Fever API: Allow to select the database

Utilize apaches mod_rewrite to append a database parameter to the fever
api script based on the requested URL. Basically everything after
/fever/ is treated as the desired database. E.g. using
https://www.miniflux.net/fever/custom.sqlite/ as server url selects this
database as sync source/target.

The user supplied database parameter is compared with the output of
Model\Database\get_all(), which ensures that only files within the
DATA_DIRECTORY can be referenced (prevents File Inclusion/Directory
Traversal vulnerabilities).

I've tested it against Reeder on iOS. Note that Reeder does not allow
the same user name to be used multiple times within the same domain
name, even if the used URLs are different.

fever/.htaccess

@@ -0,0 +1,13 @@
+RewriteEngine on
+
+RewriteBase /
+
+# only if the requested file does not exists
+RewriteCond %{REQUEST_FILENAME} !-f
+
+# Store the current location in an environment variable CWD
+RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$
+RewriteRule ^.*$ - [E=CWD:%2]
+
+# Just by prefixing the environment variable, we can safely rewrite anything now
+RewriteRule ^([^/]*) %{ENV:CWD}index.php?database=$1 [QSA,L]

fever/index.php

@@ -29,6 +29,10 @@ function response(array $response)
 // Fever authentication
 function auth()
 {
+    if (!empty($_GET['database'])) {
+        Model\Database\select($_GET['database']);
+    }
+    
     $credentials = Database::get('db')->table('config')
                        ->columns('username', 'fever_token')
                        ->findOne();