X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fapi.php;h=69fda2e224f82cd4c77a39d28115c658f9d5a2e9;hb=575f70545171f6f5c94214ce88e5b07a1f517810;hp=2e7ed3558c1e1507b2d3c0ffbcc18de56d57e5e8;hpb=cc55a45f4bad24d5921b4575389650e93efe6605;p=quix0rs-gnu-social.git diff --git a/actions/api.php b/actions/api.php index 2e7ed3558c..69fda2e224 100644 --- a/actions/api.php +++ b/actions/api.php @@ -21,7 +21,7 @@ if (!defined('LACONICA')) { exit(1); } class ApiAction extends Action { - var $nickname; + var $user; var $content_type; var $api_arg; var $api_method; @@ -38,36 +38,34 @@ class ApiAction extends Action { $cmdext = explode('.', $argument); $this->api_arg = $cmdext[0]; $this->api_method = $method; - $this->content_type = $cmdext[1]; + $this->content_type = strtolower($cmdext[1]); } else { #content type will be an extension on the method $cmdext = explode('.', $method); $this->api_method = $cmdext[0]; - $this->content_type = $cmdext[1]; + $this->content_type = strtolower($cmdext[1]); } - - # common_debug("apiaction = $this->api_action, method = $this->api_method, argument = $this->api_arg, ctype = $this->content_type"); - + # XXX Maybe check to see if the command actually exists first? if($this->requires_auth()) { if (!isset($_SERVER['PHP_AUTH_USER'])) { # This header makes basic auth go - header('WWW-Authenticate: Basic realm="Laconica API'); + header('WWW-Authenticate: Basic realm="Laconica API"'); # if the user hits cancel -- bam! - common_show_basic_auth_error(); + $this->show_basic_auth_error(); } else { $nickname = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; $user = common_check_user($nickname, $password); if ($user) { - $this->nickname = $nickname; + $this->user = $user; $this->process_command(); } else { # basic authentication failed - common_show_basic_auth_error(); + $this->show_basic_auth_error(); } } } else { @@ -76,7 +74,7 @@ class ApiAction extends Action { } function process_command() { - $action = "api$this->api_action"; + $action = "twitapi$this->api_action"; $actionfile = INSTALLDIR."/actions/$action.php"; if (file_exists($actionfile)) { require_once($actionfile); @@ -88,7 +86,7 @@ class ApiAction extends Action { $apidata = array( 'content-type' => $this->content_type, 'api_method' => $this->api_method, 'api_arg' => $this->api_arg, - 'nickanme' => $htis->nickanme); + 'user' => $this->user); call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata); # all API methods should exit() @@ -100,13 +98,35 @@ class ApiAction extends Action { # Whitelist of API methods that don't need authentication function requires_auth() { - static $noauth = array( 'statuses/public_timeline', + static $noauth = array( 'statuses/public_timeline', + 'statuses/show', 'help/test', 'help/downtime_schedule'); - if (in_array("$this->api_action/$this->api_method", $noauth)) { + static $bareauth = array('statuses/user_timeline', 'statuses/friends'); + + $fullname = "$this->api_action/$this->api_method"; + + if (in_array($fullname, $bareauth)) { + # bareauth: only needs auth if without an argument + if ($this->api_arg) { + return false; + } else { + return true; + } + } else if (in_array($fullname, $noauth)) { + # noauth: never needs auth return false; - } - return true; + } else { + # everybody else needs auth + return true; + } + } + + function show_basic_auth_error() { + header('HTTP/1.1 401 Unauthorized'); + header('Content-type: text/plain'); + print("Could not authenticate you."); # exactly what Twitter says - no \n + exit(); } }