mod/api.php

   1 <?php
   2 /**
   3  * @file mod/api.php
   4  */
   5
   6 use Friendica\App;
   7 use Friendica\Core\Config;
   8 use Friendica\Core\L10n;
   9 use Friendica\Core\Renderer;
  10 use Friendica\Database\DBA;
  11 use Friendica\DI;
  12 use Friendica\Module\Security\Login;
  13
  14 require_once __DIR__ . '/../include/api.php';
  15
  16 function oauth_get_client(OAuthRequest $request)
  17 {
  18         $params = $request->get_parameters();
  19         $token = $params['oauth_token'];
  20
  21         $r = q("SELECT `clients`.*
  22                         FROM `clients`, `tokens`
  23                         WHERE `clients`.`client_id`=`tokens`.`client_id`
  24                         AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", DBA::escape($token));
  25
  26         if (!DBA::isResult($r)) {
  27                 return null;
  28         }
  29
  30         return $r[0];
  31 }
  32
  33 function api_post(App $a)
  34 {
  35         if (!local_user()) {
  36                 notice(DI::l10n()->t('Permission denied.') . EOL);
  37                 return;
  38         }
  39
  40         if (count($a->user) && !empty($a->user['uid']) && $a->user['uid'] != local_user()) {
  41                 notice(DI::l10n()->t('Permission denied.') . EOL);
  42                 return;
  43         }
  44 }
  45
  46 function api_content(App $a)
  47 {
  48         if (DI::args()->getCommand() == 'api/oauth/authorize') {
  49                 /*
  50                  * api/oauth/authorize interact with the user. return a standard page
  51                  */
  52
  53                 DI::page()['template'] = "minimal";
  54
  55                 // get consumer/client from request token
  56                 try {
  57                         $request = OAuthRequest::from_request();
  58                 } catch (Exception $e) {
  59                         echo "<pre>";
  60                         var_dump($e);
  61                         exit();
  62                 }
  63
  64                 if (!empty($_POST['oauth_yes'])) {
  65                         $app = oauth_get_client($request);
  66                         if (is_null($app)) {
  67                                 return "Invalid request. Unknown token.";
  68                         }
  69                         $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
  70
  71                         $verifier = md5($app['secret'] . local_user());
  72                         Config::set("oauth", $verifier, local_user());
  73
  74                         if ($consumer->callback_url != null) {
  75                                 $params = $request->get_parameters();
  76                                 $glue = "?";
  77                                 if (strstr($consumer->callback_url, $glue)) {
  78                                         $glue = "?";
  79                                 }
  80                                 DI::baseUrl()->redirect($consumer->callback_url . $glue . 'oauth_token=' . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . '&oauth_verifier=' . OAuthUtil::urlencode_rfc3986($verifier));
  81                                 exit();
  82                         }
  83
  84                         $tpl = Renderer::getMarkupTemplate("oauth_authorize_done.tpl");
  85                         $o = Renderer::replaceMacros($tpl, [
  86                                 '$title' => DI::l10n()->t('Authorize application connection'),
  87                                 '$info' => DI::l10n()->t('Return to your app and insert this Securty Code:'),
  88                                 '$code' => $verifier,
  89                         ]);
  90
  91                         return $o;
  92                 }
  93
  94                 if (!local_user()) {
  95                         /// @TODO We need login form to redirect to this page
  96                         notice(DI::l10n()->t('Please login to continue.') . EOL);
  97                         return Login::form(DI::args()->getQueryString(), false, $request->get_parameters());
  98                 }
  99                 //FKOAuth1::loginUser(4);
 100
 101                 $app = oauth_get_client($request);
 102                 if (is_null($app)) {
 103                         return "Invalid request. Unknown token.";
 104                 }
 105
 106                 $tpl = Renderer::getMarkupTemplate('oauth_authorize.tpl');
 107                 $o = Renderer::replaceMacros($tpl, [
 108                         '$title' => DI::l10n()->t('Authorize application connection'),
 109                         '$app' => $app,
 110                         '$authorize' => DI::l10n()->t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
 111                         '$yes' => DI::l10n()->t('Yes'),
 112                         '$no' => DI::l10n()->t('No'),
 113                 ]);
 114
 115                 return $o;
 116         }
 117
 118         echo api_call($a);
 119         exit();
 120 }