From be83d21dcf618df66634ee9d65bc7c28c9e35c72 Mon Sep 17 00:00:00 2001
From: tianya <yanghuxiao@vip.qq.com>
Date: Mon, 17 Apr 2023 22:52:24 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E5=96=84jsonq=E6=A0=87=E7=AD=BE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/admin/catalog_do.php                     | 10 ++++++
 src/system/archive/listview.class.php        | 37 +++++++++++++++++---
 src/system/taglib/jsonq.lib.php              | 13 ++++++-
 src/system/typelink/typeunit.class.admin.php |  6 +++-
 4 files changed, 60 insertions(+), 6 deletions(-)

diff --git a/src/admin/catalog_do.php b/src/admin/catalog_do.php
index 6b72c847..aa09e762 100644
--- a/src/admin/catalog_do.php
+++ b/src/admin/catalog_do.php
@@ -265,5 +265,15 @@ else if ($dopost == 'moveCatalog') {
         ShowMsg('成功移动目录', 'catalog_main.php');
         exit();
     }
+} //查看API
+else if ($dopost == 'viewAPI') {
+    require_once(DEDEINC.'/typelink/typelink.class.php');
+    $typeid = isset($typeid) ? intval($typeid) : 0;
+    $tl = new TypeLink($typeid);
+    $timestamp = time();
+    $sign = sha1($typeid.$timestamp.$tl->TypeInfos['apikey'].'1'.'10');
+    $u = "tid={$typeid}&mod=1&timestamp={$timestamp}&PageNo=1&PageSize=10&sign={$sign}";
+    header('HTTP/1.1 301 Moved Permanently');
+    header("Location:../apps/list.php?{$u}");
 }
 ?>
\ No newline at end of file
diff --git a/src/system/archive/listview.class.php b/src/system/archive/listview.class.php
index 32fa1916..6491b2e9 100755
--- a/src/system/archive/listview.class.php
+++ b/src/system/archive/listview.class.php
@@ -34,6 +34,7 @@ class ListView
     var $IsReplace;
     var $remoteDir;
     var $mod;
+    var $_parms = array('tid','TotalResult','PageNo','PageSize','mod','timestamp','sign');
     /**
      *  php5构造函数
      *
@@ -74,13 +75,41 @@ class ListView
             //添加联动单筛选
             if (isset($_REQUEST['tid'])) {
                 foreach($_GET as $key => $value) {
-                    if ($key!="tid" && $key!="TotalResult" && $key!="PageNo" && $key!="PageSize" && $key!="mod") {
+                    if (!in_array($key,$this->_parms)) {
                         $this->Fields[string_filter($key)] = string_filter(urldecode($value));
                     }
                 }
             }
             //设置一些全局参数的值
             foreach ($GLOBALS['PubFields'] as $k => $v) $this->Fields[$k] = $v;
+            //API相关逻辑处理
+            if ($this->mod == 1 && empty($this->Fields['apikey'])) {
+                echo json_encode(array(
+                    "code" => -1,
+                    "msg" => "api key is empty",
+                ));
+                exit;
+            } 
+            if($this->mod == 1){
+                if (empty($GLOBALS['sign'])) {
+                    echo json_encode(array(
+                        "code" => -1,
+                        "msg" => "sign is empty",
+                    ));
+                    exit;
+                }
+                //验签算法 sha1(typeid+timestamp+apikey+PageNo+PageSize)
+                $sign = sha1($this->TypeID.$GLOBALS['timestamp'].$this->Fields['apikey'].$GLOBALS['PageNo'].$GLOBALS['PageSize']);
+                if ($sign !== $GLOBALS['sign']) {
+                    echo json_encode(array(
+                        "code" => -1,
+                        "msg" => "sign check failed",
+                    ));
+                    exit;
+                }
+            }
+
+
             $this->Fields['rsslink'] = $GLOBALS['cfg_cmsurl']."/static/rss/".$this->TypeID.".xml";
             //设置环境变量
             SetSysEnv($this->TypeID, $this->Fields['typename'], 0, '', 'list');
@@ -151,7 +180,7 @@ class ListView
             }
             if (isset($_REQUEST['tid'])) {
                 foreach ($_GET as $key => $value) {
-                    $filtersql .= ($key!="tid" && $key!="TotalResult" && $key!="PageNo" && $key!="PageSize" && $key!="mod") ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : '';
+                    $filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : '';
                 }
             }
         } else {
@@ -428,7 +457,7 @@ class ListView
             if (isset($_REQUEST['tid'])) {
                 foreach($_GET as $key => $value) 
                 {
-                    $filtersql .= ($key!="tid" && $key!="TotalResult" && $key!="PageNo" && $key!="PageSize" && $key !="mod") ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : '';
+                    $filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : '';
                 }
             }
         } else {
@@ -837,7 +866,7 @@ class ListView
             if (isset($_REQUEST['tid'])) {
                 foreach($_GET as $key => $value) 
                 {
-                    $filtersql .= ($key!="tid" && $key!="TotalResult" && $key!="PageNo" && $key!="PageSize" && $key!="mod") ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : '';
+                    $filtersql .= (!in_array($key,$this->_parms)) ? " AND $addtable.".string_filter($key)." = '".string_filter(urldecode($value))."'" : '';
                 }
             }
         } else {
diff --git a/src/system/taglib/jsonq.lib.php b/src/system/taglib/jsonq.lib.php
index 954dd3d7..231d4170 100644
--- a/src/system/taglib/jsonq.lib.php
+++ b/src/system/taglib/jsonq.lib.php
@@ -12,14 +12,25 @@ require_once(DEDEINC . "/libraries/jsonq/Jsonq.php");
 helper('cache');
 function lib_jsonq(&$ctag, &$refObj)
 {
-    $attlist = "url|,path|,cachetime|3600";
+    $attlist = "url|,path|,typeid|,row|,apikey|,cachetime|3600";
     FillAttsDefault($ctag->CAttribute->Items, $attlist);
     extract($ctag->CAttribute->Items, EXTR_SKIP);
     $Innertext = trim($ctag->GetInnerText());
     if ($url == '' || $Innertext == '') return '';
+    if (!empty($typeid)) {
+        $typeid = intval($typeid);
+    }
+    if ($typeid > 0) {
+        $timestamp = time();
+        $sign = sha1($typeid.$timestamp.$apikey.'1'.'10');
+        $u = "tid={$typeid}&mod=1&timestamp={$timestamp}&PageNo=1&PageSize={$row}&sign={$sign}";
+        $url = $url."/apps/list.php?{$u}";
+        $path = "$.lists";
+    }
     $key = md5($url);
     try {
         if ($path=='') {
+            //选择器获取某个特定值
             $jsonq = new Jsonq($url);
             $revalue = GetCache("tagjsonq2", $key);
             if (!empty($revalue)) {
diff --git a/src/system/typelink/typeunit.class.admin.php b/src/system/typelink/typeunit.class.admin.php
index 2208db6d..b6fb749c 100755
--- a/src/system/typelink/typeunit.class.admin.php
+++ b/src/system/typelink/typeunit.class.admin.php
@@ -90,7 +90,7 @@ class TypeUnit
             $admin_catalogs = explode(',', $admin_catalog);
             $admin_catalogs = array_unique($admin_catalogs);
         }
-        $this->dsql->SetQuery("SELECT id,typedir,typename,ispart,sortrank,ishidden FROM `#@__arctype` WHERE reid=0 ORDER BY sortrank");
+        $this->dsql->SetQuery("SELECT id,typedir,typename,ispart,sortrank,ishidden,apienabled FROM `#@__arctype` WHERE reid=0 ORDER BY sortrank");
         $this->dsql->Execute(0);
         $i = 0;
         while ($row = $this->dsql->GetObject(0)) {
@@ -114,6 +114,8 @@ class TypeUnit
                 echo "<td class='admin-td'><table width='98%' cellspacing='0' cellpadding='0'><tr><td width='50%'><i id='img".$id."' onClick=\"LoadSuns('suns".$id."',$id);\" class='fa fa-plus-square'></i><input type='checkbox' name='tids[]' value='{$id}' class='mr-3 ml-3'><span class='btn btn-success btn-xs'>列表</span>{$nss}<a href='catalog_do.php?cid=".$id."&dopost=listArchives' class='mr-3 ml-3'>".$typeName."</a>[id：".$id."]（文档数：".$this->GetTotalArc($id)."）";
                 echo "</td>";
                 echo "<td align='right'><a href='{$GLOBALS['cfg_phpurl']}/list.php?tid={$id}' target='_blank' title='预览' class='btn btn-light btn-sm'><i class='fa fa-eye'></i></a>";
+                $apidisabled = $row->apienabled == 1? '' : ' disabled';
+                echo "<a href='catalog_do.php?dopost=viewAPI&typeid={$id}' target='_blank' title='接口' class='btn btn-light btn-sm{$apidisabled}'><i class='fa fa-bolt'></i></a>";
                 echo "<a href='catalog_do.php?cid={$id}&dopost=listArchives' title='文档' class='btn btn-light btn-sm'><i class='fa fa-file-text'></i></a>";
                 echo "<a href='catalog_add.php?id={$id}' title='添加' class='btn btn-light btn-sm'><i class='fa fa-plus-circle'></i></a>";
                 echo "<a href='catalog_edit.php?id={$id}' title='修改' class='btn btn-light btn-sm'><i class='fa fa-pencil-square'></i></a>";
@@ -197,6 +199,8 @@ class TypeUnit
                     echo "$step<i id='img".$id."' onClick=\"LoadSuns('suns".$id."',$id);\" class='fa fa-plus-square'></i><input type='checkbox' name='tids[]' value='{$id}' class='mr-3 ml-3'><span class='btn btn-success btn-xs'>列表</span>{$nss}<a href='catalog_do.php?cid=".$id."&dopost=listArchives' class='mr-3 ml-3'>".$typeName."</a>[id：".$id."]（文档数：".$this->GetTotalArc($id)."）";
                     echo "</td>";
                     echo "<td align='right'><a href='{$GLOBALS['cfg_phpurl']}/list.php?tid={$id}' target='_blank' title='预览' class='btn btn-light btn-sm'><i class='fa fa-eye'></i></a>";
+                    $apidisabled = $row->apienabled == 1? '' : ' disabled';
+                    echo "<a href='catalog_do.php?dopost=viewAPI&typeid={$id}' target='_blank' title='接口' class='btn btn-light btn-sm{$apidisabled}'><i class='fa fa-bolt'></i></a>";
                     echo "<a href='catalog_do.php?cid={$id}&dopost=listArchives' title='文档' class='btn btn-light btn-sm'><i class='fa fa-file-text'></i></a>";
                     echo "<a href='catalog_add.php?id={$id}' title='添加' class='btn btn-light btn-sm'><i class='fa fa-plus-circle'></i></a>";
                     echo "<a href='catalog_edit.php?id={$id}' title='修改' class='btn btn-light btn-sm'><i class='fa fa-pencil-square'></i></a>";