mod/api.php

   1 <?php
   2 /**
   3  * @file mod/api.php
   4  */
   5 use Friendica\App;
   6 use Friendica\Core\Config;
   7 use Friendica\Core\L10n;
   8 use Friendica\Core\Renderer;
   9 use Friendica\Database\DBA;
  10 use Friendica\Module\Login;
  11
  12 require_once 'include/api.php';
  13
  14 function oauth_get_client(OAuthRequest $request)
  15 {
  16         $params = $request->get_parameters();
  17         $token = $params['oauth_token'];
  18
  19         $r = q("SELECT `clients`.*
  20                         FROM `clients`, `tokens`
  21                         WHERE `clients`.`client_id`=`tokens`.`client_id`
  22                         AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", DBA::escape($token));
  23
  24         if (!DBA::isResult($r)) {
  25                 return null;
  26         }
  27
  28         return $r[0];
  29 }
  30
  31 function api_post(App $a)
  32 {
  33         if (!local_user()) {
  34                 notice(L10n::t('Permission denied.') . EOL);
  35                 return;
  36         }
  37
  38         if (count($a->user) && !empty($a->user['uid']) && $a->user['uid'] != local_user()) {
  39                 notice(L10n::t('Permission denied.') . EOL);
  40                 return;
  41         }
  42 }
  43
  44 function api_content(App $a)
  45 {
  46         if ($a->cmd == 'api/oauth/authorize') {
  47                 /*
  48                  * api/oauth/authorize interact with the user. return a standard page
  49                  */
  50
  51                 $a->page['template'] = "minimal";
  52
  53                 // get consumer/client from request token
  54                 try {
  55                         $request = OAuthRequest::from_request();
  56                 } catch (Exception $e) {
  57                         echo "<pre>";
  58                         var_dump($e);
  59                         exit();
  60                 }
  61
  62                 if (!empty($_POST['oauth_yes'])) {
  63                         $app = oauth_get_client($request);
  64                         if (is_null($app)) {
  65                                 return "Invalid request. Unknown token.";
  66                         }
  67                         $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
  68
  69                         $verifier = md5($app['secret'] . local_user());
  70                         Config::set("oauth", $verifier, local_user());
  71
  72                         if ($consumer->callback_url != null) {
  73                                 $params = $request->get_parameters();
  74                                 $glue = "?";
  75                                 if (strstr($consumer->callback_url, $glue)) {
  76                                         $glue = "?";
  77                                 }
  78                                 $a->internalRedirect($consumer->callback_url . $glue . 'oauth_token=' . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . '&oauth_verifier=' . OAuthUtil::urlencode_rfc3986($verifier));
  79                                 exit();
  80                         }
  81
  82                         $tpl = Renderer::getMarkupTemplate("oauth_authorize_done.tpl");
  83                         $o = Renderer::replaceMacros($tpl, [
  84                                 '$title' => L10n::t('Authorize application connection'),
  85                                 '$info' => L10n::t('Return to your app and insert this Securty Code:'),
  86                                 '$code' => $verifier,
  87                         ]);
  88
  89                         return $o;
  90                 }
  91
  92                 if (!local_user()) {
  93                         /// @TODO We need login form to redirect to this page
  94                         notice(L10n::t('Please login to continue.') . EOL);
  95                         return Login::form($a->query_string, false, $request->get_parameters());
  96                 }
  97                 //FKOAuth1::loginUser(4);
  98
  99                 $app = oauth_get_client($request);
 100                 if (is_null($app)) {
 101                         return "Invalid request. Unknown token.";
 102                 }
 103
 104                 $tpl = Renderer::getMarkupTemplate('oauth_authorize.tpl');
 105                 $o = Renderer::replaceMacros($tpl, [
 106                         '$title' => L10n::t('Authorize application connection'),
 107                         '$app' => $app,
 108                         '$authorize' => L10n::t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
 109                         '$yes' => L10n::t('Yes'),
 110                         '$no' => L10n::t('No'),
 111                 ]);
 112
 113                 return $o;
 114         }
 115
 116         echo api_call($a);
 117         exit();
 118 }