X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=actions%2Fapi.php;h=eeee77ec2f1bafd82f7dd6e5fdab3ff01431e32b;hb=12b7f23ed2fd05a29dcd5ab7700a25330ffd5d5f;hp=21404e331bf1a118814e6e20787735eb86de263a;hpb=0c90e94864a19cdde2a7aee28b89898c2818cc54;p=quix0rs-gnu-social.git diff --git a/actions/api.php b/actions/api.php index 21404e331b..eeee77ec2f 100644 --- a/actions/api.php +++ b/actions/api.php @@ -19,18 +19,37 @@ if (!defined('LACONICA')) { exit(1); } -// XXX: Not sure of terminology yet... maybe call things "api_methods" insteads of "commands" - class ApiAction extends Action { + var $user; + var $content_type; + var $api_arg; + var $api_method; + var $api_action; + function handle($args) { parent::handle($args); - $command = $this->arg('command'); + $this->api_action = $this->arg('apiaction'); + $method = $this->arg('method'); + $argument = $this->arg('argument'); - # XXX Maybe check to see if the command actually exists first + if (isset($argument)) { + $cmdext = explode('.', $argument); + $this->api_arg = $cmdext[0]; + $this->api_method = $method; + $this->content_type = strtolower($cmdext[1]); + } else { + #content type will be an extension on the method + $cmdext = explode('.', $method); + $this->api_method = $cmdext[0]; + $this->content_type = strtolower($cmdext[1]); + } - if($this->requires_auth($command)) { + # common_debug("apiaction = $this->api_action, method = $this->api_method, argument = $this->api_arg, ctype = $this->content_type"); + + # XXX Maybe check to see if the command actually exists first? + if($this->requires_auth()) { if (!isset($_SERVER['PHP_AUTH_USER'])) { # This header makes basic auth go @@ -44,49 +63,51 @@ class ApiAction extends Action { $user = common_check_user($nickname, $password); if ($user) { - $this->process_command($command, $nickname, $password); + $this->user = $user; + $this->process_command(); } else { # basic authentication failed common_show_basic_auth_error(); } } - } else { - $this->process_command($command); - } + $this->process_command(); + } } - # this is where we can dispatch off to api Class files - function process_command($command, $nickname=NULL, $password=NULL) { - - $parts = explode('.', $command); - $api_action = "api_$parts[0]"; - $extension = $parts[1]; # requested content type - - $api_actionfile = INSTALLDIR."/actions/$api_action.php"; - - if (file_exists($api_actionfile)) { - require_once($api_actionfile); - $action_class = ucfirst($api_action)."Action"; + function process_command() { + $action = "twitapi$this->api_action"; + $actionfile = INSTALLDIR."/actions/$action.php"; + if (file_exists($actionfile)) { + require_once($actionfile); + $action_class = ucfirst($action)."Action"; $action_obj = new $action_class(); - # need to pass off nick and password and stuff ... put in $args? constructor? - # pull from $_REQUEST later? - call_user_func(array($action_obj, 'handle'), $_REQUEST); - } else { - - # need appropriate API error functs - print "\nerror!\n"; + if (method_exists($action_obj, $this->api_method)) { + + $apidata = array( 'content-type' => $this->content_type, + 'api_method' => $this->api_method, + 'api_arg' => $this->api_arg, + 'user' => $this->user); + + call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata); + # all API methods should exit() + } } + common_user_error("API method not found!", $code=404); } + # Whitelist of API methods that don't need authentication - function requires_auth($command) { - - # The only command that doesn't in Twitter's API is public_timeline - if (ereg('^public_timeline.*$', $command)) { + function requires_auth() { + static $noauth = array( 'statuses/public_timeline', + 'statuses/user_timeline', + 'statuses/show', + 'help/test', + 'help/downtime_schedule'); + if (in_array("$this->api_action/$this->api_method", $noauth)) { return false; - } + } return true; }