X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=b93fa39d57bff1e11e7d720d61edd71e40eb76db;hb=2c7c63a4933fc0323b8c8b983d7628e1dbf8af94;hp=ef0e0bfbd0b2093116bafe7c7232a3afaf8312b9;hpb=7e49ee8fb5fd26d405eac4e4d168497422c6c151;p=friendica.git diff --git a/include/api.php b/include/api.php index ef0e0bfbd0..b93fa39d57 100644 --- a/include/api.php +++ b/include/api.php @@ -24,7 +24,6 @@ */ use Friendica\App; -use Friendica\Content\ContactSelector; use Friendica\Content\Text\BBCode; use Friendica\Content\Text\HTML; use Friendica\Core\Logger; @@ -41,18 +40,15 @@ use Friendica\Model\Photo; use Friendica\Model\Post; use Friendica\Model\Profile; use Friendica\Model\User; -use Friendica\Model\Verb; use Friendica\Module\BaseApi; use Friendica\Network\HTTPException; use Friendica\Network\HTTPException\BadRequestException; use Friendica\Network\HTTPException\ForbiddenException; use Friendica\Network\HTTPException\InternalServerErrorException; -use Friendica\Network\HTTPException\MethodNotAllowedException; use Friendica\Network\HTTPException\NotFoundException; use Friendica\Network\HTTPException\TooManyRequestsException; use Friendica\Network\HTTPException\UnauthorizedException; use Friendica\Object\Image; -use Friendica\Protocol\Activity; use Friendica\Security\BasicAuth; use Friendica\Util\DateTimeFormat; use Friendica\Util\Images; @@ -71,38 +67,6 @@ define('API_LOG_PREFIX', 'API {action} - '); $API = []; -/** - * Get source name from API client - * - * Clients can send 'source' parameter to be show in post metadata - * as "sent via ". - * Some clients doesn't send a source param, we support ones we know - * (only Twidere, atm) - * - * @return string - * Client source name, default to "api" if unset/unknown - * @throws Exception - */ -function api_source() -{ - if (requestdata('source')) { - return requestdata('source'); - } - - // Support for known clients that doesn't send a source name - if (!empty($_SERVER['HTTP_USER_AGENT'])) { - if(strpos($_SERVER['HTTP_USER_AGENT'], "Twidere") !== false) { - return "Twidere"; - } - - Logger::info(API_LOG_PREFIX . 'Unrecognized user-agent', ['module' => 'api', 'action' => 'source', 'http_user_agent' => $_SERVER['HTTP_USER_AGENT']]); - } else { - Logger::info(API_LOG_PREFIX . 'Empty user-agent', ['module' => 'api', 'action' => 'source']); - } - - return "api"; -} - /** * Register a function to be the endpoint for defined API path. * @@ -227,775 +191,835 @@ function api_call(App $a, App\Arguments $args = null) } /** - * TWITTER API - */ - -/** - * Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful; - * returns a 401 status code and an error message if not. * - * @see https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/get-account-verify_credentials + * @param array $item + * @param array $recipient + * @param array $sender * - * @param string $type Return type (atom, rss, xml, json) - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException + * @return array * @throws InternalServerErrorException - * @throws UnauthorizedException */ -function api_account_verify_credentials($type) +function api_format_messages($item, $recipient, $sender) { - BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $uid = BaseApi::getCurrentUserID(); - - unset($_REQUEST['user_id']); - unset($_GET['user_id']); - - unset($_REQUEST['screen_name']); - unset($_GET['screen_name']); - - $skip_status = $_REQUEST['skip_status'] ?? false; - - $user_info = DI::twitterUser()->createFromUserId($uid, $skip_status)->toArray(); + // standard meta information + $ret = [ + 'id' => $item['id'], + 'sender_id' => $sender['id'], + 'text' => "", + 'recipient_id' => $recipient['id'], + 'created_at' => DateTimeFormat::utc($item['created'] ?? 'now', DateTimeFormat::API), + 'sender_screen_name' => $sender['screen_name'], + 'recipient_screen_name' => $recipient['screen_name'], + 'sender' => $sender, + 'recipient' => $recipient, + 'title' => "", + 'friendica_seen' => $item['seen'] ?? 0, + 'friendica_parent_uri' => $item['parent-uri'] ?? '', + ]; - // "verified" isn't used here in the standard - unset($user_info["verified"]); + // "uid" is only needed for some internal stuff, so remove it from here + if (isset($ret['sender']['uid'])) { + unset($ret['sender']['uid']); + } + if (isset($ret['recipient']['uid'])) { + unset($ret['recipient']['uid']); + } - // - Adding last status - if (!$skip_status) { - $item = api_get_last_status($user_info['pid'], $user_info['uid']); - if (!empty($item)) { - $user_info['status'] = api_format_item($item, $type); + //don't send title to regular StatusNET requests to avoid confusing these apps + if (!empty($_GET['getText'])) { + $ret['title'] = $item['title']; + if ($_GET['getText'] == 'html') { + $ret['text'] = BBCode::convertForUriId($item['uri-id'], $item['body'], BBCode::API); + } elseif ($_GET['getText'] == 'plain') { + $ret['text'] = trim(HTML::toPlaintext(BBCode::convertForUriId($item['uri-id'], api_clean_plain_items($item['body']), BBCode::API), 0)); } + } else { + $ret['text'] = $item['title'] . "\n" . HTML::toPlaintext(BBCode::convertForUriId($item['uri-id'], api_clean_plain_items($item['body']), BBCode::API), 0); + } + if (!empty($_GET['getUserObjects']) && $_GET['getUserObjects'] == 'false') { + unset($ret['sender']); + unset($ret['recipient']); } - // "uid" and "self" are only needed for some internal stuff, so remove it from here - unset($user_info['uid']); - unset($user_info['self']); - - return DI::apiResponse()->formatData("user", $type, ['user' => $user_info]); + return $ret; } -/// @TODO move to top of file or somewhere better -api_register_func('api/account/verify_credentials', 'api_account_verify_credentials', true); - /** - * Get data from $_POST or $_GET * - * @param string $k - * @return null + * @param string $acl_string + * @param int $uid + * @return bool + * @throws Exception */ -function requestdata($k) +function check_acl_input($acl_string, $uid) { - if (!empty($_POST[$k])) { - return $_POST[$k]; - } - if (!empty($_GET[$k])) { - return $_GET[$k]; + if (empty($acl_string)) { + return false; } - return null; -} - -/** - * Deprecated function to upload media. - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_statuses_mediap($type) -{ - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $uid = BaseApi::getCurrentUserID(); - $a = DI::app(); + $contact_not_found = false; - $_REQUEST['profile_uid'] = $uid; - $_REQUEST['api_source'] = true; - $txt = requestdata('status') ?? ''; + // split into array of cid's + preg_match_all("/<[A-Za-z0-9]+>/", $acl_string, $array); - if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) { - $txt = HTML::toBBCodeVideo($txt); - $config = HTMLPurifier_Config::createDefault(); - $config->set('Cache.DefinitionImpl', null); - $purifier = new HTMLPurifier($config); - $txt = $purifier->purify($txt); + // check for each cid if it is available on server + $cid_array = $array[0]; + foreach ($cid_array as $cid) { + $cid = str_replace("<", "", $cid); + $cid = str_replace(">", "", $cid); + $condition = ['id' => $cid, 'uid' => $uid]; + $contact_not_found |= !DBA::exists('contact', $condition); } - $txt = HTML::toBBCode($txt); - - $picture = wall_upload_post($a, false); - - // now that we have the img url in bbcode we can add it to the status and insert the wall item. - $_REQUEST['body'] = $txt . "\n\n" . '[url=' . $picture["albumpage"] . '][img]' . $picture["preview"] . "[/img][/url]"; - $item_id = item_post($a); - - // output the post that we just posted. - return api_status_show($type, $item_id); + return $contact_not_found; } -/// @TODO move this to top of file or somewhere better! -api_register_func('api/statuses/mediap', 'api_statuses_mediap', true, API_METHOD_POST); - /** - * Updates the user’s current status. - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string + * @param string $mediatype + * @param array $media + * @param string $type + * @param string $album + * @param string $allow_cid + * @param string $deny_cid + * @param string $allow_gid + * @param string $deny_gid + * @param string $desc + * @param integer $phototype + * @param boolean $visibility + * @param string $photo_id + * @param int $uid + * @return array * @throws BadRequestException * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException - * @throws TooManyRequestsException + * @throws NotFoundException * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-update */ -function api_statuses_update($type) +function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $phototype, $visibility, $photo_id, $uid) { - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $uid = BaseApi::getCurrentUserID(); - - $a = DI::app(); - - // convert $_POST array items to the form we use for web posts. - if (requestdata('htmlstatus')) { - $txt = requestdata('htmlstatus') ?? ''; - if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) { - $txt = HTML::toBBCodeVideo($txt); - - $config = HTMLPurifier_Config::createDefault(); - $config->set('Cache.DefinitionImpl', null); - - $purifier = new HTMLPurifier($config); - $txt = $purifier->purify($txt); + $visitor = 0; + $src = ""; + $filetype = ""; + $filename = ""; + $filesize = 0; - $_REQUEST['body'] = HTML::toBBCode($txt); + if (is_array($media)) { + if (is_array($media['tmp_name'])) { + $src = $media['tmp_name'][0]; + } else { + $src = $media['tmp_name']; + } + if (is_array($media['name'])) { + $filename = basename($media['name'][0]); + } else { + $filename = basename($media['name']); + } + if (is_array($media['size'])) { + $filesize = intval($media['size'][0]); + } else { + $filesize = intval($media['size']); + } + if (is_array($media['type'])) { + $filetype = $media['type'][0]; + } else { + $filetype = $media['type']; } - } else { - $_REQUEST['body'] = requestdata('status'); } - $_REQUEST['title'] = requestdata('title'); + $filetype = Images::getMimeTypeBySource($src, $filename, $filetype); - $parent = requestdata('in_reply_to_status_id'); + logger::info( + "File upload src: " . $src . " - filename: " . $filename . + " - size: " . $filesize . " - type: " . $filetype); - // Twidere sends "-1" if it is no reply ... - if ($parent == -1) { - $parent = ""; + // check if there was a php upload error + if ($filesize == 0 && $media['error'] == 1) { + throw new InternalServerErrorException("image size exceeds PHP config settings, file was rejected by server"); } - - if (ctype_digit($parent)) { - $_REQUEST['parent'] = $parent; - } else { - $_REQUEST['parent_uri'] = $parent; + // check against max upload size within Friendica instance + $maximagesize = DI::config()->get('system', 'maximagesize'); + if ($maximagesize && ($filesize > $maximagesize)) { + $formattedBytes = Strings::formatBytes($maximagesize); + throw new InternalServerErrorException("image size exceeds Friendica config setting (uploaded size: $formattedBytes)"); } - if (requestdata('lat') && requestdata('long')) { - $_REQUEST['coord'] = sprintf("%s %s", requestdata('lat'), requestdata('long')); + // create Photo instance with the data of the image + $imagedata = @file_get_contents($src); + $Image = new Image($imagedata, $filetype); + if (!$Image->isValid()) { + throw new InternalServerErrorException("unable to process image data"); } - $_REQUEST['profile_uid'] = $uid; - if (!$parent) { - // Check for throttling (maximum posts per day, week and month) - $throttle_day = DI::config()->get('system', 'throttle_limit_day'); - if ($throttle_day > 0) { - $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60); - - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; - $posts_day = Post::count($condition); + // check orientation of image + $Image->orient($src); + @unlink($src); - if ($posts_day > $throttle_day) { - logger::info('Daily posting limit reached for user ' . $uid); - // die(api_error($type, DI::l10n()->t("Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); - throw new TooManyRequestsException(DI::l10n()->tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); - } - } + // check max length of images on server + $max_length = DI::config()->get('system', 'max_image_length'); + if ($max_length > 0) { + $Image->scaleDown($max_length); + logger::info("File upload: Scaling picture to new size " . $max_length); + } + $width = $Image->getWidth(); + $height = $Image->getHeight(); - $throttle_week = DI::config()->get('system', 'throttle_limit_week'); - if ($throttle_week > 0) { - $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*7); + // create a new resource-id if not already provided + $resource_id = ($photo_id == null) ? Photo::newResource() : $photo_id; - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; - $posts_week = Post::count($condition); + if ($mediatype == "photo") { + // upload normal image (scales 0, 1, 2) + logger::info("photo upload: starting new photo upload"); - if ($posts_week > $throttle_week) { - logger::info('Weekly posting limit reached for user ' . $uid); - // die(api_error($type, DI::l10n()->t("Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week))); - throw new TooManyRequestsException(DI::l10n()->tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week)); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 0, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: image upload with scale 0 (original size) failed"); + } + if ($width > 640 || $height > 640) { + $Image->scaleDown(640); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: image upload with scale 1 (640x640) failed"); } } - $throttle_month = DI::config()->get('system', 'throttle_limit_month'); - if ($throttle_month > 0) { - $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*30); - - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; - $posts_month = Post::count($condition); - - if ($posts_month > $throttle_month) { - logger::info('Monthly posting limit reached for user ' . $uid); - // die(api_error($type, DI::l10n()->t("Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); - throw new TooManyRequestsException(DI::l10n()->t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); + if ($width > 320 || $height > 320) { + $Image->scaleDown(320); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: image upload with scale 2 (320x320) failed"); } } - } + logger::info("photo upload: new photo upload ended"); + } elseif ($mediatype == "profileimage") { + // upload profile image (scales 4, 5, 6) + logger::info("photo upload: starting new profile image upload"); - if (requestdata('media_ids')) { - $ids = explode(',', requestdata('media_ids') ?? ''); - } elseif (!empty($_FILES['media'])) { - // upload the image if we have one - $picture = wall_upload_post($a, false); - if (is_array($picture)) { - $ids[] = $picture['id']; + if ($width > 300 || $height > 300) { + $Image->scaleDown(300); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 4, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: profile image upload with scale 4 (300x300) failed"); + } } - } - - $attachments = []; - $ressources = []; - - if (!empty($ids)) { - foreach ($ids as $id) { - $media = DBA::toArray(DBA::p("SELECT `resource-id`, `scale`, `nickname`, `type`, `desc`, `filename`, `datasize`, `width`, `height` FROM `photo` - INNER JOIN `user` ON `user`.`uid` = `photo`.`uid` WHERE `resource-id` IN - (SELECT `resource-id` FROM `photo` WHERE `id` = ?) AND `photo`.`uid` = ? - ORDER BY `photo`.`width` DESC LIMIT 2", $id, $uid)); - - if (!empty($media)) { - $ressources[] = $media[0]['resource-id']; - $phototypes = Images::supportedTypes(); - $ext = $phototypes[$media[0]['type']]; - - $attachment = ['type' => Post\Media::IMAGE, 'mimetype' => $media[0]['type'], - 'url' => DI::baseUrl() . '/photo/' . $media[0]['resource-id'] . '-' . $media[0]['scale'] . '.' . $ext, - 'size' => $media[0]['datasize'], - 'name' => $media[0]['filename'] ?: $media[0]['resource-id'], - 'description' => $media[0]['desc'] ?? '', - 'width' => $media[0]['width'], - 'height' => $media[0]['height']]; - if (count($media) > 1) { - $attachment['preview'] = DI::baseUrl() . '/photo/' . $media[1]['resource-id'] . '-' . $media[1]['scale'] . '.' . $ext; - $attachment['preview-width'] = $media[1]['width']; - $attachment['preview-height'] = $media[1]['height']; - } - $attachments[] = $attachment; + if ($width > 80 || $height > 80) { + $Image->scaleDown(80); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 5, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: profile image upload with scale 5 (80x80) failed"); } } - // We have to avoid that the post is rejected because of an empty body - if (empty($_REQUEST['body'])) { - $_REQUEST['body'] = '[hr]'; + if ($width > 48 || $height > 48) { + $Image->scaleDown(48); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 6, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: profile image upload with scale 6 (48x48) failed"); + } } + $Image->__destruct(); + logger::info("photo upload: new profile image upload ended"); } - if (!empty($attachments)) { - $_REQUEST['attachments'] = $attachments; - } - - // set this so that the item_post() function is quiet and doesn't redirect or emit json - - $_REQUEST['api_source'] = true; - - if (empty($_REQUEST['source'])) { - $_REQUEST['source'] = api_source(); - } - - // call out normal post function - $item_id = item_post($a); - - if (!empty($ressources) && !empty($item_id)) { - $item = Post::selectFirst(['uri-id', 'allow_cid', 'allow_gid', 'deny_cid', 'deny_gid'], ['id' => $item_id]); - foreach ($ressources as $ressource) { - Photo::setPermissionForRessource($ressource, $uid, $item['allow_cid'], $item['allow_gid'], $item['deny_cid'], $item['deny_gid']); + if (!empty($r)) { + // create entry in 'item'-table on new uploads to enable users to comment/like/dislike the photo + if ($photo_id == null && $mediatype == "photo") { + post_photo_item($resource_id, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility, $uid); } + // on success return image data in json/xml format (like /api/friendica/photo does when no scale is given) + return prepare_photo_data($type, false, $resource_id, $uid); + } else { + throw new InternalServerErrorException("image upload failed"); } - - // output the post that we just posted. - return api_status_show($type, $item_id); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/update', 'api_statuses_update', true, API_METHOD_POST); -api_register_func('api/statuses/update_with_media', 'api_statuses_update', true, API_METHOD_POST); - /** - * Uploads an image to Friendica. * - * @return array - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException + * @param string $hash + * @param string $allow_cid + * @param string $deny_cid + * @param string $allow_gid + * @param string $deny_gid + * @param string $filetype + * @param boolean $visibility + * @param int $uid * @throws InternalServerErrorException - * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/media/upload-media/api-reference/post-media-upload */ -function api_media_upload() +function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility, $uid) { - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - - if (empty($_FILES['media'])) { - // Output error - throw new BadRequestException("No media."); - } + // get data about the api authenticated user + $uri = Item::newURI(intval($uid)); + $owner_record = DBA::selectFirst('contact', [], ['uid' => $uid, 'self' => true]); - $media = wall_upload_post(DI::app(), false); - if (!$media) { - // Output error - throw new InternalServerErrorException(); - } + $arr = []; + $arr['guid'] = System::createUUID(); + $arr['uid'] = intval($uid); + $arr['uri'] = $uri; + $arr['type'] = 'photo'; + $arr['wall'] = 1; + $arr['resource-id'] = $hash; + $arr['contact-id'] = $owner_record['id']; + $arr['owner-name'] = $owner_record['name']; + $arr['owner-link'] = $owner_record['url']; + $arr['owner-avatar'] = $owner_record['thumb']; + $arr['author-name'] = $owner_record['name']; + $arr['author-link'] = $owner_record['url']; + $arr['author-avatar'] = $owner_record['thumb']; + $arr['title'] = ""; + $arr['allow_cid'] = $allow_cid; + $arr['allow_gid'] = $allow_gid; + $arr['deny_cid'] = $deny_cid; + $arr['deny_gid'] = $deny_gid; + $arr['visible'] = $visibility; + $arr['origin'] = 1; - $returndata = []; - $returndata["media_id"] = $media["id"]; - $returndata["media_id_string"] = (string)$media["id"]; - $returndata["size"] = $media["size"]; - $returndata["image"] = ["w" => $media["width"], - "h" => $media["height"], - "image_type" => $media["type"], - "friendica_preview_url" => $media["preview"]]; + $typetoext = [ + 'image/jpeg' => 'jpg', + 'image/png' => 'png', + 'image/gif' => 'gif' + ]; - Logger::info('Media uploaded', ['return' => $returndata]); + // adds link to the thumbnail scale photo + $arr['body'] = '[url=' . DI::baseUrl() . '/photos/' . $owner_record['nick'] . '/image/' . $hash . ']' + . '[img]' . DI::baseUrl() . '/photo/' . $hash . '-' . "2" . '.'. $typetoext[$filetype] . '[/img]' + . '[/url]'; - return ["media" => $returndata]; + // do the magic for storing the item in the database and trigger the federation to other contacts + Item::insert($arr); } -/// @TODO move to top of file or somewhere better -api_register_func('api/media/upload', 'api_media_upload', true, API_METHOD_POST); - /** - * Updates media meta data (picture descriptions) * - * @param string $type Return type (atom, rss, xml, json) + * @param string $type + * @param int $scale + * @param string $photo_id * - * @return array|string + * @return array * @throws BadRequestException * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException - * @throws TooManyRequestsException + * @throws NotFoundException * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-update - * - * @todo Compare the corresponding Twitter function for correct return values */ -function api_media_metadata_create($type) +function prepare_photo_data($type, $scale, $photo_id, $uid) { - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $uid = BaseApi::getCurrentUserID(); - - $postdata = Network::postdata(); - - if (empty($postdata)) { - throw new BadRequestException("No post data"); - } + $scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale))); + $data_sql = ($scale === false ? "" : "data, "); - $data = json_decode($postdata, true); - if (empty($data)) { - throw new BadRequestException("Invalid post data"); - } + // added allow_cid, allow_gid, deny_cid, deny_gid to output as string like stored in database + // clients needs to convert this in their way for further processing + $r = DBA::toArray(DBA::p( + "SELECT $data_sql `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, + `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`, + MIN(`scale`) AS `minscale`, MAX(`scale`) AS `maxscale` + FROM `photo` WHERE `uid` = ? AND `resource-id` = ? $scale_sql GROUP BY + `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, + `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`", + $uid, + $photo_id + )); - if (empty($data['media_id']) || empty($data['alt_text'])) { - throw new BadRequestException("Missing post data values"); + $typetoext = [ + 'image/jpeg' => 'jpg', + 'image/png' => 'png', + 'image/gif' => 'gif' + ]; + + // prepare output data for photo + if (DBA::isResult($r)) { + $data = ['photo' => $r[0]]; + $data['photo']['id'] = $data['photo']['resource-id']; + if ($scale !== false) { + $data['photo']['data'] = base64_encode($data['photo']['data']); + } else { + unset($data['photo']['datasize']); //needed only with scale param + } + if ($type == "xml") { + $data['photo']['links'] = []; + for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { + $data['photo']['links'][$k . ":link"]["@attributes"] = ["type" => $data['photo']['type'], + "scale" => $k, + "href" => DI::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]]; + } + } else { + $data['photo']['link'] = []; + // when we have profile images we could have only scales from 4 to 6, but index of array always needs to start with 0 + $i = 0; + for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { + $data['photo']['link'][$i] = DI::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]; + $i++; + } + } + unset($data['photo']['resource-id']); + unset($data['photo']['minscale']); + unset($data['photo']['maxscale']); + } else { + throw new NotFoundException(); } - if (empty($data['alt_text']['text'])) { - throw new BadRequestException("No alt text."); + // retrieve item element for getting activities (like, dislike etc.) related to photo + $condition = ['uid' => $uid, 'resource-id' => $photo_id]; + $item = Post::selectFirst(['id', 'uid', 'uri', 'parent', 'allow_cid', 'deny_cid', 'allow_gid', 'deny_gid'], $condition); + if (!DBA::isResult($item)) { + throw new NotFoundException('Photo-related item not found.'); } - Logger::info('Updating metadata', ['media_id' => $data['media_id']]); + $data['photo']['friendica_activities'] = DI::friendicaActivities()->createFromUriId($item['uri-id'], $item['uid'], $type); - $condition = ['id' => $data['media_id'], 'uid' => $uid]; - $photo = DBA::selectFirst('photo', ['resource-id'], $condition); - if (!DBA::isResult($photo)) { - throw new BadRequestException("Metadata not found."); + // retrieve comments on photo + $condition = ["`parent` = ? AND `uid` = ? AND `gravity` IN (?, ?)", + $item['parent'], $uid, GRAVITY_PARENT, GRAVITY_COMMENT]; + + $statuses = Post::selectForUser($uid, [], $condition); + + // prepare output of comments + $commentData = []; + while ($status = DBA::fetch($statuses)) { + $commentData[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'])->toArray(); } + DBA::close($statuses); - DBA::update('photo', ['desc' => $data['alt_text']['text']], ['resource-id' => $photo['resource-id']]); -} + $comments = []; + if ($type == "xml") { + $k = 0; + foreach ($commentData as $comment) { + $comments[$k++ . ":comment"] = $comment; + } + } else { + foreach ($commentData as $comment) { + $comments[] = $comment; + } + } + $data['photo']['friendica_comments'] = $comments; -api_register_func('api/media/metadata/create', 'api_media_metadata_create', true, API_METHOD_POST); + // include info if rights on photo and rights on item are mismatching + $rights_mismatch = $data['photo']['allow_cid'] != $item['allow_cid'] || + $data['photo']['deny_cid'] != $item['deny_cid'] || + $data['photo']['allow_gid'] != $item['allow_gid'] || + $data['photo']['deny_gid'] != $item['deny_gid']; + $data['photo']['rights_mismatch'] = $rights_mismatch; + + return $data; +} /** - * @param string $type Return format (atom, rss, xml, json) - * @param int $item_id - * @return array|string - * @throws Exception + * + * @param string $text + * + * @return string + * @throws InternalServerErrorException */ -function api_status_show($type, $item_id) +function api_clean_plain_items($text) { - Logger::info(API_LOG_PREFIX . 'Start', ['action' => 'status_show', 'type' => $type, 'item_id' => $item_id]); + $include_entities = strtolower($_REQUEST['include_entities'] ?? 'false'); - $status_info = []; + $text = BBCode::cleanPictureLinks($text); + $URLSearchString = "^\[\]"; - $item = api_get_item(['id' => $item_id]); - if (!empty($item)) { - $status_info = api_format_item($item, $type); + $text = preg_replace("/([!#@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$1$3', $text); + + if ($include_entities == "true") { + $text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '[url=$1]$1[/url]', $text); } - Logger::info(API_LOG_PREFIX . 'End', ['action' => 'get_status', 'status_info' => $status_info]); + // Simplify "attachment" element + $text = BBCode::removeAttachment($text); - return DI::apiResponse()->formatData('statuses', $type, ['status' => $status_info]); + return $text; } /** - * Retrieves the last public status of the provided user info + * Add a new group to the database. + * + * @param string $name Group name + * @param int $uid User ID + * @param array $users List of users to add to the group * - * @param int $ownerId Public contact Id - * @param int $uid User Id * @return array - * @throws Exception + * @throws BadRequestException */ -function api_get_last_status($ownerId, $uid) +function group_create($name, $uid, $users = []) { - $condition = [ - 'author-id'=> $ownerId, - 'uid' => $uid, - 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], - 'private' => [Item::PUBLIC, Item::UNLISTED] - ]; + // error if no name specified + if ($name == "") { + throw new BadRequestException('group name not specified'); + } + + // error message if specified group name already exists + if (DBA::exists('group', ['uid' => $uid, 'name' => $name, 'deleted' => false])) { + throw new BadRequestException('group name already exists'); + } + + // Check if the group needs to be reactivated + if (DBA::exists('group', ['uid' => $uid, 'name' => $name, 'deleted' => true])) { + $reactivate_group = true; + } + + // create group + $ret = Group::create($uid, $name); + if ($ret) { + $gid = Group::getIdByName($uid, $name); + } else { + throw new BadRequestException('other API error'); + } + + // add members + $erroraddinguser = false; + $errorusers = []; + foreach ($users as $user) { + $cid = $user['cid']; + if (DBA::exists('contact', ['id' => $cid, 'uid' => $uid])) { + Group::addMember($gid, $cid); + } else { + $erroraddinguser = true; + $errorusers[] = $cid; + } + } - $item = api_get_item($condition); + // return success message incl. missing users in array + $status = ($erroraddinguser ? "missing user" : ((isset($reactivate_group) && $reactivate_group) ? "reactivated" : "ok")); - return $item; + return ['success' => true, 'gid' => $gid, 'name' => $name, 'status' => $status, 'wrong users' => $errorusers]; } /** - * Retrieves a single item record based on the provided condition and converts it for API use. + * Get data from $_POST or $_GET * - * @param array $condition Item table condition array - * @return array - * @throws Exception + * @param string $k + * @return null */ -function api_get_item(array $condition) +function requestdata($k) { - $item = Post::selectFirst(Item::DISPLAY_FIELDLIST, $condition, ['order' => ['id' => true]]); - - return $item; + if (!empty($_POST[$k])) { + return $_POST[$k]; + } + if (!empty($_GET[$k])) { + return $_GET[$k]; + } + return null; } /** - * Returns extended information of a given user, specified by ID or screen name as per the required id parameter. - * The author's most recent status will be returned inline. + * TWITTER API + */ + +/** + * Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful; + * returns a 401 status code and an error message if not. + * + * @see https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/get-account-verify_credentials * * @param string $type Return type (atom, rss, xml, json) * @return array|string * @throws BadRequestException + * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-users-show */ -function api_users_show($type) +function api_account_verify_credentials($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $uid = BaseApi::getCurrentUserID(); - $user_info = DI::twitterUser()->createFromUserId($uid)->toArray(); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - $item = api_get_last_status($user_info['pid'], $user_info['uid']); - if (!empty($item)) { - $user_info['status'] = api_format_item($item, $type); - } + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); - // "uid" and "self" are only needed for some internal stuff, so remove it from here - unset($user_info['uid']); - unset($user_info['self']); + $skip_status = $_REQUEST['skip_status'] ?? false; - return DI::apiResponse()->formatData('user', $type, ['user' => $user_info]); + $user_info = DI::twitterUser()->createFromUserId($uid, $skip_status)->toArray(); + + // "verified" isn't used here in the standard + unset($user_info["verified"]); + + // "uid" is only needed for some internal stuff, so remove it from here + unset($user_info['uid']); + + return DI::apiResponse()->formatData("user", $type, ['user' => $user_info]); } -/// @TODO move to top of file or somewhere better -api_register_func('api/users/show', 'api_users_show'); -api_register_func('api/externalprofile/show', 'api_users_show'); +api_register_func('api/account/verify_credentials', 'api_account_verify_credentials', true); /** - * Search a public user account. + * Deprecated function to upload media. * * @param string $type Return type (atom, rss, xml, json) * * @return array|string * @throws BadRequestException + * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-users-search */ -function api_users_search($type) +function api_statuses_mediap($type) { - BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); $uid = BaseApi::getCurrentUserID(); - $userlist = []; + $a = DI::app(); - if (!empty($_GET['q'])) { - $contacts = Contact::selectToArray( - ['id'], - [ - '`uid` = 0 AND (`name` = ? OR `nick` = ? OR `url` = ? OR `addr` = ?)', - $_GET['q'], - $_GET['q'], - $_GET['q'], - $_GET['q'], - ] - ); + $_REQUEST['profile_uid'] = $uid; + $_REQUEST['api_source'] = true; + $txt = requestdata('status') ?? ''; - if (DBA::isResult($contacts)) { - $k = 0; - foreach ($contacts as $contact) { - $user_info = DI::twitterUser()->createFromContactId($contact['id'], $uid)->toArray(); + if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) { + $txt = HTML::toBBCodeVideo($txt); + $config = HTMLPurifier_Config::createDefault(); + $config->set('Cache.DefinitionImpl', null); + $purifier = new HTMLPurifier($config); + $txt = $purifier->purify($txt); + } + $txt = HTML::toBBCode($txt); - if ($type == 'xml') { - $userlist[$k++ . ':user'] = $user_info; - } else { - $userlist[] = $user_info; - } - } - $userlist = ['users' => $userlist]; - } else { - throw new NotFoundException('User ' . $_GET['q'] . ' not found.'); - } - } else { - throw new BadRequestException('No search term specified.'); - } + $picture = wall_upload_post($a, false); - return DI::apiResponse()->formatData('users', $type, $userlist); + // now that we have the img url in bbcode we can add it to the status and insert the wall item. + $_REQUEST['body'] = $txt . "\n\n" . '[url=' . $picture["albumpage"] . '][img]' . $picture["preview"] . "[/img][/url]"; + $item_id = item_post($a); + + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + + // output the post that we just posted. + $status_info = DI::twitterStatus()->createFromItemId($item_id, $include_entities)->toArray(); + return DI::apiResponse()->formatData('statuses', $type, ['status' => $status_info]); } -/// @TODO move to top of file or somewhere better -api_register_func('api/users/search', 'api_users_search'); +/// @TODO move this to top of file or somewhere better! +api_register_func('api/statuses/mediap', 'api_statuses_mediap', true, API_METHOD_POST); /** - * Return user objects - * - * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-users-lookup + * Updates the user’s current status. * - * @param string $type Return format: json or xml + * @param string $type Return type (atom, rss, xml, json) * * @return array|string * @throws BadRequestException + * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException - * @throws NotFoundException if the results are empty. + * @throws TooManyRequestsException * @throws UnauthorizedException + * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-update */ -function api_users_lookup($type) +function api_statuses_update($type) { - BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); $uid = BaseApi::getCurrentUserID(); - $users = []; + $a = DI::app(); - if (!empty($_REQUEST['user_id'])) { - foreach (explode(',', $_REQUEST['user_id']) as $cid) { - if (!empty($cid) && is_numeric($cid)) { - $users[] = DI::twitterUser()->createFromContactId((int)$cid, $uid)->toArray(); - } - } - } + // convert $_POST array items to the form we use for web posts. + if (requestdata('htmlstatus')) { + $txt = requestdata('htmlstatus') ?? ''; + if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) { + $txt = HTML::toBBCodeVideo($txt); - if (empty($users)) { - throw new NotFoundException; - } + $config = HTMLPurifier_Config::createDefault(); + $config->set('Cache.DefinitionImpl', null); - return DI::apiResponse()->formatData("users", $type, ['users' => $users]); -} + $purifier = new HTMLPurifier($config); + $txt = $purifier->purify($txt); -/// @TODO move to top of file or somewhere better -api_register_func('api/users/lookup', 'api_users_lookup', true); + $_REQUEST['body'] = HTML::toBBCode($txt); + } + } else { + $_REQUEST['body'] = requestdata('status'); + } -/** - * Returns statuses that match a specified query. - * - * @see https://developer.twitter.com/en/docs/tweets/search/api-reference/get-search-tweets - * - * @param string $type Return format: json, xml, atom, rss - * - * @return array|string - * @throws BadRequestException if the "q" parameter is missing. - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_search($type) -{ - BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $uid = BaseApi::getCurrentUserID(); + $_REQUEST['title'] = requestdata('title'); - if (empty($_REQUEST['q'])) { - throw new BadRequestException('q parameter is required.'); + $parent = requestdata('in_reply_to_status_id'); + + // Twidere sends "-1" if it is no reply ... + if ($parent == -1) { + $parent = ""; } - $searchTerm = trim(rawurldecode($_REQUEST['q'])); + if (ctype_digit($parent)) { + $_REQUEST['parent'] = $parent; + } else { + $_REQUEST['parent_uri'] = $parent; + } - $data = []; - $data['status'] = []; - $count = 15; - $exclude_replies = !empty($_REQUEST['exclude_replies']); - if (!empty($_REQUEST['rpp'])) { - $count = $_REQUEST['rpp']; - } elseif (!empty($_REQUEST['count'])) { - $count = $_REQUEST['count']; + if (requestdata('lat') && requestdata('long')) { + $_REQUEST['coord'] = sprintf("%s %s", requestdata('lat'), requestdata('long')); } + $_REQUEST['profile_uid'] = $uid; - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $page = $_REQUEST['page'] ?? 1; + if (!$parent) { + // Check for throttling (maximum posts per day, week and month) + $throttle_day = DI::config()->get('system', 'throttle_limit_day'); + if ($throttle_day > 0) { + $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60); - $start = max(0, ($page - 1) * $count); + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; + $posts_day = Post::count($condition); - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - if (preg_match('/^#(\w+)$/', $searchTerm, $matches) === 1 && isset($matches[1])) { - $searchTerm = $matches[1]; - $condition = ["`iid` > ? AND `name` = ? AND (NOT `private` OR (`private` AND `uid` = ?))", $since_id, $searchTerm, $uid]; - $tags = DBA::select('tag-search-view', ['uri-id'], $condition); - $uriids = []; - while ($tag = DBA::fetch($tags)) { - $uriids[] = $tag['uri-id']; + if ($posts_day > $throttle_day) { + logger::info('Daily posting limit reached for user ' . $uid); + // die(api_error($type, DI::l10n()->t("Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); + throw new TooManyRequestsException(DI::l10n()->tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); + } } - DBA::close($tags); - if (empty($uriids)) { - return DI::apiResponse()->formatData('statuses', $type, $data); + $throttle_week = DI::config()->get('system', 'throttle_limit_week'); + if ($throttle_week > 0) { + $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*7); + + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; + $posts_week = Post::count($condition); + + if ($posts_week > $throttle_week) { + logger::info('Weekly posting limit reached for user ' . $uid); + // die(api_error($type, DI::l10n()->t("Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week))); + throw new TooManyRequestsException(DI::l10n()->tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week)); + } } - $condition = ['uri-id' => $uriids]; - if ($exclude_replies) { - $condition['gravity'] = GRAVITY_PARENT; + $throttle_month = DI::config()->get('system', 'throttle_limit_month'); + if ($throttle_month > 0) { + $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*30); + + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; + $posts_month = Post::count($condition); + + if ($posts_month > $throttle_month) { + logger::info('Monthly posting limit reached for user ' . $uid); + // die(api_error($type, DI::l10n()->t("Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); + throw new TooManyRequestsException(DI::l10n()->t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); + } } + } - $params['group_by'] = ['uri-id']; - } else { - $condition = ["`id` > ? - " . ($exclude_replies ? " AND `gravity` = " . GRAVITY_PARENT : ' ') . " - AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) - AND `body` LIKE CONCAT('%',?,'%')", - $since_id, $uid, $_REQUEST['q']]; - if ($max_id > 0) { - $condition[0] .= ' AND `id` <= ?'; - $condition[] = $max_id; + if (requestdata('media_ids')) { + $ids = explode(',', requestdata('media_ids') ?? ''); + } elseif (!empty($_FILES['media'])) { + // upload the image if we have one + $picture = wall_upload_post($a, false); + if (is_array($picture)) { + $ids[] = $picture['id']; } } - $statuses = []; + $attachments = []; + $ressources = []; - if (parse_url($searchTerm, PHP_URL_SCHEME) != '') { - $id = Item::fetchByLink($searchTerm, $uid); - if (!$id) { - // Public post - $id = Item::fetchByLink($searchTerm); + if (!empty($ids)) { + foreach ($ids as $id) { + $media = DBA::toArray(DBA::p("SELECT `resource-id`, `scale`, `nickname`, `type`, `desc`, `filename`, `datasize`, `width`, `height` FROM `photo` + INNER JOIN `user` ON `user`.`uid` = `photo`.`uid` WHERE `resource-id` IN + (SELECT `resource-id` FROM `photo` WHERE `id` = ?) AND `photo`.`uid` = ? + ORDER BY `photo`.`width` DESC LIMIT 2", $id, $uid)); + + if (!empty($media)) { + $ressources[] = $media[0]['resource-id']; + $phototypes = Images::supportedTypes(); + $ext = $phototypes[$media[0]['type']]; + + $attachment = ['type' => Post\Media::IMAGE, 'mimetype' => $media[0]['type'], + 'url' => DI::baseUrl() . '/photo/' . $media[0]['resource-id'] . '-' . $media[0]['scale'] . '.' . $ext, + 'size' => $media[0]['datasize'], + 'name' => $media[0]['filename'] ?: $media[0]['resource-id'], + 'description' => $media[0]['desc'] ?? '', + 'width' => $media[0]['width'], + 'height' => $media[0]['height']]; + + if (count($media) > 1) { + $attachment['preview'] = DI::baseUrl() . '/photo/' . $media[1]['resource-id'] . '-' . $media[1]['scale'] . '.' . $ext; + $attachment['preview-width'] = $media[1]['width']; + $attachment['preview-height'] = $media[1]['height']; + } + $attachments[] = $attachment; + } } - if (!empty($id)) { - $statuses = Post::select([], ['id' => $id]); + // We have to avoid that the post is rejected because of an empty body + if (empty($_REQUEST['body'])) { + $_REQUEST['body'] = '[hr]'; } } - $statuses = $statuses ?: Post::selectForUser($uid, [], $condition, $params); + if (!empty($attachments)) { + $_REQUEST['attachments'] = $attachments; + } - $ret = []; - while ($status = DBA::fetch($statuses)) { - $ret[] = api_format_item($status, $type); + // set this so that the item_post() function is quiet and doesn't redirect or emit json + + $_REQUEST['api_source'] = true; + + if (empty($_REQUEST['source'])) { + $_REQUEST['source'] = BaseApi::getCurrentApplication()['name'] ?: 'API'; } - DBA::close($statuses); - $data['status'] = $ret; + // call out normal post function + $item_id = item_post($a); - return DI::apiResponse()->formatData('statuses', $type, $data); + if (!empty($ressources) && !empty($item_id)) { + $item = Post::selectFirst(['uri-id', 'allow_cid', 'allow_gid', 'deny_cid', 'deny_gid'], ['id' => $item_id]); + foreach ($ressources as $ressource) { + Photo::setPermissionForRessource($ressource, $uid, $item['allow_cid'], $item['allow_gid'], $item['deny_cid'], $item['deny_gid']); + } + } + + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + + // output the post that we just posted. + $status_info = DI::twitterStatus()->createFromItemId($item_id, $include_entities)->toArray(); + return DI::apiResponse()->formatData('statuses', $type, ['status' => $status_info]); } -/// @TODO move to top of file or somewhere better -api_register_func('api/search/tweets', 'api_search', true); -api_register_func('api/search', 'api_search', true); +api_register_func('api/statuses/update', 'api_statuses_update', true, API_METHOD_POST); +api_register_func('api/statuses/update_with_media', 'api_statuses_update', true, API_METHOD_POST); /** - * Returns the most recent statuses posted by the user and the users they follow. - * - * @see https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-home_timeline + * Uploads an image to Friendica. * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string + * @return array * @throws BadRequestException * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @todo Optional parameters - * @todo Add reply info + * @see https://developer.twitter.com/en/docs/media/upload-media/api-reference/post-media-upload */ -function api_statuses_home_timeline($type) +function api_media_upload() { - BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $uid = BaseApi::getCurrentUserID(); - - unset($_REQUEST['user_id']); - unset($_GET['user_id']); - - unset($_REQUEST['screen_name']); - unset($_GET['screen_name']); - - // get last network messages - - // params - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page']?? 0; - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $exclude_replies = !empty($_REQUEST['exclude_replies']); - $conversation_id = $_REQUEST['conversation_id'] ?? 0; - - $start = max(0, ($page - 1) * $count); - - $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ?", - $uid, GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; - } - if ($exclude_replies) { - $condition[0] .= ' AND `gravity` = ?'; - $condition[] = GRAVITY_PARENT; - } - if ($conversation_id > 0) { - $condition[0] .= " AND `parent` = ?"; - $condition[] = $conversation_id; + if (empty($_FILES['media'])) { + // Output error + throw new BadRequestException("No media."); } - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser($uid, [], $condition, $params); - - $ret = []; - $idarray = []; - while ($status = DBA::fetch($statuses)) { - $ret[] = api_format_item($status, $type); - $idarray[] = intval($status['id']); + $media = wall_upload_post(DI::app(), false); + if (!$media) { + // Output error + throw new InternalServerErrorException(); } - DBA::close($statuses); - if (!empty($idarray)) { - $unseen = Post::exists(['unseen' => true, 'id' => $idarray]); - if ($unseen) { - Item::update(['unseen' => false], ['unseen' => true, 'id' => $idarray]); - } - } + $returndata = []; + $returndata["media_id"] = $media["id"]; + $returndata["media_id_string"] = (string)$media["id"]; + $returndata["size"] = $media["size"]; + $returndata["image"] = ["w" => $media["width"], + "h" => $media["height"], + "image_type" => $media["type"], + "friendica_preview_url" => $media["preview"]]; - return DI::apiResponse()->formatData("statuses", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); -} + Logger::info('Media uploaded', ['return' => $returndata]); + return ["media" => $returndata]; +} -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/home_timeline', 'api_statuses_home_timeline', true); -api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', true); +api_register_func('api/media/upload', 'api_media_upload', true, API_METHOD_POST); /** - * Returns the most recent statuses from public users. + * Updates media meta data (picture descriptions) * * @param string $type Return type (atom, rss, xml, json) * @@ -1004,274 +1028,293 @@ api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException + * @throws TooManyRequestsException * @throws UnauthorizedException + * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-update + * + * @todo Compare the corresponding Twitter function for correct return values */ -function api_statuses_public_timeline($type) +function api_media_metadata_create($type) { - BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); $uid = BaseApi::getCurrentUserID(); - // get last network messages - - // params - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0); - $conversation_id = $_REQUEST['conversation_id'] ?? 0; - - $start = max(0, ($page - 1) * $count); - - if ($exclude_replies && !$conversation_id) { - $condition = ["`gravity` = ? AND `id` > ? AND `private` = ? AND `wall` AND NOT `author-hidden`", - GRAVITY_PARENT, $since_id, Item::PUBLIC]; + $postdata = Network::postdata(); - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; - } + if (empty($postdata)) { + throw new BadRequestException("No post data"); + } - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser($uid, [], $condition, $params); - } else { - $condition = ["`gravity` IN (?, ?) AND `id` > ? AND `private` = ? AND `wall` AND `origin` AND NOT `author-hidden`", - GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, Item::PUBLIC]; + $data = json_decode($postdata, true); + if (empty($data)) { + throw new BadRequestException("Invalid post data"); + } - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; - } - if ($conversation_id > 0) { - $condition[0] .= " AND `parent` = ?"; - $condition[] = $conversation_id; - } + if (empty($data['media_id']) || empty($data['alt_text'])) { + throw new BadRequestException("Missing post data values"); + } - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser($uid, [], $condition, $params); + if (empty($data['alt_text']['text'])) { + throw new BadRequestException("No alt text."); } - $ret = []; - while ($status = DBA::fetch($statuses)) { - $ret[] = api_format_item($status, $type); + Logger::info('Updating metadata', ['media_id' => $data['media_id']]); + + $condition = ['id' => $data['media_id'], 'uid' => $uid]; + $photo = DBA::selectFirst('photo', ['resource-id'], $condition); + if (!DBA::isResult($photo)) { + throw new BadRequestException("Metadata not found."); } - DBA::close($statuses); - return DI::apiResponse()->formatData("statuses", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); + DBA::update('photo', ['desc' => $data['alt_text']['text']], ['resource-id' => $photo['resource-id']]); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline', true); +api_register_func('api/media/metadata/create', 'api_media_metadata_create', true, API_METHOD_POST); /** - * Returns the most recent statuses posted by users this node knows about. + * Returns extended information of a given user, specified by ID or screen name as per the required id parameter. + * The author's most recent status will be returned inline. * - * @param string $type Return format: json, xml, atom, rss + * @param string $type Return type (atom, rss, xml, json) * @return array|string * @throws BadRequestException - * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException + * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-users-show */ -function api_statuses_networkpublic_timeline($type) +function api_users_show($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $uid = BaseApi::getCurrentUserID(); - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - - // pagination - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; - - $start = max(0, ($page - 1) * $count); + $user_info = DI::twitterUser()->createFromUserId($uid)->toArray(); - $condition = ["`uid` = 0 AND `gravity` IN (?, ?) AND `id` > ? AND `private` = ?", - GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, Item::PUBLIC]; + $condition = [ + 'author-id'=> $user_info['pid'], + 'uid' => $uid, + 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], + 'private' => [Item::PUBLIC, Item::UNLISTED] + ]; - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; + $item = Post::selectFirst(['uri-id', 'id'], $condition); + if (!empty($item)) { + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + $user_info['status'] = DI::twitterStatus()->createFromUriId($item['uri-id'], $item['uid'], $include_entities)->toArray(); } - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser($uid, Item::DISPLAY_FIELDLIST, $condition, $params); - - $ret = []; - while ($status = DBA::fetch($statuses)) { - $ret[] = api_format_item($status, $type); - } - DBA::close($statuses); + // "uid" is only needed for some internal stuff, so remove it from here + unset($user_info['uid']); - return DI::apiResponse()->formatData("statuses", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); + return DI::apiResponse()->formatData('user', $type, ['user' => $user_info]); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpublic_timeline', true); +api_register_func('api/users/show', 'api_users_show'); +api_register_func('api/externalprofile/show', 'api_users_show'); /** - * Returns a single status. + * Search a public user account. * * @param string $type Return type (atom, rss, xml, json) * * @return array|string * @throws BadRequestException - * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/get-statuses-show-id + * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-users-search */ -function api_statuses_show($type) +function api_users_search($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $uid = BaseApi::getCurrentUserID(); - // params - $id = intval(DI::args()->getArgv()[3] ?? 0); - - if ($id == 0) { - $id = intval($_REQUEST['id'] ?? 0); - } - - // Hotot workaround - if ($id == 0) { - $id = intval(DI::args()->getArgv()[4] ?? 0); - } + $userlist = []; - logger::notice('API: api_statuses_show: ' . $id); + if (!empty($_GET['q'])) { + $contacts = Contact::selectToArray( + ['id'], + [ + '`uid` = 0 AND (`name` = ? OR `nick` = ? OR `url` = ? OR `addr` = ?)', + $_GET['q'], + $_GET['q'], + $_GET['q'], + $_GET['q'], + ] + ); - $conversation = !empty($_REQUEST['conversation']); + if (DBA::isResult($contacts)) { + $k = 0; + foreach ($contacts as $contact) { + $user_info = DI::twitterUser()->createFromContactId($contact['id'], $uid)->toArray(); - // try to fetch the item for the local user - or the public item, if there is no local one - $uri_item = Post::selectFirst(['uri-id'], ['id' => $id]); - if (!DBA::isResult($uri_item)) { - throw new BadRequestException(sprintf("There is no status with the id %d", $id)); + if ($type == 'xml') { + $userlist[$k++ . ':user'] = $user_info; + } else { + $userlist[] = $user_info; + } + } + $userlist = ['users' => $userlist]; + } else { + throw new NotFoundException('User ' . $_GET['q'] . ' not found.'); + } + } else { + throw new BadRequestException('No search term specified.'); } - $item = Post::selectFirst(['id'], ['uri-id' => $uri_item['uri-id'], 'uid' => [0, $uid]], ['order' => ['uid' => true]]); - if (!DBA::isResult($item)) { - throw new BadRequestException(sprintf("There is no status with the uri-id %d for the given user.", $uri_item['uri-id'])); - } + return DI::apiResponse()->formatData('users', $type, $userlist); +} - $id = $item['id']; +api_register_func('api/users/search', 'api_users_search'); - if ($conversation) { - $condition = ['parent' => $id, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]]; - $params = ['order' => ['id' => true]]; - } else { - $condition = ['id' => $id, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]]; - $params = []; - } +/** + * Return user objects + * + * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-users-lookup + * + * @param string $type Return format: json or xml + * + * @return array|string + * @throws BadRequestException + * @throws ImagickException + * @throws InternalServerErrorException + * @throws NotFoundException if the results are empty. + * @throws UnauthorizedException + */ +function api_users_lookup($type) +{ + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - $statuses = Post::selectForUser($uid, [], $condition, $params); + $users = []; - /// @TODO How about copying this to above methods which don't check $r ? - if (!DBA::isResult($statuses)) { - throw new BadRequestException(sprintf("There is no status or conversation with the id %d.", $id)); + if (!empty($_REQUEST['user_id'])) { + foreach (explode(',', $_REQUEST['user_id']) as $cid) { + if (!empty($cid) && is_numeric($cid)) { + $users[] = DI::twitterUser()->createFromContactId((int)$cid, $uid)->toArray(); + } + } } - $ret = []; - while ($status = DBA::fetch($statuses)) { - $ret[] = api_format_item($status, $type); + if (empty($users)) { + throw new NotFoundException; } - DBA::close($statuses); - if ($conversation) { - $data = ['status' => $ret]; - return DI::apiResponse()->formatData("statuses", $type, $data); - } else { - $data = ['status' => $ret[0]]; - return DI::apiResponse()->formatData("status", $type, $data); - } + return DI::apiResponse()->formatData("users", $type, ['users' => $users]); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/show', 'api_statuses_show', true); +api_register_func('api/users/lookup', 'api_users_lookup', true); /** + * Returns statuses that match a specified query. * - * @param string $type Return type (atom, rss, xml, json) + * @see https://developer.twitter.com/en/docs/tweets/search/api-reference/get-search-tweets + * + * @param string $type Return format: json, xml, atom, rss * * @return array|string - * @throws BadRequestException + * @throws BadRequestException if the "q" parameter is missing. * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @todo nothing to say? */ -function api_conversation_show($type) +function api_search($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $uid = BaseApi::getCurrentUserID(); - // params - $id = intval(DI::args()->getArgv()[3] ?? 0); - $since_id = intval($_REQUEST['since_id'] ?? 0); - $max_id = intval($_REQUEST['max_id'] ?? 0); - $count = intval($_REQUEST['count'] ?? 20); - $page = intval($_REQUEST['page'] ?? 1); + if (empty($_REQUEST['q'])) { + throw new BadRequestException('q parameter is required.'); + } - $start = max(0, ($page - 1) * $count); + $searchTerm = trim(rawurldecode($_REQUEST['q'])); - if ($id == 0) { - $id = intval($_REQUEST['id'] ?? 0); + $data = []; + $data['status'] = []; + $count = 15; + $exclude_replies = !empty($_REQUEST['exclude_replies']); + if (!empty($_REQUEST['rpp'])) { + $count = $_REQUEST['rpp']; + } elseif (!empty($_REQUEST['count'])) { + $count = $_REQUEST['count']; } - // Hotot workaround - if ($id == 0) { - $id = intval(DI::args()->getArgv()[4] ?? 0); - } + $since_id = $_REQUEST['since_id'] ?? 0; + $max_id = $_REQUEST['max_id'] ?? 0; + $page = $_REQUEST['page'] ?? 1; - Logger::info(API_LOG_PREFIX . '{subaction}', ['module' => 'api', 'action' => 'conversation', 'subaction' => 'show', 'id' => $id]); + $start = max(0, ($page - 1) * $count); - // try to fetch the item for the local user - or the public item, if there is no local one - $item = Post::selectFirst(['parent-uri-id'], ['id' => $id]); - if (!DBA::isResult($item)) { - throw new BadRequestException("There is no status with the id $id."); - } + $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; + if (preg_match('/^#(\w+)$/', $searchTerm, $matches) === 1 && isset($matches[1])) { + $searchTerm = $matches[1]; + $condition = ["`iid` > ? AND `name` = ? AND (NOT `private` OR (`private` AND `uid` = ?))", $since_id, $searchTerm, $uid]; + $tags = DBA::select('tag-search-view', ['uri-id'], $condition); + $uriids = []; + while ($tag = DBA::fetch($tags)) { + $uriids[] = $tag['uri-id']; + } + DBA::close($tags); - $parent = Post::selectFirst(['id'], ['uri-id' => $item['parent-uri-id'], 'uid' => [0, $uid]], ['order' => ['uid' => true]]); - if (!DBA::isResult($parent)) { - throw new BadRequestException("There is no status with this id."); + if (empty($uriids)) { + return DI::apiResponse()->formatData('statuses', $type, $data); + } + + $condition = ['uri-id' => $uriids]; + if ($exclude_replies) { + $condition['gravity'] = GRAVITY_PARENT; + } + + $params['group_by'] = ['uri-id']; + } else { + $condition = ["`id` > ? + " . ($exclude_replies ? " AND `gravity` = " . GRAVITY_PARENT : ' ') . " + AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) + AND `body` LIKE CONCAT('%',?,'%')", + $since_id, $uid, $_REQUEST['q']]; + if ($max_id > 0) { + $condition[0] .= ' AND `id` <= ?'; + $condition[] = $max_id; + } } - $id = $parent['id']; + $statuses = []; - $condition = ["`parent` = ? AND `uid` IN (0, ?) AND `gravity` IN (?, ?) AND `id` > ?", - $id, $uid, GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; + if (parse_url($searchTerm, PHP_URL_SCHEME) != '') { + $id = Item::fetchByLink($searchTerm, $uid); + if (!$id) { + // Public post + $id = Item::fetchByLink($searchTerm); + } - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; + if (!empty($id)) { + $statuses = Post::select([], ['id' => $id]); + } } - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser($uid, [], $condition, $params); + $statuses = $statuses ?: Post::selectForUser($uid, [], $condition, $params); - if (!DBA::isResult($statuses)) { - throw new BadRequestException("There is no status with id $id."); - } + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); $ret = []; while ($status = DBA::fetch($statuses)) { - $ret[] = api_format_item($status, $type); + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); } DBA::close($statuses); - $data = ['status' => $ret]; - return DI::apiResponse()->formatData("statuses", $type, $data); + $data['status'] = $ret; + + return DI::apiResponse()->formatData('statuses', $type, $data); } -/// @TODO move to top of file or somewhere better -api_register_func('api/conversation/show', 'api_conversation_show', true); -api_register_func('api/statusnet/conversation', 'api_conversation_show', true); +api_register_func('api/search/tweets', 'api_search', true); +api_register_func('api/search', 'api_search', true); /** - * Repeats a status. + * Returns the most recent statuses posted by the user and the users they follow. + * + * @see https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-home_timeline * * @param string $type Return type (atom, rss, xml, json) * @@ -1281,74 +1324,77 @@ api_register_func('api/statusnet/conversation', 'api_conversation_show', true); * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-retweet-id + * @todo Optional parameters + * @todo Add reply info */ -function api_statuses_repeat($type) +function api_statuses_home_timeline($type) { - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $uid = BaseApi::getCurrentUserID(); - // params - $id = intval(DI::args()->getArgv()[3] ?? 0); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - if ($id == 0) { - $id = intval($_REQUEST['id'] ?? 0); - } + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); - // Hotot workaround - if ($id == 0) { - $id = intval(DI::args()->getArgv()[4] ?? 0); - } + // get last network messages - logger::notice('API: api_statuses_repeat: ' . $id); + // params + $count = $_REQUEST['count'] ?? 20; + $page = $_REQUEST['page']?? 0; + $since_id = $_REQUEST['since_id'] ?? 0; + $max_id = $_REQUEST['max_id'] ?? 0; + $exclude_replies = !empty($_REQUEST['exclude_replies']); + $conversation_id = $_REQUEST['conversation_id'] ?? 0; - $fields = ['uri-id', 'network', 'body', 'title', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink']; - $item = Post::selectFirst($fields, ['id' => $id, 'private' => [Item::PUBLIC, Item::UNLISTED]]); + $start = max(0, ($page - 1) * $count); - if (DBA::isResult($item) && !empty($item['body'])) { - if (in_array($item['network'], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::TWITTER])) { - if (!Item::performActivity($id, 'announce', $uid)) { - throw new InternalServerErrorException(); - } + $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ?", + $uid, GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; - $item_id = $id; - } else { - if (strpos($item['body'], "[/share]") !== false) { - $pos = strpos($item['body'], "[share"); - $post = substr($item['body'], $pos); - } else { - $post = BBCode::getShareOpeningTag($item['author-name'], $item['author-link'], $item['author-avatar'], $item['plink'], $item['created'], $item['guid']); + if ($max_id > 0) { + $condition[0] .= " AND `id` <= ?"; + $condition[] = $max_id; + } + if ($exclude_replies) { + $condition[0] .= ' AND `gravity` = ?'; + $condition[] = GRAVITY_PARENT; + } + if ($conversation_id > 0) { + $condition[0] .= " AND `parent` = ?"; + $condition[] = $conversation_id; + } - if (!empty($item['title'])) { - $post .= '[h3]' . $item['title'] . "[/h3]\n"; - } + $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; + $statuses = Post::selectForUser($uid, [], $condition, $params); - $post .= $item['body']; - $post .= "[/share]"; - } - $_REQUEST['body'] = $post; - $_REQUEST['profile_uid'] = $uid; - $_REQUEST['api_source'] = true; + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); - if (empty($_REQUEST['source'])) { - $_REQUEST['source'] = api_source(); - } + $ret = []; + $idarray = []; + while ($status = DBA::fetch($statuses)) { + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); + $idarray[] = intval($status['id']); + } + DBA::close($statuses); - $item_id = item_post(DI::app()); + if (!empty($idarray)) { + $unseen = Post::exists(['unseen' => true, 'id' => $idarray]); + if ($unseen) { + Item::update(['unseen' => false], ['unseen' => true, 'id' => $idarray]); } - } else { - throw new ForbiddenException(); } - // output the post that we just posted. - return api_status_show($type, $item_id); + return DI::apiResponse()->formatData("statuses", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHOD_POST); + +api_register_func('api/statuses/home_timeline', 'api_statuses_home_timeline', true); +api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', true); /** - * Destroys a specific status. + * Returns the most recent statuses from public users. * * @param string $type Return type (atom, rss, xml, json) * @@ -1358,131 +1404,83 @@ api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHO * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-destroy-id */ -function api_statuses_destroy($type) -{ - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $uid = BaseApi::getCurrentUserID(); - - // params - $id = intval(DI::args()->getArgv()[3] ?? 0); - - if ($id == 0) { - $id = intval($_REQUEST['id'] ?? 0); - } - - // Hotot workaround - if ($id == 0) { - $id = intval(DI::args()->getArgv()[4] ?? 0); - } - - logger::notice('API: api_statuses_destroy: ' . $id); - - $ret = api_statuses_show($type); - - Item::deleteForUser(['id' => $id], $uid); - - return $ret; -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METHOD_DELETE); - -/** - * Returns the most recent mentions. - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - * @see http://developer.twitter.com/doc/get/statuses/mentions - */ -function api_statuses_mentions($type) +function api_statuses_public_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $uid = BaseApi::getCurrentUserID(); - unset($_REQUEST['user_id']); - unset($_GET['user_id']); - - unset($_REQUEST['screen_name']); - unset($_GET['screen_name']); - // get last network messages // params - $since_id = intval($_REQUEST['since_id'] ?? 0); - $max_id = intval($_REQUEST['max_id'] ?? 0); - $count = intval($_REQUEST['count'] ?? 20); - $page = intval($_REQUEST['page'] ?? 1); + $count = $_REQUEST['count'] ?? 20; + $page = $_REQUEST['page'] ?? 1; + $since_id = $_REQUEST['since_id'] ?? 0; + $max_id = $_REQUEST['max_id'] ?? 0; + $exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0); + $conversation_id = $_REQUEST['conversation_id'] ?? 0; $start = max(0, ($page - 1) * $count); - $query = "`gravity` IN (?, ?) AND `uri-id` IN - (SELECT `uri-id` FROM `post-user-notification` WHERE `uid` = ? AND `notification-type` & ? != 0 ORDER BY `uri-id`) - AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) AND `id` > ?"; + if ($exclude_replies && !$conversation_id) { + $condition = ["`gravity` = ? AND `id` > ? AND `private` = ? AND `wall` AND NOT `author-hidden`", + GRAVITY_PARENT, $since_id, Item::PUBLIC]; - $condition = [ - GRAVITY_PARENT, GRAVITY_COMMENT, - $uid, - Post\UserNotification::TYPE_EXPLICIT_TAGGED | Post\UserNotification::TYPE_IMPLICIT_TAGGED | - Post\UserNotification::TYPE_THREAD_COMMENT | Post\UserNotification::TYPE_DIRECT_COMMENT | - Post\UserNotification::TYPE_DIRECT_THREAD_COMMENT, - $uid, $since_id, - ]; + if ($max_id > 0) { + $condition[0] .= " AND `id` <= ?"; + $condition[] = $max_id; + } - if ($max_id > 0) { - $query .= " AND `id` <= ?"; - $condition[] = $max_id; - } + $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; + $statuses = Post::selectForUser($uid, [], $condition, $params); + } else { + $condition = ["`gravity` IN (?, ?) AND `id` > ? AND `private` = ? AND `wall` AND `origin` AND NOT `author-hidden`", + GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, Item::PUBLIC]; - array_unshift($condition, $query); + if ($max_id > 0) { + $condition[0] .= " AND `id` <= ?"; + $condition[] = $max_id; + } + if ($conversation_id > 0) { + $condition[0] .= " AND `parent` = ?"; + $condition[] = $conversation_id; + } - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser($uid, [], $condition, $params); + $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; + $statuses = Post::selectForUser($uid, [], $condition, $params); + } + + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); $ret = []; while ($status = DBA::fetch($statuses)) { - $ret[] = api_format_item($status, $type); + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); } DBA::close($statuses); return DI::apiResponse()->formatData("statuses", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/mentions', 'api_statuses_mentions', true); -api_register_func('api/statuses/replies', 'api_statuses_mentions', true); +api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline', true); /** - * Returns the most recent statuses posted by the user. + * Returns the most recent statuses posted by users this node knows about. * - * @param string $type Either "json" or "xml" - * @return string|array + * @param string $type Return format: json, xml, atom, rss + * @return array|string * @throws BadRequestException * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-user_timeline */ -function api_statuses_user_timeline($type) +function api_statuses_networkpublic_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $uid = BaseApi::getCurrentUserID(); - Logger::info('api_statuses_user_timeline', ['api_user' => $uid, '_REQUEST' => $_REQUEST]); - - $cid = BaseApi::getContactIDForSearchterm($_REQUEST['screen_name'] ?? '', $_REQUEST['user_id'] ?? 0, $uid); - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $exclude_replies = !empty($_REQUEST['exclude_replies']); - $conversation_id = $_REQUEST['conversation_id'] ?? 0; + $since_id = $_REQUEST['since_id'] ?? 0; + $max_id = $_REQUEST['max_id'] ?? 0; // pagination $count = $_REQUEST['count'] ?? 20; @@ -1490,41 +1488,32 @@ function api_statuses_user_timeline($type) $start = max(0, ($page - 1) * $count); - $condition = ["(`uid` = ? OR (`uid` = ? AND NOT `global`)) AND `gravity` IN (?, ?) AND `id` > ? AND `author-id` = ?", - 0, $uid, GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $cid]; - - if ($exclude_replies) { - $condition[0] .= ' AND `gravity` = ?'; - $condition[] = GRAVITY_PARENT; - } - - if ($conversation_id > 0) { - $condition[0] .= " AND `parent` = ?"; - $condition[] = $conversation_id; - } + $condition = ["`uid` = 0 AND `gravity` IN (?, ?) AND `id` > ? AND `private` = ?", + GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, Item::PUBLIC]; if ($max_id > 0) { $condition[0] .= " AND `id` <= ?"; $condition[] = $max_id; } + $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser($uid, [], $condition, $params); + $statuses = Post::selectForUser($uid, Item::DISPLAY_FIELDLIST, $condition, $params); + + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); $ret = []; while ($status = DBA::fetch($statuses)) { - $ret[] = api_format_item($status, $type); + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); } DBA::close($statuses); return DI::apiResponse()->formatData("statuses", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', true); +api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpublic_timeline', true); /** - * Star/unstar an item. - * param: id : id of the item + * Returns a single status. * * @param string $type Return type (atom, rss, xml, json) * @@ -1534,760 +1523,534 @@ api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', tr * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @see https://web.archive.org/web/20131019055350/https://dev.twitter.com/docs/api/1/post/favorites/create/%3Aid + * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/get-statuses-show-id */ -function api_favorites_create_destroy($type) +function api_statuses_show($type) { - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $uid = BaseApi::getCurrentUserID(); - // for versioned api. - /// @TODO We need a better global soluton - $action_argv_id = 2; - if (count(DI::args()->getArgv()) > 1 && DI::args()->getArgv()[1] == "1.1") { - $action_argv_id = 3; - } + // params + $id = intval(DI::args()->getArgv()[3] ?? 0); - if (DI::args()->getArgc() <= $action_argv_id) { - throw new BadRequestException("Invalid request."); + if ($id == 0) { + $id = intval($_REQUEST['id'] ?? 0); } - $action = str_replace("." . $type, "", DI::args()->getArgv()[$action_argv_id]); - if (DI::args()->getArgc() == $action_argv_id + 2) { - $itemid = intval(DI::args()->getArgv()[$action_argv_id + 1] ?? 0); - } else { - $itemid = intval($_REQUEST['id'] ?? 0); + + // Hotot workaround + if ($id == 0) { + $id = intval(DI::args()->getArgv()[4] ?? 0); } - $item = Post::selectFirstForUser($uid, [], ['id' => $itemid, 'uid' => $uid]); + logger::notice('API: api_statuses_show: ' . $id); + + $conversation = !empty($_REQUEST['conversation']); + + // try to fetch the item for the local user - or the public item, if there is no local one + $uri_item = Post::selectFirst(['uri-id'], ['id' => $id]); + if (!DBA::isResult($uri_item)) { + throw new BadRequestException(sprintf("There is no status with the id %d", $id)); + } + $item = Post::selectFirst(['id'], ['uri-id' => $uri_item['uri-id'], 'uid' => [0, $uid]], ['order' => ['uid' => true]]); if (!DBA::isResult($item)) { - throw new BadRequestException("Invalid item."); + throw new BadRequestException(sprintf("There is no status with the uri-id %d for the given user.", $uri_item['uri-id'])); } - switch ($action) { - case "create": - $item['starred'] = 1; - break; - case "destroy": - $item['starred'] = 0; - break; - default: - throw new BadRequestException("Invalid action ".$action); + $id = $item['id']; + + if ($conversation) { + $condition = ['parent' => $id, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]]; + $params = ['order' => ['id' => true]]; + } else { + $condition = ['id' => $id, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT]]; + $params = []; } - $r = Item::update(['starred' => $item['starred']], ['id' => $itemid]); + $statuses = Post::selectForUser($uid, [], $condition, $params); - if ($r === false) { - throw new InternalServerErrorException("DB error"); + /// @TODO How about copying this to above methods which don't check $r ? + if (!DBA::isResult($statuses)) { + throw new BadRequestException(sprintf("There is no status or conversation with the id %d.", $id)); } - $ret = api_format_item($item, $type); + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); - return DI::apiResponse()->formatData("status", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); + $ret = []; + while ($status = DBA::fetch($statuses)) { + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); + } + DBA::close($statuses); + + if ($conversation) { + $data = ['status' => $ret]; + return DI::apiResponse()->formatData("statuses", $type, $data); + } else { + $data = ['status' => $ret[0]]; + return DI::apiResponse()->formatData("status", $type, $data); + } } -/// @TODO move to top of file or somewhere better -api_register_func('api/favorites/create', 'api_favorites_create_destroy', true, API_METHOD_POST); -api_register_func('api/favorites/destroy', 'api_favorites_create_destroy', true, API_METHOD_DELETE); +api_register_func('api/statuses/show', 'api_statuses_show', true); /** - * Returns the most recent favorite statuses. * * @param string $type Return type (atom, rss, xml, json) * - * @return string|array + * @return array|string * @throws BadRequestException * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException + * @todo nothing to say? */ -function api_favorites($type) +function api_conversation_show($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $uid = BaseApi::getCurrentUserID(); - // in friendica starred item are private - // return favorites only for self - Logger::info(API_LOG_PREFIX . 'for {self}', ['module' => 'api', 'action' => 'favorites']); - // params - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $count = $_GET['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; + $id = intval(DI::args()->getArgv()[3] ?? 0); + $since_id = intval($_REQUEST['since_id'] ?? 0); + $max_id = intval($_REQUEST['max_id'] ?? 0); + $count = intval($_REQUEST['count'] ?? 20); + $page = intval($_REQUEST['page'] ?? 1); $start = max(0, ($page - 1) * $count); - $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `starred`", - $uid, GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; - - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; + if ($id == 0) { + $id = intval($_REQUEST['id'] ?? 0); + } - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; + // Hotot workaround + if ($id == 0) { + $id = intval(DI::args()->getArgv()[4] ?? 0); } - $statuses = Post::selectForUser($uid, [], $condition, $params); + Logger::info(API_LOG_PREFIX . '{subaction}', ['module' => 'api', 'action' => 'conversation', 'subaction' => 'show', 'id' => $id]); - $ret = []; - while ($status = DBA::fetch($statuses)) { - $ret[] = api_format_item($status, $type); + // try to fetch the item for the local user - or the public item, if there is no local one + $item = Post::selectFirst(['parent-uri-id'], ['id' => $id]); + if (!DBA::isResult($item)) { + throw new BadRequestException("There is no status with the id $id."); } - DBA::close($statuses); - return DI::apiResponse()->formatData("statuses", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); -} + $parent = Post::selectFirst(['id'], ['uri-id' => $item['parent-uri-id'], 'uid' => [0, $uid]], ['order' => ['uid' => true]]); + if (!DBA::isResult($parent)) { + throw new BadRequestException("There is no status with this id."); + } -/// @TODO move to top of file or somewhere better -api_register_func('api/favorites', 'api_favorites', true); + $id = $parent['id']; -/** - * - * @param array $item - * @param array $recipient - * @param array $sender - * - * @return array - * @throws InternalServerErrorException - */ -function api_format_messages($item, $recipient, $sender) -{ - // standard meta information - $ret = [ - 'id' => $item['id'], - 'sender_id' => $sender['id'], - 'text' => "", - 'recipient_id' => $recipient['id'], - 'created_at' => DateTimeFormat::utc($item['created'] ?? 'now', DateTimeFormat::API), - 'sender_screen_name' => $sender['screen_name'], - 'recipient_screen_name' => $recipient['screen_name'], - 'sender' => $sender, - 'recipient' => $recipient, - 'title' => "", - 'friendica_seen' => $item['seen'] ?? 0, - 'friendica_parent_uri' => $item['parent-uri'] ?? '', - ]; + $condition = ["`parent` = ? AND `uid` IN (0, ?) AND `gravity` IN (?, ?) AND `id` > ?", + $id, $uid, GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; - // "uid" and "self" are only needed for some internal stuff, so remove it from here - if (isset($ret['sender']['uid'])) { - unset($ret['sender']['uid']); - } - if (isset($ret['sender']['self'])) { - unset($ret['sender']['self']); - } - if (isset($ret['recipient']['uid'])) { - unset($ret['recipient']['uid']); - } - if (isset($ret['recipient']['self'])) { - unset($ret['recipient']['self']); + if ($max_id > 0) { + $condition[0] .= " AND `id` <= ?"; + $condition[] = $max_id; } - //don't send title to regular StatusNET requests to avoid confusing these apps - if (!empty($_GET['getText'])) { - $ret['title'] = $item['title']; - if ($_GET['getText'] == 'html') { - $ret['text'] = BBCode::convertForUriId($item['uri-id'], $item['body'], BBCode::API); - } elseif ($_GET['getText'] == 'plain') { - $ret['text'] = trim(HTML::toPlaintext(BBCode::convertForUriId($item['uri-id'], api_clean_plain_items($item['body']), BBCode::API), 0)); - } - } else { - $ret['text'] = $item['title'] . "\n" . HTML::toPlaintext(BBCode::convertForUriId($item['uri-id'], api_clean_plain_items($item['body']), BBCode::API), 0); + $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; + $statuses = Post::selectForUser($uid, [], $condition, $params); + + if (!DBA::isResult($statuses)) { + throw new BadRequestException("There is no status with id $id."); } - if (!empty($_GET['getUserObjects']) && $_GET['getUserObjects'] == 'false') { - unset($ret['sender']); - unset($ret['recipient']); + + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + + $ret = []; + while ($status = DBA::fetch($statuses)) { + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); } + DBA::close($statuses); - return $ret; + $data = ['status' => $ret]; + return DI::apiResponse()->formatData("statuses", $type, $data); } +api_register_func('api/conversation/show', 'api_conversation_show', true); +api_register_func('api/statusnet/conversation', 'api_conversation_show', true); + /** + * Repeats a status. * - * @param array $item + * @param string $type Return type (atom, rss, xml, json) * - * @return array + * @return array|string + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException * @throws InternalServerErrorException + * @throws UnauthorizedException + * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-retweet-id */ -function api_convert_item($item) +function api_statuses_repeat($type) { - $body = api_add_attachments_to_body($item); - - $entities = api_get_entitities($statustext, $body, $item['uri-id']); - - // Add pictures to the attachment array and remove them from the body - $attachments = api_get_attachments($body, $item['uri-id']); - - // Workaround for ostatus messages where the title is identically to the body - $html = BBCode::convertForUriId($item['uri-id'], api_clean_plain_items($body), BBCode::API); - $statusbody = trim(HTML::toPlaintext($html, 0)); - - // handle data: images - $statusbody = api_format_items_embeded_images($item, $statusbody); - - $statustitle = trim($item['title']); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - if (($statustitle != '') && (strpos($statusbody, $statustitle) !== false)) { - $statustext = trim($statusbody); - } else { - $statustext = trim($statustitle."\n\n".$statusbody); - } + // params + $id = intval(DI::args()->getArgv()[3] ?? 0); - if ((($item['network'] ?? Protocol::PHANTOM) == Protocol::FEED) && (mb_strlen($statustext)> 1000)) { - $statustext = mb_substr($statustext, 0, 1000) . "... \n" . ($item['plink'] ?? ''); + if ($id == 0) { + $id = intval($_REQUEST['id'] ?? 0); } - $statushtml = BBCode::convertForUriId($item['uri-id'], BBCode::removeAttachment($body), BBCode::API); - - // Workaround for clients with limited HTML parser functionality - $search = ["
", "
", "
", - "

", "

", "

", "

", - "

", "

", "

", "

", - "
", "
", "
", "
"]; - $replace = ["
", "
", "

", - "

", "


", "

", "


", - "

", "


", "

", "


", - "
", "

", "
", "

"]; - $statushtml = str_replace($search, $replace, $statushtml); - - if ($item['title'] != "") { - $statushtml = "

" . BBCode::convertForUriId($item['uri-id'], $item['title']) . "


" . $statushtml; + // Hotot workaround + if ($id == 0) { + $id = intval(DI::args()->getArgv()[4] ?? 0); } - do { - $oldtext = $statushtml; - $statushtml = str_replace("

", "
", $statushtml); - } while ($oldtext != $statushtml); - - if (substr($statushtml, 0, 4) == '
') { - $statushtml = substr($statushtml, 4); - } + logger::notice('API: api_statuses_repeat: ' . $id); - if (substr($statushtml, 0, -4) == '
') { - $statushtml = substr($statushtml, -4); - } + $fields = ['uri-id', 'network', 'body', 'title', 'author-name', 'author-link', 'author-avatar', 'guid', 'created', 'plink']; + $item = Post::selectFirst($fields, ['id' => $id, 'private' => [Item::PUBLIC, Item::UNLISTED]]); - // feeds without body should contain the link - if ((($item['network'] ?? Protocol::PHANTOM) == Protocol::FEED) && (strlen($item['body']) == 0)) { - $statushtml .= BBCode::convertForUriId($item['uri-id'], $item['plink']); - } + if (DBA::isResult($item) && !empty($item['body'])) { + if (in_array($item['network'], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::TWITTER])) { + if (!Item::performActivity($id, 'announce', $uid)) { + throw new InternalServerErrorException(); + } - return [ - "text" => $statustext, - "html" => $statushtml, - "attachments" => $attachments, - "entities" => $entities - ]; -} + $item_id = $id; + } else { + if (strpos($item['body'], "[/share]") !== false) { + $pos = strpos($item['body'], "[share"); + $post = substr($item['body'], $pos); + } else { + $post = BBCode::getShareOpeningTag($item['author-name'], $item['author-link'], $item['author-avatar'], $item['plink'], $item['created'], $item['guid']); -/** - * Add media attachments to the body - * - * @param array $item - * @return string body with added media - */ -function api_add_attachments_to_body(array $item) -{ - $body = Post\Media::addAttachmentsToBody($item['uri-id'], $item['body']); + if (!empty($item['title'])) { + $post .= '[h3]' . $item['title'] . "[/h3]\n"; + } - if (strpos($body, '[/img]') !== false) { - return $body; - } + $post .= $item['body']; + $post .= "[/share]"; + } + $_REQUEST['body'] = $post; + $_REQUEST['profile_uid'] = $uid; + $_REQUEST['api_source'] = true; - foreach (Post\Media::getByURIId($item['uri-id'], [Post\Media::HTML]) as $media) { - if (!empty($media['preview'])) { - $description = $media['description'] ?: $media['name']; - if (!empty($description)) { - $body .= "\n[img=" . $media['preview'] . ']' . $description .'[/img]'; - } else { - $body .= "\n[img]" . $media['preview'] .'[/img]'; + if (empty($_REQUEST['source'])) { + $_REQUEST['source'] = BaseApi::getCurrentApplication()['name'] ?: 'API'; } + + $item_id = item_post(DI::app()); } + } else { + throw new ForbiddenException(); } - return $body; + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + + // output the post that we just posted. + $status_info = DI::twitterStatus()->createFromItemId($item_id, $include_entities)->toArray(); + return DI::apiResponse()->formatData('statuses', $type, ['status' => $status_info]); } +api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHOD_POST); + /** + * Destroys a specific status. * - * @param string $body - * @param int $uriid + * @param string $type Return type (atom, rss, xml, json) * - * @return array + * @return array|string + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException * @throws InternalServerErrorException + * @throws UnauthorizedException + * @see https://developer.twitter.com/en/docs/tweets/post-and-engage/api-reference/post-statuses-destroy-id */ -function api_get_attachments(&$body, $uriid) +function api_statuses_destroy($type) { - $body = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $body); - $body = preg_replace("/\[img\=(.*?)\](.*?)\[\/img\]/ism", '[img]$1[/img]', $body); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - $URLSearchString = "^\[\]"; - if (!preg_match_all("/\[img\]([$URLSearchString]*)\[\/img\]/ism", $body, $images)) { - return []; + // params + $id = intval(DI::args()->getArgv()[3] ?? 0); + + if ($id == 0) { + $id = intval($_REQUEST['id'] ?? 0); } - // Remove all embedded pictures, since they are added as attachments - foreach ($images[0] as $orig) { - $body = str_replace($orig, '', $body); + // Hotot workaround + if ($id == 0) { + $id = intval(DI::args()->getArgv()[4] ?? 0); } - $attachments = []; + logger::notice('API: api_statuses_destroy: ' . $id); - foreach ($images[1] as $image) { - $imagedata = Images::getInfoFromURLCached($image); + $ret = api_statuses_show($type); - if ($imagedata) { - $attachments[] = ["url" => Post\Link::getByLink($uriid, $image), "mimetype" => $imagedata["mime"], "size" => $imagedata["size"]]; - } - } + Item::deleteForUser(['id' => $id], $uid); - return $attachments; + return $ret; } +api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METHOD_DELETE); + /** + * Returns the most recent mentions. * - * @param string $text - * @param string $bbcode + * @param string $type Return type (atom, rss, xml, json) * - * @return array + * @return array|string + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException * @throws InternalServerErrorException - * @todo Links at the first character of the post + * @throws UnauthorizedException + * @see http://developer.twitter.com/doc/get/statuses/mentions */ -function api_get_entitities(&$text, $bbcode, $uriid) +function api_statuses_mentions($type) { - $include_entities = strtolower($_REQUEST['include_entities'] ?? 'false'); - - if ($include_entities != "true") { - preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images); - - foreach ($images[1] as $image) { - $replace = Post\Link::getByLink($uriid, $image); - $text = str_replace($image, $replace, $text); - } - return []; - } - - $bbcode = BBCode::cleanPictureLinks($bbcode); - - // Change pure links in text to bbcode uris - $bbcode = preg_replace("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", '$1[url=$2]$2[/url]', $bbcode); - - $entities = []; - $entities["hashtags"] = []; - $entities["symbols"] = []; - $entities["urls"] = []; - $entities["user_mentions"] = []; + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - $URLSearchString = "^\[\]"; + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - $bbcode = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '#$2', $bbcode); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); - $bbcode = preg_replace("/\[bookmark\=([$URLSearchString]*)\](.*?)\[\/bookmark\]/ism", '[url=$1]$2[/url]', $bbcode); - $bbcode = preg_replace("/\[video\](.*?)\[\/video\]/ism", '[url=$1]$1[/url]', $bbcode); + // get last network messages - $bbcode = preg_replace( - "/\[youtube\]([A-Za-z0-9\-_=]+)(.*?)\[\/youtube\]/ism", - '[url=https://www.youtube.com/watch?v=$1]https://www.youtube.com/watch?v=$1[/url]', - $bbcode - ); - $bbcode = preg_replace("/\[youtube\](.*?)\[\/youtube\]/ism", '[url=$1]$1[/url]', $bbcode); + // params + $since_id = intval($_REQUEST['since_id'] ?? 0); + $max_id = intval($_REQUEST['max_id'] ?? 0); + $count = intval($_REQUEST['count'] ?? 20); + $page = intval($_REQUEST['page'] ?? 1); - $bbcode = preg_replace( - "/\[vimeo\]([0-9]+)(.*?)\[\/vimeo\]/ism", - '[url=https://vimeo.com/$1]https://vimeo.com/$1[/url]', - $bbcode - ); - $bbcode = preg_replace("/\[vimeo\](.*?)\[\/vimeo\]/ism", '[url=$1]$1[/url]', $bbcode); + $start = max(0, ($page - 1) * $count); - $bbcode = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $bbcode); + $query = "`gravity` IN (?, ?) AND `uri-id` IN + (SELECT `uri-id` FROM `post-user-notification` WHERE `uid` = ? AND `notification-type` & ? != 0 ORDER BY `uri-id`) + AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) AND `id` > ?"; - preg_match_all("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", $bbcode, $urls); + $condition = [ + GRAVITY_PARENT, GRAVITY_COMMENT, + $uid, + Post\UserNotification::TYPE_EXPLICIT_TAGGED | Post\UserNotification::TYPE_IMPLICIT_TAGGED | + Post\UserNotification::TYPE_THREAD_COMMENT | Post\UserNotification::TYPE_DIRECT_COMMENT | + Post\UserNotification::TYPE_DIRECT_THREAD_COMMENT, + $uid, $since_id, + ]; - $ordered_urls = []; - foreach ($urls[1] as $id => $url) { - $start = iconv_strpos($text, $url, 0, "UTF-8"); - if (!($start === false)) { - $ordered_urls[$start] = ["url" => $url, "title" => $urls[2][$id]]; - } + if ($max_id > 0) { + $query .= " AND `id` <= ?"; + $condition[] = $max_id; } - ksort($ordered_urls); - - $offset = 0; - - foreach ($ordered_urls as $url) { - if ((substr($url["title"], 0, 7) != "http://") && (substr($url["title"], 0, 8) != "https://") - && !strpos($url["title"], "http://") && !strpos($url["title"], "https://") - ) { - $display_url = $url["title"]; - } else { - $display_url = str_replace(["http://www.", "https://www."], ["", ""], $url["url"]); - $display_url = str_replace(["http://", "https://"], ["", ""], $display_url); + array_unshift($condition, $query); - if (strlen($display_url) > 26) { - $display_url = substr($display_url, 0, 25)."…"; - } - } + $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; + $statuses = Post::selectForUser($uid, [], $condition, $params); - $start = iconv_strpos($text, $url["url"], $offset, "UTF-8"); - if (!($start === false)) { - $entities["urls"][] = ["url" => $url["url"], - "expanded_url" => $url["url"], - "display_url" => $display_url, - "indices" => [$start, $start+strlen($url["url"])]]; - $offset = $start + 1; - } - } + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); - preg_match_all("/\[img\=(.*?)\](.*?)\[\/img\]/ism", $bbcode, $images, PREG_SET_ORDER); - $ordered_images = []; - foreach ($images as $image) { - $start = iconv_strpos($text, $image[1], 0, "UTF-8"); - if (!($start === false)) { - $ordered_images[$start] = ['url' => $image[1], 'alt' => $image[2]]; - } + $ret = []; + while ($status = DBA::fetch($statuses)) { + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); } + DBA::close($statuses); - preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images); - foreach ($images[1] as $image) { - $start = iconv_strpos($text, $image, 0, "UTF-8"); - if (!($start === false)) { - $ordered_images[$start] = ['url' => $image, 'alt' => '']; - } - } + return DI::apiResponse()->formatData("statuses", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); +} - $offset = 0; +api_register_func('api/statuses/mentions', 'api_statuses_mentions', true); +api_register_func('api/statuses/replies', 'api_statuses_mentions', true); - foreach ($ordered_images as $image) { - $url = $image['url']; - $ext_alt_text = $image['alt']; +/** + * Returns the most recent statuses posted by the user. + * + * @param string $type Either "json" or "xml" + * @return string|array + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException + * @throws InternalServerErrorException + * @throws UnauthorizedException + * @see https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-user_timeline + */ +function api_statuses_user_timeline($type) +{ + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - $display_url = str_replace(["http://www.", "https://www."], ["", ""], $url); - $display_url = str_replace(["http://", "https://"], ["", ""], $display_url); + Logger::info('api_statuses_user_timeline', ['api_user' => $uid, '_REQUEST' => $_REQUEST]); - if (strlen($display_url) > 26) { - $display_url = substr($display_url, 0, 25)."…"; - } + $cid = BaseApi::getContactIDForSearchterm($_REQUEST['screen_name'] ?? '', $_REQUEST['user_id'] ?? 0, $uid); + $since_id = $_REQUEST['since_id'] ?? 0; + $max_id = $_REQUEST['max_id'] ?? 0; + $exclude_replies = !empty($_REQUEST['exclude_replies']); + $conversation_id = $_REQUEST['conversation_id'] ?? 0; - $start = iconv_strpos($text, $url, $offset, "UTF-8"); - if (!($start === false)) { - $image = Images::getInfoFromURLCached($url); - if ($image) { - $media_url = Post\Link::getByLink($uriid, $url); - $sizes["medium"] = ["w" => $image[0], "h" => $image[1], "resize" => "fit"]; - - $entities["media"][] = [ - "id" => $start+1, - "id_str" => (string) ($start + 1), - "indices" => [$start, $start+strlen($url)], - "media_url" => Strings::normaliseLink($media_url), - "media_url_https" => $media_url, - "url" => $url, - "display_url" => $display_url, - "expanded_url" => $url, - "ext_alt_text" => $ext_alt_text, - "type" => "photo", - "sizes" => $sizes]; - } - $offset = $start + 1; - } + // pagination + $count = $_REQUEST['count'] ?? 20; + $page = $_REQUEST['page'] ?? 1; + + $start = max(0, ($page - 1) * $count); + + $condition = ["(`uid` = ? OR (`uid` = ? AND NOT `global`)) AND `gravity` IN (?, ?) AND `id` > ? AND `author-id` = ?", + 0, $uid, GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $cid]; + + if ($exclude_replies) { + $condition[0] .= ' AND `gravity` = ?'; + $condition[] = GRAVITY_PARENT; } - return $entities; -} + if ($conversation_id > 0) { + $condition[0] .= " AND `parent` = ?"; + $condition[] = $conversation_id; + } -/** - * - * @param array $item - * @param string $text - * - * @return string - */ -function api_format_items_embeded_images($item, $text) -{ - $text = preg_replace_callback( - '|data:image/([^;]+)[^=]+=*|m', - function () use ($item) { - return DI::baseUrl() . '/display/' . $item['guid']; - }, - $text - ); - return $text; -} + if ($max_id > 0) { + $condition[0] .= " AND `id` <= ?"; + $condition[] = $max_id; + } + $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; + $statuses = Post::selectForUser($uid, [], $condition, $params); -/** - * return name as array - * - * @param string $txt text - * @return array - * 'name' => 'name', - * 'url => 'url' - */ -function api_contactlink_to_array($txt) -{ - $match = []; - $r = preg_match_all('|([^<]*)|', $txt, $match); - if ($r && count($match)==3) { - $res = [ - 'name' => $match[2], - 'url' => $match[1] - ]; - } else { - $res = [ - 'name' => $txt, - 'url' => "" - ]; + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + + $ret = []; + while ($status = DBA::fetch($statuses)) { + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); } - return $res; + DBA::close($statuses); + + return DI::apiResponse()->formatData("statuses", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); } +api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', true); /** - * return likes, dislikes and attend status for item + * Star/unstar an item. + * param: id : id of the item * - * @param array $item array * @param string $type Return type (atom, rss, xml, json) * - * @return array - * likes => int count, - * dislikes => int count + * @return array|string * @throws BadRequestException + * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException + * @see https://web.archive.org/web/20131019055350/https://dev.twitter.com/docs/api/1/post/favorites/create/%3Aid */ -function api_format_items_activities($item, $type = "json") +function api_favorites_create_destroy($type) { - $activities = [ - 'like' => [], - 'dislike' => [], - 'attendyes' => [], - 'attendno' => [], - 'attendmaybe' => [], - 'announce' => [], - ]; + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - $condition = ['uid' => $item['uid'], 'thr-parent' => $item['uri'], 'gravity' => GRAVITY_ACTIVITY]; - $ret = Post::selectForUser($item['uid'], ['author-id', 'verb'], $condition); - - while ($parent_item = Post::fetch($ret)) { - // not used as result should be structured like other user data - //builtin_activity_puller($i, $activities); - - // get user data and add it to the array of the activity - $user = DI::twitterUser()->createFromContactId($parent_item['author-id'], $item['uid'])->toArray(); - switch ($parent_item['verb']) { - case Activity::LIKE: - $activities['like'][] = $user; - break; - case Activity::DISLIKE: - $activities['dislike'][] = $user; - break; - case Activity::ATTEND: - $activities['attendyes'][] = $user; - break; - case Activity::ATTENDNO: - $activities['attendno'][] = $user; - break; - case Activity::ATTENDMAYBE: - $activities['attendmaybe'][] = $user; - break; - case Activity::ANNOUNCE: - $activities['announce'][] = $user; - break; - default: - break; - } + // for versioned api. + /// @TODO We need a better global soluton + $action_argv_id = 2; + if (count(DI::args()->getArgv()) > 1 && DI::args()->getArgv()[1] == "1.1") { + $action_argv_id = 3; + } + + if (DI::args()->getArgc() <= $action_argv_id) { + throw new BadRequestException("Invalid request."); + } + $action = str_replace("." . $type, "", DI::args()->getArgv()[$action_argv_id]); + if (DI::args()->getArgc() == $action_argv_id + 2) { + $itemid = intval(DI::args()->getArgv()[$action_argv_id + 1] ?? 0); + } else { + $itemid = intval($_REQUEST['id'] ?? 0); } - DBA::close($ret); + $item = Post::selectFirstForUser($uid, [], ['id' => $itemid, 'uid' => $uid]); - if ($type == "xml") { - $xml_activities = []; - foreach ($activities as $k => $v) { - // change xml element from "like" to "friendica:like" - $xml_activities["friendica:".$k] = $v; - // add user data into xml output - $k_user = 0; - foreach ($v as $user) { - $xml_activities["friendica:".$k][$k_user++.":user"] = $user; - } - } - $activities = $xml_activities; + if (!DBA::isResult($item)) { + throw new BadRequestException("Invalid item."); + } + + switch ($action) { + case "create": + $item['starred'] = 1; + break; + case "destroy": + $item['starred'] = 0; + break; + default: + throw new BadRequestException("Invalid action ".$action); + } + + $r = Item::update(['starred' => $item['starred']], ['id' => $itemid]); + + if ($r === false) { + throw new InternalServerErrorException("DB error"); } - return $activities; + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + + $ret = DI::twitterStatus()->createFromUriId($item['uri-id'], $item['uid'], $include_entities)->toArray(); + + return DI::apiResponse()->formatData("status", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); } +api_register_func('api/favorites/create', 'api_favorites_create_destroy', true, API_METHOD_POST); +api_register_func('api/favorites/destroy', 'api_favorites_create_destroy', true, API_METHOD_DELETE); + /** - * @param array $item Item record - * @param string $type Return format (atom, rss, xml, json) - * @param array $status_user User record of the item author, can be provided by api_item_get_user() - * @param array $author_user User record of the item author, can be provided by api_item_get_user() - * @param array $owner_user User record of the item owner, can be provided by api_item_get_user() - * @return array API-formatted status + * Returns the most recent favorite statuses. + * + * @param string $type Return type (atom, rss, xml, json) + * + * @return string|array * @throws BadRequestException + * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException */ -function api_format_item($item, $type = "json") +function api_favorites($type) { - $author_user = DI::twitterUser()->createFromContactId($item['author-id'], $item['uid'])->toArray(); - $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'], $item['uid'])->toArray(); - - DI::contentItem()->localize($item); - - $in_reply_to = api_in_reply_to($item); - - $converted = api_convert_item($item); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - if ($type == "xml") { - $geo = "georss:point"; - } else { - $geo = "geo"; - } - - $status = [ - 'text' => $converted["text"], - 'truncated' => false, - 'created_at'=> DateTimeFormat::utc($item['created'], DateTimeFormat::API), - 'in_reply_to_status_id' => $in_reply_to['status_id'], - 'in_reply_to_status_id_str' => $in_reply_to['status_id_str'], - 'source' => (($item['app']) ? $item['app'] : 'web'), - 'id' => intval($item['id']), - 'id_str' => (string) intval($item['id']), - 'in_reply_to_user_id' => $in_reply_to['user_id'], - 'in_reply_to_user_id_str' => $in_reply_to['user_id_str'], - 'in_reply_to_screen_name' => $in_reply_to['screen_name'], - $geo => null, - 'favorited' => $item['starred'] ? true : false, - 'user' => $author_user, - 'friendica_author' => $author_user, - 'friendica_owner' => $owner_user, - 'friendica_private' => $item['private'] == Item::PRIVATE, - //'entities' => NULL, - 'statusnet_html' => $converted["html"], - 'statusnet_conversation_id' => $item['parent'], - 'external_url' => DI::baseUrl() . "/display/" . $item['guid'], - 'friendica_activities' => api_format_items_activities($item, $type), - 'friendica_title' => $item['title'], - 'friendica_html' => BBCode::convertForUriId($item['uri-id'], $item['body'], BBCode::EXTERNAL), - 'friendica_comments' => Post::countPosts(['thr-parent-id' => $item['uri-id'], 'deleted' => false, 'gravity' => GRAVITY_COMMENT]) - ]; + // in friendica starred item are private + // return favorites only for self + Logger::info(API_LOG_PREFIX . 'for {self}', ['module' => 'api', 'action' => 'favorites']); - if (count($converted["attachments"]) > 0) { - $status["attachments"] = $converted["attachments"]; - } + // params + $since_id = $_REQUEST['since_id'] ?? 0; + $max_id = $_REQUEST['max_id'] ?? 0; + $count = $_GET['count'] ?? 20; + $page = $_REQUEST['page'] ?? 1; - if (count($converted["entities"]) > 0) { - $status["entities"] = $converted["entities"]; - } + $start = max(0, ($page - 1) * $count); - if ($status["source"] == 'web') { - $status["source"] = ContactSelector::networkToName($item['author-network'], $item['author-link'], $item['network']); - } elseif (ContactSelector::networkToName($item['author-network'], $item['author-link'], $item['network']) != $status["source"]) { - $status["source"] = trim($status["source"].' ('.ContactSelector::networkToName($item['author-network'], $item['author-link'], $item['network']).')'); - } + $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `starred`", + $uid, GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; - $retweeted_item = []; - $quoted_item = []; + $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - if (empty($retweeted_item) && ($item['owner-id'] == $item['author-id'])) { - $announce = api_get_announce($item); - if (!empty($announce)) { - $retweeted_item = $item; - $item = $announce; - $status['friendica_owner'] = DI::twitterUser()->createFromContactId($announce['author-id'], $item['uid'])->toArray(); - } + if ($max_id > 0) { + $condition[0] .= " AND `id` <= ?"; + $condition[] = $max_id; } - if (!empty($quoted_item)) { - if ($quoted_item['id'] != $item['id']) { - $quoted_status = api_format_item($quoted_item); - /// @todo Only remove the attachments that are also contained in the quotes status - unset($status['attachments']); - unset($status['entities']); - } else { - $conv_quoted = api_convert_item($quoted_item); - $quoted_status = $status; - unset($quoted_status['attachments']); - unset($quoted_status['entities']); - unset($quoted_status['statusnet_conversation_id']); - $quoted_status['text'] = $conv_quoted['text']; - $quoted_status['statusnet_html'] = $conv_quoted['html']; - try { - $quoted_status["user"] = DI::twitterUser()->createFromContactId($quoted_item['author-id'], $item['uid'])->toArray(); - } catch (BadRequestException $e) { - // user not found. should be found? - /// @todo check if the user should be always found - $quoted_status["user"] = []; - } - } - unset($quoted_status['friendica_author']); - unset($quoted_status['friendica_owner']); - unset($quoted_status['friendica_activities']); - unset($quoted_status['friendica_private']); - } - - if (!empty($retweeted_item)) { - $retweeted_status = $status; - unset($retweeted_status['friendica_author']); - unset($retweeted_status['friendica_owner']); - unset($retweeted_status['friendica_activities']); - unset($retweeted_status['friendica_private']); - unset($retweeted_status['statusnet_conversation_id']); - $status['user'] = $status['friendica_owner']; - try { - $retweeted_status["user"] = DI::twitterUser()->createFromContactId($retweeted_item['author-id'], $item['uid'])->toArray(); - } catch (BadRequestException $e) { - // user not found. should be found? - /// @todo check if the user should be always found - $retweeted_status["user"] = []; - } - - $rt_converted = api_convert_item($retweeted_item); - - $retweeted_status['text'] = $rt_converted["text"]; - $retweeted_status['statusnet_html'] = $rt_converted["html"]; - $retweeted_status['friendica_html'] = $rt_converted["html"]; - $retweeted_status['created_at'] = DateTimeFormat::utc($retweeted_item['created'], DateTimeFormat::API); + $statuses = Post::selectForUser($uid, [], $condition, $params); - if (!empty($quoted_status)) { - $retweeted_status['quoted_status'] = $quoted_status; - } + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); - $status['friendica_author'] = $retweeted_status['user']; - $status['retweeted_status'] = $retweeted_status; - } elseif (!empty($quoted_status)) { - $root_status = api_convert_item($item); - - $status['text'] = $root_status["text"]; - $status['statusnet_html'] = $root_status["html"]; - $status['quoted_status'] = $quoted_status; - } - - // "uid" and "self" are only needed for some internal stuff, so remove it from here - unset($status["user"]['uid']); - unset($status["user"]['self']); - - if ($item["coord"] != "") { - $coords = explode(' ', $item["coord"]); - if (count($coords) == 2) { - if ($type == "json") { - $status["geo"] = ['type' => 'Point', - 'coordinates' => [(float) $coords[0], - (float) $coords[1]]]; - } else {// Not sure if this is the official format - if someone founds a documentation we can check - $status["georss:point"] = $item["coord"]; - } - } + $ret = []; + while ($status = DBA::fetch($statuses)) { + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); } + DBA::close($statuses); - return $status; + return DI::apiResponse()->formatData("statuses", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); } +api_register_func('api/favorites', 'api_favorites', true); + /** * Returns all lists the user subscribes to. * @@ -2303,7 +2066,6 @@ function api_lists_list($type) return DI::apiResponse()->formatData('lists', $type, ["lists_list" => $ret]); } -/// @TODO move to top of file or somewhere better api_register_func('api/lists/list', 'api_lists_list', true); api_register_func('api/lists/subscriptions', 'api_lists_list', true); @@ -2349,7 +2111,6 @@ function api_lists_ownerships($type) return DI::apiResponse()->formatData("lists", $type, ['lists' => ['lists' => $lists]]); } -/// @TODO move to top of file or somewhere better api_register_func('api/lists/ownerships', 'api_lists_ownerships', true); /** @@ -2411,16 +2172,17 @@ function api_lists_statuses($type) $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; $statuses = Post::selectForUser($uid, [], $condition, $params); + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + $items = []; while ($status = DBA::fetch($statuses)) { - $items[] = api_format_item($status, $type); + $items[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); } DBA::close($statuses); return DI::apiResponse()->formatData("statuses", $type, ['status' => $items], Contact::getPublicIdByUserId($uid)); } -/// @TODO move to top of file or somewhere better api_register_func('api/lists/statuses', 'api_lists_statuses', true); /** @@ -2448,8 +2210,6 @@ function api_statuses_f($qtype) $start = max(0, ($page - 1) * $count); - $user_info = DI::twitterUser()->createFromUserId($uid)->toArray(); - if (!empty($_GET['cursor']) && $_GET['cursor'] == 'undefined') { /* this is to stop Hotot to load friends multiple times * I'm not sure if I'm missing return something or @@ -2494,9 +2254,8 @@ function api_statuses_f($qtype) $ret = []; foreach ($r as $cid) { $user = DI::twitterUser()->createFromContactId($cid['id'], $uid)->toArray(); - // "uid" and "self" are only needed for some internal stuff, so remove it from here + // "uid" is only needed for some internal stuff, so remove it from here unset($user['uid']); - unset($user['self']); if ($user) { $ret[] = $user; @@ -2506,7 +2265,6 @@ function api_statuses_f($qtype) return ['user' => $ret]; } - /** * Returns the list of friends of the provided user * @@ -2526,6 +2284,8 @@ function api_statuses_friends($type) return DI::apiResponse()->formatData("users", $type, $data); } +api_register_func('api/statuses/friends', 'api_statuses_friends', true); + /** * Returns the list of followers of the provided user * @@ -2545,8 +2305,6 @@ function api_statuses_followers($type) return DI::apiResponse()->formatData("users", $type, $data); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/friends', 'api_statuses_friends', true); api_register_func('api/statuses/followers', 'api_statuses_followers', true); /** @@ -2569,7 +2327,6 @@ function api_blocks_list($type) return DI::apiResponse()->formatData("users", $type, $data); } -/// @TODO move to top of file or somewhere better api_register_func('api/blocks/list', 'api_blocks_list', true); /** @@ -2598,7 +2355,6 @@ function api_friendships_incoming($type) return DI::apiResponse()->formatData("ids", $type, ['id' => $ids]); } -/// @TODO move to top of file or somewhere better api_register_func('api/friendships/incoming', 'api_friendships_incoming', true); /** @@ -2633,7 +2389,7 @@ function api_direct_messages_new($type) $replyto = ''; if (!empty($_REQUEST['replyto'])) { - $mail = DBA::selectFirst('mail', ['parent-uri', 'title'], ['uid' => $uid, 'id' => $_REQUEST['replyto']]); + $mail = DBA::selectFirst('mail', ['parent-uri', 'title'], ['uid' => $uid, 'id' => $_REQUEST['replyto']]); $replyto = $mail['parent-uri']; $sub = $mail['title']; } else { @@ -2644,7 +2400,9 @@ function api_direct_messages_new($type) } } - $id = Mail::send($cid, $_POST['text'], $sub, $replyto); + $cdata = Contact::getPublicAndUserContactID($cid, $uid); + + $id = Mail::send($cdata['user'], $_POST['text'], $sub, $replyto); if ($id > -1) { $mail = DBA::selectFirst('mail', [], ['id' => $id]); @@ -2656,7 +2414,6 @@ function api_direct_messages_new($type) return DI::apiResponse()->formatData("direct-messages", $type, ['direct_message' => $ret], Contact::getPublicIdByUserId($uid)); } -/// @TODO move to top of file or somewhere better api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, API_METHOD_POST); /** @@ -2723,7 +2480,6 @@ function api_direct_messages_destroy($type) /// @todo return JSON data like Twitter API not yet implemented } -/// @TODO move to top of file or somewhere better api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', true, API_METHOD_DELETE); /** @@ -2792,9 +2548,8 @@ function api_friendships_destroy($type) throw new HTTPException\InternalServerErrorException('Unable to unfollow this contact, please contact your administrator'); } - // "uid" and "self" are only needed for some internal stuff, so remove it from here + // "uid" is only needed for some internal stuff, so remove it from here unset($contact['uid']); - unset($contact['self']); // Set screen_name since Twidere requests it $contact['screen_name'] = $contact['nick']; @@ -2915,6 +2670,8 @@ function api_direct_messages_sentbox($type) return api_direct_messages_box($type, "sentbox", $verbose); } +api_register_func('api/direct_messages/sent', 'api_direct_messages_sentbox', true); + /** * Returns the most recent direct messages sent to the user. * @@ -2931,6 +2688,8 @@ function api_direct_messages_inbox($type) return api_direct_messages_box($type, "inbox", $verbose); } +api_register_func('api/direct_messages', 'api_direct_messages_inbox', true); + /** * * @param string $type Return type (atom, rss, xml, json) @@ -2945,6 +2704,8 @@ function api_direct_messages_all($type) return api_direct_messages_box($type, "all", $verbose); } +api_register_func('api/direct_messages/all', 'api_direct_messages_all', true); + /** * * @param string $type Return type (atom, rss, xml, json) @@ -2959,11 +2720,7 @@ function api_direct_messages_conversation($type) return api_direct_messages_box($type, "conversation", $verbose); } -/// @TODO move to top of file or somewhere better api_register_func('api/direct_messages/conversation', 'api_direct_messages_conversation', true); -api_register_func('api/direct_messages/all', 'api_direct_messages_all', true); -api_register_func('api/direct_messages/sent', 'api_direct_messages_sentbox', true); -api_register_func('api/direct_messages', 'api_direct_messages_inbox', true); /** * list all photos of the authenticated user @@ -3013,6 +2770,8 @@ function api_fr_photos_list($type) return DI::apiResponse()->formatData("photos", $type, $data); } +api_register_func('api/friendica/photos/list', 'api_fr_photos_list', true); + /** * upload a new photo or change an existing photo * @@ -3106,686 +2865,212 @@ function api_fr_photo_create_update($type) } if (!is_null($deny_cid)) { - $deny_cid = trim($deny_cid); - $updated_fields['deny_cid'] = $deny_cid; - } - - if (!is_null($allow_gid)) { - $allow_gid = trim($allow_gid); - $updated_fields['allow_gid'] = $allow_gid; - } - - if (!is_null($deny_gid)) { - $deny_gid = trim($deny_gid); - $updated_fields['deny_gid'] = $deny_gid; - } - - $result = false; - if (count($updated_fields) > 0) { - $nothingtodo = false; - $result = Photo::update($updated_fields, ['uid' => $uid, 'resource-id' => $photo_id, 'album' => $album]); - } else { - $nothingtodo = true; - } - - if (!empty($_FILES['media'])) { - $nothingtodo = false; - $media = $_FILES['media']; - $data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, Photo::DEFAULT, $visibility, $photo_id, $uid); - if (!is_null($data)) { - return DI::apiResponse()->formatData("photo_update", $type, $data); - } - } - - // return success of updating or error message - if ($result) { - $answer = ['result' => 'updated', 'message' => 'Image id `' . $photo_id . '` has been updated.']; - return DI::apiResponse()->formatData("photo_update", $type, ['$result' => $answer]); - } else { - if ($nothingtodo) { - $answer = ['result' => 'cancelled', 'message' => 'Nothing to update for image id `' . $photo_id . '`.']; - return DI::apiResponse()->formatData("photo_update", $type, ['$result' => $answer]); - } - throw new InternalServerErrorException("unknown error - update photo entry in database failed"); - } - } - throw new InternalServerErrorException("unknown error - this error on uploading or updating a photo should never happen"); -} - -/** - * returns the details of a specified photo id, if scale is given, returns the photo data in base 64 - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array - * @throws BadRequestException - * @throws ForbiddenException - * @throws InternalServerErrorException - * @throws NotFoundException - */ -function api_fr_photo_detail($type) -{ - BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - - if (empty($_REQUEST['photo_id'])) { - throw new BadRequestException("No photo id."); - } - - $scale = (!empty($_REQUEST['scale']) ? intval($_REQUEST['scale']) : false); - $photo_id = $_REQUEST['photo_id']; - - // prepare json/xml output with data from database for the requested photo - $data = prepare_photo_data($type, $scale, $photo_id); - - return DI::apiResponse()->formatData("photo_detail", $type, $data); -} - - -/** - * updates the profile image for the user (either a specified profile or the default profile) - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * - * @return string|array - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws NotFoundException - * @see https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/post-account-update_profile_image - */ -function api_account_update_profile_image($type) -{ - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $uid = BaseApi::getCurrentUserID(); - - // input params - $profile_id = $_REQUEST['profile_id'] ?? 0; - - // error if image data is missing - if (empty($_FILES['image'])) { - throw new BadRequestException("no media data submitted"); - } - - // check if specified profile id is valid - if ($profile_id != 0) { - $profile = DBA::selectFirst('profile', ['is-default'], ['uid' => $uid, 'id' => $profile_id]); - // error message if specified profile id is not in database - if (!DBA::isResult($profile)) { - throw new BadRequestException("profile_id not available"); - } - $is_default_profile = $profile['is-default']; - } else { - $is_default_profile = 1; - } - - // get mediadata from image or media (Twitter call api/account/update_profile_image provides image) - $media = null; - if (!empty($_FILES['image'])) { - $media = $_FILES['image']; - } elseif (!empty($_FILES['media'])) { - $media = $_FILES['media']; - } - // save new profile image - $data = save_media_to_database("profileimage", $media, $type, DI::l10n()->t(Photo::PROFILE_PHOTOS), "", "", "", "", "", Photo::USER_AVATAR, false, null, $uid); - - // get filetype - if (is_array($media['type'])) { - $filetype = $media['type'][0]; - } else { - $filetype = $media['type']; - } - if ($filetype == "image/jpeg") { - $fileext = "jpg"; - } elseif ($filetype == "image/png") { - $fileext = "png"; - } else { - throw new InternalServerErrorException('Unsupported filetype'); - } - - // change specified profile or all profiles to the new resource-id - if ($is_default_profile) { - $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], $uid]; - Photo::update(['profile' => false, 'photo-type' => Photo::DEFAULT], $condition); - } else { - $fields = ['photo' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext, - 'thumb' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext]; - DBA::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => $uid]); - } - - Contact::updateSelfFromUserID($uid, true); - - // Update global directory in background - Profile::publishUpdate($uid); - - // output for client - if ($data) { - return api_account_verify_credentials($type); - } else { - // SaveMediaToDatabase failed for some reason - throw new InternalServerErrorException("image upload failed"); - } -} - -// place api-register for photoalbum calls before 'api/friendica/photo', otherwise this function is never reached -api_register_func('api/friendica/photos/list', 'api_fr_photos_list', true); -api_register_func('api/friendica/photo/create', 'api_fr_photo_create_update', true, API_METHOD_POST); -api_register_func('api/friendica/photo/update', 'api_fr_photo_create_update', true, API_METHOD_POST); -api_register_func('api/friendica/photo', 'api_fr_photo_detail', true); -api_register_func('api/account/update_profile_image', 'api_account_update_profile_image', true, API_METHOD_POST); - -/** - * Update user profile - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_account_update_profile($type) -{ - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $uid = BaseApi::getCurrentUserID(); - - $api_user = DI::twitterUser()->createFromUserId($uid)->toArray(); - - if (!empty($_POST['name'])) { - DBA::update('profile', ['name' => $_POST['name']], ['uid' => $uid]); - DBA::update('user', ['username' => $_POST['name']], ['uid' => $uid]); - Contact::update(['name' => $_POST['name']], ['uid' => $uid, 'self' => 1]); - Contact::update(['name' => $_POST['name']], ['id' => $api_user['id']]); - } - - if (isset($_POST['description'])) { - DBA::update('profile', ['about' => $_POST['description']], ['uid' => $uid]); - Contact::update(['about' => $_POST['description']], ['uid' => $uid, 'self' => 1]); - Contact::update(['about' => $_POST['description']], ['id' => $api_user['id']]); - } - - Profile::publishUpdate($uid); - - return api_account_verify_credentials($type); -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/account/update_profile', 'api_account_update_profile', true, API_METHOD_POST); - -/** - * - * @param string $acl_string - * @param int $uid - * @return bool - * @throws Exception - */ -function check_acl_input($acl_string, $uid) -{ - if (empty($acl_string)) { - return false; - } - - $contact_not_found = false; - - // split into array of cid's - preg_match_all("/<[A-Za-z0-9]+>/", $acl_string, $array); - - // check for each cid if it is available on server - $cid_array = $array[0]; - foreach ($cid_array as $cid) { - $cid = str_replace("<", "", $cid); - $cid = str_replace(">", "", $cid); - $condition = ['id' => $cid, 'uid' => $uid]; - $contact_not_found |= !DBA::exists('contact', $condition); - } - return $contact_not_found; -} - -/** - * @param string $mediatype - * @param array $media - * @param string $type - * @param string $album - * @param string $allow_cid - * @param string $deny_cid - * @param string $allow_gid - * @param string $deny_gid - * @param string $desc - * @param integer $phototype - * @param boolean $visibility - * @param string $photo_id - * @param int $uid - * @return array - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws NotFoundException - * @throws UnauthorizedException - */ -function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $phototype, $visibility, $photo_id, $uid) -{ - $visitor = 0; - $src = ""; - $filetype = ""; - $filename = ""; - $filesize = 0; - - if (is_array($media)) { - if (is_array($media['tmp_name'])) { - $src = $media['tmp_name'][0]; - } else { - $src = $media['tmp_name']; - } - if (is_array($media['name'])) { - $filename = basename($media['name'][0]); - } else { - $filename = basename($media['name']); - } - if (is_array($media['size'])) { - $filesize = intval($media['size'][0]); - } else { - $filesize = intval($media['size']); - } - if (is_array($media['type'])) { - $filetype = $media['type'][0]; - } else { - $filetype = $media['type']; - } - } - - $filetype = Images::getMimeTypeBySource($src, $filename, $filetype); - - logger::info( - "File upload src: " . $src . " - filename: " . $filename . - " - size: " . $filesize . " - type: " . $filetype); - - // check if there was a php upload error - if ($filesize == 0 && $media['error'] == 1) { - throw new InternalServerErrorException("image size exceeds PHP config settings, file was rejected by server"); - } - // check against max upload size within Friendica instance - $maximagesize = DI::config()->get('system', 'maximagesize'); - if ($maximagesize && ($filesize > $maximagesize)) { - $formattedBytes = Strings::formatBytes($maximagesize); - throw new InternalServerErrorException("image size exceeds Friendica config setting (uploaded size: $formattedBytes)"); - } - - // create Photo instance with the data of the image - $imagedata = @file_get_contents($src); - $Image = new Image($imagedata, $filetype); - if (!$Image->isValid()) { - throw new InternalServerErrorException("unable to process image data"); - } - - // check orientation of image - $Image->orient($src); - @unlink($src); - - // check max length of images on server - $max_length = DI::config()->get('system', 'max_image_length'); - if ($max_length > 0) { - $Image->scaleDown($max_length); - logger::info("File upload: Scaling picture to new size " . $max_length); - } - $width = $Image->getWidth(); - $height = $Image->getHeight(); - - // create a new resource-id if not already provided - $resource_id = ($photo_id == null) ? Photo::newResource() : $photo_id; - - if ($mediatype == "photo") { - // upload normal image (scales 0, 1, 2) - logger::info("photo upload: starting new photo upload"); - - $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 0, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: image upload with scale 0 (original size) failed"); - } - if ($width > 640 || $height > 640) { - $Image->scaleDown(640); - $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: image upload with scale 1 (640x640) failed"); - } - } - - if ($width > 320 || $height > 320) { - $Image->scaleDown(320); - $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: image upload with scale 2 (320x320) failed"); - } - } - logger::info("photo upload: new photo upload ended"); - } elseif ($mediatype == "profileimage") { - // upload profile image (scales 4, 5, 6) - logger::info("photo upload: starting new profile image upload"); - - if ($width > 300 || $height > 300) { - $Image->scaleDown(300); - $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 4, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: profile image upload with scale 4 (300x300) failed"); - } - } - - if ($width > 80 || $height > 80) { - $Image->scaleDown(80); - $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 5, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: profile image upload with scale 5 (80x80) failed"); - } - } - - if ($width > 48 || $height > 48) { - $Image->scaleDown(48); - $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 6, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: profile image upload with scale 6 (48x48) failed"); - } - } - $Image->__destruct(); - logger::info("photo upload: new profile image upload ended"); - } - - if (!empty($r)) { - // create entry in 'item'-table on new uploads to enable users to comment/like/dislike the photo - if ($photo_id == null && $mediatype == "photo") { - post_photo_item($resource_id, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility, $uid); - } - // on success return image data in json/xml format (like /api/friendica/photo does when no scale is given) - return prepare_photo_data($type, false, $resource_id); - } else { - throw new InternalServerErrorException("image upload failed"); - } -} - -/** - * - * @param string $hash - * @param string $allow_cid - * @param string $deny_cid - * @param string $allow_gid - * @param string $deny_gid - * @param string $filetype - * @param boolean $visibility - * @param int $uid - * @throws InternalServerErrorException - */ -function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility, $uid) -{ - // get data about the api authenticated user - $uri = Item::newURI(intval($uid)); - $owner_record = DBA::selectFirst('contact', [], ['uid' => $uid, 'self' => true]); - - $arr = []; - $arr['guid'] = System::createUUID(); - $arr['uid'] = intval($uid); - $arr['uri'] = $uri; - $arr['type'] = 'photo'; - $arr['wall'] = 1; - $arr['resource-id'] = $hash; - $arr['contact-id'] = $owner_record['id']; - $arr['owner-name'] = $owner_record['name']; - $arr['owner-link'] = $owner_record['url']; - $arr['owner-avatar'] = $owner_record['thumb']; - $arr['author-name'] = $owner_record['name']; - $arr['author-link'] = $owner_record['url']; - $arr['author-avatar'] = $owner_record['thumb']; - $arr['title'] = ""; - $arr['allow_cid'] = $allow_cid; - $arr['allow_gid'] = $allow_gid; - $arr['deny_cid'] = $deny_cid; - $arr['deny_gid'] = $deny_gid; - $arr['visible'] = $visibility; - $arr['origin'] = 1; - - $typetoext = [ - 'image/jpeg' => 'jpg', - 'image/png' => 'png', - 'image/gif' => 'gif' - ]; - - // adds link to the thumbnail scale photo - $arr['body'] = '[url=' . DI::baseUrl() . '/photos/' . $owner_record['nick'] . '/image/' . $hash . ']' - . '[img]' . DI::baseUrl() . '/photo/' . $hash . '-' . "2" . '.'. $typetoext[$filetype] . '[/img]' - . '[/url]'; - - // do the magic for storing the item in the database and trigger the federation to other contacts - Item::insert($arr); -} - -/** - * - * @param string $type - * @param int $scale - * @param string $photo_id - * - * @return array - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws NotFoundException - * @throws UnauthorizedException - */ -function prepare_photo_data($type, $scale, $photo_id) -{ - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $uid = BaseApi::getCurrentUserID(); - - $scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale))); - $data_sql = ($scale === false ? "" : "data, "); - - // added allow_cid, allow_gid, deny_cid, deny_gid to output as string like stored in database - // clients needs to convert this in their way for further processing - $r = DBA::toArray(DBA::p( - "SELECT $data_sql `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, - `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`, - MIN(`scale`) AS `minscale`, MAX(`scale`) AS `maxscale` - FROM `photo` WHERE `uid` = ? AND `resource-id` = ? $scale_sql GROUP BY - `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, - `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`", - $uid, - $photo_id - )); - - $typetoext = [ - 'image/jpeg' => 'jpg', - 'image/png' => 'png', - 'image/gif' => 'gif' - ]; - - // prepare output data for photo - if (DBA::isResult($r)) { - $data = ['photo' => $r[0]]; - $data['photo']['id'] = $data['photo']['resource-id']; - if ($scale !== false) { - $data['photo']['data'] = base64_encode($data['photo']['data']); - } else { - unset($data['photo']['datasize']); //needed only with scale param - } - if ($type == "xml") { - $data['photo']['links'] = []; - for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { - $data['photo']['links'][$k . ":link"]["@attributes"] = ["type" => $data['photo']['type'], - "scale" => $k, - "href" => DI::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]]; - } - } else { - $data['photo']['link'] = []; - // when we have profile images we could have only scales from 4 to 6, but index of array always needs to start with 0 - $i = 0; - for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { - $data['photo']['link'][$i] = DI::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]; - $i++; - } - } - unset($data['photo']['resource-id']); - unset($data['photo']['minscale']); - unset($data['photo']['maxscale']); - } else { - throw new NotFoundException(); - } - - // retrieve item element for getting activities (like, dislike etc.) related to photo - $condition = ['uid' => $uid, 'resource-id' => $photo_id]; - $item = Post::selectFirst(['id', 'uid', 'uri', 'parent', 'allow_cid', 'deny_cid', 'allow_gid', 'deny_gid'], $condition); - if (!DBA::isResult($item)) { - throw new NotFoundException('Photo-related item not found.'); - } - - $data['photo']['friendica_activities'] = api_format_items_activities($item, $type); - - // retrieve comments on photo - $condition = ["`parent` = ? AND `uid` = ? AND `gravity` IN (?, ?)", - $item['parent'], $uid, GRAVITY_PARENT, GRAVITY_COMMENT]; - - $statuses = Post::selectForUser($uid, [], $condition); + $deny_cid = trim($deny_cid); + $updated_fields['deny_cid'] = $deny_cid; + } - // prepare output of comments - $commentData = []; - while ($status = DBA::fetch($statuses)) { - $commentData[] = api_format_item($status, $type); - } - DBA::close($statuses); + if (!is_null($allow_gid)) { + $allow_gid = trim($allow_gid); + $updated_fields['allow_gid'] = $allow_gid; + } - $comments = []; - if ($type == "xml") { - $k = 0; - foreach ($commentData as $comment) { - $comments[$k++ . ":comment"] = $comment; + if (!is_null($deny_gid)) { + $deny_gid = trim($deny_gid); + $updated_fields['deny_gid'] = $deny_gid; } - } else { - foreach ($commentData as $comment) { - $comments[] = $comment; + + $result = false; + if (count($updated_fields) > 0) { + $nothingtodo = false; + $result = Photo::update($updated_fields, ['uid' => $uid, 'resource-id' => $photo_id, 'album' => $album]); + } else { + $nothingtodo = true; } - } - $data['photo']['friendica_comments'] = $comments; - // include info if rights on photo and rights on item are mismatching - $rights_mismatch = $data['photo']['allow_cid'] != $item['allow_cid'] || - $data['photo']['deny_cid'] != $item['deny_cid'] || - $data['photo']['allow_gid'] != $item['allow_gid'] || - $data['photo']['deny_gid'] != $item['deny_gid']; - $data['photo']['rights_mismatch'] = $rights_mismatch; + if (!empty($_FILES['media'])) { + $nothingtodo = false; + $media = $_FILES['media']; + $data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, Photo::DEFAULT, $visibility, $photo_id, $uid); + if (!is_null($data)) { + return DI::apiResponse()->formatData("photo_update", $type, $data); + } + } - return $data; + // return success of updating or error message + if ($result) { + $answer = ['result' => 'updated', 'message' => 'Image id `' . $photo_id . '` has been updated.']; + return DI::apiResponse()->formatData("photo_update", $type, ['$result' => $answer]); + } else { + if ($nothingtodo) { + $answer = ['result' => 'cancelled', 'message' => 'Nothing to update for image id `' . $photo_id . '`.']; + return DI::apiResponse()->formatData("photo_update", $type, ['$result' => $answer]); + } + throw new InternalServerErrorException("unknown error - update photo entry in database failed"); + } + } + throw new InternalServerErrorException("unknown error - this error on uploading or updating a photo should never happen"); } +api_register_func('api/friendica/photo/create', 'api_fr_photo_create_update', true, API_METHOD_POST); +api_register_func('api/friendica/photo/update', 'api_fr_photo_create_update', true, API_METHOD_POST); + /** - * Return an item with announcer data if it had been announced + * returns the details of a specified photo id, if scale is given, returns the photo data in base 64 * - * @param array $item Item array - * @return array Item array with announce data + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string|array + * @throws BadRequestException + * @throws ForbiddenException + * @throws InternalServerErrorException + * @throws NotFoundException */ -function api_get_announce($item) +function api_fr_photo_detail($type) { - // Quit if the item already has got a different owner and author - if ($item['owner-id'] != $item['author-id']) { - return []; - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - // Don't change original or Diaspora posts - if ($item['origin'] || in_array($item['network'], [Protocol::DIASPORA])) { - return []; + if (empty($_REQUEST['photo_id'])) { + throw new BadRequestException("No photo id."); } - // Quit if we do now the original author and it had been a post from a native network - if (!empty($item['contact-uid']) && in_array($item['network'], Protocol::NATIVE_SUPPORT)) { - return []; - } + $scale = (!empty($_REQUEST['scale']) ? intval($_REQUEST['scale']) : false); + $photo_id = $_REQUEST['photo_id']; - $fields = ['author-id', 'author-name', 'author-link', 'author-avatar']; - $condition = ['parent-uri' => $item['uri'], 'gravity' => GRAVITY_ACTIVITY, 'uid' => [0, $item['uid']], 'vid' => Verb::getID(Activity::ANNOUNCE)]; - $announce = Post::selectFirstForUser($item['uid'], $fields, $condition, ['order' => ['received' => true]]); - if (!DBA::isResult($announce)) { - return []; - } + // prepare json/xml output with data from database for the requested photo + $data = prepare_photo_data($type, $scale, $photo_id, $uid); - return array_merge($item, $announce); + return DI::apiResponse()->formatData("photo_detail", $type, $data); } +api_register_func('api/friendica/photo', 'api_fr_photo_detail', true); + /** + * updates the profile image for the user (either a specified profile or the default profile) * - * @param array $item + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' * - * @return array - * @throws Exception + * @return string|array + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException + * @throws InternalServerErrorException + * @throws NotFoundException + * @see https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/post-account-update_profile_image */ -function api_in_reply_to($item) +function api_account_update_profile_image($type) { - $in_reply_to = []; - - $in_reply_to['status_id'] = null; - $in_reply_to['user_id'] = null; - $in_reply_to['status_id_str'] = null; - $in_reply_to['user_id_str'] = null; - $in_reply_to['screen_name'] = null; - - if (!empty($item['thr-parent']) && ($item['thr-parent'] != $item['uri']) && ($item['gravity'] != GRAVITY_PARENT)) { - $parent = Post::selectFirst(['id'], ['uid' => $item['uid'], 'uri' => $item['thr-parent']]); - if (DBA::isResult($parent)) { - $in_reply_to['status_id'] = intval($parent['id']); - } else { - $in_reply_to['status_id'] = intval($item['parent']); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - $in_reply_to['status_id_str'] = (string) intval($in_reply_to['status_id']); + // input params + $profile_id = $_REQUEST['profile_id'] ?? 0; - $fields = ['author-nick', 'author-name', 'author-id', 'author-link']; - $parent = Post::selectFirst($fields, ['id' => $in_reply_to['status_id']]); + // error if image data is missing + if (empty($_FILES['image'])) { + throw new BadRequestException("no media data submitted"); + } - if (DBA::isResult($parent)) { - $in_reply_to['screen_name'] = (($parent['author-nick']) ? $parent['author-nick'] : $parent['author-name']); - $in_reply_to['user_id'] = intval($parent['author-id']); - $in_reply_to['user_id_str'] = (string) intval($parent['author-id']); + // check if specified profile id is valid + if ($profile_id != 0) { + $profile = DBA::selectFirst('profile', ['is-default'], ['uid' => $uid, 'id' => $profile_id]); + // error message if specified profile id is not in database + if (!DBA::isResult($profile)) { + throw new BadRequestException("profile_id not available"); } + $is_default_profile = $profile['is-default']; + } else { + $is_default_profile = 1; + } - // There seems to be situation, where both fields are identical: - // https://github.com/friendica/friendica/issues/1010 - // This is a bugfix for that. - if (intval($in_reply_to['status_id']) == intval($item['id'])) { - Logger::warning(API_LOG_PREFIX . 'ID {id} is similar to reply-to {reply-to}', ['module' => 'api', 'action' => 'in_reply_to', 'id' => $item['id'], 'reply-to' => $in_reply_to['status_id']]); - $in_reply_to['status_id'] = null; - $in_reply_to['user_id'] = null; - $in_reply_to['status_id_str'] = null; - $in_reply_to['user_id_str'] = null; - $in_reply_to['screen_name'] = null; - } + // get mediadata from image or media (Twitter call api/account/update_profile_image provides image) + $media = null; + if (!empty($_FILES['image'])) { + $media = $_FILES['image']; + } elseif (!empty($_FILES['media'])) { + $media = $_FILES['media']; + } + // save new profile image + $data = save_media_to_database("profileimage", $media, $type, DI::l10n()->t(Photo::PROFILE_PHOTOS), "", "", "", "", "", Photo::USER_AVATAR, false, null, $uid); + + // get filetype + if (is_array($media['type'])) { + $filetype = $media['type'][0]; + } else { + $filetype = $media['type']; + } + if ($filetype == "image/jpeg") { + $fileext = "jpg"; + } elseif ($filetype == "image/png") { + $fileext = "png"; + } else { + throw new InternalServerErrorException('Unsupported filetype'); + } + + // change specified profile or all profiles to the new resource-id + if ($is_default_profile) { + $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], $uid]; + Photo::update(['profile' => false, 'photo-type' => Photo::DEFAULT], $condition); + } else { + $fields = ['photo' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext, + 'thumb' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext]; + DBA::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => $uid]); } - return $in_reply_to; + Contact::updateSelfFromUserID($uid, true); + + // Update global directory in background + Profile::publishUpdate($uid); + + // output for client + if ($data) { + return api_account_verify_credentials($type); + } else { + // SaveMediaToDatabase failed for some reason + throw new InternalServerErrorException("image upload failed"); + } } +api_register_func('api/account/update_profile_image', 'api_account_update_profile_image', true, API_METHOD_POST); + /** + * Update user profile * - * @param string $text + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' * - * @return string + * @return array|string + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException * @throws InternalServerErrorException + * @throws UnauthorizedException */ -function api_clean_plain_items($text) +function api_account_update_profile($type) { - $include_entities = strtolower($_REQUEST['include_entities'] ?? 'false'); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - $text = BBCode::cleanPictureLinks($text); - $URLSearchString = "^\[\]"; + $api_user = DI::twitterUser()->createFromUserId($uid)->toArray(); - $text = preg_replace("/([!#@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$1$3', $text); + if (!empty($_POST['name'])) { + DBA::update('profile', ['name' => $_POST['name']], ['uid' => $uid]); + DBA::update('user', ['username' => $_POST['name']], ['uid' => $uid]); + Contact::update(['name' => $_POST['name']], ['uid' => $uid, 'self' => 1]); + Contact::update(['name' => $_POST['name']], ['id' => $api_user['id']]); + } - if ($include_entities == "true") { - $text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '[url=$1]$1[/url]', $text); + if (isset($_POST['description'])) { + DBA::update('profile', ['about' => $_POST['description']], ['uid' => $uid]); + Contact::update(['about' => $_POST['description']], ['uid' => $uid, 'self' => 1]); + Contact::update(['about' => $_POST['description']], ['id' => $api_user['id']]); } - // Simplify "attachment" element - $text = BBCode::removeAttachment($text); + Profile::publishUpdate($uid); - return $text; + return api_account_verify_credentials($type); } +api_register_func('api/account/update_profile', 'api_account_update_profile', true, API_METHOD_POST); + /** * Return all or a specified group of the user with the containing contacts. * @@ -3892,60 +3177,6 @@ function api_lists_destroy($type) api_register_func('api/lists/destroy', 'api_lists_destroy', true, API_METHOD_DELETE); -/** - * Add a new group to the database. - * - * @param string $name Group name - * @param int $uid User ID - * @param array $users List of users to add to the group - * - * @return array - * @throws BadRequestException - */ -function group_create($name, $uid, $users = []) -{ - // error if no name specified - if ($name == "") { - throw new BadRequestException('group name not specified'); - } - - // error message if specified group name already exists - if (DBA::exists('group', ['uid' => $uid, 'name' => $name, 'deleted' => false])) { - throw new BadRequestException('group name already exists'); - } - - // Check if the group needs to be reactivated - if (DBA::exists('group', ['uid' => $uid, 'name' => $name, 'deleted' => true])) { - $reactivate_group = true; - } - - // create group - $ret = Group::create($uid, $name); - if ($ret) { - $gid = Group::getIdByName($uid, $name); - } else { - throw new BadRequestException('other API error'); - } - - // add members - $erroraddinguser = false; - $errorusers = []; - foreach ($users as $user) { - $cid = $user['cid']; - if (DBA::exists('contact', ['id' => $cid, 'uid' => $uid])) { - Group::addMember($gid, $cid); - } else { - $erroraddinguser = true; - $errorusers[] = $cid; - } - } - - // return success message incl. missing users in array - $status = ($erroraddinguser ? "missing user" : ((isset($reactivate_group) && $reactivate_group) ? "reactivated" : "ok")); - - return ['success' => true, 'gid' => $gid, 'name' => $name, 'status' => $status, 'wrong users' => $errorusers]; -} - /** * Create the specified group with the posted array of contacts. * @@ -4167,8 +3398,10 @@ function api_friendica_notification_seen($type) if ($Notify->otype === Notification\ObjectType::ITEM) { $item = Post::selectFirstForUser($uid, [], ['id' => $Notify->iid, 'uid' => $uid]); if (DBA::isResult($item)) { + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + // we found the item, return it to the user - $ret = [api_format_item($item, $type)]; + $ret = [DI::twitterStatus()->createFromUriId($item['uri-id'], $item['uid'], $include_entities)->toArray()]; $data = ['status' => $ret]; return DI::apiResponse()->formatData('status', $type, $data); } @@ -4183,7 +3416,6 @@ function api_friendica_notification_seen($type) } } -/// @TODO move to top of file or somewhere better api_register_func('api/friendica/notification/seen', 'api_friendica_notification_seen', true, API_METHOD_POST); /** @@ -4250,5 +3482,4 @@ function api_friendica_direct_messages_search($type, $box = "") return DI::apiResponse()->formatData("direct_message_search", $type, ['$result' => $success]); } -/// @TODO move to top of file or somewhere better api_register_func('api/friendica/direct_messages_search', 'api_friendica_direct_messages_search', true);