use strict;
use warnings;
+use List::MoreUtils qw(any);
+
use C4::ILSDI::Services;
use C4::Auth;
use C4::Output;
This script is a basic implementation of ILS-DI protocol for Koha.
It acts like a dispatcher, that get the CGI request, check required and
-optionals arguments, call a function from C4::ILS-DI::Services, and finaly
+optionals arguments, call a function from C4::ILS-DI, and finaly
outputs the returned hashref as XML.
=cut
'CancelHold' => [],
);
-# If ILS-DI module is disabled in System->Preferences, redirect to 404
-if ( not C4::Context->preference('ILS-DI') ) {
- print $cgi->redirect("/cgi-bin/koha/errors/404.pl");
-}
-
# If no service is requested, display the online documentation
-if ( not $cgi->param('service') ) {
+unless ( $cgi->param('service') ) {
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
{ template_name => "ilsdi.tmpl",
query => $cgi,
}
# If user requested a service description, then display it
-if ( $cgi->param('service') eq "Describe" and grep { $cgi->param('verb') eq $_ } @services ) {
+if ( $cgi->param('service') eq "Describe" and any { $cgi->param('verb') eq $_ } @services ) {
my ( $template, $loggedinuser, $cookie ) = get_template_and_user(
{ template_name => "ilsdi.tmpl",
query => $cgi,
exit 0;
}
-my $service = $cgi->param('service') || "ilsdi";
-
my $out;
+# If ILS-DI module is disabled in System->Preferences, redirect to 404
+unless ( C4::Context->preference('ILS-DI') ) {
+ $out->{'code'} = "NotAllowed";
+ $out->{'message'} = "ILS-DI is disabled.";
+}
+
+# If the remote address is not allowed, redirect to 403
+my @AuthorizedIPs = split(/,/, C4::Context->preference('ILS-DI:AuthorizedIPs'));
+if ( @AuthorizedIPs # If no filter set, allow access to everybody
+ and not any { $ENV{'REMOTE_ADDR'} eq $_ } @AuthorizedIPs # IP Check
+ ) {
+ $out->{'code'} = "NotAllowed";
+ $out->{'message'} = "Unauthorized IP address: ".$ENV{'REMOTE_ADDR'}.".";
+}
+
+my $service = $cgi->param('service') || "ilsdi";
+
# Check if the requested service is in the list
-if ( $service and grep { $service eq $_ } @services ) {
+if ( $service and any { $service eq $_ } @services ) {
my @parmsrequired = @{ $required{$service} };
my @parmsoptional = @{ $optional{$service} };
my @parmsall = ( @parmsrequired, @parmsoptional );
my @names = $cgi->param;
- my %paramhash = ();
- foreach my $name (@names) {
- $paramhash{$name} = 1;
- }
+ my %paramhash;
+ $paramhash{$_} = 1 for @names;
# check for missing parameters
- foreach my $name (@parmsrequired) {
- if ( ( !exists $paramhash{$name} ) ) {
- $out->{'message'} = "missing $name parameter";
+ for ( @parmsrequired ) {
+ unless ( exists $paramhash{$_} ) {
+ $out->{'code'} = "MissingParameter";
+ $out->{'message'} = "The required parameter ".$_." is missing.";
}
}
# check for illegal parameters
- foreach my $name (@names) {
+ for my $name ( @names ) {
my $found = 0;
- foreach my $name2 (@parmsall) {
+ for my $name2 (@parmsall) {
if ( $name eq $name2 ) {
$found = 1;
}
}
- if ( ( $found == 0 ) && ( $name ne 'service' ) ) {
- $out->{'message'} = "$name is an illegal parameter";
+ if ( $found == 0 && $name ne 'service' ) {
+ $out->{'code'} = "IllegalParameter";
+ $out->{'message'} = "The parameter ".$name." is illegal.";
}
}
# check for multiple parameters
- foreach my $name (@names) {
- my @values = $cgi->param($name);
+ for ( @names ) {
+ my @values = $cgi->param($_);
if ( $#values != 0 ) {
- $out->{'message'} = "multiple values are not allowed for the $name parameter";
+ $out->{'code'} = "MultipleValuesNotAllowed";
+ $out->{'message'} = "Multiple values not allowed for the parameter ".$_.".";
}
}
}
# Output XML by passing the hashref to XMLOut
+binmode STDOUT, ':encoding(UTF-8)';
print CGI::header('-type'=>'text/xml', '-charset'=>'utf-8');
print XMLout(
$out,
noattr => 1,
- noescape => 1,
nosort => 1,
xmldecl => '<?xml version="1.0" encoding="UTF-8" ?>',
RootName => $service,
SuppressEmpty => 1
);
+exit 0;