string($entity) || !is_string($action) || !is_array($params)) {
-    return civicrm_api3_create_error('API parameters are malformed.');
-  }
-  if (
-    empty($cxn['perm']['api'])
-    || !is_array($cxn['perm']['api'])
-    || empty($cxn['perm']['grant'])
-    || !(is_array($cxn['perm']['grant']) || is_string($cxn['perm']['grant']))
-  ) {
-    return civicrm_api3_create_error('Connection has no permissions.');
-  }
-
-  $whitelist = \Civi\API\WhitelistRule::createAll($cxn['perm']['api']);
-  Civi\Core\Container::singleton()
-    ->get('dispatcher')
-    ->addSubscriber(new \Civi\API\Subscriber\WhitelistSubscriber($whitelist));
-  CRM_Core_Config::singleton()->userPermissionTemp = new CRM_Core_Permission_Temp();
-  if ($cxn['perm']['grant'] === '*') {
-    CRM_Core_Config::singleton()->userPermissionTemp->grant($SUPER_PERM);
-  }
-  else {
-    CRM_Core_Config::singleton()->userPermissionTemp->grant($cxn['perm']['grant']);
-  }
-
-  $params['check_permissions'] = 'whitelist';
-  return civicrm_api($entity, $action, $params);
-
-});
-$apiServer->handle(file_get_contents('php://input'))->send();
+CRM_Cxn_BAO_Cxn::createApiServer()
+  ->handle(file_get_contents('php://input'))
+  ->send();
-- 
2.25.1