refactor the fix for making api routes really public

ot_admin/Classes/Middleware/OtBackendUserAuthenticator.php

@@ -1,36 +0,0 @@
-<?php
-namespace Opentalent\OtAdmin\Middleware;
-
-use Opentalent\OtAdmin\Http\ApiController;
-use TYPO3\CMS\Backend\Middleware\BackendUserAuthenticator;
-
-/**
- * Overrides (XClass) the core BackendUserAuthenticator middleware to extend
- * the public routes to the /otadmin/* routes (only for authorized Ips)
- *
- * @internal
- */
-class OtBackendUserAuthenticator extends BackendUserAuthenticator
-{
-    /**
-     * Check if the user is required for the request
-     * If we're trying to do a login or an ajax login, don't require a user
-     *
-     * @param string $routePath the Route path to check against
-     * @return bool whether the request can proceed without a login required
-     */
-    protected function isLoggedInBackendUserRequired(string $routePath): bool
-    {
-        $isOtAdminRoute = (bool)preg_match('/\/otadmin\/.+/', $routePath);
-        $ipAllowed = ApiController::isIpAllowed($_SERVER['REMOTE_ADDR']);
-        if ($isOtAdminRoute) {
-            if ($ipAllowed) {
-                return true;
-            } else {
-                throw new \RuntimeException('An unauthorized IP (' . $_SERVER['REMOTE_ADDR'] . ') ' .
-                                                    'tried to run the following ot-admin command: ' . $_SERVER['QUERY_STRING']);
-            }
-        }
-        return parent::isLoggedInBackendUserRequired($routePath);
-    }
-}

ot_admin/ext_localconf.php

@@ -1,10 +0,0 @@
-<?php
-defined('TYPO3_MODE') || die();
-
-// Because of this issue https://forge.typo3.org/issues/89449,
-// we have to xclass the BackendUserAuthenticator backend middleware
-// to allow routes to be public (but restricted to authorized ips)
-$GLOBALS['TYPO3_CONF_VARS']['SYS']['Objects'][TYPO3\CMS\Backend\Middleware\BackendUserAuthenticator::class] = [
-    'className' => Opentalent\OtAdmin\Middleware\OtBackendUserAuthenticator::class
-];
-

ot_core/Classes/Http/ApiController.php

@@ -3,9 +3,7 @@
 namespace Opentalent\OtCore\Http;
 
 use PDO;
-use TYPO3\CMS\Core\Http\HtmlResponse;
 use TYPO3\CMS\Core\Http\JsonResponse;
-use TYPO3\CMS\Core\Http\Response;
 use TYPO3\CMS\Core\Http\ServerRequest;
 
 /**
@@ -22,7 +20,7 @@ class ApiController
      * from the Opentalent DB (API Platform is too slow with so many records)
      *
      * @param ServerRequest $request
-     * @throws \Exception
+     * @return JsonResponse
      */
     public function getAllStructures(ServerRequest $request)
     {

ot_core/Classes/Middleware/OtBackendUserAuthenticator.php

@@ -0,0 +1,43 @@
+<?php
+namespace Opentalent\OtCore\Middleware;
+
+use PHPUnit\Exception;
+use TYPO3\CMS\Backend\Middleware\BackendUserAuthenticator;
+
+/**
+ * Overrides (XClass) the core BackendUserAuthenticator middleware to extend
+ * the public routes to the /otadmin/* routes (only for authorized Ips)
+ *
+ * @internal
+ */
+class OtBackendUserAuthenticator extends BackendUserAuthenticator
+{
+    /**
+     * Check if the user is required for the request
+     * If we're trying to do a login or an ajax login, don't require a user
+     *
+     * @param string $routePath the Route path to check against
+     * @return bool whether the request can proceed without a login required
+     */
+    protected function isLoggedInBackendUserRequired(string $routePath): bool
+    {
+        if (class_exists('\Opentalent\OtAdmin\Http\ApiController')) {
+            // The routes defined in the ot-admin extension are limited to some ips
+            if (preg_match('/\/otadmin\/.+/', $routePath)) {
+                if (\Opentalent\OtAdmin\Http\ApiController::isIpAllowed($_SERVER['REMOTE_ADDR'])) {
+                    return true;
+                } else {
+                    throw new \RuntimeException('An unauthorized IP (' . $_SERVER['REMOTE_ADDR'] . ') ' .
+                                                        'tried to run the following ot-admin command: ' . $_SERVER['QUERY_STRING']);
+                }
+            }
+        }
+
+        // The routes defined in the ot-core extension are public
+        if (preg_match('/\/otcore\/.+/', $routePath)) {
+            return true;
+        }
+
+        return parent::isLoggedInBackendUserRequired($routePath);
+    }
+}

ot_core/ext_localconf.php

@@ -21,5 +21,12 @@ $GLOBALS['TYPO3_CONF_VARS']['LOG']['Opentalent']['OtCore']['writerConfiguration'
     ]
 ];
 
+// Because of this issue https://forge.typo3.org/issues/89449,
+// we have to xclass the BackendUserAuthenticator backend middleware
+// to allow public routes to be really public
+$GLOBALS['TYPO3_CONF_VARS']['SYS']['Objects'][TYPO3\CMS\Backend\Middleware\BackendUserAuthenticator::class] = [
+    'className' => Opentalent\OtCore\Middleware\OtBackendUserAuthenticator::class
+];
+
 
 $GLOBALS['TYPO3_CONF_VARS']['EXT']['news']['Controller/NewsController.php']['createDemandObjectFromSettings'] = ['Opentalent\OtTemplating\News\NewsFilter->createDemandObjectFromSettings'];