X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=5969ccd5f1a87974606ab44edbe3dd015d51218b;hb=c423fa29ee12b67ef4c804ec99fe80084ee436ce;hp=808e34065b35c2894a899aa8c73b02f262c2c7bf;hpb=4dc68b32b5e7688ce8d34fa36ea5fad0c80aa048;p=friendica.git diff --git a/include/api.php b/include/api.php index 808e34065b..5969ccd5f1 100644 --- a/include/api.php +++ b/include/api.php @@ -44,7 +44,7 @@ use Friendica\Model\Photo; use Friendica\Model\User; use Friendica\Model\UserItem; use Friendica\Model\Verb; -use Friendica\Network\FKOAuth1; +use Friendica\Security\FKOAuth1; use Friendica\Network\HTTPException; use Friendica\Network\HTTPException\BadRequestException; use Friendica\Network\HTTPException\ExpectationFailedException; @@ -58,6 +58,8 @@ use Friendica\Network\HTTPException\UnauthorizedException; use Friendica\Object\Image; use Friendica\Protocol\Activity; use Friendica\Protocol\Diaspora; +use Friendica\Security\OAuth1\OAuthRequest; +use Friendica\Security\OAuth1\OAuthUtil; use Friendica\Util\DateTimeFormat; use Friendica\Util\Images; use Friendica\Util\Network; @@ -264,7 +266,10 @@ function api_login(App $a) throw new UnauthorizedException("This API requires login"); } - DI::auth()->setForUser($a, $record); + // Don't refresh the login date more often than twice a day to spare database writes + $login_refresh = strcmp(DateTimeFormat::utc('now - 12 hours'), $record['login_date']) > 0; + + DI::auth()->setForUser($a, $record, false, false, $login_refresh); $_SESSION["allow_api"] = true; @@ -308,22 +313,22 @@ function api_call(App $a, App\Arguments $args = null) } $type = "json"; - if (strpos($args->getQueryString(), ".xml") > 0) { + if (strpos($args->getCommand(), ".xml") > 0) { $type = "xml"; } - if (strpos($args->getQueryString(), ".json") > 0) { + if (strpos($args->getCommand(), ".json") > 0) { $type = "json"; } - if (strpos($args->getQueryString(), ".rss") > 0) { + if (strpos($args->getCommand(), ".rss") > 0) { $type = "rss"; } - if (strpos($args->getQueryString(), ".atom") > 0) { + if (strpos($args->getCommand(), ".atom") > 0) { $type = "atom"; } try { foreach ($API as $p => $info) { - if (strpos($args->getQueryString(), $p) === 0) { + if (strpos($args->getCommand(), $p) === 0) { if (!api_check_method($info['method'])) { throw new MethodNotAllowedException(); } @@ -332,16 +337,16 @@ function api_call(App $a, App\Arguments $args = null) if (!empty($info['auth']) && api_user() === false) { api_login($a); + Logger::info(API_LOG_PREFIX . 'username {username}', ['module' => 'api', 'action' => 'call', 'username' => $a->user['username']]); } - Logger::info(API_LOG_PREFIX . 'username {username}', ['module' => 'api', 'action' => 'call', 'username' => $a->user['username']]); Logger::debug(API_LOG_PREFIX . 'parameters', ['module' => 'api', 'action' => 'call', 'parameters' => $_REQUEST]); $stamp = microtime(true); $return = call_user_func($info['func'], $type); $duration = floatval(microtime(true) - $stamp); - Logger::info(API_LOG_PREFIX . 'username {username}', ['module' => 'api', 'action' => 'call', 'username' => $a->user['username'], 'duration' => round($duration, 2)]); + Logger::info(API_LOG_PREFIX . 'duration {duration}', ['module' => 'api', 'action' => 'call', 'duration' => round($duration, 2)]); DI::profiler()->saveLog(DI::logger(), API_LOG_PREFIX . 'performance'); @@ -381,7 +386,7 @@ function api_call(App $a, App\Arguments $args = null) } Logger::warning(API_LOG_PREFIX . 'not implemented', ['module' => 'api', 'action' => 'call', 'query' => DI::args()->getQueryString()]); - throw new NotImplementedException(); + throw new NotFoundException(); } catch (HTTPException $e) { header("HTTP/1.1 {$e->getCode()} {$e->httpdesc}"); return api_error($type, $e, $args); @@ -651,8 +656,8 @@ function api_get_user(App $a, $contact_id = null) 'notifications' => false, 'statusnet_profile_url' => $contact["url"], 'uid' => 0, - 'cid' => Contact::getIdForURL($contact["url"], api_user(), true), - 'pid' => Contact::getIdForURL($contact["url"], 0, true), + 'cid' => Contact::getIdForURL($contact["url"], api_user(), false), + 'pid' => Contact::getIdForURL($contact["url"], 0, false), 'self' => 0, 'network' => $contact["network"], ]; @@ -676,7 +681,7 @@ function api_get_user(App $a, $contact_id = null) $countfollowers = 0; $starred = 0; - $pcontact_id = Contact::getIdForURL($uinfo[0]['url'], 0, true); + $pcontact_id = Contact::getIdForURL($uinfo[0]['url'], 0, false); if (!empty($profile['about'])) { $description = $profile['about']; @@ -728,7 +733,7 @@ function api_get_user(App $a, $contact_id = null) 'statusnet_profile_url' => $uinfo[0]['url'], 'uid' => intval($uinfo[0]['uid']), 'cid' => intval($uinfo[0]['cid']), - 'pid' => Contact::getIdForURL($uinfo[0]["url"], 0, true), + 'pid' => Contact::getIdForURL($uinfo[0]["url"], 0, false), 'self' => $uinfo[0]['self'], 'network' => $uinfo[0]['network'], ]; @@ -1241,7 +1246,7 @@ function api_media_upload() "image_type" => $media["type"], "friendica_preview_url" => $media["preview"]]; - Logger::log("Media uploaded: " . print_r($returndata, true), Logger::DEBUG); + Logger::info('Media uploaded', ['return' => $returndata]); return ["media" => $returndata]; } @@ -2035,35 +2040,40 @@ function api_statuses_repeat($type) Logger::log('API: api_statuses_repeat: '.$id); - $fields = ['uri-id', 'body', 'title', 'attach', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink']; + $fields = ['uri-id', 'network', 'body', 'title', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink']; $item = Item::selectFirst($fields, ['id' => $id, 'private' => [Item::PUBLIC, Item::UNLISTED]]); if (DBA::isResult($item) && $item['body'] != "") { - if (strpos($item['body'], "[/share]") !== false) { - $pos = strpos($item['body'], "[share"); - $post = substr($item['body'], $pos); + if (in_array($item['network'], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::TWITTER])) { + if (!Item::performActivity($id, 'announce', local_user())) { + throw new InternalServerErrorException(); + } + + $item_id = $id; } else { - $post = share_header($item['author-name'], $item['author-link'], $item['author-avatar'], $item['guid'], $item['created'], $item['plink']); + if (strpos($item['body'], "[/share]") !== false) { + $pos = strpos($item['body'], "[share"); + $post = substr($item['body'], $pos); + } else { + $post = BBCode::getShareOpeningTag($item['author-name'], $item['author-link'], $item['author-avatar'], $item['plink'], $item['created'], $item['guid']); - if (!empty($item['title'])) { - $post .= '[h3]' . $item['title'] . "[/h3]\n"; + if (!empty($item['title'])) { + $post .= '[h3]' . $item['title'] . "[/h3]\n"; + } + + $post .= $item['body']; + $post .= "[/share]"; } + $_REQUEST['body'] = $post; + $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['api_source'] = true; - $post .= $item['body']; - $post .= "[/share]"; - } - $_REQUEST['body'] = $post; - $_REQUEST['attach'] = $item['attach']; - $_REQUEST['profile_uid'] = api_user(); - $_REQUEST['api_source'] = true; + if (empty($_REQUEST['source'])) { + $_REQUEST["source"] = api_source(); + } - if (empty($_REQUEST['source'])) { - $_REQUEST["source"] = api_source(); + $item_id = item_post($a); } - - $item_id = item_post($a); - - /// @todo Copy tags from the original post to the new one } else { throw new ForbiddenException(); } @@ -2230,12 +2240,7 @@ function api_statuses_user_timeline($type) throw new ForbiddenException(); } - Logger::log( - "api_statuses_user_timeline: api_user: ". api_user() . - "\nuser_info: ".print_r($user_info, true) . - "\n_REQUEST: ".print_r($_REQUEST, true), - Logger::DEBUG - ); + Logger::info('api_statuses_user_timeline', ['api_user' => api_user(), 'user_info' => $user_info, '_REQUEST' => $_REQUEST]); $since_id = $_REQUEST['since_id'] ?? 0; $max_id = $_REQUEST['max_id'] ?? 0; @@ -4075,26 +4080,18 @@ function api_fr_photoalbum_delete($type) throw new BadRequestException("no albumname specified"); } // check if album is existing - $r = q( - "SELECT DISTINCT `resource-id` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", - intval(api_user()), - DBA::escape($album) - ); - if (!DBA::isResult($r)) { + + $photos = DBA::selectToArray('photo', ['resource-id'], ['uid' => api_user(), 'album' => $album], ['group_by' => ['resource-id']]); + if (!DBA::isResult($photos)) { throw new BadRequestException("album not available"); } + $resourceIds = array_column($photos, 'resource-id'); + // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore // to the user and the contacts of the users (drop_items() performs the federation of the deletion to other networks - foreach ($r as $rr) { - $condition = ['uid' => local_user(), 'resource-id' => $rr['resource-id'], 'type' => 'photo']; - $photo_item = Item::selectFirstForUser(local_user(), ['id'], $condition); - - if (!DBA::isResult($photo_item)) { - throw new InternalServerErrorException("problem with deleting items occured"); - } - Item::deleteForUser(['id' => $photo_item['id']], api_user()); - } + $condition = ['uid' => api_user(), 'resource-id' => $resourceIds, 'type' => 'photo']; + Item::deleteForUser($condition, api_user()); // now let's delete all photos from the album $result = Photo::delete(['uid' => api_user(), 'album' => $album]); @@ -4371,19 +4368,13 @@ function api_fr_photo_delete($type) // return success of deletion or error message if ($result) { - // retrieve the id of the parent element (the photo element) - $condition = ['uid' => local_user(), 'resource-id' => $photo_id, 'type' => 'photo']; - $photo_item = Item::selectFirstForUser(local_user(), ['id'], $condition); - - if (!DBA::isResult($photo_item)) { - throw new InternalServerErrorException("problem with deleting items occured"); - } // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore // to the user and the contacts of the users (drop_items() do all the necessary magic to avoid orphans in database and federate deletion) - Item::deleteForUser(['id' => $photo_item['id']], api_user()); + $condition = ['uid' => api_user(), 'resource-id' => $photo_id, 'type' => 'photo']; + Item::deleteForUser($condition, api_user()); - $answer = ['result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.']; - return api_format_data("photo_delete", $type, ['$result' => $answer]); + $result = ['result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.']; + return api_format_data("photo_delete", $type, ['$result' => $result]); } else { throw new InternalServerErrorException("unknown error on deleting photo from database table"); } @@ -4742,7 +4733,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ Logger::log("photo upload: new profile image upload ended", Logger::DEBUG); } - if (isset($r) && $r) { + if (!empty($r)) { // create entry in 'item'-table on new uploads to enable users to comment/like/dislike the photo if ($photo_id == null && $mediatype == "photo") { post_photo_item($resource_id, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility); @@ -4775,7 +4766,6 @@ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $f $arr['guid'] = System::createUUID(); $arr['uid'] = intval(api_user()); $arr['uri'] = $uri; - $arr['parent-uri'] = $uri; $arr['type'] = 'photo'; $arr['wall'] = 1; $arr['resource-id'] = $hash; @@ -4889,8 +4879,8 @@ function prepare_photo_data($type, $scale, $photo_id) } // retrieve item element for getting activities (like, dislike etc.) related to photo - $condition = ['uid' => local_user(), 'resource-id' => $photo_id, 'type' => 'photo']; - $item = Item::selectFirstForUser(local_user(), ['id'], $condition); + $condition = ['uid' => api_user(), 'resource-id' => $photo_id, 'type' => 'photo']; + $item = Item::selectFirst(['id', 'uid', 'uri', 'parent', 'allow_cid', 'deny_cid', 'allow_gid', 'deny_gid'], $condition); if (!DBA::isResult($item)) { throw new NotFoundException('Photo-related item not found.'); } @@ -4899,7 +4889,7 @@ function prepare_photo_data($type, $scale, $photo_id) // retrieve comments on photo $condition = ["`parent` = ? AND `uid` = ? AND (`gravity` IN (?, ?) OR `type`='photo')", - $item[0]['parent'], api_user(), GRAVITY_PARENT, GRAVITY_COMMENT]; + $item['parent'], api_user(), GRAVITY_PARENT, GRAVITY_COMMENT]; $statuses = Item::selectForUser(api_user(), [], $condition); @@ -4919,10 +4909,10 @@ function prepare_photo_data($type, $scale, $photo_id) $data['photo']['friendica_comments'] = $comments; // include info if rights on photo and rights on item are mismatching - $rights_mismatch = $data['photo']['allow_cid'] != $item[0]['allow_cid'] || - $data['photo']['deny_cid'] != $item[0]['deny_cid'] || - $data['photo']['allow_gid'] != $item[0]['allow_gid'] || - $data['photo']['deny_cid'] != $item[0]['deny_cid']; + $rights_mismatch = $data['photo']['allow_cid'] != $item['allow_cid'] || + $data['photo']['deny_cid'] != $item['deny_cid'] || + $data['photo']['allow_gid'] != $item['allow_gid'] || + $data['photo']['deny_gid'] != $item['deny_gid']; $data['photo']['rights_mismatch'] = $rights_mismatch; return $data; @@ -5068,7 +5058,7 @@ function api_share_as_retweet(&$item) $reshared_item["share-pre-body"] = $reshared['comment']; $reshared_item["body"] = $reshared['shared']; - $reshared_item["author-id"] = Contact::getIdForURL($reshared['profile'], 0, true); + $reshared_item["author-id"] = Contact::getIdForURL($reshared['profile'], 0, false); $reshared_item["author-name"] = $reshared['author']; $reshared_item["author-link"] = $reshared['profile']; $reshared_item["author-avatar"] = $reshared['avatar']; @@ -5287,7 +5277,7 @@ function api_friendica_group_show($type) // loop through all groups and retrieve all members for adding data in the user array $grps = []; foreach ($r as $rr) { - $members = Contact::getByGroupId($rr['id']); + $members = Contact\Group::getById($rr['id']); $users = []; if ($type == "xml") { @@ -5612,7 +5602,7 @@ function api_friendica_group_update($type) } // remove members - $members = Contact::getByGroupId($gid); + $members = Contact\Group::getById($gid); foreach ($members as $member) { $cid = $member['id']; foreach ($users as $user) { @@ -5726,7 +5716,7 @@ function api_friendica_activity($type) $id = $_REQUEST['id'] ?? 0; - $res = Item::performActivity($id, $verb); + $res = Item::performActivity($id, $verb, api_user()); if ($res) { if ($type == "xml") {