mod/api.php

   1 <?php
   2 /**
   3  * @file mod/api.php
   4  */
   5 use Friendica\App;
   6 use Friendica\Core\Config;
   7 use Friendica\Core\L10n;
   8 use Friendica\Database\DBM;
   9 use Friendica\Module\Login;
  10
  11 require_once 'include/api.php';
  12
  13 function oauth_get_client($request)
  14 {
  15
  16
  17         $params = $request->get_parameters();
  18         $token = $params['oauth_token'];
  19
  20         $r = q("SELECT `clients`.*
  21                         FROM `clients`, `tokens`
  22                         WHERE `clients`.`client_id`=`tokens`.`client_id`
  23                         AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", dbesc($token));
  24
  25         if (!DBM::is_result($r)) {
  26                 return null;
  27         }
  28
  29         return $r[0];
  30 }
  31
  32 function api_post(App $a)
  33 {
  34         if (!local_user()) {
  35                 notice(L10n::t('Permission denied.') . EOL);
  36                 return;
  37         }
  38
  39         if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) {
  40                 notice(L10n::t('Permission denied.') . EOL);
  41                 return;
  42         }
  43 }
  44
  45 function api_content(App $a)
  46 {
  47         if ($a->cmd == 'api/oauth/authorize') {
  48                 /*
  49                  * api/oauth/authorize interact with the user. return a standard page
  50                  */
  51
  52                 $a->page['template'] = "minimal";
  53
  54                 // get consumer/client from request token
  55                 try {
  56                         $request = OAuthRequest::from_request();
  57                 } catch (Exception $e) {
  58                         echo "<pre>";
  59                         var_dump($e);
  60                         killme();
  61                 }
  62
  63                 if (x($_POST, 'oauth_yes')) {
  64                         $app = oauth_get_client($request);
  65                         if (is_null($app)) {
  66                                 return "Invalid request. Unknown token.";
  67                         }
  68                         $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
  69
  70                         $verifier = md5($app['secret'] . local_user());
  71                         Config::set("oauth", $verifier, local_user());
  72
  73                         if ($consumer->callback_url != null) {
  74                                 $params = $request->get_parameters();
  75                                 $glue = "?";
  76                                 if (strstr($consumer->callback_url, $glue)) {
  77                                         $glue = "?";
  78                                 }
  79                                 goaway($consumer->callback_url . $glue . "oauth_token=" . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . OAuthUtil::urlencode_rfc3986($verifier));
  80                                 killme();
  81                         }
  82
  83                         $tpl = get_markup_template("oauth_authorize_done.tpl");
  84                         $o = replace_macros($tpl, [
  85                                 '$title' => L10n::t('Authorize application connection'),
  86                                 '$info' => L10n::t('Return to your app and insert this Securty Code:'),
  87                                 '$code' => $verifier,
  88                         ]);
  89
  90                         return $o;
  91                 }
  92
  93                 if (!local_user()) {
  94                         /// @TODO We need login form to redirect to this page
  95                         notice(L10n::t('Please login to continue.') . EOL);
  96                         return Login::form($a->query_string, false, $request->get_parameters());
  97                 }
  98                 //FKOAuth1::loginUser(4);
  99
 100                 $app = oauth_get_client($request);
 101                 if (is_null($app)) {
 102                         return "Invalid request. Unknown token.";
 103                 }
 104
 105                 $tpl = get_markup_template('oauth_authorize.tpl');
 106                 $o = replace_macros($tpl, [
 107                         '$title' => L10n::t('Authorize application connection'),
 108                         '$app' => $app,
 109                         '$authorize' => L10n::t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
 110                         '$yes' => L10n::t('Yes'),
 111                         '$no' => L10n::t('No'),
 112                 ]);
 113
 114                 return $o;
 115         }
 116
 117         echo api_call($a);
 118         killme();
 119 }