X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=src%2FModule%2FBaseApi.php;h=1d5249ac85f70481566d9d297e856fc9ddba2613;hb=99284222c1d7fb4adca9077e3057faf3b36f7180;hp=41a744b8cf18df0bf20a74bd44c80b54d3924547;hpb=bbc4fe851b30fd978e5f2e02eb587967cfea1d21;p=friendica.git diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index 41a744b8cf..1d5249ac85 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -1,6 +1,6 @@ isLoggedIn()) { - throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); - } - } - - public static function patch(array $parameters = []) - { - self::checkAllowedScope(self::SCOPE_WRITE); - - if (!DI::app()->isLoggedIn()) { - throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); - } - } - - public static function post(array $parameters = []) - { - self::checkAllowedScope(self::SCOPE_WRITE); + /** @var App */ + protected $app; - if (!DI::app()->isLoggedIn()) { - throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); - } - } + /** @var ApiResponse */ + protected $response; - public static function put(array $parameters = []) + public function __construct(App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, ApiResponse $response, array $server, array $parameters = []) { - self::checkAllowedScope(self::SCOPE_WRITE); + parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); - if (!DI::app()->isLoggedIn()) { - throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); - } + $this->app = $app; } /** - * Quit execution with the message that the endpoint isn't implemented + * Additionally checks, if the caller is permitted to do this action * - * @param string $method - * @return void + * {@inheritDoc} + * + * @throws HTTPException\ForbiddenException */ - public static function unsupported(string $method = 'all') + public function run(array $request = [], bool $scopecheck = true): ResponseInterface { - $path = DI::args()->getQueryString(); - Logger::info('Unimplemented API call', ['method' => $method, 'path' => $path, 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '', 'request' => HTTPInputData::process()]); - $error = DI::l10n()->t('API endpoint %s %s is not implemented', strtoupper($method), $path); - $error_description = DI::l10n()->t('The API endpoint is currently not implemented but might be in the future.'); - $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); - System::jsonError(501, $errorobj->toArray()); + if ($scopecheck) { + switch ($this->args->getMethod()) { + case Router::DELETE: + case Router::PATCH: + case Router::POST: + case Router::PUT: + self::checkAllowedScope(self::SCOPE_WRITE); + + if (!self::getCurrentUserID()) { + throw new HTTPException\ForbiddenException($this->t('Permission denied.')); + } + break; + } + } + + return parent::run($request); } /** * Processes data from GET requests and sets defaults * + * @param array $defaults Associative array of expected request keys and their default typed value. A null + * value will remove the request key from the resulting value array. + * @param array $request Custom REQUEST array, superglobal instead * @return array request data + * @throws \Exception */ - public static function getRequest(array $defaults) + public function getRequest(array $defaults, array $request): array { - $httpinput = HTTPInputData::process(); - $input = array_merge($httpinput['variables'], $httpinput['files'], $_REQUEST); - - self::$request = $input; + self::$request = $request; self::$boundaries = []; unset(self::$request['pagename']); - $request = []; - - foreach ($defaults as $parameter => $defaultvalue) { - if (is_string($defaultvalue)) { - $request[$parameter] = $input[$parameter] ?? $defaultvalue; - } elseif (is_int($defaultvalue)) { - $request[$parameter] = (int)($input[$parameter] ?? $defaultvalue); - } elseif (is_float($defaultvalue)) { - $request[$parameter] = (float)($input[$parameter] ?? $defaultvalue); - } elseif (is_array($defaultvalue)) { - $request[$parameter] = $input[$parameter] ?? []; - } elseif (is_bool($defaultvalue)) { - $request[$parameter] = in_array(strtolower($input[$parameter] ?? ''), ['true', '1']); - } else { - Logger::notice('Unhandled default value type', ['parameter' => $parameter, 'type' => gettype($defaultvalue)]); - } - } - - foreach ($input ?? [] as $parameter => $value) { - if ($parameter == 'pagename') { - continue; - } - if (!in_array($parameter, array_keys($defaults))) { - Logger::notice('Unhandled request field', ['parameter' => $parameter, 'value' => $value, 'command' => DI::args()->getCommand()]); - } - } - - Logger::debug('Got request parameters', ['request' => $request, 'command' => DI::args()->getCommand()]); - return $request; + return $this->checkDefaults($defaults, $request); } /** * Set boundaries for the "link" header * @param array $boundaries * @param int $id - * @return array */ protected static function setBoundaries(int $id) { @@ -172,13 +139,13 @@ class BaseApi extends BaseModule } /** - * Set the "link" header with "next" and "prev" links - * @return void + * Get the "link" header with "next" and "prev" links + * @return string */ - protected static function setLinkHeader() + protected static function getLinkHeader(): string { if (empty(self::$boundaries)) { - return; + return ''; } $request = self::$request; @@ -197,7 +164,19 @@ class BaseApi extends BaseModule $prev = $command . '?' . http_build_query($prev_request); $next = $command . '?' . http_build_query($next_request); - header('Link: <' . $next . '>; rel="next", <' . $prev . '>; rel="prev"'); + return 'Link: <' . $next . '>; rel="next", <' . $prev . '>; rel="prev"'; + } + + /** + * Set the "link" header with "next" and "prev" links + * @return void + */ + protected static function setLinkHeader() + { + $header = self::getLinkHeader(); + if (!empty($header)) { + header($header); + } } /** @@ -205,7 +184,7 @@ class BaseApi extends BaseModule * * @return array token */ - protected static function getCurrentApplication() + public static function getCurrentApplication() { $token = OAuth::getCurrentApplicationToken(); @@ -267,11 +246,11 @@ class BaseApi extends BaseModule if ($throttle_day > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", Item::GRAVITY_PARENT, $uid, $datefrom]; $posts_day = Post::countThread($condition); if ($posts_day > $throttle_day) { - Logger::info('Daily posting limit reached', ['uid' => $uid, 'posts' => $posts_day, 'limit' => $throttle_day]); + Logger::notice('Daily posting limit reached', ['uid' => $uid, 'posts' => $posts_day, 'limit' => $throttle_day]); $error = DI::l10n()->t('Too Many Requests'); $error_description = DI::l10n()->tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day); $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); @@ -283,11 +262,11 @@ class BaseApi extends BaseModule if ($throttle_week > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*7); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", Item::GRAVITY_PARENT, $uid, $datefrom]; $posts_week = Post::countThread($condition); if ($posts_week > $throttle_week) { - Logger::info('Weekly posting limit reached', ['uid' => $uid, 'posts' => $posts_week, 'limit' => $throttle_week]); + Logger::notice('Weekly posting limit reached', ['uid' => $uid, 'posts' => $posts_week, 'limit' => $throttle_week]); $error = DI::l10n()->t('Too Many Requests'); $error_description = DI::l10n()->tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week); $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); @@ -299,187 +278,44 @@ class BaseApi extends BaseModule if ($throttle_month > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*30); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", Item::GRAVITY_PARENT, $uid, $datefrom]; $posts_month = Post::countThread($condition); if ($posts_month > $throttle_month) { - Logger::info('Monthly posting limit reached', ['uid' => $uid, 'posts' => $posts_month, 'limit' => $throttle_month]); + Logger::notice('Monthly posting limit reached', ['uid' => $uid, 'posts' => $posts_month, 'limit' => $throttle_month]); $error = DI::l10n()->t('Too Many Requests'); - $error_description = DI::l10n()->t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month); + $error_description = DI::l10n()->tt('Monthly posting limit of %d post reached. The post was rejected.', 'Monthly posting limit of %d posts reached. The post was rejected.', $throttle_month); $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); System::jsonError(429, $errorobj->toArray()); } } } - /** - * Get user info array. - * - * @param int|string $contact_id Contact ID or URL - * @return array|bool - * @throws HTTPException\BadRequestException - * @throws HTTPException\InternalServerErrorException - * @throws HTTPException\UnauthorizedException - * @throws \ImagickException - */ - protected static function getUser($contact_id = null) - { - return api_get_user($contact_id); - } - - /** - * Exit with error code - * - * @param int $code - * @param string $description - * @param string $message - * @param string|null $format - * @return void - */ - public static function error(int $code, string $description, string $message, string $format = null) - { - $error = [ - 'error' => $message ?: $description, - 'code' => $code . ' ' . $description, - 'request' => DI::args()->getQueryString() - ]; - - header($_SERVER["SERVER_PROTOCOL"] . ' ' . $code . ' ' . $description); - - self::exit('status', ['status' => $error], $format); - } - - /** - * Outputs formatted data according to the data type and then exits the execution. - * - * @param string $root_element - * @param array $data An array with a single element containing the returned result - * @param string $format Output format (xml, json, rss, atom) - * @return false|string - */ - protected static function exit(string $root_element, array $data, string $format = null) - { - $format = $format ?? 'json'; - - $return = self::formatData($root_element, $format, $data); - - switch ($format) { - case 'xml': - header('Content-Type: text/xml'); - break; - case 'json': - header('Content-Type: application/json'); - if (!empty($return)) { - $json = json_encode(end($return)); - if (!empty($_GET['callback'])) { - $json = $_GET['callback'] . '(' . $json . ')'; - } - $return = $json; - } - break; - case 'rss': - header('Content-Type: application/rss+xml'); - $return = '' . "\n" . $return; - break; - case 'atom': - header('Content-Type: application/atom+xml'); - $return = '' . "\n" . $return; - break; - } - - echo $return; - exit; - } - - /** - * Formats the data according to the data type - * - * @param string $root_element Name of the root element - * @param string $type Return type (atom, rss, xml, json) - * @param array $data JSON style array - * - * @return array|string (string|array) XML data or JSON data - */ - public static function formatData($root_element, string $type, array $data) - { - switch ($type) { - case 'atom': - case 'rss': - case 'xml': - $ret = self::createXML($data, $root_element); - break; - case 'json': - default: - $ret = $data; - break; - } - return $ret; - } - - /** - * Callback function to transform the array in an array that can be transformed in a XML file - * - * @param mixed $item Array item value - * @param string $key Array key - * - * @return boolean - */ - public static function reformatXML(&$item, &$key) + public static function getContactIDForSearchterm(string $screen_name = null, string $profileurl = null, int $cid = null, int $uid) { - if (is_bool($item)) { - $item = ($item ? 'true' : 'false'); + if (!empty($cid)) { + return $cid; } - if (substr($key, 0, 10) == 'statusnet_') { - $key = 'statusnet:'.substr($key, 10); - } elseif (substr($key, 0, 10) == 'friendica_') { - $key = 'friendica:'.substr($key, 10); - } - return true; - } - - /** - * Creates the XML from a JSON style array - * - * @param array $data JSON style array - * @param string $root_element Name of the root element - * - * @return string The XML data - */ - public static function createXML(array $data, $root_element) - { - $childname = key($data); - $data2 = array_pop($data); - - $namespaces = ['' => 'http://api.twitter.com', - 'statusnet' => 'http://status.net/schema/api/1/', - 'friendica' => 'http://friendi.ca/schema/api/1/', - 'georss' => 'http://www.georss.org/georss']; - - /// @todo Auto detection of needed namespaces - if (in_array($root_element, ['ok', 'hash', 'config', 'version', 'ids', 'notes', 'photos'])) { - $namespaces = []; + if (!empty($profileurl)) { + return Contact::getIdForURL($profileurl); } - if (is_array($data2)) { - $key = key($data2); - Arrays::walkRecursive($data2, ['Friendica\Module\BaseApi', 'reformatXML']); - - if ($key == '0') { - $data4 = []; - $i = 1; - - foreach ($data2 as $item) { - $data4[$i++ . ':' . $childname] = $item; - } + if (empty($cid) && !empty($screen_name)) { + if (strpos($screen_name, '@') !== false) { + return Contact::getIdForURL($screen_name, 0, false); + } - $data2 = $data4; + $user = User::getByNickname($screen_name, ['uid']); + if (!empty($user['uid'])) { + return Contact::getPublicIdByUserId($user['uid']); } } - $data3 = [$root_element => $data2]; + if ($uid != 0) { + return Contact::getPublicIdByUserId($uid); + } - $ret = XML::fromArray($data3, $xml, false, $namespaces); - return $ret; + return null; } }