added new CORS headers and minified API controllers

composer.json

@@ -5,6 +5,8 @@
         "php": "^7.1.3",
         "ext-ctype": "*",
         "ext-iconv": "*",
+        "ext-json": "*",
+        "ext-zip": "*",
         "friendsofsymfony/user-bundle": "~2.0",
         "sensio/framework-extra-bundle": "^5.5",
         "symfony/apache-pack": "^1.0",
@@ -30,9 +32,7 @@
         "symfony/validator": "4.4.*",
         "symfony/web-link": "4.4.*",
         "symfony/yaml": "4.4.*",
-        "twig/extensions": "^1.5",
-      "ext-zip": "*",
-      "ext-json": "*"
+        "twig/extensions": "^1.5"
     },
     "require-dev": {
         "symfony/debug-pack": "*",

composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "29d1aa8df75c0d7d3c43ab8479d06ac0",
+    "content-hash": "785f573daf8c5b84bb43546ed71f0dec",
     "packages": [
         {
             "name": "doctrine/annotations",
@@ -1178,6 +1178,7 @@
                 "reflection",
                 "static"
             ],
+            "abandoned": "roave/better-reflection",
             "time": "2020-03-27T11:06:43+00:00"
         },
         {
@@ -7647,7 +7648,9 @@
     "platform": {
         "php": "^7.1.3",
         "ext-ctype": "*",
-        "ext-iconv": "*"
+        "ext-iconv": "*",
+        "ext-json": "*",
+        "ext-zip": "*"
     },
     "platform-dev": [],
     "plugin-api-version": "1.1.0"

config/services.yaml

@@ -33,5 +33,9 @@ services:
         resource: '../src/Controller'
         tags: ['controller.service_arguments']
 
+    App\Listener\CorsListener:
+        tags:
+            - { name: kernel.event_listener, event: kernel.response, method: onKernelResponse }
+
     # add more service definitions when explicit configuration is needed
     # please note that last definitions always *replace* previous ones

phpunit.xml.dist

@@ -13,6 +13,10 @@
         <server name="SHELL_VERBOSITY" value="-1" />
         <server name="SYMFONY_PHPUNIT_REMOVE" value="" />
         <server name="SYMFONY_PHPUNIT_VERSION" value="7.5" />
+
+        <!-- ###+ nelmio/cors-bundle ### -->
+        <env name="CORS_ALLOW_ORIGIN" value="^https?://(localhost|127\.0\.0\.1)(:[0-9]+)?$"/>
+        <!-- ###- nelmio/cors-bundle ### -->
     </php>
 
     <testsuites>

src/Controller/API/APIClientController.php

@@ -35,7 +35,6 @@ class APIClientController extends AbstractController
         $data['patchVersion'] = $latestVersion->getPatchVersion();
 
         $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-        $response->headers->set('Access-Control-Allow-Origin', '*');
         return $response;
     }
 }

src/Controller/API/APIDiscoveryController.php

@@ -51,7 +51,6 @@ class APIDiscoveryController extends AbstractController
         }
 
         $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-        $response->headers->set('Access-Control-Allow-Origin', '*');
         return $response;
     }
 
@@ -87,7 +86,6 @@ class APIDiscoveryController extends AbstractController
         }
 
         $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-        $response->headers->set('Access-Control-Allow-Origin', '*');
         return $response;
     }
 
@@ -102,7 +100,6 @@ class APIDiscoveryController extends AbstractController
         $data = [];
 
         $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => []]);
-        $response->headers->set('Access-Control-Allow-Origin', '*');
         return $response;
     }
 
@@ -176,7 +173,6 @@ class APIDiscoveryController extends AbstractController
         }
 
         $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-        $response->headers->set('Access-Control-Allow-Origin', '*');
         return $response;
     }
 
@@ -190,9 +186,9 @@ class APIDiscoveryController extends AbstractController
         $baseUrl = $request->getScheme() . '://' . $request->getHttpHost() . $request->getBasePath();
 
         $jsonBody = json_decode($request->getContent(), true);
+
         if($jsonBody == NULL) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
 
@@ -259,7 +255,6 @@ class APIDiscoveryController extends AbstractController
         }
 
         $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-        $response->headers->set('Access-Control-Allow-Origin', '*');
         return $response;
     }
 
@@ -299,7 +294,6 @@ class APIDiscoveryController extends AbstractController
         }
 
         $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-        $response->headers->set('Access-Control-Allow-Origin', '*');
         return $response;
     }
 }

src/Controller/API/APIPingController.php

@@ -26,7 +26,6 @@ class APIPingController extends AbstractController
     public function ping()
     {
         $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'pong' => true]);
-        $response->headers->set('Access-Control-Allow-Origin', '*');
         return $response;
     }
 }

src/Controller/API/APIPromosController.php

@@ -32,7 +32,6 @@ class APIPromosController extends AbstractController
 
         if(!$results) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             foreach($results as $result) {
@@ -52,7 +51,6 @@ class APIPromosController extends AbstractController
             }
     
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }

src/Controller/API/APISongController.php

@@ -39,7 +39,6 @@ class APISongController extends AbstractController
 
         if(!$result) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $result->setViews($result->getViews() + 1);
@@ -52,7 +51,6 @@ class APISongController extends AbstractController
             $data['paths']['zip'] = $this->generateUrl('api.songs.download', array('id' => $result->getId()), UrlGeneratorInterface::ABSOLUTE_URL);
     
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }
@@ -77,7 +75,6 @@ class APISongController extends AbstractController
 
         if(!$resultSong) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $resultReviewAverage = $em->getRepository(SongReview::class)->getAveragebyID($resultSong->getId());
@@ -90,7 +87,6 @@ class APISongController extends AbstractController
             }
     
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }
@@ -115,7 +111,6 @@ class APISongController extends AbstractController
 
         if(!$resultSong) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $resultSpinPlays = $em->getRepository(SongSpinPlay::class)->findBy(array('song' => $resultSong, 'isActive' => true), array('submitDate' => 'DESC'));
@@ -125,7 +120,6 @@ class APISongController extends AbstractController
             }
     
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }
@@ -145,7 +139,6 @@ class APISongController extends AbstractController
 
         if(!$result) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             try {
@@ -176,13 +169,11 @@ class APISongController extends AbstractController
                 $response->headers->set('Content-length', filesize($zipLocation.$zipName));
             } catch(Exception $e) {
                 $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 500, 'data' => []]);
-                $response->headers->set('Access-Control-Allow-Origin', '*');
                 return $response;
             }
         
             @unlink($zipLocation.$zipName);
-        
-            $response->headers->set('Access-Control-Allow-Origin', '*');
+
             return $response;
         }
     }

src/Controller/API/APISongPlaylistController.php

@@ -30,19 +30,28 @@ class APISongPlaylistController extends AbstractController
         $em = $this->getDoctrine()->getManager();
         $data = [];
 
-        $result = $em->getRepository(SongPlaylist::class)->findOneBy(array('id' => $id, 'publicationStatus' => array(0, 1, 2)));
+        $result = $em->getRepository(SongPlaylist::class)->findOneBy(array('id' => $id));
         $baseUrl = $request->getScheme() . '://' . $request->getHttpHost() . $request->getBasePath();
 
         if(!$result) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $data = $result->getJSON();
             $data['paths']['cover'] = $baseUrl."/uploads/cover/".$result->getFileReference().".png";
 
+            // Add needed paths for display
+            foreach($data['songs'] as $songKey => $songItem) {
+                $songItem['cover'] = $baseUrl."/uploads/thumbnail/".$songItem['fileReference'].".jpg";
+                $songItem['zip'] = $this->generateUrl('api.songs.download', array('id' => $songItem['id']), UrlGeneratorInterface::ABSOLUTE_URL);
+
+                // TODO: Remove this (Botched for SSSO)
+                $songItem['currentVersion'] = md5_file($this->getParameter('srtb_path').DIRECTORY_SEPARATOR.$songItem['fileReference'].".srtb");
+
+                $data['songs'][$songKey] = $songItem;
+            }
+
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }

src/Controller/API/APIStreamStatusController.php

@@ -64,7 +64,6 @@ class APIStreamStatusController extends AbstractController
         }
 
         $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => $successful ? 200 : 500, 'data' => $data]);
-        $response->headers->set('Access-Control-Allow-Origin', '*');
         return $response;
     }
 }

src/Controller/API/APIUserController.php

@@ -35,7 +35,6 @@ class APIUserController extends AbstractController
 
         if(!$result) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $data['id'] = $result->getId();
@@ -73,7 +72,6 @@ class APIUserController extends AbstractController
             }
     
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }
@@ -92,7 +90,6 @@ class APIUserController extends AbstractController
 
         if(!$result) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             // Get User Lists
@@ -119,7 +116,6 @@ class APIUserController extends AbstractController
             }
     
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }
@@ -138,7 +134,6 @@ class APIUserController extends AbstractController
 
         if(!$result) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $resultsReviews = $em->getRepository(SongReview::class)->findBy(array('user' => $result->getId()), array('reviewDate' => 'DESC'));
@@ -148,7 +143,6 @@ class APIUserController extends AbstractController
             }
     
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }
@@ -167,7 +161,6 @@ class APIUserController extends AbstractController
 
         if(!$result) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $resultsReviews = $em->getRepository(SongPlaylist::class)->findBy(array('user' => $result->getId()), array('id' => 'DESC'));
@@ -177,7 +170,6 @@ class APIUserController extends AbstractController
             }
     
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }
@@ -196,7 +188,6 @@ class APIUserController extends AbstractController
 
         if(!$result) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $resultsSpinPlays = $em->getRepository(SongSpinPlay::class)->findBy(array('user' => $result->getId(), 'isActive' => true), array('submitDate' => 'DESC'));
@@ -206,7 +197,6 @@ class APIUserController extends AbstractController
             }
     
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }

src/Controller/API/Connect/APIConnectController.php

@@ -35,11 +35,9 @@ class APIConnectController extends AbstractController
             $em->flush();
 
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $newCode]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }
@@ -57,7 +55,6 @@ class APIConnectController extends AbstractController
 
         if($connectCode == "" || $connectAppApiKey == "") {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 400, 'data' => ["connectCode" => $connectCode, "connectAppApiKey" => $connectAppApiKey]]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
 
@@ -83,11 +80,9 @@ class APIConnectController extends AbstractController
             $em->flush();
 
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $newConnectToken]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }
@@ -107,11 +102,9 @@ class APIConnectController extends AbstractController
 
         if($connectToken != "" && $connection) {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }

src/Controller/API/Connect/APIConnectReviewsController.php

@@ -34,7 +34,6 @@ class APIConnectReviewsController extends AbstractController
         // 422 - Parameter Missing
         if($connectToken == "") {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 422, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
 
@@ -47,7 +46,6 @@ class APIConnectReviewsController extends AbstractController
             // 404 - Song not Found
             if(!$songToReview) {
                 $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-                $response->headers->set('Access-Control-Allow-Origin', '*');
                 return $response;
             }
 
@@ -55,17 +53,14 @@ class APIConnectReviewsController extends AbstractController
             
             if($previousReview) {
                 $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $previousReview->getJSON()]);
-                $response->headers->set('Access-Control-Allow-Origin', '*');
                 return $response;
             } else {
                 $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-                $response->headers->set('Access-Control-Allow-Origin', '*');
                 return $response;
             }
         } else {
             // 403 - Not Authenticated
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 403, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }
@@ -87,7 +82,6 @@ class APIConnectReviewsController extends AbstractController
         // 422 - Parameter Missing
         if($connectToken == "" || $reviewRecommend == "" || $songID == "") {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 422, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
 
@@ -101,7 +95,6 @@ class APIConnectReviewsController extends AbstractController
             // 404 - Song not Found
             if(!$songToReview) {
                 $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 404, 'data' => []]);
-                $response->headers->set('Access-Control-Allow-Origin', '*');
                 return $response;
             }
 
@@ -117,7 +110,6 @@ class APIConnectReviewsController extends AbstractController
                 $em->flush();
 
                 $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => []]);
-                $response->headers->set('Access-Control-Allow-Origin', '*');
                 return $response;
             } else {
                 // Create new Review
@@ -142,13 +134,11 @@ class APIConnectReviewsController extends AbstractController
                 $em->flush();
 
                 $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 201, 'data' => []]);
-                $response->headers->set('Access-Control-Allow-Origin', '*');
                 return $response;
             }
         } else {
             // 403 - Not Authenticated
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 403, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }

src/Controller/API/Connect/APIConnectUserController.php

@@ -31,7 +31,6 @@ class APIConnectUserController extends AbstractController
 
         if($connectToken == "") {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 403, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
 
@@ -49,11 +48,9 @@ class APIConnectUserController extends AbstractController
             }
 
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         } else {
             $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 403, 'data' => []]);
-            $response->headers->set('Access-Control-Allow-Origin', '*');
             return $response;
         }
     }

src/Controller/API/Tournament/APITournamentController.php

@@ -25,7 +25,7 @@ class APITournamentController extends AbstractController
         $baseUrl = $request->getScheme() . '://' . $request->getHttpHost() . $request->getBasePath();
 
         // Botch
-        $tournamentPlaylist = $em->getRepository(SongPlaylist::class)->findOneBy(array('id' => "4"));
+        $tournamentPlaylist = $em->getRepository(SongPlaylist::class)->findOneBy(array('id' => "84"));
 
         foreach($tournamentPlaylist->getSongs() as $tournamentChart) {
             $chartItem = $tournamentChart->getJSON();
@@ -39,7 +39,6 @@ class APITournamentController extends AbstractController
         }
 
         $response = new JsonResponse(['version' => $this->getParameter('api_version'), 'status' => 200, 'data' => $data]);
-        $response->headers->set('Access-Control-Allow-Origin', '*');
         return $response;
     }
 }

src/Listener/CorsListener.php

+<?php
+namespace App\Listener;
+
+use Symfony\Component\HttpKernel\Event\ResponseEvent;
+
+class CorsListener
+{
+    public function onKernelResponse(ResponseEvent $event)
+    {
+        $responseHeaders = $event->getResponse()->headers;
+
+        $responseHeaders->set('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization, access-control-allow-origin');
+        $responseHeaders->set('Access-Control-Allow-Origin', '*');
+        $responseHeaders->set('Access-Control-Expose-Headers', 'access-control-allow-origin');
+        $responseHeaders->set('Access-Control-Allow-Methods', 'POST, GET, PUT, DELETE, PATCH, OPTIONS');
+    }
+}
\ No newline at end of file

symfony.lock

@@ -96,6 +96,18 @@
     "monolog/monolog": {
         "version": "1.25.3"
     },
+    "nelmio/cors-bundle": {
+        "version": "1.5",
+        "recipe": {
+            "repo": "github.com/symfony/recipes",
+            "branch": "master",
+            "version": "1.5",
+            "ref": "6388de23860284db9acce0a7a5d9d13153bcb571"
+        },
+        "files": [
+            "./config/packages/nelmio_cors.yaml"
+        ]
+    },
     "nikic/php-parser": {
         "version": "v4.3.0"
     },