]> git.mxchange.org Git - quix0rs-gnu-social.git/blob - actions/api.php
projects / quix0rs-gnu-social.git / blob
? search:


69fda2e224f82cd4c77a39d28115c658f9d5a2e9
[quix0rs-gnu-social.git] / actions / api.php
1 <?php
2 /*
3  * Laconica - a distributed open-source microblogging tool
4  * Copyright (C) 2008, Controlez-Vous, Inc.
5  *
6  * This program is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU Affero General Public License as published by
8  * the Free Software Foundation, either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU Affero General Public License for more details.
15  *
16  * You should have received a copy of the GNU Affero General Public License
17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18  */
19
20 if (!defined('LACONICA')) { exit(1); }
21
22 class ApiAction extends Action {
23
24         var $user;
25         var $content_type;
26         var $api_arg;
27         var $api_method;
28         var $api_action;
29         
30         function handle($args) {
31                 parent::handle($args);
32
33                 $this->api_action = $this->arg('apiaction');
34                 $method = $this->arg('method');
35                 $argument = $this->arg('argument');
36                 
37                 if (isset($argument)) {
38                         $cmdext = explode('.', $argument);
39                         $this->api_arg =  $cmdext[0];
40                         $this->api_method = $method;
41                         $this->content_type = strtolower($cmdext[1]);
42                 } else {
43                         #content type will be an extension on the method
44                         $cmdext = explode('.', $method);
45                         $this->api_method = $cmdext[0];
46                         $this->content_type = strtolower($cmdext[1]);
47                 }
48                                                                 
49                 # XXX Maybe check to see if the command actually exists first?
50                 if($this->requires_auth()) {
51                         if (!isset($_SERVER['PHP_AUTH_USER'])) {
52                                 
53                                 # This header makes basic auth go
54                                 header('WWW-Authenticate: Basic realm="Laconica API"');
55                                 
56                                 # if the user hits cancel -- bam!
57                                 $this->show_basic_auth_error();         
58                         } else {
59                                 $nickname = $_SERVER['PHP_AUTH_USER'];
60                                 $password = $_SERVER['PHP_AUTH_PW'];
61                                 $user = common_check_user($nickname, $password);
62                                 
63                                 if ($user) {
64                                         $this->user = $user;
65                                         $this->process_command();
66                                 } else {
67                                         # basic authentication failed
68                                         $this->show_basic_auth_error();         
69                                 }                       
70                         }
71                 } else {
72                         $this->process_command();
73                 }       
74         }
75         
76         function process_command() {            
77                 $action = "twitapi$this->api_action";
78                 $actionfile = INSTALLDIR."/actions/$action.php";                
79                 if (file_exists($actionfile)) {
80                         require_once($actionfile);
81                         $action_class = ucfirst($action)."Action";
82                         $action_obj = new $action_class();
83
84                         if (method_exists($action_obj, $this->api_method)) {
85                                 
86                                 $apidata = array(       'content-type' => $this->content_type,
87                                                                         'api_method' => $this->api_method,
88                                                                         'api_arg' => $this->api_arg,
89                                                                         'user' => $this->user);
90                                 
91                                 call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata);
92                                 # all API methods should exit()
93                         }
94                 }
95                 common_user_error("API method not found!", $code=404);
96         }
97
98
99         # Whitelist of API methods that don't need authentication
100         function requires_auth() {
101                 static $noauth = array( 'statuses/public_timeline',
102                                                                 'statuses/show',
103                                                                 'help/test', 
104                                                                 'help/downtime_schedule');
105                 static $bareauth = array('statuses/user_timeline', 'statuses/friends');
106
107                 $fullname = "$this->api_action/$this->api_method";
108                 
109                 if (in_array($fullname, $bareauth)) {
110                         # bareauth: only needs auth if without an argument
111                         if ($this->api_arg) {
112                                 return false;
113                         } else {
114                                 return true;
115                         }
116                 } else if (in_array($fullname, $noauth)) {
117                         # noauth: never needs auth
118                         return false;
119                 } else {
120                         # everybody else needs auth
121                         return true;
122                 }
123         }
124         
125         function show_basic_auth_error() {
126                 header('HTTP/1.1 401 Unauthorized');
127                 header('Content-type: text/plain');
128                 print("Could not authenticate you."); # exactly what Twitter says - no \n
129                 exit();
130         }
131                 
132 }
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)