<?php
/*
* Laconica - a distributed open-source microblogging tool
- * Copyright (C) 2008, Controlez-Vous, Inc.
+ * Copyright (C) 2008, Control Yourself, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
if (!defined('LACONICA')) { exit(1); }
-class ApiAction extends Action {
+class ApiAction extends Action
+{
var $user;
var $content_type;
var $api_method;
var $api_action;
- function handle($args) {
+ function handle($args)
+ {
parent::handle($args);
$this->api_action = $this->arg('apiaction');
$this->process_command();
} else {
# basic authentication failed
+ common_log(LOG_WARNING, "Failed API auth attempt, nickname: $nickname.");
$this->show_basic_auth_error();
}
}
} else {
- # Look for the user in the session
- if (common_logged_in()) {
- $this->user = common_current_user();
- }
+ # Caller might give us a username even if not required
+ if (isset($_SERVER['PHP_AUTH_USER'])) {
+ $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
+ if ($user) {
+ $this->user = $user;
+ }
+ # Twitter doesn't throw an error if the user isn't found
+ }
$this->process_command();
}
}
- function process_command() {
+ function process_command()
+ {
$action = "twitapi$this->api_action";
$actionfile = INSTALLDIR."/actions/$action.php";
call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata);
} else {
- common_user_error("API method not found!", $code=404);
+ $this->clientError("API method not found!", $code=404);
}
} else {
- common_user_error("API method not found!", $code=404);
+ $this->clientError("API method not found!", $code=404);
}
}
# Whitelist of API methods that don't need authentication
- function requires_auth() {
+ function requires_auth()
+ {
static $noauth = array( 'statuses/public_timeline',
'statuses/show',
'users/show',
'help/test',
- 'help/downtime_schedule');
+ 'help/downtime_schedule',
+ 'laconica/version',
+ 'laconica/config',
+ 'laconica/wadl');
static $bareauth = array('statuses/user_timeline',
+ 'statuses/friends_timeline',
'statuses/friends',
+ 'statuses/replies',
+ 'statuses/mentions',
'statuses/followers',
'favorites/favorites');
- # If the site is "private", all API methods need authentication
+ $fullname = "$this->api_action/$this->api_method";
+ // If the site is "private", all API methods except laconica/config
+ // need authentication
if (common_config('site', 'private')) {
- return true;
+ return $fullname != 'laconica/config' || false;
}
- $fullname = "$this->api_action/$this->api_method";
-
if (in_array($fullname, $bareauth)) {
- # bareauth: only needs auth if without an argument
- if ($this->api_arg) {
+ # bareauth: only needs auth if without an argument or query param specifying user
+ if ($this->api_arg || $this->arg('id') || is_numeric($this->arg('user_id')) || $this->arg('screen_name')) {
return false;
} else {
return true;
}
}
- function show_basic_auth_error() {
+ function show_basic_auth_error()
+ {
header('HTTP/1.1 401 Unauthorized');
$msg = 'Could not authenticate you.';
if ($this->content_type == 'xml') {
header('Content-Type: application/xml; charset=utf-8');
- common_start_xml();
- common_element_start('hash');
- common_element('error', null, $msg);
- common_element('request', null, $_SERVER['REQUEST_URI']);
- common_element_end('hash');
- common_end_xml();
+ $this->startXML();
+ $this->elementStart('hash');
+ $this->element('error', null, $msg);
+ $this->element('request', null, $_SERVER['REQUEST_URI']);
+ $this->elementEnd('hash');
+ $this->endXML();
} else if ($this->content_type == 'json') {
header('Content-Type: application/json; charset=utf-8');
$error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']);
}
}
- function is_readonly() {
- # NOTE: before handle(), can't use $this->arg
- $apiaction = $_REQUEST['apiaction'];
- $method = $_REQUEST['method'];
+ function isReadOnly($args)
+ {
+ $apiaction = $args['apiaction'];
+ $method = $args['method'];
+
list($cmdtext, $fmt) = explode('.', $method);
static $write_methods = array(
return false;
}
-
}