X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=92d35c001ec1b1236e436fa761cfb8b76e73eed5;hb=92679de2257ac8a14f405afe83dececde8505abd;hp=e69fefa27a702f2e54251f8de6eb2a41860cb372;hpb=f5993463e8115f6822c759558a003110054de1bd;p=friendica.git diff --git a/include/api.php b/include/api.php index e69fefa27a..92d35c001e 100644 --- a/include/api.php +++ b/include/api.php @@ -44,7 +44,7 @@ use Friendica\Model\Photo; use Friendica\Model\User; use Friendica\Model\UserItem; use Friendica\Model\Verb; -use Friendica\Network\FKOAuth1; +use Friendica\Security\FKOAuth1; use Friendica\Network\HTTPException; use Friendica\Network\HTTPException\BadRequestException; use Friendica\Network\HTTPException\ExpectationFailedException; @@ -58,6 +58,8 @@ use Friendica\Network\HTTPException\UnauthorizedException; use Friendica\Object\Image; use Friendica\Protocol\Activity; use Friendica\Protocol\Diaspora; +use Friendica\Security\OAuth1\OAuthRequest; +use Friendica\Security\OAuth1\OAuthUtil; use Friendica\Util\DateTimeFormat; use Friendica\Util\Images; use Friendica\Util\Network; @@ -65,7 +67,6 @@ use Friendica\Util\Proxy as ProxyUtils; use Friendica\Util\Strings; use Friendica\Util\XML; -require_once __DIR__ . '/../mod/share.php'; require_once __DIR__ . '/../mod/item.php'; require_once __DIR__ . '/../mod/wall_upload.php'; @@ -311,22 +312,22 @@ function api_call(App $a, App\Arguments $args = null) } $type = "json"; - if (strpos($args->getQueryString(), ".xml") > 0) { + if (strpos($args->getCommand(), ".xml") > 0) { $type = "xml"; } - if (strpos($args->getQueryString(), ".json") > 0) { + if (strpos($args->getCommand(), ".json") > 0) { $type = "json"; } - if (strpos($args->getQueryString(), ".rss") > 0) { + if (strpos($args->getCommand(), ".rss") > 0) { $type = "rss"; } - if (strpos($args->getQueryString(), ".atom") > 0) { + if (strpos($args->getCommand(), ".atom") > 0) { $type = "atom"; } try { foreach ($API as $p => $info) { - if (strpos($args->getQueryString(), $p) === 0) { + if (strpos($args->getCommand(), $p) === 0) { if (!api_check_method($info['method'])) { throw new MethodNotAllowedException(); } @@ -335,16 +336,16 @@ function api_call(App $a, App\Arguments $args = null) if (!empty($info['auth']) && api_user() === false) { api_login($a); + Logger::info(API_LOG_PREFIX . 'username {username}', ['module' => 'api', 'action' => 'call', 'username' => $a->user['username']]); } - Logger::info(API_LOG_PREFIX . 'username {username}', ['module' => 'api', 'action' => 'call', 'username' => $a->user['username']]); Logger::debug(API_LOG_PREFIX . 'parameters', ['module' => 'api', 'action' => 'call', 'parameters' => $_REQUEST]); $stamp = microtime(true); $return = call_user_func($info['func'], $type); $duration = floatval(microtime(true) - $stamp); - Logger::info(API_LOG_PREFIX . 'username {username}', ['module' => 'api', 'action' => 'call', 'username' => $a->user['username'], 'duration' => round($duration, 2)]); + Logger::info(API_LOG_PREFIX . 'duration {duration}', ['module' => 'api', 'action' => 'call', 'duration' => round($duration, 2)]); DI::profiler()->saveLog(DI::logger(), API_LOG_PREFIX . 'performance'); @@ -384,7 +385,7 @@ function api_call(App $a, App\Arguments $args = null) } Logger::warning(API_LOG_PREFIX . 'not implemented', ['module' => 'api', 'action' => 'call', 'query' => DI::args()->getQueryString()]); - throw new NotImplementedException(); + throw new NotFoundException(); } catch (HTTPException $e) { header("HTTP/1.1 {$e->getCode()} {$e->httpdesc}"); return api_error($type, $e, $args); @@ -654,8 +655,8 @@ function api_get_user(App $a, $contact_id = null) 'notifications' => false, 'statusnet_profile_url' => $contact["url"], 'uid' => 0, - 'cid' => Contact::getIdForURL($contact["url"], api_user(), true), - 'pid' => Contact::getIdForURL($contact["url"], 0, true), + 'cid' => Contact::getIdForURL($contact["url"], api_user(), false), + 'pid' => Contact::getIdForURL($contact["url"], 0, false), 'self' => 0, 'network' => $contact["network"], ]; @@ -679,7 +680,7 @@ function api_get_user(App $a, $contact_id = null) $countfollowers = 0; $starred = 0; - $pcontact_id = Contact::getIdForURL($uinfo[0]['url'], 0, true); + $pcontact_id = Contact::getIdForURL($uinfo[0]['url'], 0, false); if (!empty($profile['about'])) { $description = $profile['about']; @@ -731,7 +732,7 @@ function api_get_user(App $a, $contact_id = null) 'statusnet_profile_url' => $uinfo[0]['url'], 'uid' => intval($uinfo[0]['uid']), 'cid' => intval($uinfo[0]['cid']), - 'pid' => Contact::getIdForURL($uinfo[0]["url"], 0, true), + 'pid' => Contact::getIdForURL($uinfo[0]["url"], 0, false), 'self' => $uinfo[0]['self'], 'network' => $uinfo[0]['network'], ]; @@ -1244,7 +1245,7 @@ function api_media_upload() "image_type" => $media["type"], "friendica_preview_url" => $media["preview"]]; - Logger::log("Media uploaded: " . print_r($returndata, true), Logger::DEBUG); + Logger::info('Media uploaded', ['return' => $returndata]); return ["media" => $returndata]; } @@ -2038,35 +2039,40 @@ function api_statuses_repeat($type) Logger::log('API: api_statuses_repeat: '.$id); - $fields = ['uri-id', 'body', 'title', 'attach', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink']; + $fields = ['uri-id', 'network', 'body', 'title', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink']; $item = Item::selectFirst($fields, ['id' => $id, 'private' => [Item::PUBLIC, Item::UNLISTED]]); if (DBA::isResult($item) && $item['body'] != "") { - if (strpos($item['body'], "[/share]") !== false) { - $pos = strpos($item['body'], "[share"); - $post = substr($item['body'], $pos); + if (in_array($item['network'], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::TWITTER])) { + if (!Item::performActivity($id, 'announce', local_user())) { + throw new InternalServerErrorException(); + } + + $item_id = $id; } else { - $post = BBCode::getShareOpeningTag($item['author-name'], $item['author-link'], $item['author-avatar'], $item['guid'], $item['created'], $item['plink']); + if (strpos($item['body'], "[/share]") !== false) { + $pos = strpos($item['body'], "[share"); + $post = substr($item['body'], $pos); + } else { + $post = BBCode::getShareOpeningTag($item['author-name'], $item['author-link'], $item['author-avatar'], $item['plink'], $item['created'], $item['guid']); + + if (!empty($item['title'])) { + $post .= '[h3]' . $item['title'] . "[/h3]\n"; + } - if (!empty($item['title'])) { - $post .= '[h3]' . $item['title'] . "[/h3]\n"; + $post .= $item['body']; + $post .= "[/share]"; } + $_REQUEST['body'] = $post; + $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['api_source'] = true; - $post .= $item['body']; - $post .= "[/share]"; - } - $_REQUEST['body'] = $post; - $_REQUEST['attach'] = $item['attach']; - $_REQUEST['profile_uid'] = api_user(); - $_REQUEST['api_source'] = true; + if (empty($_REQUEST['source'])) { + $_REQUEST["source"] = api_source(); + } - if (empty($_REQUEST['source'])) { - $_REQUEST["source"] = api_source(); + $item_id = item_post($a); } - - $item_id = item_post($a); - - /// @todo Copy tags from the original post to the new one } else { throw new ForbiddenException(); } @@ -2157,10 +2163,10 @@ function api_statuses_mentions($type) // get last network messages // params - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; + $since_id = intval($_REQUEST['since_id'] ?? 0); + $max_id = intval($_REQUEST['max_id'] ?? 0); + $count = intval($_REQUEST['count'] ?? 20); + $page = intval($_REQUEST['page'] ?? 1); $start = max(0, ($page - 1) * $count); @@ -2233,12 +2239,7 @@ function api_statuses_user_timeline($type) throw new ForbiddenException(); } - Logger::log( - "api_statuses_user_timeline: api_user: ". api_user() . - "\nuser_info: ".print_r($user_info, true) . - "\n_REQUEST: ".print_r($_REQUEST, true), - Logger::DEBUG - ); + Logger::info('api_statuses_user_timeline', ['api_user' => api_user(), 'user_info' => $user_info, '_REQUEST' => $_REQUEST]); $since_id = $_REQUEST['since_id'] ?? 0; $max_id = $_REQUEST['max_id'] ?? 0; @@ -4078,26 +4079,18 @@ function api_fr_photoalbum_delete($type) throw new BadRequestException("no albumname specified"); } // check if album is existing - $r = q( - "SELECT DISTINCT `resource-id` FROM `photo` WHERE `uid` = %d AND `album` = '%s'", - intval(api_user()), - DBA::escape($album) - ); - if (!DBA::isResult($r)) { + + $photos = DBA::selectToArray('photo', ['resource-id'], ['uid' => api_user(), 'album' => $album], ['group_by' => ['resource-id']]); + if (!DBA::isResult($photos)) { throw new BadRequestException("album not available"); } + $resourceIds = array_column($photos, 'resource-id'); + // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore // to the user and the contacts of the users (drop_items() performs the federation of the deletion to other networks - foreach ($r as $rr) { - $condition = ['uid' => local_user(), 'resource-id' => $rr['resource-id'], 'type' => 'photo']; - $photo_item = Item::selectFirstForUser(local_user(), ['id'], $condition); - - if (!DBA::isResult($photo_item)) { - throw new InternalServerErrorException("problem with deleting items occured"); - } - Item::deleteForUser(['id' => $photo_item['id']], api_user()); - } + $condition = ['uid' => api_user(), 'resource-id' => $resourceIds, 'type' => 'photo']; + Item::deleteForUser($condition, api_user()); // now let's delete all photos from the album $result = Photo::delete(['uid' => api_user(), 'album' => $album]); @@ -4374,19 +4367,13 @@ function api_fr_photo_delete($type) // return success of deletion or error message if ($result) { - // retrieve the id of the parent element (the photo element) - $condition = ['uid' => local_user(), 'resource-id' => $photo_id, 'type' => 'photo']; - $photo_item = Item::selectFirstForUser(local_user(), ['id'], $condition); - - if (!DBA::isResult($photo_item)) { - throw new InternalServerErrorException("problem with deleting items occured"); - } // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore // to the user and the contacts of the users (drop_items() do all the necessary magic to avoid orphans in database and federate deletion) - Item::deleteForUser(['id' => $photo_item['id']], api_user()); + $condition = ['uid' => api_user(), 'resource-id' => $photo_id, 'type' => 'photo']; + Item::deleteForUser($condition, api_user()); - $answer = ['result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.']; - return api_format_data("photo_delete", $type, ['$result' => $answer]); + $result = ['result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.']; + return api_format_data("photo_delete", $type, ['$result' => $result]); } else { throw new InternalServerErrorException("unknown error on deleting photo from database table"); } @@ -4745,7 +4732,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ Logger::log("photo upload: new profile image upload ended", Logger::DEBUG); } - if (isset($r) && $r) { + if (!empty($r)) { // create entry in 'item'-table on new uploads to enable users to comment/like/dislike the photo if ($photo_id == null && $mediatype == "photo") { post_photo_item($resource_id, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility); @@ -4778,7 +4765,6 @@ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $f $arr['guid'] = System::createUUID(); $arr['uid'] = intval(api_user()); $arr['uri'] = $uri; - $arr['parent-uri'] = $uri; $arr['type'] = 'photo'; $arr['wall'] = 1; $arr['resource-id'] = $hash; @@ -4892,8 +4878,8 @@ function prepare_photo_data($type, $scale, $photo_id) } // retrieve item element for getting activities (like, dislike etc.) related to photo - $condition = ['uid' => local_user(), 'resource-id' => $photo_id, 'type' => 'photo']; - $item = Item::selectFirstForUser(local_user(), ['id'], $condition); + $condition = ['uid' => api_user(), 'resource-id' => $photo_id, 'type' => 'photo']; + $item = Item::selectFirst(['id', 'uid', 'uri', 'parent', 'allow_cid', 'deny_cid', 'allow_gid', 'deny_gid'], $condition); if (!DBA::isResult($item)) { throw new NotFoundException('Photo-related item not found.'); } @@ -4902,7 +4888,7 @@ function prepare_photo_data($type, $scale, $photo_id) // retrieve comments on photo $condition = ["`parent` = ? AND `uid` = ? AND (`gravity` IN (?, ?) OR `type`='photo')", - $item[0]['parent'], api_user(), GRAVITY_PARENT, GRAVITY_COMMENT]; + $item['parent'], api_user(), GRAVITY_PARENT, GRAVITY_COMMENT]; $statuses = Item::selectForUser(api_user(), [], $condition); @@ -4922,10 +4908,10 @@ function prepare_photo_data($type, $scale, $photo_id) $data['photo']['friendica_comments'] = $comments; // include info if rights on photo and rights on item are mismatching - $rights_mismatch = $data['photo']['allow_cid'] != $item[0]['allow_cid'] || - $data['photo']['deny_cid'] != $item[0]['deny_cid'] || - $data['photo']['allow_gid'] != $item[0]['allow_gid'] || - $data['photo']['deny_cid'] != $item[0]['deny_cid']; + $rights_mismatch = $data['photo']['allow_cid'] != $item['allow_cid'] || + $data['photo']['deny_cid'] != $item['deny_cid'] || + $data['photo']['allow_gid'] != $item['allow_gid'] || + $data['photo']['deny_gid'] != $item['deny_gid']; $data['photo']['rights_mismatch'] = $rights_mismatch; return $data; @@ -5071,7 +5057,7 @@ function api_share_as_retweet(&$item) $reshared_item["share-pre-body"] = $reshared['comment']; $reshared_item["body"] = $reshared['shared']; - $reshared_item["author-id"] = Contact::getIdForURL($reshared['profile'], 0, true); + $reshared_item["author-id"] = Contact::getIdForURL($reshared['profile'], 0, false); $reshared_item["author-name"] = $reshared['author']; $reshared_item["author-link"] = $reshared['profile']; $reshared_item["author-avatar"] = $reshared['avatar']; @@ -5290,7 +5276,7 @@ function api_friendica_group_show($type) // loop through all groups and retrieve all members for adding data in the user array $grps = []; foreach ($r as $rr) { - $members = Contact::getByGroupId($rr['id']); + $members = Contact\Group::getById($rr['id']); $users = []; if ($type == "xml") { @@ -5615,7 +5601,7 @@ function api_friendica_group_update($type) } // remove members - $members = Contact::getByGroupId($gid); + $members = Contact\Group::getById($gid); foreach ($members as $member) { $cid = $member['id']; foreach ($users as $user) { @@ -5729,7 +5715,7 @@ function api_friendica_activity($type) $id = $_REQUEST['id'] ?? 0; - $res = Item::performActivity($id, $verb); + $res = Item::performActivity($id, $verb, api_user()); if ($res) { if ($type == "xml") {