1.0.0-beta

Civix upgrade should fix install error

README.md

@@ -1 +1,8 @@
-Documentation on CiviProxy can be found here: https://docs.civicrm.org/civiproxy/en/latest/
+## About
+CiviProxy is a tool to set up a security proxy server specifically for your CiviCRM instance. It uses whitelisting and parameter sanitation to allow only legitimate requests to pass through. 
+## Documentation
+The documentation on CiviProxy can be found here: https://docs.civicrm.org/civiproxy/en/latest/
+## We need your support
+This software is provided as Free and Open Source Software, and we are happy if you find it useful. However, we have put a lot of work into it (and continue to do so), much of it unpaid for. So if you benefit from our software, please consider making a financial contribution so we can continue to maintain and develop it further.
+
+If you are willing to support us in developing this tool, please send an email to info@systopia.de to get an invoice or agree a different payment method. Thank you! 

de.systopia.civiproxy/CRM/Admin/Form/Setting/ProxySettings.php

@@ -1,7 +1,7 @@
 <?php
 /*-------------------------------------------------------+
 | CiviProxy                                              |
-| Copyright (C) 2015 SYSTOPIA                            |
+| Copyright (C) 2015-2021 SYSTOPIA                       |
 | Author: B. Endres (endres -at- systopia.de)            |
 | http://www.systopia.de/                                |
 +--------------------------------------------------------+
@@ -105,9 +105,9 @@ class CRM_Admin_Form_Setting_ProxySettings extends CRM_Admin_Form_Setting
     if($response === FALSE) {
       return array('is_error' => 1, 'message' => sprintf(ts('Error: cannot access "%s"'), $url));
     }else{
-      $result = preg_match("/<p id=\"version\">CiviProxy Version ([0-9]+\.[0-9]+|[0-9]+\.[0-9]+\.[0-9]+)<\/p>/", $response, $output_array);
+      $result = preg_match("/<p id=\"version\">CiviProxy Version (([0-9]+\.[0-9]+|[0-9]+\.[0-9]+\.[0-9]+)(?:-[0-9A-Za-z-]+)?)<\/p>/", $response, $output_array);
       if ($result === FALSE || $result === 0){
-        return array('is_error' => 1, 'message' => sprintf(ts('Error: failed to parse version information'), $url));
+        return array('is_error' => 1, 'message' => sprintf(ts('Error: failed to parse version information: (%s)'), $url));
       }else{
         return array('is_error' => 0, 'version' => $output_array[1]);
       }

de.systopia.civiproxy/CRM/Civiproxy/Mailer.php

@@ -1,7 +1,7 @@
 <?php
 /*-------------------------------------------------------+
 | CiviProxy                                              |
-| Copyright (C) 2015 SYSTOPIA                            |
+| Copyright (C) 2015-2021 SYSTOPIA                       |
 | Author: B. Endres (endres -at- systopia.de)            |
 | http://www.systopia.de/                                |
 +--------------------------------------------------------+
@@ -17,12 +17,23 @@ class CRM_Civiproxy_Mailer {
    * this is the orginal, wrapped mailer
    */
   protected $mailer = NULL;
+  /**
+   * @var Mail Driver
+   */
+  protected $driver = NULL;
+
+  /**
+   * @var array Mail Params, currently not used
+   */
+  protected $params = [];
 
   /**
    * construct this mailer wrapping another one
    */
-  public function __construct($mailer) {
+  public function __construct($mailer, $driver, $params) {
     $this->mailer = $mailer;
+    $this->driver = $driver;
+    $this->params = $params;
   }
 
   /**
@@ -47,17 +58,26 @@ class CRM_Civiproxy_Mailer {
     $enabled = CRM_Core_BAO_Setting::getItem('CiviProxy Settings', 'proxy_enabled');
     if (!$enabled) return;
 
+    $mosaico = CRM_Civiproxy_Mosaico::singleton();
+
     // get the URLs
     $config      = CRM_Core_Config::singleton();
     $system_base = $config->userFrameworkBaseURL;
     $proxy_base  = CRM_Core_BAO_Setting::getItem('CiviProxy Settings', 'proxy_url');
 
     // General external functions
+    $value = preg_replace("#{$system_base}civicrm/mailing/url#i",                       $proxy_base.'/url.php',         $value);
     $value = preg_replace("#{$system_base}sites/all/modules/civicrm/extern/url.php#i",  $proxy_base.'/url.php',         $value);
+    $value = preg_replace("#{$system_base}civicrm/mailing/open#i",                      $proxy_base.'/open.php',        $value);
     $value = preg_replace("#{$system_base}sites/all/modules/civicrm/extern/open.php#i", $proxy_base.'/open.php',        $value);
     $value = preg_replace("#{$system_base}sites/default/files/civicrm/persist/#i",      $proxy_base.'/file.php?id=',    $value);
     $value = preg_replace("#{$system_base}civicrm/mosaico/img\?src=#i",                 $proxy_base.'/mosaico.php?id=', $value);
-    $value = preg_replace("#{$system_base}civicrm/mosaico/img\?method=placeholder(&|&amp;)params=#i", $proxy_base.'/mosaico.php?ph=', $value);
+    $value = preg_replace("#{$system_base}civicrm/mosaico/img/\?src=#i", $proxy_base.'/mosaico.php?id=', $value);
+    if ($mosaico->isMosaicoInstalled()) {
+      $value = preg_replace_callback("#({$mosaico->getMosaicoExtensionUrl()}/packages/mosaico/templates/)(\S*)([\"'])#i", function($matches) use ($proxy_base) {
+        return $proxy_base . '/mosaico.php?template_url=' . urlencode($matches[2]) . $matches[3];
+      }, $value);
+    }
 
     // Mailing related functions
     $value = preg_replace("#{$system_base}civicrm/mailing/view#i",                      $proxy_base.'/mailing/mail.php', $value);
@@ -72,4 +92,11 @@ class CRM_Civiproxy_Mailer {
       $value = preg_replace("#{$system_base}civicrm/mailing/{$function}#i", $new_url, $value);
     }
   }
+
+    /**
+     * @return Mail|null
+     */
+    public function getDriver() {
+        return $this->driver;
+    }
 }

de.systopia.civiproxy/CRM/Civiproxy/Mosaico.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * Copyright (C) 2021  Jaap Jansma (jaap.jansma@civicoop.org)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+class CRM_Civiproxy_Mosaico {
+
+  /**
+   * @var CRM_Civiproxy_Mosaico
+   */
+  private static $singleton;
+
+  /**
+   * @var String
+   */
+  private $mosiacoExtenionUrl;
+
+  /**
+   * @var bool
+   */
+  private $isMosaicoInstalled = false;
+
+  private function __construct() {
+    try {
+      $mosaicoExt = civicrm_api3('Extension', 'getsingle', ['full_name' => "uk.co.vedaconsulting.mosaico"]);
+      $this->isMosaicoInstalled = true;
+      $this->mosiacoExtenionUrl = CRM_Mosaico_ExtensionUtil::url();
+    } catch (\Exception $ex) {
+      // Do nothing
+    }
+  }
+
+  /**
+   * @return CRM_Civiproxy_Mosaico
+   */
+  public static function singleton() {
+    if (!self::$singleton) {
+      self::$singleton = new CRM_Civiproxy_Mosaico();
+    }
+    return self::$singleton;
+  }
+
+  /**
+   * @return bool
+   */
+  public function isMosaicoInstalled() {
+    return $this->isMosaicoInstalled;
+  }
+
+  /**
+   * @return string
+   */
+  public function getMosaicoExtensionUrl() {
+    return $this->mosiacoExtenionUrl;
+  }
+
+}

de.systopia.civiproxy/civiproxy.civix.php

@@ -3,240 +3,199 @@
 // AUTO-GENERATED FILE -- Civix may overwrite any changes made to this file
 
 /**
- * (Delegated) Implementation of hook_civicrm_config
+ * The ExtensionUtil class provides small stubs for accessing resources of this
+ * extension.
  */
-function _civiproxy_civix_civicrm_config(&$config = NULL) {
+class CRM_Civiproxy_ExtensionUtil {
+  const SHORT_NAME = 'civiproxy';
+  const LONG_NAME = 'de.systopia.civiproxy';
+  const CLASS_PREFIX = 'CRM_Civiproxy';
+
+  /**
+   * Translate a string using the extension's domain.
+   *
+   * If the extension doesn't have a specific translation
+   * for the string, fallback to the default translations.
+   *
+   * @param string $text
+   *   Canonical message text (generally en_US).
+   * @param array $params
+   * @return string
+   *   Translated text.
+   * @see ts
+   */
+  public static function ts($text, $params = []): string {
+    if (!array_key_exists('domain', $params)) {
+      $params['domain'] = [self::LONG_NAME, NULL];
+    }
+    return ts($text, $params);
+  }
+
+  /**
+   * Get the URL of a resource file (in this extension).
+   *
+   * @param string|NULL $file
+   *   Ex: NULL.
+   *   Ex: 'css/foo.css'.
+   * @return string
+   *   Ex: 'http://example.org/sites/default/ext/org.example.foo'.
+   *   Ex: 'http://example.org/sites/default/ext/org.example.foo/css/foo.css'.
+   */
+  public static function url($file = NULL): string {
+    if ($file === NULL) {
+      return rtrim(CRM_Core_Resources::singleton()->getUrl(self::LONG_NAME), '/');
+    }
+    return CRM_Core_Resources::singleton()->getUrl(self::LONG_NAME, $file);
+  }
+
+  /**
+   * Get the path of a resource file (in this extension).
+   *
+   * @param string|NULL $file
+   *   Ex: NULL.
+   *   Ex: 'css/foo.css'.
+   * @return string
+   *   Ex: '/var/www/example.org/sites/default/ext/org.example.foo'.
+   *   Ex: '/var/www/example.org/sites/default/ext/org.example.foo/css/foo.css'.
+   */
+  public static function path($file = NULL) {
+    // return CRM_Core_Resources::singleton()->getPath(self::LONG_NAME, $file);
+    return __DIR__ . ($file === NULL ? '' : (DIRECTORY_SEPARATOR . $file));
+  }
+
+  /**
+   * Get the name of a class within this extension.
+   *
+   * @param string $suffix
+   *   Ex: 'Page_HelloWorld' or 'Page\\HelloWorld'.
+   * @return string
+   *   Ex: 'CRM_Foo_Page_HelloWorld'.
+   */
+  public static function findClass($suffix) {
+    return self::CLASS_PREFIX . '_' . str_replace('\\', '_', $suffix);
+  }
+
+
+}
+
+use CRM_Civiproxy_ExtensionUtil as E;
+
+/**
+ * (Delegated) Implements hook_civicrm_config().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_config
+ */
+function _civiproxy_civix_civicrm_config($config = NULL) {
   static $configured = FALSE;
-  if ($configured) return;
+  if ($configured) {
+    return;
+  }
   $configured = TRUE;
 
-  $template =& CRM_Core_Smarty::singleton();
+  $extRoot = __DIR__ . DIRECTORY_SEPARATOR;
-
-  $extRoot = dirname( __FILE__ ) . DIRECTORY_SEPARATOR;
-  $extDir = $extRoot . 'templates';
-
-  if ( is_array( $template->template_dir ) ) {
-      array_unshift( $template->template_dir, $extDir );
-  } else {
-      $template->template_dir = array( $extDir, $template->template_dir );
-  }
-
   $include_path = $extRoot . PATH_SEPARATOR . get_include_path();
   set_include_path($include_path);
+  // Based on <compatibility>, this does not currently require mixin/polyfill.php.
 }
 
 /**
- * (Delegated) Implementation of hook_civicrm_xmlMenu
+ * Implements hook_civicrm_install().
  *
- * @param $files array(string)
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_install
- */
-function _civiproxy_civix_civicrm_xmlMenu(&$files) {
-  foreach (_civiproxy_civix_glob(__DIR__ . '/xml/Menu/*.xml') as $file) {
-    $files[] = $file;
-  }
-}
-
-/**
- * Implementation of hook_civicrm_install
  */
 function _civiproxy_civix_civicrm_install() {
   _civiproxy_civix_civicrm_config();
-  if ($upgrader = _civiproxy_civix_upgrader()) {
+  // Based on <compatibility>, this does not currently require mixin/polyfill.php.
-    return $upgrader->onInstall();
-  }
 }
 
 /**
- * Implementation of hook_civicrm_uninstall
+ * (Delegated) Implements hook_civicrm_enable().
+ *
+ * @link https://docs.civicrm.org/dev/en/latest/hooks/hook_civicrm_enable
  */
-function _civiproxy_civix_civicrm_uninstall() {
+function _civiproxy_civix_civicrm_enable(): void {
   _civiproxy_civix_civicrm_config();
-  if ($upgrader = _civiproxy_civix_upgrader()) {
+  // Based on <compatibility>, this does not currently require mixin/polyfill.php.
-    return $upgrader->onUninstall();
-  }
 }
 
 /**
- * (Delegated) Implementation of hook_civicrm_enable
+ * Inserts a navigation menu item at a given place in the hierarchy.
+ *
+ * @param array $menu - menu hierarchy
+ * @param string $path - path to parent of this item, e.g. 'my_extension/submenu'
+ *    'Mailing', or 'Administer/System Settings'
+ * @param array $item - the item to insert (parent/child attributes will be
+ *    filled for you)
+ *
+ * @return bool
  */
-function _civiproxy_civix_civicrm_enable() {
+function _civiproxy_civix_insert_navigation_menu(&$menu, $path, $item) {
-  _civiproxy_civix_civicrm_config();
-  if ($upgrader = _civiproxy_civix_upgrader()) {
-    if (is_callable(array($upgrader, 'onEnable'))) {
-      return $upgrader->onEnable();
-    }
-  }
-}
-
-/**
- * (Delegated) Implementation of hook_civicrm_disable
- */
-function _civiproxy_civix_civicrm_disable() {
-  _civiproxy_civix_civicrm_config();
-  if ($upgrader = _civiproxy_civix_upgrader()) {
-    if (is_callable(array($upgrader, 'onDisable'))) {
-      return $upgrader->onDisable();
-    }
-  }
-}
-
-/**
- * (Delegated) Implementation of hook_civicrm_upgrade
- *
- * @param $op string, the type of operation being performed; 'check' or 'enqueue'
- * @param $queue CRM_Queue_Queue, (for 'enqueue') the modifiable list of pending up upgrade tasks
- *
- * @return mixed  based on op. for 'check', returns array(boolean) (TRUE if upgrades are pending)
- *                for 'enqueue', returns void
- */
-function _civiproxy_civix_civicrm_upgrade($op, CRM_Queue_Queue $queue = NULL) {
-  if ($upgrader = _civiproxy_civix_upgrader()) {
-    return $upgrader->onUpgrade($op, $queue);
-  }
-}
-
-function _civiproxy_civix_upgrader() {
-  if (!file_exists(__DIR__.'/CRM/Civiproxy/Upgrader.php')) {
-    return NULL;
-  } else {
-    return CRM_Civiproxy_Upgrader_Base::instance();
-  }
-}
-
-/**
- * Search directory tree for files which match a glob pattern
- *
- * Note: Dot-directories (like "..", ".git", or ".svn") will be ignored.
- * Note: In Civi 4.3+, delegate to CRM_Utils_File::findFiles()
- *
- * @param $dir string, base dir
- * @param $pattern string, glob pattern, eg "*.txt"
- * @return array(string)
- */
-function _civiproxy_civix_find_files($dir, $pattern) {
-  if (is_callable(array('CRM_Utils_File', 'findFiles'))) {
-    return CRM_Utils_File::findFiles($dir, $pattern);
-  }
-
-  $todos = array($dir);
-  $result = array();
-  while (!empty($todos)) {
-    $subdir = array_shift($todos);
-    foreach (_civiproxy_civix_glob("$subdir/$pattern") as $match) {
-      if (!is_dir($match)) {
-        $result[] = $match;
-      }
-    }
-    if ($dh = opendir($subdir)) {
-      while (FALSE !== ($entry = readdir($dh))) {
-        $path = $subdir . DIRECTORY_SEPARATOR . $entry;
-        if ($entry{0} == '.') {
-        } elseif (is_dir($path)) {
-          $todos[] = $path;
-        }
-      }
-      closedir($dh);
-    }
-  }
-  return $result;
-}
-/**
- * (Delegated) Implementation of hook_civicrm_managed
- *
- * Find any *.mgd.php files, merge their content, and return.
- */
-function _civiproxy_civix_civicrm_managed(&$entities) {
-  $mgdFiles = _civiproxy_civix_find_files(__DIR__, '*.mgd.php');
-  foreach ($mgdFiles as $file) {
-    $es = include $file;
-    foreach ($es as $e) {
-      if (empty($e['module'])) {
-        $e['module'] = 'de.systopia.civiproxy';
-      }
-      $entities[] = $e;
-    }
-  }
-}
-
-/**
- * (Delegated) Implementation of hook_civicrm_caseTypes
- *
- * Find any and return any files matching "xml/case/*.xml"
- *
- * Note: This hook only runs in CiviCRM 4.4+.
- */
-function _civiproxy_civix_civicrm_caseTypes(&$caseTypes) {
-  if (!is_dir(__DIR__ . '/xml/case')) {
-    return;
-  }
-
-  foreach (_civiproxy_civix_glob(__DIR__ . '/xml/case/*.xml') as $file) {
-    $name = preg_replace('/\.xml$/', '', basename($file));
-    if ($name != CRM_Case_XMLProcessor::mungeCaseType($name)) {
-      $errorMessage = sprintf("Case-type file name is malformed (%s vs %s)", $name, CRM_Case_XMLProcessor::mungeCaseType($name));
-      CRM_Core_Error::fatal($errorMessage);
-      // throw new CRM_Core_Exception($errorMessage);
-    }
-    $caseTypes[$name] = array(
-      'module' => 'de.systopia.civiproxy',
-      'name' => $name,
-      'file' => $file,
-    );
-  }
-}
-
-/**
- * Glob wrapper which is guaranteed to return an array.
- *
- * The documentation for glob() says, "On some systems it is impossible to
- * distinguish between empty match and an error." Anecdotally, the return
- * result for an empty match is sometimes array() and sometimes FALSE.
- * This wrapper provides consistency.
- *
- * @see http://php.net/glob
- * @param string $pattern
- * @return array, possibly empty
- */
-function _civiproxy_civix_glob($pattern) {
-  $result = glob($pattern);
-  return is_array($result) ? $result : array();
-}
-
-/**
- * Inserts a navigation menu item at a given place in the hierarchy
- *
- * $menu - menu hierarchy
- * $path - path where insertion should happen (ie. Administer/System Settings)
- * $item - menu you need to insert (parent/child attributes will be filled for you)
- * $parentId - used internally to recurse in the menu structure
- */
-function _civiproxy_civix_insert_navigation_menu(&$menu, $path, $item, $parentId = NULL) {
-  static $navId;
-
   // If we are done going down the path, insert menu
   if (empty($path)) {
-    if (!$navId) $navId = CRM_Core_DAO::singleValueQuery("SELECT max(id) FROM civicrm_navigation");
+    $menu[] = [
-    $navId ++;
+      'attributes' => array_merge([
-    $menu[$navId] = array (
+        'label' => $item['name'] ?? NULL,
-      'attributes' => array_merge($item, array(
-        'label'      => CRM_Utils_Array::value('name', $item),
         'active' => 1,
-        'parentID'   => $parentId,
+      ], $item),
-        'navID'      => $navId,
+    ];
-      ))
+    return TRUE;
-    );
+  }
-    return true;
+  else {
-  } else {
     // Find an recurse into the next level down
-    $found = false;
+    $found = FALSE;
     $path = explode('/', $path);
     $first = array_shift($path);
     foreach ($menu as $key => &$entry) {
       if ($entry['attributes']['name'] == $first) {
-        if (!$entry['child']) $entry['child'] = array();
+        if (!isset($entry['child'])) {
-        $found = _civiproxy_civix_insert_navigation_menu($entry['child'], implode('/', $path), $item, $key);
+          $entry['child'] = [];
+        }
+        $found = _civiproxy_civix_insert_navigation_menu($entry['child'], implode('/', $path), $item);
       }
     }
     return $found;
   }
 }
+
+/**
+ * (Delegated) Implements hook_civicrm_navigationMenu().
+ */
+function _civiproxy_civix_navigationMenu(&$nodes) {
+  if (!is_callable(['CRM_Core_BAO_Navigation', 'fixNavigationMenu'])) {
+    _civiproxy_civix_fixNavigationMenu($nodes);
+  }
+}
+
+/**
+ * Given a navigation menu, generate navIDs for any items which are
+ * missing them.
+ */
+function _civiproxy_civix_fixNavigationMenu(&$nodes) {
+  $maxNavID = 1;
+  array_walk_recursive($nodes, function($item, $key) use (&$maxNavID) {
+    if ($key === 'navID') {
+      $maxNavID = max($maxNavID, $item);
+    }
+  });
+  _civiproxy_civix_fixNavigationMenuItems($nodes, $maxNavID, NULL);
+}
+
+function _civiproxy_civix_fixNavigationMenuItems(&$nodes, &$maxNavID, $parentID) {
+  $origKeys = array_keys($nodes);
+  foreach ($origKeys as $origKey) {
+    if (!isset($nodes[$origKey]['attributes']['parentID']) && $parentID !== NULL) {
+      $nodes[$origKey]['attributes']['parentID'] = $parentID;
+    }
+    // If no navID, then assign navID and fix key.
+    if (!isset($nodes[$origKey]['attributes']['navID'])) {
+      $newKey = ++$maxNavID;
+      $nodes[$origKey]['attributes']['navID'] = $newKey;
+      $nodes[$newKey] = $nodes[$origKey];
+      unset($nodes[$origKey]);
+      $origKey = $newKey;
+    }
+    if (isset($nodes[$origKey]['child']) && is_array($nodes[$origKey]['child'])) {
+      _civiproxy_civix_fixNavigationMenuItems($nodes[$origKey]['child'], $maxNavID, $nodes[$origKey]['attributes']['navID']);
+    }
+  }
+}

de.systopia.civiproxy/civiproxy.php

@@ -1,7 +1,7 @@
 <?php
 /*-------------------------------------------------------+
 | CiviProxy                                              |
-| Copyright (C) 2015 SYSTOPIA                            |
+| Copyright (C) 2015-2021 SYSTOPIA                       |
 | Author: B. Endres (endres -at- systopia.de)            |
 | http://www.systopia.de/                                |
 +--------------------------------------------------------+
@@ -15,7 +15,7 @@ require_once 'civiproxy.civix.php';
  * so we can mend all the URLs in outgoing emails
  */
 function civiproxy_civicrm_alterMailer(&$mailer, $driver, $params) {
-  $mailer = new CRM_Civiproxy_Mailer($mailer);
+  $mailer = new CRM_Civiproxy_Mailer($mailer, $driver, $params);
 }
 
 /**
@@ -25,15 +25,6 @@ function civiproxy_civicrm_config(&$config) {
   _civiproxy_civix_civicrm_config($config);
 }
 
-/**
- * Implementation of hook_civicrm_xmlMenu
- *
- * @param $files array(string)
- */
-function civiproxy_civicrm_xmlMenu(&$files) {
-  _civiproxy_civix_civicrm_xmlMenu($files);
-}
-
 /**
  * Implementation of hook_civicrm_install
  */
@@ -41,13 +32,6 @@ function civiproxy_civicrm_install() {
   return _civiproxy_civix_civicrm_install();
 }
 
-/**
- * Implementation of hook_civicrm_uninstall
- */
-function civiproxy_civicrm_uninstall() {
-  return _civiproxy_civix_civicrm_uninstall();
-}
-
 /**
  * Implementation of hook_civicrm_enable
  */
@@ -55,61 +39,9 @@ function civiproxy_civicrm_enable() {
   return _civiproxy_civix_civicrm_enable();
 }
 
-/**
- * Implementation of hook_civicrm_disable
- */
-function civiproxy_civicrm_disable() {
-  return _civiproxy_civix_civicrm_disable();
-}
-
-/**
- * Implementation of hook_civicrm_upgrade
- *
- * @param $op string, the type of operation being performed; 'check' or 'enqueue'
- * @param $queue CRM_Queue_Queue, (for 'enqueue') the modifiable list of pending up upgrade tasks
- *
- * @return mixed  based on op. for 'check', returns array(boolean) (TRUE if upgrades are pending)
- *                for 'enqueue', returns void
- */
-function civiproxy_civicrm_upgrade($op, CRM_Queue_Queue $queue = NULL) {
-  return _civiproxy_civix_civicrm_upgrade($op, $queue);
-}
-
-/**
- * Implementation of hook_civicrm_managed
- *
- * Generate a list of entities to create/deactivate/delete when this module
- * is installed, disabled, uninstalled.
- */
-function civiproxy_civicrm_managed(&$entities) {
-  return _civiproxy_civix_civicrm_managed($entities);
-}
-
-/**
- * Implementation of hook_civicrm_caseTypes
- *
- * Generate a list of case-types
- *
- * Note: This hook only runs in CiviCRM 4.4+.
- */
-function civiproxy_civicrm_caseTypes(&$caseTypes) {
-  _civiproxy_civix_civicrm_caseTypes($caseTypes);
-}
-
 /**
 * Implementation of hook_civicrm_alterSettingsFolders
 *
 * Scan for settings in custom folder and import them
 *
 */
-function civiproxy_civicrm_alterSettingsFolders(&$metaDataFolders = NULL){
-  static $configured = FALSE;
-  if ($configured) return;
-  $configured = TRUE;
-
-  $extRoot = dirname( __FILE__ ) . DIRECTORY_SEPARATOR;
-  $extDir = $extRoot . 'settings';
-  if(!in_array($extDir, $metaDataFolders)){
-    $metaDataFolders[] = $extDir;
-  }
-}

de.systopia.civiproxy/info.xml

@@ -3,21 +3,36 @@
   <file>civiproxy</file>
   <name>CiviProxy</name>
   <description>This will enable CiviProxy support for mailings</description>
-  <license></license>
+  <license>AGPL</license>
   <maintainer>
     <author>B. Endres</author>
     <email>endres@systopia.de</email>
   </maintainer>
-  <releaseDate>2018-03-01</releaseDate>
+  <urls>
-  <version>0.5</version>
+    <url desc="Main Extension Page">https://github.com/systopia/CiviProxy</url>
-  <develStage>stable</develStage>
+    <url desc="Documentation">https://docs.civicrm.org/civiproxy/en/latest/</url>
+    <url desc="Support">https://github.com/systopia/CiviProxy/issues</url>
+    <url desc="Licensing">http://www.gnu.org/licenses/agpl-3.0.html</url>
+  </urls>
+  <releaseDate>2024-01-07</releaseDate>
+  <version>1.0.0-beta</version>
+  <develStage>beta</develStage>
   <compatibility>
-    <ver>4.4</ver>
+    <ver>5.45</ver>
-    <ver>4.6</ver>
-    <ver>4.7</ver>
   </compatibility>
-  <comments>This is an addition to SYSTOPIA's CiviProxy security system</comments>
+  <comments>This is the companion extension to SYSTOPIA's CiviProxy security system</comments>
   <civix>
     <namespace>CRM/Civiproxy</namespace>
+    <format>24.09.1</format>
   </civix>
+  <mixins>
+    <mixin>menu-xml@1.0.0</mixin>
+    <mixin>setting-php@1.0.0</mixin>
+    <mixin>smarty-v2@1.0.3</mixin>
+    <mixin>entity-types-php@2.0.0</mixin>
+  </mixins>
+  <classloader>
+    <psr0 prefix="CRM_" path="."/>
+    <psr4 prefix="Civi\" path="Civi"/>
+  </classloader>
 </extension>

de.systopia.civiproxy/mixin/entity-types-php@2.0.0.mixin.php

@@ -0,0 +1,40 @@
+<?php
+
+/**
+ * Auto-register entity declarations from `schema/*.entityType.php`.
+ *
+ * @mixinName entity-types-php
+ * @mixinVersion 2.0.0
+ * @since 5.73
+ *
+ * Changelog:
+ *  - v2.0 scans /schema directory instead of /xml/schema/*
+ *  - v2.0 supports only one entity per file
+ *  - v2.0 adds 'module' key to each entity
+ *
+ * @param CRM_Extension_MixInfo $mixInfo
+ *   On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ * @param \CRM_Extension_BootCache $bootCache
+ *   On newer deployments, this will be an instance of BootCache. On older deployments, Civix may polyfill with a work-a-like.
+ */
+return function ($mixInfo, $bootCache) {
+
+  /**
+   * @param \Civi\Core\Event\GenericHookEvent $e
+   * @see CRM_Utils_Hook::entityTypes()
+   */
+  Civi::dispatcher()->addListener('hook_civicrm_entityTypes', function ($e) use ($mixInfo) {
+    // When deactivating on a polyfill/pre-mixin system, listeners may not cleanup automatically.
+    if (!$mixInfo->isActive() || !is_dir($mixInfo->getPath('schema'))) {
+      return;
+    }
+
+    $files = (array) glob($mixInfo->getPath('schema/*.entityType.php'));
+    foreach ($files as $file) {
+      $entity = include $file;
+      $entity['module'] = $mixInfo->longName;
+      $e->entityTypes[$entity['name']] = $entity;
+    }
+  });
+
+};

de.systopia.civiproxy/mixin/smarty-v2@1.0.3.mixin.php

@@ -0,0 +1,78 @@
+<?php
+
+/**
+ * Auto-register "templates/" folder.
+ *
+ * @mixinName smarty-v2
+ * @mixinVersion 1.0.3
+ * @since 5.59
+ *
+ * @deprecated - it turns out that the mixin is not version specific so the 'smarty'
+ * mixin is preferred over smarty-v2 (they are the same but not having the version
+ * in the name is less misleading.)
+ *
+ * @param CRM_Extension_MixInfo $mixInfo
+ *   On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ * @param \CRM_Extension_BootCache $bootCache
+ *   On newer deployments, this will be an instance of MixInfo. On older deployments, Civix may polyfill with a work-a-like.
+ */
+return function ($mixInfo, $bootCache) {
+  $dir = $mixInfo->getPath('templates');
+  if (!file_exists($dir)) {
+    return;
+  }
+
+  $register = function($newDirs) {
+    $smarty = CRM_Core_Smarty::singleton();
+    $v2 = isset($smarty->_version) && version_compare($smarty->_version, 3, '<');
+    $templateDirs = (array) ($v2 ? $smarty->template_dir : $smarty->getTemplateDir());
+    $templateDirs = array_merge($newDirs, $templateDirs);
+    $templateDirs = array_unique(array_map(function($v) {
+      $v = str_replace(DIRECTORY_SEPARATOR, '/', $v);
+      $v = rtrim($v, '/') . '/';
+      return $v;
+    }, $templateDirs));
+    if ($v2) {
+      $smarty->template_dir = $templateDirs;
+    }
+    else {
+      $smarty->setTemplateDir($templateDirs);
+    }
+  };
+
+  // Let's figure out what environment we're in -- so that we know the best way to call $register().
+
+  if (!empty($GLOBALS['_CIVIX_MIXIN_POLYFILL'])) {
+    // Polyfill Loader (v<=5.45): We're already in the middle of firing `hook_config`.
+    if ($mixInfo->isActive()) {
+      $register([$dir]);
+    }
+    return;
+  }
+
+  if (CRM_Extension_System::singleton()->getManager()->extensionIsBeingInstalledOrEnabled($mixInfo->longName)) {
+    // New Install, Standard Loader: The extension has just been enabled, and we're now setting it up.
+    // System has already booted. New templates may be needed for upcoming installation steps.
+    $register([$dir]);
+    return;
+  }
+
+  // Typical Pageview, Standard Loader: Defer the actual registration for a moment -- to ensure that Smarty is online.
+  // We need to bundle-up all dirs -- Smarty 3/4/5 is inefficient with processing repeated calls to `getTemplateDir()`+`setTemplateDir()`
+  if (!isset(Civi::$statics[__FILE__]['event'])) {
+    Civi::$statics[__FILE__]['event'] = 'civi.smarty-v2.addPaths.' . md5(__FILE__);
+    Civi::dispatcher()->addListener('hook_civicrm_config', function() use ($register) {
+      $dirs = [];
+      $event = \Civi\Core\Event\GenericHookEvent::create(['dirs' => &$dirs]);
+      Civi::dispatcher()->dispatch(Civi::$statics[__FILE__]['event'], $event);
+      $register($dirs);
+    });
+  }
+
+  Civi::dispatcher()->addListener(Civi::$statics[__FILE__]['event'], function($event) use ($mixInfo, $dir) {
+    if ($mixInfo->isActive()) {
+      array_unshift($event->dirs, $dir);
+    }
+  });
+
+};

de.systopia.civiproxy/templates/CRM/Admin/Form/Setting/ProxySettings.hlp

@@ -1,6 +1,6 @@
 {*-------------------------------------------------------+
 | CiviProxy                                              |
-| Copyright (C) 2015 SYSTOPIA                            |
+| Copyright (C) 2015-2021 SYSTOPIA                       |
 | Author: B. Endres (endres -at- systopia.de)            |
 | http://www.systopia.de/                                |
 +--------------------------------------------------------+

de.systopia.civiproxy/templates/CRM/Admin/Form/Setting/ProxySettings.tpl

@@ -1,6 +1,6 @@
 {*-------------------------------------------------------+
 | CiviProxy                                              |
-| Copyright (C) 2015 SYSTOPIA                            |
+| Copyright (C) 2015-2021 SYSTOPIA                       |
 | Author: B. Endres (endres -at- systopia.de)            |
 | http://www.systopia.de/                                |
 +--------------------------------------------------------+

docs/configuration.md

@@ -65,13 +65,13 @@ You can set the URL of the target CiviCRM using the variable `$target_civirm` in
 ### Setting for the click tracking url
 There is a setting in CiviCRM which is used for tracking the clicks in your mailing. On your CiviProxy server this setting is captured in the variable `$target_url` in the `config.php` file:
 ```php
-$target_url       = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php';
+$target_url       = $target_civicrm . '/civicrm/mailing/url';
 ```
 If you set it to the value NULL this functionality will not be available on your CiviProxy server.
 ### Setting for the open tracking
 CiviCRM tracks if a mailing has been opened in a certain way. CiviProxy has this setting in the variable `$target_open` in the `config.php` file:
 ```php
-$target_open      = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php';
+$target_open      = $target_civicrm . '/civicrm/mailing/url/open.php';
 ```
 If you set it to the value NULL this functionality will not be available on your CiviProxy server.
 ### Setting for the location of images and included files in your mail(ing)

docs/requirements.md

@@ -3,7 +3,7 @@
 There shouldn't be any requirements that any web hoster wouldn't comply with, but here they are:
 
  1. PHP 5.3+
- 2. PHP PEAR (to install on Debian/Ubunto, run `apt-get install php-pear`)
+ 2. PHP PEAR (to install on Debian/Ubuntu, run `apt-get install php-pear`)
  3. The `php-curl` module
  4. Read/write permissions on your webspace
  5. Reasonable amount of protection, i.e. only authorised users (you) can upload/download the files

mkdocs.yml

@@ -1,8 +1,9 @@
 site_name: CiviProxy Guide
 site_description: Guide using and installing CiviProxy to manage the traffic to and from your CiviCRM installation
 repo_url: https://github.com/systopia/CiviProxy
-theme: material
+theme: 
-pages:
+  name: material
+nav:
 - Introduction: index.md
 - Technical Requirements: requirements.md
 - Installing CiviProxy: installation.md
@@ -15,7 +16,8 @@ markdown_extensions:
   - admonition
   - def_list
   - codehilite
-  - toc:(permalink=true)
+  - toc:
+      permalink: true
   - pymdownx.superfences
   - pymdownx.emoji
 

proxy/.htaccess

@@ -0,0 +1,6 @@
+# Serve
+<IfModule mod_rewrite.c>
+  RewriteEngine on
+  RewriteCond %{REQUEST_URI} ^/civicrm/ajax/api4
+  RewriteRule ^civicrm/ajax/api4/([^/]*)/([^/]*) rest4.php?entity=$1&action=$2 [QSA,B]
+</IfModule>

proxy/checks.php

@@ -0,0 +1,82 @@
+<?php
+
+/**
+ * generates a CiviCRM REST API compliant error
+ * and ends processing
+ */
+function civiproxy_rest_error($message) {
+  $error = array( 'is_error'      => 1,
+                  'error_message' => $message);
+  // TODO: Implement header();
+  print json_encode($error);
+  exit();
+}
+
+/**
+ * Updates $credentials['api_key'] in-place, or displays an error if api key
+ * is missing or does not correspond to an entry in $api_key_map (which should
+ * be set in config.php).
+ * @param array $credentials
+ * @param array $api_key_map
+ */
+function civiproxy_map_api_key(array &$credentials, array $api_key_map) {
+  if (empty($credentials['api_key'])) {
+    civiproxy_rest_error("No API key given");
+  }
+  else {
+    if (isset($api_key_map[$credentials['api_key']])) {
+      $credentials['api_key'] = $api_key_map[$credentials['api_key']];
+    }
+    else {
+      civiproxy_rest_error("Invalid api key");
+    }
+  }
+}
+
+/**
+ * Updates $credentials['key'] in-place, or displays an error if site key
+ * is missing or does not correspond to an entry in $sys_key_map (which should
+ * be set in config.php).
+ * @param array $credentials
+ * @param array $sys_key_map
+ */
+function civiproxy_map_site_key(array &$credentials, array $sys_key_map) {
+  if (empty($credentials['key'])) {
+    civiproxy_rest_error("No site key given");
+  }
+  else {
+    if (isset($sys_key_map[$credentials['key']])) {
+      $credentials['key'] = $sys_key_map[$credentials['key']];
+    }
+	else {
+      civiproxy_rest_error("Invalid site key");
+    }
+  }
+}
+
+/**
+ * @param array $action should have both 'entity' and 'action' keys set
+ * @param array $rest_allowed_actions from config.php
+ * @return array
+ */
+function civiproxy_get_valid_parameters(array $action, array $rest_allowed_actions) {
+  // in release 0.4, allowed entity/actions per IP were introduced. To introduce backward compatibility,
+  // the previous test is still used when no 'all' key is found in the array
+  if (isset($rest_allowed_actions['all'])) {
+    // get valid key for the rest_allowed_actions
+    $valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions);
+    $valid_parameters = civiproxy_retrieve_api_parameters($valid_allowed_key, $action['entity'], $action['action'], $rest_allowed_actions);
+    if (!$valid_parameters) {
+      civiproxy_rest_error("Invalid entity/action.");
+    }
+  }
+  else {
+    if (isset($rest_allowed_actions[$action['entity']]) && isset($rest_allowed_actions[$action['entity']][$action['action']])) {
+      $valid_parameters = $rest_allowed_actions[$action['entity']][$action['action']];
+    }
+    else {
+      civiproxy_rest_error("Invalid entity/action.");
+    }
+  }
+  return $valid_parameters;
+}

proxy/config.dist.php

@@ -2,7 +2,8 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+|                                                         |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -11,10 +12,17 @@
 /****************************************************************
  **                      INSTALLATION                          **
  **                                                            **
+ **  0. Read https://docs.civicrm.org/civiproxy/en/latest      **
  **  1. Make a copy of this file called config.php             **
+ **  2. Adjust the parameters and enable needed features       **
+ **  3. Some features (like mailings) require the CiviProxy    **
+ **     extension to be enabled on the target CiviCRM          **
+ **                                                            **
  ****************************************************************/
 
 
+
+
 /****************************************************************
  **                            URLS                            **
  ****************************************************************/
@@ -33,11 +41,18 @@ $target_civicrm = 'https://your.civicrm.installation.org';
 
 // default paths, override if you want. Set to NULL to disable
 $target_rest      = $target_civicrm . '/sites/all/modules/civicrm/extern/rest.php';
-$target_url       = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php';
+// base URL for api4 calls. Will append entity and action path segments
-$target_open      = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php';
+$target_rest4     = $target_civicrm . '/civicrm/ajax/api4/';
 $target_file      = $target_civicrm . '/sites/default/files/civicrm/persist/';
 $target_mosaico   = NULL; // (disabled by default): $target_civicrm . '/civicrm/mosaico/img?src=';
+$target_mosaico_template_url = NULL; // (disabled by default): $target_civicrm . '/wp-content/uploads/civicrm/ext/uk.co.vedaconsulting.mosaico/packages/mosaico/templates/';
 $target_mail_view = $target_civicrm . '/civicrm/mailing/view';
+$target_url       = $target_civicrm . '/civicrm/mailing/url';
+$target_open      = $target_civicrm . '/civicrm/mailing/open';
+
+// CAUTION: use the following for CiviCRM < 5.27 or "Extern URL Style" = "Standalone Scripts" 
+//$target_url       = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php';
+//$target_open      = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php';
 
 /****************************************************************
  **                    GENERAL OPTIONS                         **
@@ -47,9 +62,9 @@ $target_mail_view = $target_civicrm . '/civicrm/mailing/view';
 //  add your own logo here
 $civiproxy_logo = "<img src='{$proxy_base}/static/images/proxy-logo.png' alt='SYSTOPIA Organisationsberatung'></img>";
 
-
 // Set api-key for mail subscribe/unsubscribe user
 // Set to NULL/FALSE to disable the feature
+// Can/shoud also be defined in secrets.php
 $mail_subscription_user_key = NULL;
 
 // CAREFUL: only enable temporarily on debug systems.
@@ -58,35 +73,77 @@ $mail_subscription_user_key = NULL;
 $debug                      = NULL; //'LUXFbiaoz4dVWuAHEcuBAe7YQ4YP96rN4MCDmKj89p.log';
 
 // Local network interface or IP to be used for the relayed query
-// This is usefull in some VPN configurations (see CURLOPT_INTERFACE)
+// This is useful in some VPN configurations (see CURLOPT_INTERFACE)
 $target_interface           = NULL;
 
-/****************************************************************
- **                   File Caching Options                     **
- ****************************************************************/
 
-// API and SITE keys
+/***************************************************************
-$api_key_map = array();
+ **                Authentication Options                     **
-$sys_key_map = array();
+ ***************************************************************/
+// API and SITE keys (you may add keys here)
+$api_key_map = [
+  'my_api_key'   => 'my_api_key',   // use this to allow API key
+  'ext_api_key'  => 'real_api_key'  // use this to allow and map API key
+];
+$sys_key_map = [
+  'REAL_SITE_KEY' => 'REAL_SITE_KEY', // use this to allow site key
+  'EXT_SITE_KEY'  => 'REAL_SITE_KEY'  // use this to allow and map site key
+];
 
+// source secrets.php to overwrite keys
 if (file_exists(dirname(__FILE__)."/secrets.php")) {
   // keys can also be stored in 'secrets.php'
   require "secrets.php";
 }
 
+// Parameter whitelisting for open tracking and URL tracking
+// basic civicrm URL/open parameter are u, q and qid (as int)
+// If additional parameters are needed, best practise would be to whitelist each one as needed in
+// $valid_url_parameters and/or $valid_open_parameters.
+// Alternatively it is also possible to allow all parameters with the wildcard parameter '*' => 'string'
+$valid_url_parameters = [
+    'u'   => 'int',
+    'q'   => 'int',
+    'qid' => 'int',
+//    '*'   => 'string'     // whildcard, whitelist all url parameters
+];
+$valid_open_parameters = [
+    'u'   => 'int',
+    'q'   => 'int',
+    'qid' => 'int',
+//    '*'   => 'string'     // wildcard, whitelist *all* open parameters
+];
+// CiviCRM's API can authenticate with different flows
+// https://docs.civicrm.org/dev/en/latest/framework/authx/#flows
+// CiviProxy supports 'header', 'xheader', 'legacyrest', and 'param'.
+// These flows are supported for API4 but could be extended to API3.
+// $authx_internal_flow controls how CiviProxy sends credentials to CiviCRM, and
+// $authx_external_flow where CiviProxy looks for credentials on incoming requests.
+// The internal setting needs to have a single scalar value, but the
+// external setting can be an array of accepted flows.
+// There is no standard header for site key, so in both header and xheader
+// flows it uses X-Civi-Key
+$authx_internal_flow = 'header';
+$authx_external_flow = ['legacyrest'];
+
+
+/****************************************************************
+ **                   File Caching Options                     **
+ ****************************************************************/
+
 // define file cache options, see http://pear.php.net/manual/en/package.caching.cache-lite.cache-lite.cache-lite.php
-$file_cache_options = array(
+$file_cache_options = [
     'cacheDir' => 'file_cache/',
     'lifeTime' => 86400
-);
+];
 
 // define regex patterns that shoud NOT be accepted
-$file_cache_exclude = array();
+$file_cache_exclude = [];
 
 // if set, cached file must match at least one of these regex patterns
-$file_cache_include = array(
+$file_cache_include = [
         //'#.+[.](png|jpe?g|gif)#i'           // only media files
-    );
+    ];
 
 
 
@@ -103,33 +160,35 @@ $rest_evaluate_json_parameter = FALSE;
 // - if a request comes in and the IP is not a key in the array, the whitelisted in 'all' are used
 // - if a request comes in and the IP is indeed a key in the array, the whitelisted in the IP are checked first. If nothing is
 //   found ,the 'all' ones are checked next.
-$rest_allowed_actions = array(
+$rest_allowed_actions = [
-  'all' => array(
+  'all' => [
-    'Contact' => array(
+    'Contact' => [
-      'getsingle' => array(
+      'getsingle' => [
         'email' => 'string',
-      ),
+      ],
-    ),
+    ],
-  ),
+  ],
-  '123.45.67.8' => array(
+  '123.45.67.8' => [
-    'Contact' => array(
+    'Contact' => [
-      'getsingle' => array(
+      'getsingle' => [
         'first_name' => 'string',
         'last_name' => 'string',
         // the following means *all* remaining parameters will be
         //   added and sanitised as 'string'. Better leave it out
         //   if you know which parameters you expect
         '*' => 'string',
-      ),
+      ],
-    ),
+    ],
-  ),
+  ],
-);
+];
 
 
 /****************************************************************
  **                WebHook2API CONFIGURATIONS                  **
+ **  Translates typical webhook calls into CiviCRM API calls   **
  ****************************************************************/
-# remove if you don't want this feature or rename to $webhook2api to activate
+// Example configuration:
+// remove if you don't want this feature or rename to $webhook2api to activate
 $_webhook2api = [
     "configurations" => [
         "default" => [

proxy/error.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -15,7 +15,6 @@ require_once "proxy.php";
  <head>
   <meta charset="UTF-8">
   <title>CiviProxy Error</title>
-  <link href="http://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet" type="text/css">
   <style type="text/css">
     body {
       margin: 0;

proxy/file.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/

proxy/index.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -16,7 +16,6 @@ require_once "proxy.php";
  <head>
   <meta charset="UTF-8">
   <title>CiviProxy Version <?php echo $civiproxy_version;?></title>
-  <link href="http://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet" type="text/css">
   <style type="text/css">
     body {
       margin: 0;

proxy/libs/Cache/Lite.php

@@ -294,7 +294,7 @@ class Cache_Lite
     * @param array $options options
     * @access public
     */
-    function Cache_Lite($options = array(NULL))
+    function __construct($options = array(NULL))
     {
         foreach($options as $key => $value) {
             $this->setOption($key, $value);
@@ -304,6 +304,16 @@ class Cache_Lite
         }
     }
 
+    /**
+     * PHP4 constructor for backwards compatibility with older code
+     *
+     * @param array $options Options
+     */
+    function Cache_Lite($options = array(NULL))
+    {
+        self::__construct($options);
+    }
+
     /**
     * Generic way to set a Cache_Lite option
     *
@@ -554,7 +564,6 @@ class Cache_Lite
     */
     function raiseError($msg, $code)
     {
-        include_once('PEAR.php');
         return PEAR::raiseError($msg, $code, $this->_pearErrorMode);
     }
 
@@ -629,7 +638,7 @@ class Cache_Lite
                 return true;
             }
         }
-        if (!($dh = opendir($dir))) {
+        if (!($dh = @opendir($dir))) {
             return $this->raiseError('Cache_Lite : Unable to open cache directory !', -4);
         }
         $result = true;
@@ -698,8 +707,10 @@ class Cache_Lite
         $this->_touchCacheFile();
         $this->_memoryCachingArray[$this->_file] = $data;
         if ($this->_memoryCachingCounter >= $this->_memoryCachingLimit) {
-            list($key, ) = each($this->_memoryCachingArray);
+            $key = key($this->_memoryCachingArray);
+            next($this->_memoryCachingArray);
             unset($this->_memoryCachingArray[$key]);
+
         } else {
             $this->_memoryCachingCounter = $this->_memoryCachingCounter + 1;
         }
@@ -744,7 +755,7 @@ class Cache_Lite
 	    if ($this->_fileLocking) @flock($fp, LOCK_SH);
             clearstatcache();
             $length = @filesize($this->_file);
-            $mqr = get_magic_quotes_runtime();
+            $mqr = (function_exists('get_magic_quotes_runtime') ? @get_magic_quotes_runtime() : 0);
             if ($mqr) {
                 set_magic_quotes_runtime(0);
             }
@@ -823,7 +834,7 @@ class Cache_Lite
             if ($this->_readControl) {
                 @fwrite($fp, $this->_hash($data, $this->_readControlType), 32);
             }
-            $mqr = get_magic_quotes_runtime();
+            $mqr = (function_exists('get_magic_quotes_runtime') ? @get_magic_quotes_runtime() : 0);
             if ($mqr) {
                 set_magic_quotes_runtime(0);
             }

proxy/libs/Cache/Lite/File.php

@@ -52,10 +52,10 @@ class Cache_Lite_File extends Cache_Lite
     * @param array $options options
     * @access public
     */
-    function Cache_Lite_File($options = array(NULL))
+    function __construct($options = array(NULL))
     {   
         $options['lifetime'] = 0;
-        $this->Cache_Lite($options);
+        parent::__construct($options);
         if (isset($options['masterFile'])) {
             $this->_masterFile = $options['masterFile'];
         } else {
@@ -66,6 +66,16 @@ class Cache_Lite_File extends Cache_Lite
         }
     }
 
+    /**
+     * PHP4 constructor for backwards compatibility with older code
+     *
+     * @param array $options Options
+     */
+    function Cache_Lite_File($options = array(NULL))
+    {
+        self::__construct($options);
+    }
+    
     /**
     * Test if a cache is available and (if yes) return it
     *

proxy/libs/Cache/Lite/Function.php

@@ -81,17 +81,27 @@ class Cache_Lite_Function extends Cache_Lite
     * @param array $options options
     * @access public
     */
-    function Cache_Lite_Function($options = array(NULL))
+    function __construct($options = array(NULL))
     {
         $availableOptions = array('debugCacheLiteFunction', 'defaultGroup', 'dontCacheWhenTheOutputContainsNOCACHE', 'dontCacheWhenTheResultIsFalse', 'dontCacheWhenTheResultIsNull');
-        while (list($name, $value) = each($options)) {
+        foreach ($options as $name => $value) {
             if (in_array($name, $availableOptions)) {
                 $property = '_'.$name;
                 $this->$property = $value;
             }
         }
         reset($options);
-        $this->Cache_Lite($options);
+        parent::__construct($options);
+    }
+
+    /**
+     * PHP4 constructor for backwards compatibility with older code
+     *
+     * @param array $options Options
+     */
+    function Cache_Lite_Function($options = array(NULL))
+    {
+        self::__construct($options);
     }
 
     /**

proxy/libs/Cache/Lite/Output.php

@@ -26,9 +26,19 @@ class Cache_Lite_Output extends Cache_Lite
     * @param array $options options
     * @access public
     */
-    function Cache_Lite_Output($options)
+    function __construct($options)
     {
-        $this->Cache_Lite($options);
+        parent::__construct($options);
+    }
+
+    /**
+     * PHP4 constructor for backwards compatibility with older code
+     *
+     * @param array $options Options
+     */
+    function Cache_Lite_Output($options = array(NULL))
+    {
+        self::__construct($options);
     }
 
     /**

proxy/libs/Cache/README.md

@@ -1,19 +1,25 @@
 # PEAR Cache_Lite
 
+Fast and safe little cache system.
+
+This package is a little cache system optimized for file containers.
+t is fast and safe (because it uses file locking and/or anti-corruption tests).
+
 [![Build Status](https://travis-ci.org/pear/Cache_Lite.svg)](https://travis-ci.org/pear/Cache_Lite)
 
-This package is [Cache_Lite](http://pear.php.net/package/Cache_Lite).
-
-Please report all new issues via the [PEAR bug tracker](http://pear.php.net/bugs/).
 
+## Building
 To test this package, run
 
     phpunit tests/
 
-To build, simply
+To build, simply execute
 
     pear package
 
+
+## Installation
+### PEAR
 To install from scratch
 
     pear install package.xml
@@ -21,3 +27,15 @@ To install from scratch
 To upgrade
 
     pear upgrade -f package.xml
+
+### Composer
+
+    composer require pear/cache_lite
+
+
+## Links
+- Homepage: http://pear.php.net/package/Cache_Lite
+- Source code: https://github.com/pear/Cache_Lite
+- Issue tracker: http://pear.php.net/bugs/search.php?cmd=display&package_name[]=Cache_Lite
+- Unit test status: https://travis-ci.org/pear/Cache_Lite
+- Packagist: https://packagist.org/packages/pear/cache_lite

proxy/mailing/confirm.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -19,7 +19,7 @@ civiproxy_security_check('mail-confirm');
 // basic restraints
 $valid_parameters = array(    'sid'          => 'int',
                               'cid'          => 'int', 
-                              'h'            => 'hex');
+                              'h'            => 'string');
 $parameters = civiproxy_get_parameters($valid_parameters);
 
 // check if parameters specified
@@ -45,7 +45,6 @@ if (!empty($group_query['is_error'])) {
  <head>
   <meta charset="UTF-8">
   <title>CiviProxy Version <?php echo $civiproxy_version;?></title>
-  <link href="http://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet" type="text/css">
   <style type="text/css">
     body {
       margin: 0;

proxy/mailing/mail.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -17,7 +17,7 @@ if (!$target_mail_view) civiproxy_http_error("Feature disabled", 405);
 civiproxy_security_check('mail-view');
 
 // basic restraints
-$valid_parameters = array(  'id'   => 'int'  );
+$valid_parameters = array(  'id'   => 'int', 'cid' => 'int', 'cs' => 'string'  );
 $parameters = civiproxy_get_parameters($valid_parameters);
 
 // check if id specified

proxy/mailing/optout.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/

proxy/mailing/resubscribe.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -19,7 +19,7 @@ civiproxy_security_check('mail-resubscribe');
 // basic restraints
 $valid_parameters = array(    'jid'          => 'int',
                               'qid'          => 'int', 
-                              'h'            => 'hex');
+                              'h'            => 'string');
 $parameters = civiproxy_get_parameters($valid_parameters);
 
 // check if parameters specified
@@ -45,7 +45,6 @@ if (!empty($group_query['is_error'])) {
  <head>
   <meta charset="UTF-8">
   <title>CiviProxy Version <?php echo $civiproxy_version;?></title>
-  <link href="http://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet" type="text/css">
   <style type="text/css">
     body {
       margin: 0;

proxy/mailing/subscribe.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -83,7 +83,6 @@ if (!empty($_REQUEST['email'])) {
  <head>
   <meta charset="UTF-8">
   <title>CiviProxy Version <?php echo $civiproxy_version;?></title>
-  <link href="http://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet" type="text/css">
   <style type="text/css">
     body {
       margin: 0;

proxy/mailing/unsubscribe.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -19,7 +19,7 @@ civiproxy_security_check('mail-unsubscribe');
 // basic restraints
 $valid_parameters = array(    'jid'          => 'int',
                               'qid'          => 'int', 
-                              'h'            => 'hex');
+                              'h'            => 'string');
 $parameters = civiproxy_get_parameters($valid_parameters);
 
 // check if parameters specified
@@ -45,7 +45,6 @@ if (!empty($group_query['is_error'])) {
  <head>
   <meta charset="UTF-8">
   <title>CiviProxy Version <?php echo $civiproxy_version;?></title>
-  <link href="http://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet" type="text/css">
   <style type="text/css">
     body {
       margin: 0;

proxy/mosaico.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2017 SYSTOPIA                             |
+| Copyright (C) 2017-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -17,26 +17,14 @@ if (!$target_mosaico) civiproxy_http_error("Feature disabled", 405);
 civiproxy_security_check('file');
 
 // basic restraints
-$valid_parameters = array('id' => 'string', 'ph' => 'string');
+$valid_parameters = array( 'id'   => 'string', 'template_url' => 'string' );
 $parameters = civiproxy_get_parameters($valid_parameters);
 
-// check if id or ph
 if (!empty($parameters['id'])) {
-  // that's a regular image resource
-  $type = 'image';
-  $reqd = $parameters['id'];
-} elseif (!empty($parameters['ph'])) {
-  // that's a placeholder
-  $type = 'placeholder';
-  $reqd = $parameters['ph'];
-} else {
-  civiproxy_http_error("Resource not found");
-}
-
   // check restrictions
   if (!empty($file_cache_exclude)) {
     foreach ($file_cache_exclude as $pattern) {
-    if (preg_match($pattern, $reqd)) {
+      if (preg_match($pattern, $parameters['id'])) {
         civiproxy_http_error("Invalid Resource", 403);
       }
     }
@@ -44,7 +32,7 @@ if (!empty($file_cache_exclude)) {
   if (!empty($file_cache_include)) {
     $accept_id = FALSE;
     foreach ($file_cache_include as $pattern) {
-    if (preg_match($pattern, $reqd)) {
+      if (preg_match($pattern, $parameters['id'])) {
         $accept_id = TRUE;
       }
     }
@@ -53,15 +41,45 @@ if (!empty($file_cache_include)) {
     }
   }
 
+  // look up the required resource
+  $header_key = 'header&' . $parameters['id'];
+  $data_key   = 'data&'   . $parameters['id'];
+  $url = $target_mosaico . $parameters['id'];
+} elseif (!empty($parameters['template_url'])) {
+  // check restrictions
+  if (!empty($file_cache_exclude)) {
+    foreach ($file_cache_exclude as $pattern) {
+      if (preg_match($pattern, $parameters['template_url'])) {
+        civiproxy_http_error("Invalid Resource", 403);
+      }
+    }
+  }
+  if (!empty($file_cache_include)) {
+    $accept_id = FALSE;
+    foreach ($file_cache_include as $pattern) {
+      if (preg_match($pattern, $parameters['template_url'])) {
+        $accept_id = TRUE;
+      }
+    }
+    if (!$accept_id) {
+      civiproxy_http_error("Invalid Resource", 403);
+    }
+  }
+
+  // look up the required resource
+  $header_key = 'header&' . $parameters['template_url'];
+  $data_key   = 'data&'   . $parameters['template_url'];
+  $url = $target_mosaico_template_url . $parameters['template_url'];
+} else {
+  civiproxy_http_error("Resource not found");
+}
+
 // load PEAR file cache
 ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . 'libs');
 if (!file_exists($file_cache_options['cacheDir'])) mkdir($file_cache_options['cacheDir']);
 require_once('Cache/Lite.php');
 $file_cache = new Cache_Lite($file_cache_options);
 
-// look up the required resource
-$header_key = 'header&' . $reqd;
-$data_key   = 'data&'   . $reqd;
 
 $header = $file_cache->get($header_key);
 $data   = $file_cache->get($data_key);
@@ -78,16 +96,6 @@ if ($header && $data) {
 }
 
 // if we get here, we have a cache miss => load
-if ($type == 'image') {
-  // that's a regular image resource
-  $url = $target_mosaico . $reqd;
-} else {
-  // that's a placeholder
-  $target_placeholder = str_replace('img?src=', 'img?method=placeholder&params=', $target_mosaico);
-  $url = $target_placeholder . $reqd;
-}
-
-// run the query
 $curlSession = curl_init();
 curl_setopt($curlSession, CURLOPT_URL, $url);
 curl_setopt($curlSession, CURLOPT_HEADER, 1);

proxy/open.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -16,8 +16,5 @@ if (!$target_open) civiproxy_http_error("Feature disabled", 405);
 // basic check
 civiproxy_security_check('open');
 
-// basic restraints
+$parameters = civiproxy_get_parameters($valid_open_parameters);
-$valid_parameters = array(  'q'   => 'int'  );
-
-$parameters = civiproxy_get_parameters($valid_parameters);
 civiproxy_redirect($target_open, $parameters);

proxy/proxy.php

@@ -2,13 +2,13 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
 
 require_once "config.php";
-$civiproxy_version = '0.6-dev';
+$civiproxy_version = '1.0.0-beta';
 
 /**
  * this will redirect the request to another URL,
@@ -90,6 +90,148 @@ function civiproxy_redirect($url_requested, $parameters) {
   curl_close ($curlSession);
 }
 
+/**
+ * this will redirect the request to an API4 URL,
+ *  i.e. will pass the reply on to this request
+ *
+ * @see losely based on https://code.google.com/p/php-proxy/
+ *
+ * @param $url_requested string the URL to which the request should be sent
+ * @param $parameters array
+ * @param $credentials array
+ */
+function civiproxy_redirect4($url_requested, $parameters, $credentials) {
+  global $target_interface, $authx_internal_flow;
+  $url = $url_requested;
+  $curlSession = curl_init();
+  $credential_params = civiproxy_build_credential_params($credentials, $authx_internal_flow);
+  $credential_headers = civiproxy_build_credential_headers($credentials, $authx_internal_flow);
+
+  if ($_SERVER['REQUEST_METHOD'] == 'POST'){
+    // POST requests should be passed on as POST
+    curl_setopt($curlSession, CURLOPT_POST, 1);
+    $urlparams = 'params=' . urlencode(json_encode($parameters)) . $credential_params;
+    curl_setopt($curlSession, CURLOPT_POSTFIELDS, $urlparams);
+  } else {
+    // GET requests will get the parameters as url params
+    if (!empty($parameters)) {
+      $url .= '?params=' . urlencode(json_encode($parameters)) . $credential_params;
+    }
+  }
+
+  curl_setopt($curlSession, CURLOPT_HTTPHEADER, array_merge([
+    'Content-Type: application/x-www-form-urlencoded'
+  ], $credential_headers));
+  curl_setopt($curlSession, CURLOPT_URL, $url);
+  curl_setopt($curlSession, CURLOPT_HEADER, 1);
+  curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,1);
+  curl_setopt($curlSession, CURLOPT_TIMEOUT, 30);
+  curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 2);
+  if (!empty($target_interface)) {
+    curl_setopt($curlSession, CURLOPT_INTERFACE, $target_interface);
+  }
+  if (file_exists(dirname(__FILE__).'/target.pem')) {
+    curl_setopt($curlSession, CURLOPT_CAINFO, dirname(__FILE__).'/target.pem');
+  }
+
+  //Send the request and store the result in an array
+  $response = curl_exec($curlSession);
+
+  // Check that a connection was made
+  if (curl_error($curlSession)){
+    civiproxy_http_error(curl_error($curlSession), curl_errno($curlSession));
+
+  } else {
+    //clean duplicate header that seems to appear on fastcgi with output buffer on some servers!!
+    $response = str_replace("HTTP/1.1 100 Continue\r\n\r\n","",$response);
+
+    // split header / content
+    $content = explode("\r\n\r\n", $response, 2);
+    $header = $content[0];
+    $body = $content[1];
+
+    // handle headers - simply re-outputing them
+    $header_ar = explode(chr(10), $header);
+    foreach ($header_ar as $header_line){
+      if (!preg_match("/^Transfer-Encoding/", $header_line)){
+        civiproxy_mend_URLs($header_line);
+        header(trim($header_line));
+      }
+    }
+
+    //rewrite all hard coded urls to ensure the links still work!
+    civiproxy_mend_URLs($body);
+
+    print $body;
+  }
+
+  curl_close($curlSession);
+}
+
+/**
+ * Creates a string with the API credentials to be appended to an API4 GET or POST request.
+ * When $api4_internal_auth_flow is 'header' or 'xheader', returns a blank string
+ *
+ * @param array $credentials
+ * @param string $authx_internal_flow
+ * @return string credential string, including leading '&'
+ */
+function civiproxy_build_credential_params(array $credentials, string $authx_internal_flow): string {
+  switch($authx_internal_flow) {
+    case 'legacyrest':
+      $map = ['api_key' => 'api_key', 'key' => 'key'];
+      break;
+    case 'param':
+      $map = ['api_key' => '_authx', 'key' => '_authxSiteKey'];
+      break;
+    default:
+      return '';
+  }
+  $params = [];
+  foreach($map as $credential_key => $param_name) {
+    if (isset($credentials[$credential_key])) {
+      $credential_value = $credentials[$credential_key];
+      if ($param_name === '_authx') {
+        $credential_value = 'Bearer ' . $credential_value;
+      }
+      $params[$param_name] = $credential_value;
+    }
+  }
+
+  $param_string = http_build_query($params);
+  if (!empty($param_string)) {
+    $param_string = '&' . $param_string;
+  }
+  return $param_string;
+}
+
+/**
+ * Builds an array of headers to send on an API4 request. When $api4_internal_auth_flow
+ * is 'param' or 'legacyrest', will always return an empty array.
+ *
+ * @param array $credentials
+ * @param string $authx_internal_flow
+ * @return array
+ */
+function civiproxy_build_credential_headers(array $credentials, string $authx_internal_flow): array {
+  switch($authx_internal_flow) {
+    case 'header':
+      $map = ['api_key' => 'Authorization: Bearer', 'key' => 'X-Civi-Key:'];
+      break;
+    case 'xheader':
+      $map = ['api_key' => 'X-Civi-Auth: Bearer', 'key' => 'X-Civi-Key:'];
+      break;
+    default:
+      return [];
+  }
+  $headers = [];
+  foreach($map as $credential_key => $header_prefix) {
+    if (isset($credentials[$credential_key])) {
+      $headers[] = $header_prefix . ' ' . $credentials[$credential_key];
+    }
+  }
+  return $headers;
+}
 
 /**
  * Will mend all the URLs in the string that point to the target,
@@ -131,11 +273,12 @@ function civiproxy_mend_URLs(&$string) {
  * unauthorized access quantities, etc.
  *
  * @param $target
- * @param $quit    if TRUE, quit immediately if access denied
+ * @param $quit bool if TRUE, quit immediately if access denied
+ * @param $log_headers array add these headers (sanitized) to log data
  *
  * @return TRUE if allowed, FALSE if not (or quits if $quit is set)
  */
-function civiproxy_security_check($target, $quit=TRUE) {
+function civiproxy_security_check($target, $quit=TRUE, $log_headers = []) {
   // verify that we're SSL encrypted
   if ($_SERVER['HTTPS'] != "on") {
     civiproxy_http_error("This CiviProxy installation requires SSL encryption.", 400);
@@ -145,11 +288,16 @@ function civiproxy_security_check($target, $quit=TRUE) {
   if (!empty($debug)) {
     // filter log data
     $log_data = $_REQUEST;
-    if (isset($log_data['api_key'])) {
+    $sanitize_params = ['api_key', 'key', '_authxSiteKey', '_authx'];
-      $log_data['api_key'] = substr($log_data['api_key'], 0, 4) . '...';
+    foreach ($sanitize_params as $param) {
+      if (isset($log_data[$param])) {
+        $log_data[$param] = substr($log_data[$param], 0, 4) . '...';
       }
-    if (isset($log_data['key'])) {
+    }
-      $log_data['key'] = substr($log_data['key'], 0, 4) . '...';
+
+    foreach($log_headers as $header) {
+      if (!empty($_SERVER[$header]))
+      $log_data[$header] = substr($_SERVER[$header], 0, 4) . '...';
     }
 
     // log
@@ -205,7 +353,7 @@ function civiproxy_get_parameters($valid_parameters, $request = NULL) {
   // process wildcard elements
   if ($default_sanitation !== NULL) {
     // i.e. we want the others too
-    $remove_parameters = array('key', 'api_key', 'version', 'entity', 'action');
+    $remove_parameters = array('key', 'api_key', '_authx', '_authxSiteKey', 'version', 'entity', 'action');
     foreach ($request as $name => $value) {
       if (!in_array($name, $remove_parameters) && !isset($valid_parameters[$name])) {
         $result[$name] = civiproxy_sanitise($value, $default_sanitation);
@@ -216,6 +364,26 @@ function civiproxy_get_parameters($valid_parameters, $request = NULL) {
   return $result;
 }
 
+/**
+ * Get the value of a header on the incoming request
+ *
+ * @param string $header name of the header, in all uppercase
+ * @param string $prefix to be stripped off the value of the header
+ * @return string|null value of the header, or null if not found.
+ */
+function civiproxy_get_header($header, $prefix = ''): ?string {
+  if (!empty($_SERVER['HTTP_' . $header])) {
+    $value = $_SERVER['HTTP_' . $header];
+    if ($prefix === '') {
+      return $value;
+    }
+    if (strpos($value, $prefix) === 0) {
+      return trim(substr($value, strlen($prefix)));
+    }
+  }
+  return NULL;
+}
+
 /**
  * sanitise the given value with the given sanitiation type
  */

proxy/rest.php

@@ -2,18 +2,18 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
 
 require_once "config.php";
 require_once "proxy.php";
+require_once "checks.php";
 
 // see if REST API is enabled
 if (!$target_rest) civiproxy_http_error("Feature disabled", 405);
 
-
 // basic check
 if (!civiproxy_security_check('rest')) {
   civiproxy_rest_error("Access denied.");
@@ -21,25 +21,9 @@ if (!civiproxy_security_check('rest')) {
 
 // check credentials
 $credentials = civiproxy_get_parameters(array('key' => 'string', 'api_key' => 'string'));
-if (empty($credentials['key'])) {
-  civiproxy_rest_error("No site key given");
-} else {
-  if (isset($sys_key_map[$credentials['key']])) {
-    $credentials['key'] = $sys_key_map[$credentials['key']];
-  } else {
-    civiproxy_rest_error("Invalid site key");
-  }
-}
 
-if (empty($credentials['api_key'])) {
+civiproxy_map_site_key($credentials, $sys_key_map);
-  civiproxy_rest_error("No API key given");
+civiproxy_map_api_key($credentials, $api_key_map);
-} else {
-  if (isset($api_key_map[$credentials['api_key']])) {
-    $credentials['api_key'] = $api_key_map[$credentials['api_key']];
-  } else {
-    civiproxy_rest_error("Invalid api key");
-  }
-}
 
 // check if the call itself is allowed
 $action = civiproxy_get_parameters(array('entity' => 'string', 'action' => 'string', 'version' => 'int', 'json' => 'int', 'sequential' => 'int'));
@@ -47,22 +31,7 @@ if (!isset($action['version']) || $action['version'] != 3) {
   civiproxy_rest_error("API 'version' information missing.");
 }
 
-// in release 0.4, allowed entity/actions per IP were introduced. To introduce backward compatibility,
+$valid_parameters= civiproxy_get_valid_parameters($action, $rest_allowed_actions);
-// the previous test is still used when no 'all' key is found in the array
-if (isset($rest_allowed_actions['all'])) {
-	// get valid key for the rest_allowed_actions
-	$valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions);
-  $valid_parameters = civiproxy_retrieve_api_parameters($valid_allowed_key, $action['entity'], $action['action'], $rest_allowed_actions);
-	if (!$valid_parameters) {
-		civiproxy_rest_error("Invalid entity/action.");
-	}
-} else {
-	if (isset($rest_allowed_actions[$action['entity']]) && isset($rest_allowed_actions[$action['entity']][$action['action']])) {
-		$valid_parameters = $rest_allowed_actions[$action['entity']][$action['action']];
-	} else {
-		civiproxy_rest_error("Invalid entity/action.");
-	}
-}
 
 // extract parameters and add credentials and action data
 $parameters = civiproxy_get_parameters($valid_parameters);
@@ -86,18 +55,5 @@ if ($rest_evaluate_json_parameter) {
 }
 
 // finally execute query
+civiproxy_log($target_rest);
 civiproxy_redirect($target_rest, $parameters);
-
-
-/**
- * generates a CiviCRM REST API compliant error
- * and ends processing
- */
-function civiproxy_rest_error($message) {
-  $error = array( 'is_error'      => 1,
-                  'error_message' => $message);
-  // TODO: Implement
-  //header();
-  print json_encode($error);
-  exit();
-}

proxy/rest4.php

@@ -0,0 +1,89 @@
+<?php
+/*--------------------------------------------------------+
+| SYSTOPIA CiviProxy                                      |
+|  a simple proxy solution for external access to CiviCRM |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
+| Author: B. Endres (endres -at- systopia.de)             |
+| http://www.systopia.de/                                 |
++---------------------------------------------------------*/
+
+require_once "config.php";
+require_once "proxy.php";
+require_once "checks.php";
+
+// see if REST API is enabled
+if (!$target_rest4) {
+  civiproxy_http_error("Feature disabled");
+}
+$valid_flows = ['header', 'xheader', 'legacyrest', 'param'];
+$headers_by_flow = [
+ 'header' => ['HTTP_AUTHORIZATION', 'HTTP_X_CIVI_KEY'],
+ 'xheader' => ['HTTP_X_CIVI_AUTH', 'HTTP_X_CIVI_KEY'],
+ 'legacyrest' => [],
+ 'param' => [],
+];
+if (!in_array($authx_internal_flow, $valid_flows)) {
+  civiproxy_http_error("Invalid internal auth flow '$authx_internal_flow'", 500);
+}
+$headers_to_log = [];
+foreach ($authx_external_flow as $external_flow) {
+  if (!in_array($external_flow, $valid_flows)) {
+    civiproxy_http_error("Invalid external auth flow '$external_flow'", 500);
+  }
+  $headers_to_log = array_merge($headers_to_log, $headers_by_flow[$external_flow]);
+}
+
+// basic check
+if (!civiproxy_security_check('rest', TRUE, $headers_to_log)) {
+  civiproxy_rest_error("Access denied.");
+}
+
+$credentials = [];
+// Find credentials on the incoming request
+foreach ($authx_external_flow as $external_flow) {
+  switch($external_flow) {
+    case 'header':
+      $credentials['api_key'] = civiproxy_get_header('AUTHORIZATION', 'Bearer ');
+      $credentials['key'] = civiproxy_get_header('HTTP_X_CIVI_KEY');
+      break;
+    case 'xheader':
+      $credentials['api_key'] = civiproxy_get_header('X_CIVI_AUTH', 'Bearer ');
+      $credentials['key'] = civiproxy_get_header('HTTP_X_CIVI_KEY');
+      break;
+    case 'legacyrest':
+      $credentials = civiproxy_get_parameters(array('api_key' => 'string', 'key' => 'string'));
+      break;
+    case 'param':
+      $authx_credentials = civiproxy_get_parameters(array('_authx' => 'string', '_authxSiteKey' => 'string'));
+      if (!empty($authx_credentials['_authx'])) {
+        // Snip off leading 'Bearer ' or 'Bearer+'
+        if (substr($authx_credentials['_authx'], 0, 6) === 'Bearer') {
+          $credentials['api_key'] = substr($authx_credentials['_authx'], 7);
+        }
+      }
+      if (!empty($authx_credentials['_authxSiteKey'])) {
+        $credentials['key'] = $authx_credentials['_authxSiteKey'];
+      }
+      break;
+  }
+  if (!empty($credentials['api_key'])) {
+    break;
+  }
+}
+
+civiproxy_map_api_key($credentials, $api_key_map);
+if (!empty($credentials['key'])) {
+  civiproxy_map_site_key( $credentials, $sys_key_map);
+}
+
+// check if the call itself is allowed
+$action = civiproxy_get_parameters(array('entity' => 'string', 'action' => 'string'));
+
+$valid_parameters = civiproxy_get_valid_parameters($action, $rest_allowed_actions);
+
+// extract parameters and add action data
+$parameters = civiproxy_get_parameters($valid_parameters, json_decode($_REQUEST['params'], true));
+
+// finally execute query
+civiproxy_log($target_rest4);
+civiproxy_redirect4($target_rest4 . $action['entity'] . '/' . $action['action'] , $parameters, $credentials);

proxy/url.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2015 SYSTOPIA                             |
+| Copyright (C) 2015-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -16,10 +16,5 @@ if (!$target_url) civiproxy_http_error("Feature disabled", 405);
 // basic check
 civiproxy_security_check('url');
 
-// basic restraints
+$parameters = civiproxy_get_parameters($valid_url_parameters);
-$valid_parameters = array(  'u'   => 'int',
-                            'q'   => 'int',
-                            'qid' => 'int');
-
-$parameters = civiproxy_get_parameters($valid_parameters);
 civiproxy_redirect($target_url, $parameters);

proxy/webhook2api.php

@@ -2,7 +2,7 @@
 /*--------------------------------------------------------+
 | SYSTOPIA CiviProxy                                      |
 |  a simple proxy solution for external access to CiviCRM |
-| Copyright (C) 2019 SYSTOPIA                             |
+| Copyright (C) 2019-2021 SYSTOPIA                        |
 | Author: B. Endres (endres -at- systopia.de)             |
 | http://www.systopia.de/                                 |
 +---------------------------------------------------------*/
@@ -32,7 +32,6 @@ if (!empty($_REQUEST['id']) && isset($webhook2api['configurations'][$_REQUEST['i
 
 // read some input
 $post_input = @file_get_contents('php://input');
-error_log("DEBUG: " . json_encode($post_input));
 
 // MAIN: iterate through all (eligible) configurations
 $last_error = ["No handler found", 501];
@@ -85,12 +84,10 @@ function webhook2api_processConfiguration($configuration, $post_input) {
   // gather source data
   $data = [];
   if (!empty($configuration['data_sources']) && is_array($configuration['data_sources'])) {
-    error_log(json_encode($configuration));
     foreach ($configuration['data_sources'] as $data_source) {
       switch ($data_source) {
         case 'POST/json': # JSON data in POST field
           $more_data = json_decode($post_input, TRUE);
-          error_log(json_encode($more_data));
           $data = array_merge_recursive($data, $more_data);
           break;
         case 'REQUEST': # simple request parameters
@@ -109,8 +106,8 @@ function webhook2api_processConfiguration($configuration, $post_input) {
     foreach ($data as $d) {
       $result = webhook2api_callCiviApi($configuration, $d);
       if(isset($result['internal_error'])) {
-        // internal communication Error occured. Aborting process
+        // internal communication Error occurred. Aborting process
-        civiproxy_log("Webhook2API[{$configuration['name']}]: internal error occured: " . json_encode($result['internal_error']));
+        civiproxy_log("Webhook2API[{$configuration['name']}]: internal error occurred: " . json_encode($result['internal_error']));
         return $result['internal_error'];
       }
       if (!empty($result['values']['http_code'])) {
@@ -123,30 +120,30 @@ function webhook2api_processConfiguration($configuration, $post_input) {
   } else {
     $result = webhook2api_callCiviApi($configuration, $data);
     if(isset($result['internal_error'])) {
-      // internal communication Error occured. Aborting process
+      // internal communication Error occurred. Aborting process
-      civiproxy_log("Webhook2API[{$configuration['name']}]: internal error occured: " . json_encode($result['internal_error']));
+      civiproxy_log("Webhook2API[{$configuration['name']}]: internal error occurred: " . json_encode($result['internal_error']));
       return $result['internal_error'];
     }
     if (!empty($result['values']['http_code'])) {
       $http_code = $result['values']['http_code'];
-    } else {
+    } elseif ($result['is_error'] != 0) {
         $http_code = 403;
     }
   }
   if ($http_code != '200') {
-    // we received and parsed the webhook event successfully, but an error occured with civicrm:
+    // we received and parsed the webhook event successfully, but an error occurred with civicrm:
     civiproxy_log("Webhook2API[{$configuration['name']}]: Internal CiviCRM Error. Error Code: {$http_code}. Full Message: " . json_encode($result));
   }
 
   // process result
   if (!empty($configuration['response_mapping']) && is_array($configuration['response_mapping'])) {
     // TODO: implement
-    //error_log("Webhook2API.response_mapping: not implemented!");
     http_response_code('200');
-
+    civiproxy_log("Webhook successful, response mapped.");
   } else {
     // default behaviour:
     http_response_code('200');
+    civiproxy_log("Webhook successful.");
   }
   // all done
   exit();
@@ -177,7 +174,7 @@ function webhook2api_callCiviApi($configuration, $data) {
       } else {
         echo "Error";
         // unknown instruction
-        //        //error_log("Webhook2API[{$configuration['name']}]: don't understad sentinel '{$check}'. Ignored.");
+        civiproxy_log("Webhook2API[{$configuration['name']}]: don't understand sentinel '{$check}'. Ignored.");
       }
     }
   }
@@ -196,7 +193,8 @@ function webhook2api_callCiviApi($configuration, $data) {
       // run modifiers
       foreach ($modifiers as $modifier) {
         // TODO: implement
-        //error_log("Webhook2API.modifiers: not implemented!");
+
+        civiproxy_log("Webhook2API.modifiers: not implemented!");
       }
 
       // set to target
@@ -209,16 +207,16 @@ function webhook2api_callCiviApi($configuration, $data) {
   // sanitise data
   if (!empty($configuration['parameter_sanitation']) && is_array($configuration['parameter_sanitation'])) {
     // TODO: implement
-    //error_log("Webhook2API.sanitation: not implemented!");
+    civiproxy_log("Webhook2API.sanitation: not implemented!");
   }
 
   // send to target REST API
   if (empty($configuration['entity']) || empty($configuration['action'])) {
-    //error_log("Webhook2API[{$configuration['name']}]: Missing entity/action.");
+    civiproxy_log("Webhook2API[{$configuration['name']}]: Missing entity/action.");
     return ["internal_error" => "Configuration error", 403];
   }
   if (empty($configuration['api_key'])) {
-    //error_log("Webhook2API[{$configuration['name']}]: Missing api_key.");
+    civiproxy_log("Webhook2API[{$configuration['name']}]: Missing api_key.");
     return ["internal_error" => "Configuration error", 403];
   }
   $params['api_key'] = $configuration['api_key'];