mod/api.php

   1 <?php
   2 /**
   3  * @file mod/api.php
   4  */
   5 use Friendica\App;
   6 use Friendica\Core\Config;
   7 use Friendica\Core\L10n;
   8 use Friendica\Core\Renderer;
   9 use Friendica\Core\System;
  10 use Friendica\Database\DBA;
  11 use Friendica\Module\Login;
  12
  13 require_once 'include/api.php';
  14
  15 function oauth_get_client($request)
  16 {
  17
  18
  19         $params = $request->get_parameters();
  20         $token = $params['oauth_token'];
  21
  22         $r = q("SELECT `clients`.*
  23                         FROM `clients`, `tokens`
  24                         WHERE `clients`.`client_id`=`tokens`.`client_id`
  25                         AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", DBA::escape($token));
  26
  27         if (!DBA::isResult($r)) {
  28                 return null;
  29         }
  30
  31         return $r[0];
  32 }
  33
  34 function api_post(App $a)
  35 {
  36         if (!local_user()) {
  37                 notice(L10n::t('Permission denied.') . EOL);
  38                 return;
  39         }
  40
  41         if (count($a->user) && !empty($a->user['uid']) && $a->user['uid'] != local_user()) {
  42                 notice(L10n::t('Permission denied.') . EOL);
  43                 return;
  44         }
  45 }
  46
  47 function api_content(App $a)
  48 {
  49         if ($a->cmd == 'api/oauth/authorize') {
  50                 /*
  51                  * api/oauth/authorize interact with the user. return a standard page
  52                  */
  53
  54                 $a->page['template'] = "minimal";
  55
  56                 // get consumer/client from request token
  57                 try {
  58                         $request = OAuthRequest::from_request();
  59                 } catch (Exception $e) {
  60                         echo "<pre>";
  61                         var_dump($e);
  62                         killme();
  63                 }
  64
  65                 if (!empty($_POST['oauth_yes'])) {
  66                         $app = oauth_get_client($request);
  67                         if (is_null($app)) {
  68                                 return "Invalid request. Unknown token.";
  69                         }
  70                         $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
  71
  72                         $verifier = md5($app['secret'] . local_user());
  73                         Config::set("oauth", $verifier, local_user());
  74
  75                         if ($consumer->callback_url != null) {
  76                                 $params = $request->get_parameters();
  77                                 $glue = "?";
  78                                 if (strstr($consumer->callback_url, $glue)) {
  79                                         $glue = "?";
  80                                 }
  81                                 $a->internalRedirect($consumer->callback_url . $glue . 'oauth_token=' . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . '&oauth_verifier=' . OAuthUtil::urlencode_rfc3986($verifier));
  82                                 killme();
  83                         }
  84
  85                         $tpl = Renderer::getMarkupTemplate("oauth_authorize_done.tpl");
  86                         $o = Renderer::replaceMacros($tpl, [
  87                                 '$title' => L10n::t('Authorize application connection'),
  88                                 '$info' => L10n::t('Return to your app and insert this Securty Code:'),
  89                                 '$code' => $verifier,
  90                         ]);
  91
  92                         return $o;
  93                 }
  94
  95                 if (!local_user()) {
  96                         /// @TODO We need login form to redirect to this page
  97                         notice(L10n::t('Please login to continue.') . EOL);
  98                         return Login::form($a->query_string, false, $request->get_parameters());
  99                 }
 100                 //FKOAuth1::loginUser(4);
 101
 102                 $app = oauth_get_client($request);
 103                 if (is_null($app)) {
 104                         return "Invalid request. Unknown token.";
 105                 }
 106
 107                 $tpl = Renderer::getMarkupTemplate('oauth_authorize.tpl');
 108                 $o = Renderer::replaceMacros($tpl, [
 109                         '$title' => L10n::t('Authorize application connection'),
 110                         '$app' => $app,
 111                         '$authorize' => L10n::t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
 112                         '$yes' => L10n::t('Yes'),
 113                         '$no' => L10n::t('No'),
 114                 ]);
 115
 116                 return $o;
 117         }
 118
 119         echo api_call($a);
 120         killme();
 121 }