mod/api.php

   1 <?php
   2 /**
   3  * @file mod/api.php
   4  */
   5 use Friendica\App;
   6 use Friendica\Core\Config;
   7 use Friendica\Core\L10n;
   8 use Friendica\Core\System;
   9 use Friendica\Database\DBA;
  10 use Friendica\Module\Login;
  11
  12 require_once 'include/api.php';
  13
  14 function oauth_get_client($request)
  15 {
  16
  17
  18         $params = $request->get_parameters();
  19         $token = $params['oauth_token'];
  20
  21         $r = q("SELECT `clients`.*
  22                         FROM `clients`, `tokens`
  23                         WHERE `clients`.`client_id`=`tokens`.`client_id`
  24                         AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", DBA::escape($token));
  25
  26         if (!DBA::isResult($r)) {
  27                 return null;
  28         }
  29
  30         return $r[0];
  31 }
  32
  33 function api_post(App $a)
  34 {
  35         if (!local_user()) {
  36                 notice(L10n::t('Permission denied.') . EOL);
  37                 return;
  38         }
  39
  40         if (count($a->user) && x($a->user, 'uid') && $a->user['uid'] != local_user()) {
  41                 notice(L10n::t('Permission denied.') . EOL);
  42                 return;
  43         }
  44 }
  45
  46 function api_content(App $a)
  47 {
  48         if ($a->cmd == 'api/oauth/authorize') {
  49                 /*
  50                  * api/oauth/authorize interact with the user. return a standard page
  51                  */
  52
  53                 $a->page['template'] = "minimal";
  54
  55                 // get consumer/client from request token
  56                 try {
  57                         $request = OAuthRequest::from_request();
  58                 } catch (Exception $e) {
  59                         echo "<pre>";
  60                         var_dump($e);
  61                         killme();
  62                 }
  63
  64                 if (x($_POST, 'oauth_yes')) {
  65                         $app = oauth_get_client($request);
  66                         if (is_null($app)) {
  67                                 return "Invalid request. Unknown token.";
  68                         }
  69                         $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
  70
  71                         $verifier = md5($app['secret'] . local_user());
  72                         Config::set("oauth", $verifier, local_user());
  73
  74                         if ($consumer->callback_url != null) {
  75                                 $params = $request->get_parameters();
  76                                 $glue = "?";
  77                                 if (strstr($consumer->callback_url, $glue)) {
  78                                         $glue = "?";
  79                                 }
  80                                 $a->internalRedirect($consumer->callback_url . $glue . 'oauth_token=' . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . '&oauth_verifier=' . OAuthUtil::urlencode_rfc3986($verifier));
  81                                 killme();
  82                         }
  83
  84                         $tpl = get_markup_template("oauth_authorize_done.tpl");
  85                         $o = replace_macros($tpl, [
  86                                 '$title' => L10n::t('Authorize application connection'),
  87                                 '$info' => L10n::t('Return to your app and insert this Securty Code:'),
  88                                 '$code' => $verifier,
  89                         ]);
  90
  91                         return $o;
  92                 }
  93
  94                 if (!local_user()) {
  95                         /// @TODO We need login form to redirect to this page
  96                         notice(L10n::t('Please login to continue.') . EOL);
  97                         return Login::form($a->query_string, false, $request->get_parameters());
  98                 }
  99                 //FKOAuth1::loginUser(4);
 100
 101                 $app = oauth_get_client($request);
 102                 if (is_null($app)) {
 103                         return "Invalid request. Unknown token.";
 104                 }
 105
 106                 $tpl = get_markup_template('oauth_authorize.tpl');
 107                 $o = replace_macros($tpl, [
 108                         '$title' => L10n::t('Authorize application connection'),
 109                         '$app' => $app,
 110                         '$authorize' => L10n::t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
 111                         '$yes' => L10n::t('Yes'),
 112                         '$no' => L10n::t('No'),
 113                 ]);
 114
 115                 return $o;
 116         }
 117
 118         echo api_call($a);
 119         killme();
 120 }