3 * StatusNet - the distributed open-source microblogging tool
4 * Copyright (C) 2011, StatusNet, Inc.
6 * An action that requires an API key
10 * This program is free software: you can redistribute it and/or modify
11 * it under the terms of the GNU Affero General Public License as published by
12 * the Free Software Foundation, either version 3 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Affero General Public License for more details.
20 * You should have received a copy of the GNU Affero General Public License
21 * along with this program. If not, see <http://www.gnu.org/licenses/>.
23 * @category DomainStatusNetwork
25 * @author Evan Prodromou <evan@status.net>
26 * @copyright 2011 StatusNet, Inc.
27 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
28 * @link http://status.net/
31 if (!defined('STATUSNET')) {
32 // This check helps protect against security problems;
33 // your code file can't be executed directly from the web.
38 * An action that requires an API key
42 * @author Evan Prodromou <evan@status.net>
43 * @copyright 2011 StatusNet, Inc.
44 * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
45 * @link http://status.net/
48 class GlobalApiAction extends Action
53 * Check for an API key, and throw an exception if it's not set
55 * @param array $args URL and POST params
57 * @return boolean continuation flag
60 function prepare(array $args=array())
62 GNUsocial::setApi(true); // reduce exception reports to aid in debugging
64 parent::prepare($args);
66 if (!common_config('globalapi', 'enabled')) {
67 throw new ClientException(_('Global API not enabled.'), 403);
70 $apikey = $this->trimmed('apikey');
73 throw new ClientException(_('No API key.'), 403);
76 $expected = common_config('globalapi', 'key');
78 if ($expected != $apikey) {
79 // FIXME: increment a counter by IP address to prevent brute-force
80 // attacks on the key.
81 throw new ClientException(_('Bad API key.'), 403);
84 $email = common_canonical_email($this->trimmed('email'));
87 throw new ClientException(_('No email address.'));
90 if (!Validate::email($email, common_config('email', 'check_domain'))) {
91 throw new ClientException(_('Invalid email address.'));
94 $this->email = $email;
99 function showError($message, $code=400)
101 $this->showOutput(array('error' => $message), $code);
104 function showSuccess($values=null, $code=200)
106 if (empty($values)) {
109 $values['success'] = 1;
110 $this->showOutput($values, $code);
113 function showOutput($values, $code)
115 if (array_key_exists($code, ClientErrorAction::$status)) {
116 $status_string = ClientErrorAction::$status[$code];
117 } else if (array_key_exists($code, ServerErrorAction::$status)) {
118 $status_string = ServerErrorAction::$status[$code];
122 $status_string = ServerErrorAction::$status[$code];
125 header('HTTP/1.1 '.$code.' '.$status_string);
127 header('Content-Type: application/json; charset=utf-8');
128 print(json_encode($values));