X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fapi.php;h=c44bd6bdf50d2d539c3c97285ec84aa371d79f05;hb=c4d52feea5767555a04b248a2c1ba0dc0da19a57;hp=68d38f74e130b36a30ae466a53dc32528241ab52;hpb=fca93793480839660870e899bea88f3637859fff;p=friendica.git diff --git a/include/api.php b/include/api.php index 68d38f74e1..c44bd6bdf5 100644 --- a/include/api.php +++ b/include/api.php @@ -24,8 +24,6 @@ */ use Friendica\App; -use Friendica\Collection\Api\Notifications as ApiNotifications; -use Friendica\Content\ContactSelector; use Friendica\Content\Text\BBCode; use Friendica\Content\Text\HTML; use Friendica\Core\Logger; @@ -42,25 +40,19 @@ use Friendica\Model\Photo; use Friendica\Model\Post; use Friendica\Model\Profile; use Friendica\Model\User; -use Friendica\Model\Verb; use Friendica\Module\BaseApi; use Friendica\Network\HTTPException; use Friendica\Network\HTTPException\BadRequestException; use Friendica\Network\HTTPException\ForbiddenException; use Friendica\Network\HTTPException\InternalServerErrorException; -use Friendica\Network\HTTPException\MethodNotAllowedException; use Friendica\Network\HTTPException\NotFoundException; use Friendica\Network\HTTPException\TooManyRequestsException; use Friendica\Network\HTTPException\UnauthorizedException; -use Friendica\Object\Api\Friendica\Notification as ApiNotification; use Friendica\Object\Image; -use Friendica\Protocol\Activity; use Friendica\Security\BasicAuth; -use Friendica\Security\OAuth; use Friendica\Util\DateTimeFormat; use Friendica\Util\Images; use Friendica\Util\Network; -use Friendica\Util\Proxy; use Friendica\Util\Strings; require_once __DIR__ . '/../mod/item.php'; @@ -74,73 +66,6 @@ define('API_METHOD_DELETE', 'POST,DELETE'); define('API_LOG_PREFIX', 'API {action} - '); $API = []; -$called_api = []; - -/** - * Auth API user - * - * It is not sufficient to use local_user() to check whether someone is allowed to use the API, - * because this will open CSRF holes (just embed an image with src=friendicasite.com/api/statuses/update?status=CSRF - * into a page, and visitors will post something without noticing it). - */ -function api_user() -{ - $user = OAuth::getCurrentUserID(); - if (!empty($user)) { - return $user; - } - - if (!empty($_SESSION['allow_api'])) { - return local_user(); - } - - return false; -} - -/** - * Get source name from API client - * - * Clients can send 'source' parameter to be show in post metadata - * as "sent via ". - * Some clients doesn't send a source param, we support ones we know - * (only Twidere, atm) - * - * @return string - * Client source name, default to "api" if unset/unknown - * @throws Exception - */ -function api_source() -{ - if (requestdata('source')) { - return requestdata('source'); - } - - // Support for known clients that doesn't send a source name - if (!empty($_SERVER['HTTP_USER_AGENT'])) { - if(strpos($_SERVER['HTTP_USER_AGENT'], "Twidere") !== false) { - return "Twidere"; - } - - Logger::info(API_LOG_PREFIX . 'Unrecognized user-agent', ['module' => 'api', 'action' => 'source', 'http_user_agent' => $_SERVER['HTTP_USER_AGENT']]); - } else { - Logger::info(API_LOG_PREFIX . 'Empty user-agent', ['module' => 'api', 'action' => 'source']); - } - - return "api"; -} - -/** - * Format date for API - * - * @param string $str Source date, as UTC - * @return string Date in UTC formatted as "D M d H:i:s +0000 Y" - * @throws Exception - */ -function api_date($str) -{ - // Wed May 23 06:01:13 +0000 2007 - return DateTimeFormat::utc($str, "D M d H:i:s +0000 Y"); -} /** * Register a function to be the endpoint for defined API path. @@ -172,24 +97,6 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY ]; } -/** - * Check HTTP method of called API - * - * API endpoints can define which HTTP method to accept when called. - * This function check the current HTTP method agains endpoint - * registered method. - * - * @param string $method Required methods, uppercase, separated by comma - * @return bool - */ -function api_check_method($method) -{ - if ($method == "*") { - return true; - } - return (stripos($method, $_SERVER['REQUEST_METHOD'] ?? 'GET') !== false); -} - /** * Main API entry point * @@ -202,7 +109,7 @@ function api_check_method($method) */ function api_call(App $a, App\Arguments $args = null) { - global $API, $called_api; + global $API; if ($args == null) { $args = DI::args(); @@ -225,13 +132,7 @@ function api_call(App $a, App\Arguments $args = null) try { foreach ($API as $p => $info) { if (strpos($args->getCommand(), $p) === 0) { - if (!api_check_method($info['method'])) { - throw new MethodNotAllowedException(); - } - - $called_api = explode("/", $p); - - if (!empty($info['auth']) && api_user() === false) { + if (!empty($info['auth']) && BaseApi::getCurrentUserID() === false) { BasicAuth::getCurrentUserID(true); Logger::info(API_LOG_PREFIX . 'nickname {nickname}', ['module' => 'api', 'action' => 'call', 'nickname' => $a->getLoggedInUserNickname()]); } @@ -284,452 +185,507 @@ function api_call(App $a, App\Arguments $args = null) Logger::warning(API_LOG_PREFIX . 'not implemented', ['module' => 'api', 'action' => 'call', 'query' => DI::args()->getQueryString()]); throw new NotFoundException(); } catch (HTTPException $e) { - BaseApi::error($e->getCode(), $e->getDescription(), $e->getMessage(), $type); + Logger::notice(API_LOG_PREFIX . 'got exception', ['module' => 'api', 'action' => 'call', 'query' => DI::args()->getQueryString(), 'error' => $e]); + DI::apiResponse()->error($e->getCode(), $e->getDescription(), $e->getMessage(), $type); } } /** - * Set values for RSS template * - * @param App $a - * @param array $arr Array to be passed to template - * @param array $user_info User info + * @param array $item + * @param array $recipient + * @param array $sender + * * @return array - * @throws BadRequestException - * @throws ImagickException * @throws InternalServerErrorException - * @throws UnauthorizedException - * @todo find proper type-hints */ -function api_rss_extra(App $a, $arr, $user_info) +function api_format_messages($item, $recipient, $sender) { - if (is_null($user_info)) { - $user_info = api_get_user(); - } - - $arr['$user'] = $user_info; - $arr['$rss'] = [ - 'alternate' => $user_info['url'], - 'self' => DI::baseUrl() . "/" . DI::args()->getQueryString(), - 'base' => DI::baseUrl(), - 'updated' => api_date(null), - 'atom_updated' => DateTimeFormat::utcNow(DateTimeFormat::ATOM), - 'language' => $user_info['lang'], - 'logo' => DI::baseUrl() . "/images/friendica-32.png", + // standard meta information + $ret = [ + 'id' => $item['id'], + 'sender_id' => $sender['id'], + 'text' => "", + 'recipient_id' => $recipient['id'], + 'created_at' => DateTimeFormat::utc($item['created'] ?? 'now', DateTimeFormat::API), + 'sender_screen_name' => $sender['screen_name'], + 'recipient_screen_name' => $recipient['screen_name'], + 'sender' => $sender, + 'recipient' => $recipient, + 'title' => "", + 'friendica_seen' => $item['seen'] ?? 0, + 'friendica_parent_uri' => $item['parent-uri'] ?? '', ]; - return $arr; -} + // "uid" is only needed for some internal stuff, so remove it from here + if (isset($ret['sender']['uid'])) { + unset($ret['sender']['uid']); + } + if (isset($ret['recipient']['uid'])) { + unset($ret['recipient']['uid']); + } + + //don't send title to regular StatusNET requests to avoid confusing these apps + if (!empty($_GET['getText'])) { + $ret['title'] = $item['title']; + if ($_GET['getText'] == 'html') { + $ret['text'] = BBCode::convertForUriId($item['uri-id'], $item['body'], BBCode::API); + } elseif ($_GET['getText'] == 'plain') { + $ret['text'] = trim(HTML::toPlaintext(BBCode::convertForUriId($item['uri-id'], api_clean_plain_items($item['body']), BBCode::API), 0)); + } + } else { + $ret['text'] = $item['title'] . "\n" . HTML::toPlaintext(BBCode::convertForUriId($item['uri-id'], api_clean_plain_items($item['body']), BBCode::API), 0); + } + if (!empty($_GET['getUserObjects']) && $_GET['getUserObjects'] == 'false') { + unset($ret['sender']); + unset($ret['recipient']); + } + return $ret; +} /** - * Unique contact to contact url. * - * @param int $id Contact id - * @return bool|string - * Contact url or False if contact id is unknown + * @param string $acl_string + * @param int $uid + * @return bool * @throws Exception */ -function api_unique_id_to_nurl($id) +function check_acl_input($acl_string, $uid) { - $r = DBA::selectFirst('contact', ['nurl'], ['id' => $id]); - - if (DBA::isResult($r)) { - return $r["nurl"]; - } else { + if (empty($acl_string)) { return false; } + + $contact_not_found = false; + + // split into array of cid's + preg_match_all("/<[A-Za-z0-9]+>/", $acl_string, $array); + + // check for each cid if it is available on server + $cid_array = $array[0]; + foreach ($cid_array as $cid) { + $cid = str_replace("<", "", $cid); + $cid = str_replace(">", "", $cid); + $condition = ['id' => $cid, 'uid' => $uid]; + $contact_not_found |= !DBA::exists('contact', $condition); + } + return $contact_not_found; } /** - * Get user info array. - * - * @param App $a App - * @param int|string $contact_id Contact ID or URL - * @return array|bool + * @param string $mediatype + * @param array $media + * @param string $type + * @param string $album + * @param string $allow_cid + * @param string $deny_cid + * @param string $allow_gid + * @param string $deny_gid + * @param string $desc + * @param integer $phototype + * @param boolean $visibility + * @param string $photo_id + * @param int $uid + * @return array * @throws BadRequestException + * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException + * @throws NotFoundException * @throws UnauthorizedException */ -function api_get_user($contact_id = null) +function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $phototype, $visibility, $photo_id, $uid) { - global $called_api; - - $user = null; - $extra_query = ""; - $url = ""; - - Logger::info(API_LOG_PREFIX . 'Fetching data for user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $contact_id]); + $visitor = 0; + $src = ""; + $filetype = ""; + $filename = ""; + $filesize = 0; - // Searching for contact URL - if (!is_null($contact_id) && (intval($contact_id) == 0)) { - $user = Strings::normaliseLink($contact_id); - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); + if (is_array($media)) { + if (is_array($media['tmp_name'])) { + $src = $media['tmp_name'][0]; + } else { + $src = $media['tmp_name']; } - } - - // Searching for contact id with uid = 0 - if (!is_null($contact_id) && (intval($contact_id) != 0)) { - $user = api_unique_id_to_nurl(intval($contact_id)); - - if ($user == "") { - throw new BadRequestException("User ID ".$contact_id." not found."); + if (is_array($media['name'])) { + $filename = basename($media['name'][0]); + } else { + $filename = basename($media['name']); } - - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); + if (is_array($media['size'])) { + $filesize = intval($media['size'][0]); + } else { + $filesize = intval($media['size']); + } + if (is_array($media['type'])) { + $filetype = $media['type'][0]; + } else { + $filetype = $media['type']; } } - if (is_null($user) && !empty($_GET['user_id'])) { - $user = api_unique_id_to_nurl($_GET['user_id']); + $filetype = Images::getMimeTypeBySource($src, $filename, $filetype); - if ($user == "") { - throw new BadRequestException("User ID ".$_GET['user_id']." not found."); - } + logger::info( + "File upload src: " . $src . " - filename: " . $filename . + " - size: " . $filesize . " - type: " . $filetype); - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); - } - } - if (is_null($user) && !empty($_GET['screen_name'])) { - $user = $_GET['screen_name']; - $extra_query = "AND `contact`.`nick` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=".intval(api_user()); - } + // check if there was a php upload error + if ($filesize == 0 && $media['error'] == 1) { + throw new InternalServerErrorException("image size exceeds PHP config settings, file was rejected by server"); } - - if (is_null($user) && !empty($_GET['profileurl'])) { - $user = Strings::normaliseLink($_GET['profileurl']); - $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=".intval(api_user()); - } + // check against max upload size within Friendica instance + $maximagesize = DI::config()->get('system', 'maximagesize'); + if ($maximagesize && ($filesize > $maximagesize)) { + $formattedBytes = Strings::formatBytes($maximagesize); + throw new InternalServerErrorException("image size exceeds Friendica config setting (uploaded size: $formattedBytes)"); } - // $called_api is the API path exploded on / and is expected to have at least 2 elements - if (is_null($user) && (DI::args()->getArgc() > (count($called_api) - 1)) && (count($called_api) > 0)) { - $argid = count($called_api); - if (!empty(DI::args()->getArgv()[$argid])) { - $data = explode(".", DI::args()->getArgv()[$argid]); - if (count($data) > 1) { - list($user, $null) = $data; - } - } - if (is_numeric($user)) { - $user = api_unique_id_to_nurl(intval($user)); - - if ($user != "") { - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); - } - } - } else { - $extra_query = "AND `contact`.`nick` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); - } - } + // create Photo instance with the data of the image + $imagedata = @file_get_contents($src); + $Image = new Image($imagedata, $filetype); + if (!$Image->isValid()) { + throw new InternalServerErrorException("unable to process image data"); } - Logger::info(API_LOG_PREFIX . 'getting user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user]); + // check orientation of image + $Image->orient($src); + @unlink($src); - if (!$user) { - if (api_user() === false) { - BasicAuth::getCurrentUserID(true); - return false; - } else { - $user = api_user(); - $extra_query = "AND `contact`.`uid` = ? AND `contact`.`self` "; - } + // check max length of images on server + $max_length = DI::config()->get('system', 'max_image_length'); + if ($max_length > 0) { + $Image->scaleDown($max_length); + logger::info("File upload: Scaling picture to new size " . $max_length); } + $width = $Image->getWidth(); + $height = $Image->getHeight(); - Logger::info(API_LOG_PREFIX . 'found user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user, 'extra_query' => $extra_query]); - - // user info - $uinfo = DBA::toArray(DBA::p( - "SELECT *, `contact`.`id` AS `cid` FROM `contact` - WHERE 1 - $extra_query", - $user - )); + // create a new resource-id if not already provided + $resource_id = ($photo_id == null) ? Photo::newResource() : $photo_id; - // Selecting the id by priority, friendica first - if (is_array($uinfo)) { - api_best_nickname($uinfo); - } + if ($mediatype == "photo") { + // upload normal image (scales 0, 1, 2) + logger::info("photo upload: starting new photo upload"); - // if the contact wasn't found, fetch it from the contacts with uid = 0 - if (!DBA::isResult($uinfo)) { - if ($url == "") { - throw new BadRequestException("User not found."); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 0, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: image upload with scale 0 (original size) failed"); + } + if ($width > 640 || $height > 640) { + $Image->scaleDown(640); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: image upload with scale 1 (640x640) failed"); + } } - $contact = DBA::selectFirst('contact', [], ['uid' => 0, 'nurl' => Strings::normaliseLink($url)]); - - if (DBA::isResult($contact)) { - $ret = [ - 'id' => $contact["id"], - 'id_str' => (string) $contact["id"], - 'name' => $contact["name"], - 'screen_name' => (($contact['nick']) ? $contact['nick'] : $contact['name']), - 'location' => ($contact["location"] != "") ? $contact["location"] : ContactSelector::networkToName($contact['network'], $contact['url'], $contact['protocol']), - 'description' => BBCode::toPlaintext($contact["about"] ?? ''), - 'profile_image_url' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_https' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_profile_size' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_THUMB), - 'profile_image_url_large' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_SMALL), - 'url' => $contact["url"], - 'protected' => false, - 'followers_count' => 0, - 'friends_count' => 0, - 'listed_count' => 0, - 'created_at' => api_date($contact["created"]), - 'favourites_count' => 0, - 'utc_offset' => 0, - 'time_zone' => 'UTC', - 'geo_enabled' => false, - 'verified' => false, - 'statuses_count' => 0, - 'lang' => '', - 'contributors_enabled' => false, - 'is_translator' => false, - 'is_translation_enabled' => false, - 'following' => false, - 'follow_request_sent' => false, - 'statusnet_blocking' => false, - 'notifications' => false, - 'statusnet_profile_url' => $contact["url"], - 'uid' => 0, - 'cid' => Contact::getIdForURL($contact["url"], api_user(), false), - 'pid' => Contact::getIdForURL($contact["url"], 0, false), - 'self' => 0, - 'network' => $contact["network"], - ]; + if ($width > 320 || $height > 320) { + $Image->scaleDown(320); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: image upload with scale 2 (320x320) failed"); + } + } + logger::info("photo upload: new photo upload ended"); + } elseif ($mediatype == "profileimage") { + // upload profile image (scales 4, 5, 6) + logger::info("photo upload: starting new profile image upload"); - return $ret; - } else { - throw new BadRequestException("User ".$url." not found."); + if ($width > 300 || $height > 300) { + $Image->scaleDown(300); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 4, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: profile image upload with scale 4 (300x300) failed"); + } } - } - if ($uinfo[0]['self']) { - if ($uinfo[0]['network'] == "") { - $uinfo[0]['network'] = Protocol::DFRN; + if ($width > 80 || $height > 80) { + $Image->scaleDown(80); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 5, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: profile image upload with scale 5 (80x80) failed"); + } } - $usr = DBA::selectFirst('user', ['default-location'], ['uid' => api_user()]); - $profile = DBA::selectFirst('profile', ['about'], ['uid' => api_user(), 'is-default' => true]); + if ($width > 48 || $height > 48) { + $Image->scaleDown(48); + $r = Photo::store($Image, $uid, $visitor, $resource_id, $filename, $album, 6, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + if (!$r) { + logger::notice("photo upload: profile image upload with scale 6 (48x48) failed"); + } + } + $Image->__destruct(); + logger::info("photo upload: new profile image upload ended"); } - $countitems = 0; - $countfriends = 0; - $countfollowers = 0; - $starred = 0; - $pcontact_id = Contact::getIdForURL($uinfo[0]['url'], 0, false); - - if (!empty($profile['about'])) { - $description = $profile['about']; + if (!empty($r)) { + // create entry in 'item'-table on new uploads to enable users to comment/like/dislike the photo + if ($photo_id == null && $mediatype == "photo") { + post_photo_item($resource_id, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility, $uid); + } + // on success return image data in json/xml format (like /api/friendica/photo does when no scale is given) + return prepare_photo_data($type, false, $resource_id, $uid); } else { - $description = $uinfo[0]["about"]; + throw new InternalServerErrorException("image upload failed"); } +} - if (!empty($usr['default-location'])) { - $location = $usr['default-location']; - } elseif (!empty($uinfo[0]["location"])) { - $location = $uinfo[0]["location"]; - } else { - $location = ContactSelector::networkToName($uinfo[0]['network'], $uinfo[0]['url'], $uinfo[0]['protocol']); - } - - $ret = [ - 'id' => intval($pcontact_id), - 'id_str' => (string) intval($pcontact_id), - 'name' => (($uinfo[0]['name']) ? $uinfo[0]['name'] : $uinfo[0]['nick']), - 'screen_name' => (($uinfo[0]['nick']) ? $uinfo[0]['nick'] : $uinfo[0]['name']), - 'location' => $location, - 'description' => BBCode::toPlaintext($description ?? ''), - 'profile_image_url' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_https' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_profile_size' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_THUMB), - 'profile_image_url_large' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_SMALL), - 'url' => $uinfo[0]['url'], - 'protected' => false, - 'followers_count' => intval($countfollowers), - 'friends_count' => intval($countfriends), - 'listed_count' => 0, - 'created_at' => api_date($uinfo[0]['created']), - 'favourites_count' => intval($starred), - 'utc_offset' => "0", - 'time_zone' => 'UTC', - 'geo_enabled' => false, - 'verified' => true, - 'statuses_count' => intval($countitems), - 'lang' => '', - 'contributors_enabled' => false, - 'is_translator' => false, - 'is_translation_enabled' => false, - 'following' => (($uinfo[0]['rel'] == Contact::FOLLOWER) || ($uinfo[0]['rel'] == Contact::FRIEND)), - 'follow_request_sent' => false, - 'statusnet_blocking' => false, - 'notifications' => false, - /// @TODO old way? - //'statusnet_profile_url' => DI::baseUrl()."/contact/".$uinfo[0]['cid'], - 'statusnet_profile_url' => $uinfo[0]['url'], - 'uid' => intval($uinfo[0]['uid']), - 'cid' => intval($uinfo[0]['cid']), - 'pid' => Contact::getIdForURL($uinfo[0]["url"], 0, false), - 'self' => $uinfo[0]['self'], - 'network' => $uinfo[0]['network'], - ]; +/** + * + * @param string $hash + * @param string $allow_cid + * @param string $deny_cid + * @param string $allow_gid + * @param string $deny_gid + * @param string $filetype + * @param boolean $visibility + * @param int $uid + * @throws InternalServerErrorException + */ +function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility, $uid) +{ + // get data about the api authenticated user + $uri = Item::newURI(intval($uid)); + $owner_record = DBA::selectFirst('contact', [], ['uid' => $uid, 'self' => true]); - // If this is a local user and it uses Frio, we can get its color preferences. - if ($ret['self']) { - $theme_info = DBA::selectFirst('user', ['theme'], ['uid' => $ret['uid']]); - if ($theme_info['theme'] === 'frio') { - $schema = DI::pConfig()->get($ret['uid'], 'frio', 'schema'); + $arr = []; + $arr['guid'] = System::createUUID(); + $arr['uid'] = intval($uid); + $arr['uri'] = $uri; + $arr['type'] = 'photo'; + $arr['wall'] = 1; + $arr['resource-id'] = $hash; + $arr['contact-id'] = $owner_record['id']; + $arr['owner-name'] = $owner_record['name']; + $arr['owner-link'] = $owner_record['url']; + $arr['owner-avatar'] = $owner_record['thumb']; + $arr['author-name'] = $owner_record['name']; + $arr['author-link'] = $owner_record['url']; + $arr['author-avatar'] = $owner_record['thumb']; + $arr['title'] = ""; + $arr['allow_cid'] = $allow_cid; + $arr['allow_gid'] = $allow_gid; + $arr['deny_cid'] = $deny_cid; + $arr['deny_gid'] = $deny_gid; + $arr['visible'] = $visibility; + $arr['origin'] = 1; - if ($schema && ($schema != '---')) { - if (file_exists('view/theme/frio/schema/'.$schema.'.php')) { - $schemefile = 'view/theme/frio/schema/'.$schema.'.php'; - require_once $schemefile; - } - } else { - $nav_bg = DI::pConfig()->get($ret['uid'], 'frio', 'nav_bg'); - $link_color = DI::pConfig()->get($ret['uid'], 'frio', 'link_color'); - $bgcolor = DI::pConfig()->get($ret['uid'], 'frio', 'background_color'); - } - if (empty($nav_bg)) { - $nav_bg = "#708fa0"; - } - if (empty($link_color)) { - $link_color = "#6fdbe8"; - } - if (empty($bgcolor)) { - $bgcolor = "#ededed"; - } + $typetoext = [ + 'image/jpeg' => 'jpg', + 'image/png' => 'png', + 'image/gif' => 'gif' + ]; - $ret['profile_sidebar_fill_color'] = str_replace('#', '', $nav_bg); - $ret['profile_link_color'] = str_replace('#', '', $link_color); - $ret['profile_background_color'] = str_replace('#', '', $bgcolor); - } - } + // adds link to the thumbnail scale photo + $arr['body'] = '[url=' . DI::baseUrl() . '/photos/' . $owner_record['nick'] . '/image/' . $hash . ']' + . '[img]' . DI::baseUrl() . '/photo/' . $hash . '-' . "2" . '.'. $typetoext[$filetype] . '[/img]' + . '[/url]'; - return $ret; + // do the magic for storing the item in the database and trigger the federation to other contacts + Item::insert($arr); } /** - * return api-formatted array for item's author and owner * - * @param App $a App - * @param array $item item from db - * @return array(array:author, array:owner) + * @param string $type + * @param int $scale + * @param string $photo_id + * + * @return array * @throws BadRequestException + * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException + * @throws NotFoundException * @throws UnauthorizedException */ -function api_item_get_user(App $a, $item) +function prepare_photo_data($type, $scale, $photo_id, $uid) { - $status_user = api_get_user($item['author-id'] ?? null); + $scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale))); + $data_sql = ($scale === false ? "" : "data, "); - $author_user = $status_user; + // added allow_cid, allow_gid, deny_cid, deny_gid to output as string like stored in database + // clients needs to convert this in their way for further processing + $r = DBA::toArray(DBA::p( + "SELECT $data_sql `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, + `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`, + MIN(`scale`) AS `minscale`, MAX(`scale`) AS `maxscale` + FROM `photo` WHERE `uid` = ? AND `resource-id` = ? $scale_sql GROUP BY + `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, + `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`", + $uid, + $photo_id + )); - $status_user["protected"] = isset($item['private']) && ($item['private'] == Item::PRIVATE); + $typetoext = [ + 'image/jpeg' => 'jpg', + 'image/png' => 'png', + 'image/gif' => 'gif' + ]; - if (($item['thr-parent'] ?? '') == ($item['uri'] ?? '')) { - $owner_user = api_get_user($item['owner-id'] ?? null); + // prepare output data for photo + if (DBA::isResult($r)) { + $data = ['photo' => $r[0]]; + $data['photo']['id'] = $data['photo']['resource-id']; + if ($scale !== false) { + $data['photo']['data'] = base64_encode($data['photo']['data']); + } else { + unset($data['photo']['datasize']); //needed only with scale param + } + if ($type == "xml") { + $data['photo']['links'] = []; + for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { + $data['photo']['links'][$k . ":link"]["@attributes"] = ["type" => $data['photo']['type'], + "scale" => $k, + "href" => DI::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]]; + } + } else { + $data['photo']['link'] = []; + // when we have profile images we could have only scales from 4 to 6, but index of array always needs to start with 0 + $i = 0; + for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { + $data['photo']['link'][$i] = DI::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]; + $i++; + } + } + unset($data['photo']['resource-id']); + unset($data['photo']['minscale']); + unset($data['photo']['maxscale']); } else { - $owner_user = $author_user; + throw new NotFoundException(); } - return ([$status_user, $author_user, $owner_user]); -} + // retrieve item element for getting activities (like, dislike etc.) related to photo + $condition = ['uid' => $uid, 'resource-id' => $photo_id]; + $item = Post::selectFirst(['id', 'uid', 'uri', 'parent', 'allow_cid', 'deny_cid', 'allow_gid', 'deny_gid'], $condition); + if (!DBA::isResult($item)) { + throw new NotFoundException('Photo-related item not found.'); + } -/** - * TWITTER API - */ + $data['photo']['friendica_activities'] = DI::friendicaActivities()->createFromUriId($item['uri-id'], $item['uid'], $type); + + // retrieve comments on photo + $condition = ["`parent` = ? AND `uid` = ? AND `gravity` IN (?, ?)", + $item['parent'], $uid, GRAVITY_PARENT, GRAVITY_COMMENT]; + + $statuses = Post::selectForUser($uid, [], $condition); + + // prepare output of comments + $commentData = []; + while ($status = DBA::fetch($statuses)) { + $commentData[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'])->toArray(); + } + DBA::close($statuses); + + $comments = []; + if ($type == "xml") { + $k = 0; + foreach ($commentData as $comment) { + $comments[$k++ . ":comment"] = $comment; + } + } else { + foreach ($commentData as $comment) { + $comments[] = $comment; + } + } + $data['photo']['friendica_comments'] = $comments; + + // include info if rights on photo and rights on item are mismatching + $rights_mismatch = $data['photo']['allow_cid'] != $item['allow_cid'] || + $data['photo']['deny_cid'] != $item['deny_cid'] || + $data['photo']['allow_gid'] != $item['allow_gid'] || + $data['photo']['deny_gid'] != $item['deny_gid']; + $data['photo']['rights_mismatch'] = $rights_mismatch; + + return $data; +} /** - * Returns an HTTP 200 OK response code and a representation of the requesting user if authentication was successful; - * returns a 401 status code and an error message if not. * - * @see https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/get-account-verify_credentials + * @param string $text * - * @param string $type Return type (atom, rss, xml, json) - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException + * @return string * @throws InternalServerErrorException - * @throws UnauthorizedException */ -function api_account_verify_credentials($type) +function api_clean_plain_items($text) { - $a = DI::app(); + $include_entities = strtolower($_REQUEST['include_entities'] ?? 'false'); - if (api_user() === false) { - throw new ForbiddenException(); + $text = BBCode::cleanPictureLinks($text); + $URLSearchString = "^\[\]"; + + $text = preg_replace("/([!#@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$1$3', $text); + + if ($include_entities == "true") { + $text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '[url=$1]$1[/url]', $text); } - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); + // Simplify "attachment" element + $text = BBCode::removeAttachment($text); + + return $text; +} - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); +/** + * Add a new group to the database. + * + * @param string $name Group name + * @param int $uid User ID + * @param array $users List of users to add to the group + * + * @return array + * @throws BadRequestException + */ +function group_create($name, $uid, $users = []) +{ + // error if no name specified + if ($name == "") { + throw new BadRequestException('group name not specified'); + } - $skip_status = $_REQUEST['skip_status'] ?? false; + // error message if specified group name already exists + if (DBA::exists('group', ['uid' => $uid, 'name' => $name, 'deleted' => false])) { + throw new BadRequestException('group name already exists'); + } - $user_info = api_get_user(); + // Check if the group needs to be reactivated + if (DBA::exists('group', ['uid' => $uid, 'name' => $name, 'deleted' => true])) { + $reactivate_group = true; + } - // "verified" isn't used here in the standard - unset($user_info["verified"]); + // create group + $ret = Group::create($uid, $name); + if ($ret) { + $gid = Group::getIdByName($uid, $name); + } else { + throw new BadRequestException('other API error'); + } - // - Adding last status - if (!$skip_status) { - $item = api_get_last_status($user_info['pid'], $user_info['uid']); - if (!empty($item)) { - $user_info['status'] = api_format_item($item, $type); + // add members + $erroraddinguser = false; + $errorusers = []; + foreach ($users as $user) { + $cid = $user['cid']; + if (DBA::exists('contact', ['id' => $cid, 'uid' => $uid])) { + Group::addMember($gid, $cid); + } else { + $erroraddinguser = true; + $errorusers[] = $cid; } } - // "uid" and "self" are only needed for some internal stuff, so remove it from here - unset($user_info["uid"]); - unset($user_info["self"]); + // return success message incl. missing users in array + $status = ($erroraddinguser ? "missing user" : ((isset($reactivate_group) && $reactivate_group) ? "reactivated" : "ok")); - return BaseApi::formatData("user", $type, ['user' => $user_info]); + return ['success' => true, 'gid' => $gid, 'name' => $name, 'status' => $status, 'wrong users' => $errorusers]; } -/// @TODO move to top of file or somewhere better -api_register_func('api/account/verify_credentials', 'api_account_verify_credentials', true); - /** - * Get data from $_POST or $_GET - * - * @param string $k - * @return null + * TWITTER API */ -function requestdata($k) -{ - if (!empty($_POST[$k])) { - return $_POST[$k]; - } - if (!empty($_GET[$k])) { - return $_GET[$k]; - } - return null; -} /** * Deprecated function to upload media. @@ -745,19 +701,14 @@ function requestdata($k) */ function api_statuses_mediap($type) { - $a = DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - if (api_user() === false) { - logger::notice('api_statuses_update: no user'); - throw new ForbiddenException(); - } - $user_info = api_get_user(); + $a = DI::app(); - $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['profile_uid'] = $uid; $_REQUEST['api_source'] = true; - $txt = requestdata('status') ?? ''; - /// @TODO old-lost code? - //$txt = urldecode(requestdata('status')); + $txt = $_REQUEST['status'] ?? ''; if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) { $txt = HTML::toBBCodeVideo($txt); @@ -768,16 +719,17 @@ function api_statuses_mediap($type) } $txt = HTML::toBBCode($txt); - DI::args()->getArgv()[1] = $user_info['screen_name']; //should be set to username? - $picture = wall_upload_post($a, false); // now that we have the img url in bbcode we can add it to the status and insert the wall item. $_REQUEST['body'] = $txt . "\n\n" . '[url=' . $picture["albumpage"] . '][img]' . $picture["preview"] . "[/img][/url]"; $item_id = item_post($a); + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + // output the post that we just posted. - return api_status_show($type, $item_id); + $status_info = DI::twitterStatus()->createFromItemId($item_id, $include_entities)->toArray(); + return DI::apiResponse()->formatData('statuses', $type, ['status' => $status_info]); } /// @TODO move this to top of file or somewhere better! @@ -799,18 +751,14 @@ api_register_func('api/statuses/mediap', 'api_statuses_mediap', true, API_METHOD */ function api_statuses_update($type) { - $a = DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - if (api_user() === false) { - logger::notice('api_statuses_update: no user'); - throw new ForbiddenException(); - } - - api_get_user(); + $a = DI::app(); // convert $_POST array items to the form we use for web posts. - if (requestdata('htmlstatus')) { - $txt = requestdata('htmlstatus') ?? ''; + if (!empty($_REQUEST['htmlstatus'])) { + $txt = $_REQUEST['htmlstatus']; if ((strpos($txt, '<') !== false) || (strpos($txt, '>') !== false)) { $txt = HTML::toBBCodeVideo($txt); @@ -823,12 +771,12 @@ function api_statuses_update($type) $_REQUEST['body'] = HTML::toBBCode($txt); } } else { - $_REQUEST['body'] = requestdata('status'); + $_REQUEST['body'] = $_REQUEST['status'] ?? null; } - $_REQUEST['title'] = requestdata('title'); + $_REQUEST['title'] = $_REQUEST['title'] ?? null; - $parent = requestdata('in_reply_to_status_id'); + $parent = $_REQUEST['in_reply_to_status_id'] ?? null; // Twidere sends "-1" if it is no reply ... if ($parent == -1) { @@ -841,10 +789,10 @@ function api_statuses_update($type) $_REQUEST['parent_uri'] = $parent; } - if (requestdata('lat') && requestdata('long')) { - $_REQUEST['coord'] = sprintf("%s %s", requestdata('lat'), requestdata('long')); + if (!empty($_REQUEST['lat']) && !empty($_REQUEST['long'])) { + $_REQUEST['coord'] = sprintf("%s %s", $_REQUEST['lat'], $_REQUEST['long']); } - $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['profile_uid'] = $uid; if (!$parent) { // Check for throttling (maximum posts per day, week and month) @@ -852,11 +800,11 @@ function api_statuses_update($type) if ($throttle_day > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, api_user(), $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; $posts_day = Post::count($condition); if ($posts_day > $throttle_day) { - logger::info('Daily posting limit reached for user '.api_user()); + logger::info('Daily posting limit reached for user ' . $uid); // die(api_error($type, DI::l10n()->t("Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); throw new TooManyRequestsException(DI::l10n()->tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); } @@ -866,11 +814,11 @@ function api_statuses_update($type) if ($throttle_week > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*7); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, api_user(), $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; $posts_week = Post::count($condition); if ($posts_week > $throttle_week) { - logger::info('Weekly posting limit reached for user '.api_user()); + logger::info('Weekly posting limit reached for user ' . $uid); // die(api_error($type, DI::l10n()->t("Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week))); throw new TooManyRequestsException(DI::l10n()->tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week)); } @@ -880,19 +828,19 @@ function api_statuses_update($type) if ($throttle_month > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*30); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, api_user(), $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; $posts_month = Post::count($condition); if ($posts_month > $throttle_month) { - logger::info('Monthly posting limit reached for user '.api_user()); + logger::info('Monthly posting limit reached for user ' . $uid); // die(api_error($type, DI::l10n()->t("Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); throw new TooManyRequestsException(DI::l10n()->t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); } } } - if (requestdata('media_ids')) { - $ids = explode(',', requestdata('media_ids') ?? ''); + if (!empty($_REQUEST['media_ids'])) { + $ids = explode(',', $_REQUEST['media_ids']); } elseif (!empty($_FILES['media'])) { // upload the image if we have one $picture = wall_upload_post($a, false); @@ -909,7 +857,7 @@ function api_statuses_update($type) $media = DBA::toArray(DBA::p("SELECT `resource-id`, `scale`, `nickname`, `type`, `desc`, `filename`, `datasize`, `width`, `height` FROM `photo` INNER JOIN `user` ON `user`.`uid` = `photo`.`uid` WHERE `resource-id` IN (SELECT `resource-id` FROM `photo` WHERE `id` = ?) AND `photo`.`uid` = ? - ORDER BY `photo`.`width` DESC LIMIT 2", $id, api_user())); + ORDER BY `photo`.`width` DESC LIMIT 2", $id, $uid)); if (!empty($media)) { $ressources[] = $media[0]['resource-id']; @@ -948,7 +896,7 @@ function api_statuses_update($type) $_REQUEST['api_source'] = true; if (empty($_REQUEST['source'])) { - $_REQUEST["source"] = api_source(); + $_REQUEST['source'] = BaseApi::getCurrentApplication()['name'] ?: 'API'; } // call out normal post function @@ -957,15 +905,17 @@ function api_statuses_update($type) if (!empty($ressources) && !empty($item_id)) { $item = Post::selectFirst(['uri-id', 'allow_cid', 'allow_gid', 'deny_cid', 'deny_gid'], ['id' => $item_id]); foreach ($ressources as $ressource) { - Photo::setPermissionForRessource($ressource, api_user(), $item['allow_cid'], $item['allow_gid'], $item['deny_cid'], $item['deny_gid']); + Photo::setPermissionForRessource($ressource, $uid, $item['allow_cid'], $item['allow_gid'], $item['deny_cid'], $item['deny_gid']); } } + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + // output the post that we just posted. - return api_status_show($type, $item_id); + $status_info = DI::twitterStatus()->createFromItemId($item_id, $include_entities)->toArray(); + return DI::apiResponse()->formatData('statuses', $type, ['status' => $status_info]); } -/// @TODO move to top of file or somewhere better api_register_func('api/statuses/update', 'api_statuses_update', true, API_METHOD_POST); api_register_func('api/statuses/update_with_media', 'api_statuses_update', true, API_METHOD_POST); @@ -982,21 +932,14 @@ api_register_func('api/statuses/update_with_media', 'api_statuses_update', true, */ function api_media_upload() { - $a = DI::app(); - - if (api_user() === false) { - logger::notice('no user'); - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); if (empty($_FILES['media'])) { // Output error throw new BadRequestException("No media."); } - $media = wall_upload_post($a, false); + $media = wall_upload_post(DI::app(), false); if (!$media) { // Output error throw new InternalServerErrorException(); @@ -1016,7 +959,6 @@ function api_media_upload() return ["media" => $returndata]; } -/// @TODO move to top of file or somewhere better api_register_func('api/media/upload', 'api_media_upload', true, API_METHOD_POST); /** @@ -1037,14 +979,8 @@ api_register_func('api/media/upload', 'api_media_upload', true, API_METHOD_POST) */ function api_media_metadata_create($type) { - $a = DI::app(); - - if (api_user() === false) { - Logger::info('no user'); - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); $postdata = Network::postdata(); @@ -1067,7 +1003,7 @@ function api_media_metadata_create($type) Logger::info('Updating metadata', ['media_id' => $data['media_id']]); - $condition = ['id' => $data['media_id'], 'uid' => api_user()]; + $condition = ['id' => $data['media_id'], 'uid' => $uid]; $photo = DBA::selectFirst('photo', ['resource-id'], $condition); if (!DBA::isResult($photo)) { throw new BadRequestException("Metadata not found."); @@ -1079,68 +1015,10 @@ function api_media_metadata_create($type) api_register_func('api/media/metadata/create', 'api_media_metadata_create', true, API_METHOD_POST); /** - * @param string $type Return format (atom, rss, xml, json) - * @param int $item_id - * @return array|string - * @throws Exception - */ -function api_status_show($type, $item_id) -{ - Logger::info(API_LOG_PREFIX . 'Start', ['action' => 'status_show', 'type' => $type, 'item_id' => $item_id]); - - $status_info = []; - - $item = api_get_item(['id' => $item_id]); - if (!empty($item)) { - $status_info = api_format_item($item, $type); - } - - Logger::info(API_LOG_PREFIX . 'End', ['action' => 'get_status', 'status_info' => $status_info]); - - return BaseApi::formatData('statuses', $type, ['status' => $status_info]); -} - -/** - * Retrieves the last public status of the provided user info - * - * @param int $ownerId Public contact Id - * @param int $uid User Id - * @return array - * @throws Exception - */ -function api_get_last_status($ownerId, $uid) -{ - $condition = [ - 'author-id'=> $ownerId, - 'uid' => $uid, - 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], - 'private' => [Item::PUBLIC, Item::UNLISTED] - ]; - - $item = api_get_item($condition); - - return $item; -} - -/** - * Retrieves a single item record based on the provided condition and converts it for API use. - * - * @param array $condition Item table condition array - * @return array - * @throws Exception - */ -function api_get_item(array $condition) -{ - $item = Post::selectFirst(Item::DISPLAY_FIELDLIST, $condition, ['order' => ['id' => true]]); - - return $item; -} - -/** - * Returns extended information of a given user, specified by ID or screen name as per the required id parameter. - * The author's most recent status will be returned inline. - * - * @param string $type Return type (atom, rss, xml, json) + * Returns extended information of a given user, specified by ID or screen name as per the required id parameter. + * The author's most recent status will be returned inline. + * + * @param string $type Return type (atom, rss, xml, json) * @return array|string * @throws BadRequestException * @throws ImagickException @@ -1150,23 +1028,17 @@ function api_get_item(array $condition) */ function api_users_show($type) { - $a = Friendica\DI::app(); - - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - $item = api_get_last_status($user_info['pid'], $user_info['uid']); - if (!empty($item)) { - $user_info['status'] = api_format_item($item, $type); - } + $user_info = DI::twitterUser()->createFromUserId($uid, false)->toArray(); - // "uid" and "self" are only needed for some internal stuff, so remove it from here + // "uid" is only needed for some internal stuff, so remove it from here unset($user_info['uid']); - unset($user_info['self']); - return BaseApi::formatData('user', $type, ['user' => $user_info]); + return DI::apiResponse()->formatData('user', $type, ['user' => $user_info]); } -/// @TODO move to top of file or somewhere better api_register_func('api/users/show', 'api_users_show'); api_register_func('api/externalprofile/show', 'api_users_show'); @@ -1184,7 +1056,8 @@ api_register_func('api/externalprofile/show', 'api_users_show'); */ function api_users_search($type) { - $a = DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); $userlist = []; @@ -1203,7 +1076,7 @@ function api_users_search($type) if (DBA::isResult($contacts)) { $k = 0; foreach ($contacts as $contact) { - $user_info = api_get_user($contact['id']); + $user_info = DI::twitterUser()->createFromContactId($contact['id'], $uid, false)->toArray(); if ($type == 'xml') { $userlist[$k++ . ':user'] = $user_info; @@ -1219,10 +1092,9 @@ function api_users_search($type) throw new BadRequestException('No search term specified.'); } - return BaseApi::formatData('users', $type, $userlist); + return DI::apiResponse()->formatData('users', $type, $userlist); } -/// @TODO move to top of file or somewhere better api_register_func('api/users/search', 'api_users_search'); /** @@ -1241,12 +1113,15 @@ api_register_func('api/users/search', 'api_users_search'); */ function api_users_lookup($type) { + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); + $users = []; if (!empty($_REQUEST['user_id'])) { - foreach (explode(',', $_REQUEST['user_id']) as $id) { - if (!empty($id)) { - $users[] = api_get_user($id); + foreach (explode(',', $_REQUEST['user_id']) as $cid) { + if (!empty($cid) && is_numeric($cid)) { + $users[] = DI::twitterUser()->createFromContactId((int)$cid, $uid, false)->toArray(); } } } @@ -1255,10 +1130,9 @@ function api_users_lookup($type) throw new NotFoundException; } - return BaseApi::formatData("users", $type, ['users' => $users]); + return DI::apiResponse()->formatData("users", $type, ['users' => $users]); } -/// @TODO move to top of file or somewhere better api_register_func('api/users/lookup', 'api_users_lookup', true); /** @@ -1277,12 +1151,8 @@ api_register_func('api/users/lookup', 'api_users_lookup', true); */ function api_search($type) { - $a = DI::app(); - $user_info = api_get_user(); - - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); if (empty($_REQUEST['q'])) { throw new BadRequestException('q parameter is required.'); @@ -1309,7 +1179,7 @@ function api_search($type) $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; if (preg_match('/^#(\w+)$/', $searchTerm, $matches) === 1 && isset($matches[1])) { $searchTerm = $matches[1]; - $condition = ["`iid` > ? AND `name` = ? AND (NOT `private` OR (`private` AND `uid` = ?))", $since_id, $searchTerm, local_user()]; + $condition = ["`iid` > ? AND `name` = ? AND (NOT `private` OR (`private` AND `uid` = ?))", $since_id, $searchTerm, $uid]; $tags = DBA::select('tag-search-view', ['uri-id'], $condition); $uriids = []; while ($tag = DBA::fetch($tags)) { @@ -1318,7 +1188,7 @@ function api_search($type) DBA::close($tags); if (empty($uriids)) { - return BaseApi::formatData('statuses', $type, $data); + return DI::apiResponse()->formatData('statuses', $type, $data); } $condition = ['uri-id' => $uriids]; @@ -1332,7 +1202,7 @@ function api_search($type) " . ($exclude_replies ? " AND `gravity` = " . GRAVITY_PARENT : ' ') . " AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) AND `body` LIKE CONCAT('%',?,'%')", - $since_id, api_user(), $_REQUEST['q']]; + $since_id, $uid, $_REQUEST['q']]; if ($max_id > 0) { $condition[0] .= ' AND `id` <= ?'; $condition[] = $max_id; @@ -1342,7 +1212,7 @@ function api_search($type) $statuses = []; if (parse_url($searchTerm, PHP_URL_SCHEME) != '') { - $id = Item::fetchByLink($searchTerm, api_user()); + $id = Item::fetchByLink($searchTerm, $uid); if (!$id) { // Public post $id = Item::fetchByLink($searchTerm); @@ -1353,259 +1223,23 @@ function api_search($type) } } - $statuses = $statuses ?: Post::selectForUser(api_user(), [], $condition, $params); - - $data['status'] = api_format_items(Post::toArray($statuses), $user_info); - - bindComments($data['status']); - - return BaseApi::formatData('statuses', $type, $data); -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/search/tweets', 'api_search', true); -api_register_func('api/search', 'api_search', true); - -/** - * Returns the most recent statuses posted by the user and the users they follow. - * - * @see https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-home_timeline - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - * @todo Optional parameters - * @todo Add reply info - */ -function api_statuses_home_timeline($type) -{ - $a = DI::app(); - $user_info = api_get_user(); - - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } - - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); - - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); - - // get last network messages - - // params - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page']?? 0; - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $exclude_replies = !empty($_REQUEST['exclude_replies']); - $conversation_id = $_REQUEST['conversation_id'] ?? 0; - - $start = max(0, ($page - 1) * $count); - - $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ?", - api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; - - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; - } - if ($exclude_replies) { - $condition[0] .= ' AND `gravity` = ?'; - $condition[] = GRAVITY_PARENT; - } - if ($conversation_id > 0) { - $condition[0] .= " AND `parent` = ?"; - $condition[] = $conversation_id; - } - - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); - - $items = Post::toArray($statuses); - - $ret = api_format_items($items, $user_info, false, $type); - - // Set all posts from the query above to seen - $idarray = []; - foreach ($items as $item) { - $idarray[] = intval($item["id"]); - } - - if (!empty($idarray)) { - $unseen = Post::exists(['unseen' => true, 'id' => $idarray]); - if ($unseen) { - Item::update(['unseen' => false], ['unseen' => true, 'id' => $idarray]); - } - } - - bindComments($ret); - - $data = ['status' => $ret]; - switch ($type) { - case "atom": - break; - case "rss": - $data = api_rss_extra($a, $data, $user_info); - break; - } - - return BaseApi::formatData("statuses", $type, $data); -} - - -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/home_timeline', 'api_statuses_home_timeline', true); -api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', true); - -/** - * Returns the most recent statuses from public users. - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_statuses_public_timeline($type) -{ - $a = DI::app(); - $user_info = api_get_user(); - - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } - - // get last network messages - - // params - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0); - $conversation_id = $_REQUEST['conversation_id'] ?? 0; - - $start = max(0, ($page - 1) * $count); - - if ($exclude_replies && !$conversation_id) { - $condition = ["`gravity` = ? AND `id` > ? AND `private` = ? AND `wall` AND NOT `author-hidden`", - GRAVITY_PARENT, $since_id, Item::PUBLIC]; - - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; - } - - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); - - $r = Post::toArray($statuses); - } else { - $condition = ["`gravity` IN (?, ?) AND `id` > ? AND `private` = ? AND `wall` AND `origin` AND NOT `author-hidden`", - GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, Item::PUBLIC]; - - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; - } - if ($conversation_id > 0) { - $condition[0] .= " AND `parent` = ?"; - $condition[] = $conversation_id; - } - - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); - - $r = Post::toArray($statuses); - } - - $ret = api_format_items($r, $user_info, false, $type); - - bindComments($ret); - - $data = ['status' => $ret]; - switch ($type) { - case "atom": - break; - case "rss": - $data = api_rss_extra($a, $data, $user_info); - break; - } - - return BaseApi::formatData("statuses", $type, $data); -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline', true); - -/** - * Returns the most recent statuses posted by users this node knows about. - * - * @param string $type Return format: json, xml, atom, rss - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_statuses_networkpublic_timeline($type) -{ - $a = DI::app(); - $user_info = api_get_user(); - - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } - - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - - // pagination - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; - - $start = max(0, ($page - 1) * $count); + $statuses = $statuses ?: Post::selectForUser($uid, [], $condition, $params); - $condition = ["`uid` = 0 AND `gravity` IN (?, ?) AND `id` > ? AND `private` = ?", - GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, Item::PUBLIC]; + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; + $ret = []; + while ($status = DBA::fetch($statuses)) { + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); } + DBA::close($statuses); - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::toArray(Post::selectForUser(api_user(), Item::DISPLAY_FIELDLIST, $condition, $params)); - - $ret = api_format_items($statuses, $user_info, false, $type); - - bindComments($ret); - - $data = ['status' => $ret]; - switch ($type) { - case "atom": - break; - case "rss": - $data = api_rss_extra($a, $data, $user_info); - break; - } + $data['status'] = $ret; - return BaseApi::formatData("statuses", $type, $data); + return DI::apiResponse()->formatData('statuses', $type, $data); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpublic_timeline', true); +api_register_func('api/search/tweets', 'api_search', true); +api_register_func('api/search', 'api_search', true); /** * Returns a single status. @@ -1622,12 +1256,8 @@ api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpu */ function api_statuses_show($type) { - $a = DI::app(); - $user_info = api_get_user(); - - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1651,7 +1281,7 @@ function api_statuses_show($type) throw new BadRequestException(sprintf("There is no status with the id %d", $id)); } - $item = Post::selectFirst(['id'], ['uri-id' => $uri_item['uri-id'], 'uid' => [0, api_user()]], ['order' => ['uid' => true]]); + $item = Post::selectFirst(['id'], ['uri-id' => $uri_item['uri-id'], 'uid' => [0, $uid]], ['order' => ['uid' => true]]); if (!DBA::isResult($item)) { throw new BadRequestException(sprintf("There is no status with the uri-id %d for the given user.", $uri_item['uri-id'])); } @@ -1666,25 +1296,30 @@ function api_statuses_show($type) $params = []; } - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser($uid, [], $condition, $params); /// @TODO How about copying this to above methods which don't check $r ? if (!DBA::isResult($statuses)) { throw new BadRequestException(sprintf("There is no status or conversation with the id %d.", $id)); } - $ret = api_format_items(Post::toArray($statuses), $user_info, false, $type); + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + + $ret = []; + while ($status = DBA::fetch($statuses)) { + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); + } + DBA::close($statuses); if ($conversation) { $data = ['status' => $ret]; - return BaseApi::formatData("statuses", $type, $data); + return DI::apiResponse()->formatData("statuses", $type, $data); } else { $data = ['status' => $ret[0]]; - return BaseApi::formatData("status", $type, $data); + return DI::apiResponse()->formatData("status", $type, $data); } } -/// @TODO move to top of file or somewhere better api_register_func('api/statuses/show', 'api_statuses_show', true); /** @@ -1701,12 +1336,8 @@ api_register_func('api/statuses/show', 'api_statuses_show', true); */ function api_conversation_show($type) { - $a = DI::app(); - $user_info = api_get_user(); - - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1734,7 +1365,7 @@ function api_conversation_show($type) throw new BadRequestException("There is no status with the id $id."); } - $parent = Post::selectFirst(['id'], ['uri-id' => $item['parent-uri-id'], 'uid' => [0, api_user()]], ['order' => ['uid' => true]]); + $parent = Post::selectFirst(['id'], ['uri-id' => $item['parent-uri-id'], 'uid' => [0, $uid]], ['order' => ['uid' => true]]); if (!DBA::isResult($parent)) { throw new BadRequestException("There is no status with this id."); } @@ -1742,7 +1373,7 @@ function api_conversation_show($type) $id = $parent['id']; $condition = ["`parent` = ? AND `uid` IN (0, ?) AND `gravity` IN (?, ?) AND `id` > ?", - $id, api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; + $id, $uid, GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; if ($max_id > 0) { $condition[0] .= " AND `id` <= ?"; @@ -1750,19 +1381,24 @@ function api_conversation_show($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser($uid, [], $condition, $params); if (!DBA::isResult($statuses)) { throw new BadRequestException("There is no status with id $id."); } - $ret = api_format_items(Post::toArray($statuses), $user_info, false, $type); + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + + $ret = []; + while ($status = DBA::fetch($statuses)) { + $ret[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); + } + DBA::close($statuses); $data = ['status' => $ret]; - return BaseApi::formatData("statuses", $type, $data); + return DI::apiResponse()->formatData("statuses", $type, $data); } -/// @TODO move to top of file or somewhere better api_register_func('api/conversation/show', 'api_conversation_show', true); api_register_func('api/statusnet/conversation', 'api_conversation_show', true); @@ -1781,15 +1417,8 @@ api_register_func('api/statusnet/conversation', 'api_conversation_show', true); */ function api_statuses_repeat($type) { - global $called_api; - - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1810,7 +1439,7 @@ function api_statuses_repeat($type) if (DBA::isResult($item) && !empty($item['body'])) { if (in_array($item['network'], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::TWITTER])) { - if (!Item::performActivity($id, 'announce', local_user())) { + if (!Item::performActivity($id, 'announce', $uid)) { throw new InternalServerErrorException(); } @@ -1830,25 +1459,26 @@ function api_statuses_repeat($type) $post .= "[/share]"; } $_REQUEST['body'] = $post; - $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['profile_uid'] = $uid; $_REQUEST['api_source'] = true; if (empty($_REQUEST['source'])) { - $_REQUEST["source"] = api_source(); + $_REQUEST['source'] = BaseApi::getCurrentApplication()['name'] ?: 'API'; } - $item_id = item_post($a); + $item_id = item_post(DI::app()); } } else { throw new ForbiddenException(); } + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); + // output the post that we just posted. - $called_api = []; - return api_status_show($type, $item_id); + $status_info = DI::twitterStatus()->createFromItemId($item_id, $include_entities)->toArray(); + return DI::apiResponse()->formatData('statuses', $type, ['status' => $status_info]); } -/// @TODO move to top of file or somewhere better api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHOD_POST); /** @@ -1866,13 +1496,8 @@ api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHO */ function api_statuses_destroy($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1890,16 +1515,16 @@ function api_statuses_destroy($type) $ret = api_statuses_show($type); - Item::deleteForUser(['id' => $id], api_user()); + Item::deleteForUser(['id' => $id], $uid); return $ret; } -/// @TODO move to top of file or somewhere better api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METHOD_DELETE); /** - * Returns the most recent mentions. + * Star/unstar an item. + * param: id : id of the item * * @param string $type Return type (atom, rss, xml, json) * @@ -1909,2803 +1534,1041 @@ api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METH * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @see http://developer.twitter.com/doc/get/statuses/mentions + * @see https://web.archive.org/web/20131019055350/https://dev.twitter.com/docs/api/1/post/favorites/create/%3Aid */ -function api_statuses_mentions($type) +function api_favorites_create_destroy($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); + // for versioned api. + /// @TODO We need a better global soluton + $action_argv_id = 2; + if (count(DI::args()->getArgv()) > 1 && DI::args()->getArgv()[1] == "1.1") { + $action_argv_id = 3; } - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); - - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); - - // get last network messages + if (DI::args()->getArgc() <= $action_argv_id) { + throw new BadRequestException("Invalid request."); + } + $action = str_replace("." . $type, "", DI::args()->getArgv()[$action_argv_id]); + if (DI::args()->getArgc() == $action_argv_id + 2) { + $itemid = intval(DI::args()->getArgv()[$action_argv_id + 1] ?? 0); + } else { + $itemid = intval($_REQUEST['id'] ?? 0); + } - // params - $since_id = intval($_REQUEST['since_id'] ?? 0); - $max_id = intval($_REQUEST['max_id'] ?? 0); - $count = intval($_REQUEST['count'] ?? 20); - $page = intval($_REQUEST['page'] ?? 1); + $item = Post::selectFirstForUser($uid, [], ['id' => $itemid, 'uid' => $uid]); - $start = max(0, ($page - 1) * $count); + if (!DBA::isResult($item)) { + throw new BadRequestException("Invalid item."); + } - $query = "`gravity` IN (?, ?) AND `uri-id` IN - (SELECT `uri-id` FROM `post-user-notification` WHERE `uid` = ? AND `notification-type` & ? != 0 ORDER BY `uri-id`) - AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) AND `id` > ?"; - - $condition = [ - GRAVITY_PARENT, GRAVITY_COMMENT, - api_user(), - Post\UserNotification::TYPE_EXPLICIT_TAGGED | Post\UserNotification::TYPE_IMPLICIT_TAGGED | - Post\UserNotification::TYPE_THREAD_COMMENT | Post\UserNotification::TYPE_DIRECT_COMMENT | - Post\UserNotification::TYPE_DIRECT_THREAD_COMMENT, - api_user(), $since_id, - ]; + switch ($action) { + case "create": + $item['starred'] = 1; + break; + case "destroy": + $item['starred'] = 0; + break; + default: + throw new BadRequestException("Invalid action ".$action); + } - if ($max_id > 0) { - $query .= " AND `id` <= ?"; - $condition[] = $max_id; + $r = Item::update(['starred' => $item['starred']], ['id' => $itemid]); + + if ($r === false) { + throw new InternalServerErrorException("DB error"); } - array_unshift($condition, $query); + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $ret = DI::twitterStatus()->createFromUriId($item['uri-id'], $item['uid'], $include_entities)->toArray(); - $ret = api_format_items(Post::toArray($statuses), $user_info, false, $type); + return DI::apiResponse()->formatData("status", $type, ['status' => $ret], Contact::getPublicIdByUserId($uid)); +} - $data = ['status' => $ret]; - switch ($type) { - case "atom": - break; - case "rss": - $data = api_rss_extra($a, $data, $user_info); - break; - } +api_register_func('api/favorites/create', 'api_favorites_create_destroy', true, API_METHOD_POST); +api_register_func('api/favorites/destroy', 'api_favorites_create_destroy', true, API_METHOD_DELETE); - return BaseApi::formatData("statuses", $type, $data); +/** + * Returns all lists the user subscribes to. + * + * @param string $type Return type (atom, rss, xml, json) + * + * @return array|string + * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/get-lists-list + */ +function api_lists_list($type) +{ + $ret = []; + /// @TODO $ret is not filled here? + return DI::apiResponse()->formatData('lists', $type, ["lists_list" => $ret]); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/mentions', 'api_statuses_mentions', true); -api_register_func('api/statuses/replies', 'api_statuses_mentions', true); +api_register_func('api/lists/list', 'api_lists_list', true); +api_register_func('api/lists/subscriptions', 'api_lists_list', true); /** - * Returns the most recent statuses posted by the user. + * Returns all groups the user owns. * - * @param string $type Either "json" or "xml" - * @return string|array + * @param string $type Return type (atom, rss, xml, json) + * + * @return array|string * @throws BadRequestException * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-user_timeline + * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/get-lists-ownerships */ -function api_statuses_user_timeline($type) +function api_lists_ownerships($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); + // params + $user_info = DI::twitterUser()->createFromUserId($uid, true)->toArray(); + + $groups = DBA::select('group', [], ['deleted' => 0, 'uid' => $uid]); + + // loop through all groups + $lists = []; + foreach ($groups as $group) { + if ($group['visible']) { + $mode = 'public'; + } else { + $mode = 'private'; + } + $lists[] = [ + 'name' => $group['name'], + 'id' => intval($group['id']), + 'id_str' => (string) $group['id'], + 'user' => $user_info, + 'mode' => $mode + ]; } + return DI::apiResponse()->formatData("lists", $type, ['lists' => ['lists' => $lists]]); +} - Logger::info('api_statuses_user_timeline', ['api_user' => api_user(), 'user_info' => $user_info, '_REQUEST' => $_REQUEST]); +api_register_func('api/lists/ownerships', 'api_lists_ownerships', true); - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $exclude_replies = !empty($_REQUEST['exclude_replies']); - $conversation_id = $_REQUEST['conversation_id'] ?? 0; +/** + * Returns recent statuses from users in the specified group. + * + * @param string $type Return type (atom, rss, xml, json) + * + * @return array|string + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException + * @throws InternalServerErrorException + * @throws UnauthorizedException + * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/get-lists-ownerships + */ +function api_lists_statuses($type) +{ + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - // pagination + if (empty($_REQUEST['list_id'])) { + throw new BadRequestException('list_id not specified'); + } + + // params $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; + $page = $_REQUEST['page'] ?? 1; + $since_id = $_REQUEST['since_id'] ?? 0; + $max_id = $_REQUEST['max_id'] ?? 0; + $exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0); + $conversation_id = $_REQUEST['conversation_id'] ?? 0; $start = max(0, ($page - 1) * $count); - $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `contact-id` = ?", - api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $user_info['cid']]; + $groups = DBA::selectToArray('group_member', ['contact-id'], ['gid' => 1]); + $gids = array_column($groups, 'contact-id'); + $condition = ['uid' => $uid, 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], 'group-id' => $gids]; + $condition = DBA::mergeConditions($condition, ["`id` > ?", $since_id]); - if ($user_info['self'] == 1) { - $condition[0] .= ' AND `wall` '; + if ($max_id > 0) { + $condition[0] .= " AND `id` <= ?"; + $condition[] = $max_id; } - - if ($exclude_replies) { + if ($exclude_replies > 0) { $condition[0] .= ' AND `gravity` = ?'; $condition[] = GRAVITY_PARENT; } - if ($conversation_id > 0) { $condition[0] .= " AND `parent` = ?"; $condition[] = $conversation_id; } - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; - } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser($uid, [], $condition, $params); - $ret = api_format_items(Post::toArray($statuses), $user_info, true, $type); + $include_entities = strtolower(($_REQUEST['include_entities'] ?? 'false') == 'true'); - bindComments($ret); - - $data = ['status' => $ret]; - switch ($type) { - case "atom": - break; - case "rss": - $data = api_rss_extra($a, $data, $user_info); - break; + $items = []; + while ($status = DBA::fetch($statuses)) { + $items[] = DI::twitterStatus()->createFromUriId($status['uri-id'], $status['uid'], $include_entities)->toArray(); } + DBA::close($statuses); - return BaseApi::formatData("statuses", $type, $data); + return DI::apiResponse()->formatData("statuses", $type, ['status' => $items], Contact::getPublicIdByUserId($uid)); } -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', true); +api_register_func('api/lists/statuses', 'api_lists_statuses', true); /** - * Star/unstar an item. - * param: id : id of the item + * Returns either the friends of the follower list * - * @param string $type Return type (atom, rss, xml, json) + * Considers friends and followers lists to be private and won't return + * anything if any user_id parameter is passed. * - * @return array|string + * @param string $qtype Either "friends" or "followers" + * @return boolean|array * @throws BadRequestException * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException - * @see https://web.archive.org/web/20131019055350/https://dev.twitter.com/docs/api/1/post/favorites/create/%3Aid */ -function api_favorites_create_destroy($type) +function api_statuses_f($qtype) { - $a = DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - if (api_user() === false) { - throw new ForbiddenException(); - } - - // for versioned api. - /// @TODO We need a better global soluton - $action_argv_id = 2; - if (count(DI::args()->getArgv()) > 1 && DI::args()->getArgv()[1] == "1.1") { - $action_argv_id = 3; - } + // pagination + $count = $_GET['count'] ?? 20; + $page = $_GET['page'] ?? 1; - if (DI::args()->getArgc() <= $action_argv_id) { - throw new BadRequestException("Invalid request."); - } - $action = str_replace("." . $type, "", DI::args()->getArgv()[$action_argv_id]); - if (DI::args()->getArgc() == $action_argv_id + 2) { - $itemid = intval(DI::args()->getArgv()[$action_argv_id + 1] ?? 0); - } else { - $itemid = intval($_REQUEST['id'] ?? 0); - } + $start = max(0, ($page - 1) * $count); - $item = Post::selectFirstForUser(api_user(), [], ['id' => $itemid, 'uid' => api_user()]); + if (!empty($_GET['cursor']) && $_GET['cursor'] == 'undefined') { + /* this is to stop Hotot to load friends multiple times + * I'm not sure if I'm missing return something or + * is a bug in hotot. Workaround, meantime + */ - if (!DBA::isResult($item)) { - throw new BadRequestException("Invalid item."); + /*$ret=Array(); + return array('$users' => $ret);*/ + return false; } - switch ($action) { - case "create": - $item['starred'] = 1; - break; - case "destroy": - $item['starred'] = 0; - break; - default: - throw new BadRequestException("Invalid action ".$action); + $sql_extra = ''; + if ($qtype == 'friends') { + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(Contact::SHARING), intval(Contact::FRIEND)); + } elseif ($qtype == 'followers') { + $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(Contact::FOLLOWER), intval(Contact::FRIEND)); } - $r = Item::update(['starred' => $item['starred']], ['id' => $itemid]); - - if ($r === false) { - throw new InternalServerErrorException("DB error"); + if ($qtype == 'blocks') { + $sql_filter = 'AND `blocked` AND NOT `pending`'; + } elseif ($qtype == 'incoming') { + $sql_filter = 'AND `pending`'; + } else { + $sql_filter = 'AND (NOT `blocked` OR `pending`)'; } + // @todo This query most likely can be replaced with a Contact::select... + $r = DBA::toArray(DBA::p( + "SELECT `id` + FROM `contact` + WHERE `uid` = ? + AND NOT `self` + $sql_filter + $sql_extra + ORDER BY `nick` + LIMIT ?, ?", + $uid, + $start, + $count + )); - $user_info = api_get_user(); - $rets = api_format_items([$item], $user_info, false, $type); - $ret = $rets[0]; + $ret = []; + foreach ($r as $cid) { + $user = DI::twitterUser()->createFromContactId($cid['id'], $uid, false)->toArray(); + // "uid" is only needed for some internal stuff, so remove it from here + unset($user['uid']); - $data = ['status' => $ret]; - switch ($type) { - case "atom": - break; - case "rss": - $data = api_rss_extra($a, $data, $user_info); - break; + if ($user) { + $ret[] = $user; + } } - return BaseApi::formatData("status", $type, $data); + return ['user' => $ret]; } -/// @TODO move to top of file or somewhere better -api_register_func('api/favorites/create', 'api_favorites_create_destroy', true, API_METHOD_POST); -api_register_func('api/favorites/destroy', 'api_favorites_create_destroy', true, API_METHOD_DELETE); - /** - * Returns the most recent favorite statuses. + * Returns the list of friends of the provided user * - * @param string $type Return type (atom, rss, xml, json) + * @deprecated By Twitter API in favor of friends/list * - * @return string|array + * @param string $type Either "json" or "xml" + * @return boolean|string|array * @throws BadRequestException * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException */ -function api_favorites($type) +function api_statuses_friends($type) { - global $called_api; - - $a = DI::app(); - $user_info = api_get_user(); - - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } - - $called_api = []; - - // in friendica starred item are private - // return favorites only for self - Logger::info(API_LOG_PREFIX . 'for {self}', ['module' => 'api', 'action' => 'favorites', 'self' => $user_info['self']]); - - if ($user_info['self'] == 0) { - $ret = []; - } else { - // params - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $count = $_GET['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; - - $start = max(0, ($page - 1) * $count); - - $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `starred`", - api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; - - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; - } - - $statuses = Post::selectForUser(api_user(), [], $condition, $params); - - $ret = api_format_items(Post::toArray($statuses), $user_info, false, $type); - } - - bindComments($ret); - - $data = ['status' => $ret]; - switch ($type) { - case "atom": - break; - case "rss": - $data = api_rss_extra($a, $data, $user_info); - break; + $data = api_statuses_f("friends"); + if ($data === false) { + return false; } - - return BaseApi::formatData("statuses", $type, $data); + return DI::apiResponse()->formatData("users", $type, $data); } -/// @TODO move to top of file or somewhere better -api_register_func('api/favorites', 'api_favorites', true); +api_register_func('api/statuses/friends', 'api_statuses_friends', true); /** + * Returns the list of followers of the provided user * - * @param array $item - * @param array $recipient - * @param array $sender + * @deprecated By Twitter API in favor of friends/list * - * @return array - * @throws InternalServerErrorException + * @param string $type Either "json" or "xml" + * @return boolean|string|array + * @throws BadRequestException + * @throws ForbiddenException */ -function api_format_messages($item, $recipient, $sender) +function api_statuses_followers($type) { - // standard meta information - $ret = [ - 'id' => $item['id'], - 'sender_id' => $sender['id'], - 'text' => "", - 'recipient_id' => $recipient['id'], - 'created_at' => api_date($item['created'] ?? DateTimeFormat::utcNow()), - 'sender_screen_name' => $sender['screen_name'], - 'recipient_screen_name' => $recipient['screen_name'], - 'sender' => $sender, - 'recipient' => $recipient, - 'title' => "", - 'friendica_seen' => $item['seen'] ?? 0, - 'friendica_parent_uri' => $item['parent-uri'] ?? '', - ]; - - // "uid" and "self" are only needed for some internal stuff, so remove it from here - if (isset($ret['sender']['uid'])) { - unset($ret['sender']['uid']); - } - if (isset($ret['sender']['self'])) { - unset($ret['sender']['self']); - } - if (isset($ret['recipient']['uid'])) { - unset($ret['recipient']['uid']); - } - if (isset($ret['recipient']['self'])) { - unset($ret['recipient']['self']); - } - - //don't send title to regular StatusNET requests to avoid confusing these apps - if (!empty($_GET['getText'])) { - $ret['title'] = $item['title']; - if ($_GET['getText'] == 'html') { - $ret['text'] = BBCode::convertForUriId($item['uri-id'], $item['body'], BBCode::API); - } elseif ($_GET['getText'] == 'plain') { - $ret['text'] = trim(HTML::toPlaintext(BBCode::convertForUriId($item['uri-id'], api_clean_plain_items($item['body']), BBCode::API), 0)); - } - } else { - $ret['text'] = $item['title'] . "\n" . HTML::toPlaintext(BBCode::convertForUriId($item['uri-id'], api_clean_plain_items($item['body']), BBCode::API), 0); - } - if (!empty($_GET['getUserObjects']) && $_GET['getUserObjects'] == 'false') { - unset($ret['sender']); - unset($ret['recipient']); + $data = api_statuses_f("followers"); + if ($data === false) { + return false; } - - return $ret; + return DI::apiResponse()->formatData("users", $type, $data); } +api_register_func('api/statuses/followers', 'api_statuses_followers', true); + /** + * Returns the list of blocked users * - * @param array $item + * @see https://developer.twitter.com/en/docs/accounts-and-users/mute-block-report-users/api-reference/get-blocks-list * - * @return array - * @throws InternalServerErrorException + * @param string $type Either "json" or "xml" + * + * @return boolean|string|array + * @throws BadRequestException + * @throws ForbiddenException */ -function api_convert_item($item) +function api_blocks_list($type) { - $body = api_add_attachments_to_body($item); - - $entities = api_get_entitities($statustext, $body, $item['uri-id']); - - // Add pictures to the attachment array and remove them from the body - $attachments = api_get_attachments($body, $item['uri-id']); - - // Workaround for ostatus messages where the title is identically to the body - $html = BBCode::convertForUriId($item['uri-id'], api_clean_plain_items($body), BBCode::API); - $statusbody = trim(HTML::toPlaintext($html, 0)); - - // handle data: images - $statusbody = api_format_items_embeded_images($item, $statusbody); - - $statustitle = trim($item['title']); - - if (($statustitle != '') && (strpos($statusbody, $statustitle) !== false)) { - $statustext = trim($statusbody); - } else { - $statustext = trim($statustitle."\n\n".$statusbody); - } - - if ((($item['network'] ?? Protocol::PHANTOM) == Protocol::FEED) && (mb_strlen($statustext)> 1000)) { - $statustext = mb_substr($statustext, 0, 1000) . "... \n" . ($item['plink'] ?? ''); - } - - $statushtml = BBCode::convertForUriId($item['uri-id'], BBCode::removeAttachment($body), BBCode::API); - - // Workaround for clients with limited HTML parser functionality - $search = ["
", "
", "
", - "

", "

", "

", "

", - "

", "

", "

", "

", - "
", "
", "
", "
"]; - $replace = ["
", "
", "

", - "

", "


", "

", "


", - "

", "


", "

", "


", - "
", "

", "
", "

"]; - $statushtml = str_replace($search, $replace, $statushtml); - - if ($item['title'] != "") { - $statushtml = "

" . BBCode::convertForUriId($item['uri-id'], $item['title']) . "


" . $statushtml; - } - - do { - $oldtext = $statushtml; - $statushtml = str_replace("

", "
", $statushtml); - } while ($oldtext != $statushtml); - - if (substr($statushtml, 0, 4) == '
') { - $statushtml = substr($statushtml, 4); - } - - if (substr($statushtml, 0, -4) == '
') { - $statushtml = substr($statushtml, -4); - } - - // feeds without body should contain the link - if ((($item['network'] ?? Protocol::PHANTOM) == Protocol::FEED) && (strlen($item['body']) == 0)) { - $statushtml .= BBCode::convertForUriId($item['uri-id'], $item['plink']); + $data = api_statuses_f('blocks'); + if ($data === false) { + return false; } - - return [ - "text" => $statustext, - "html" => $statushtml, - "attachments" => $attachments, - "entities" => $entities - ]; + return DI::apiResponse()->formatData("users", $type, $data); } +api_register_func('api/blocks/list', 'api_blocks_list', true); + /** - * Add media attachments to the body + * Returns the list of pending users IDs * - * @param array $item - * @return string body with added media + * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-friendships-incoming + * + * @param string $type Either "json" or "xml" + * + * @return boolean|string|array + * @throws BadRequestException + * @throws ForbiddenException */ -function api_add_attachments_to_body(array $item) +function api_friendships_incoming($type) { - $body = Post\Media::addAttachmentsToBody($item['uri-id'], $item['body']); - - if (strpos($body, '[/img]') !== false) { - return $body; + $data = api_statuses_f('incoming'); + if ($data === false) { + return false; } - foreach (Post\Media::getByURIId($item['uri-id'], [Post\Media::HTML]) as $media) { - if (!empty($media['preview'])) { - $description = $media['description'] ?: $media['name']; - if (!empty($description)) { - $body .= "\n[img=" . $media['preview'] . ']' . $description .'[/img]'; - } else { - $body .= "\n[img]" . $media['preview'] .'[/img]'; - } - } + $ids = []; + foreach ($data['user'] as $user) { + $ids[] = $user['id']; } - return $body; + return DI::apiResponse()->formatData("ids", $type, ['id' => $ids]); } +api_register_func('api/friendships/incoming', 'api_friendships_incoming', true); + /** + * Sends a new direct message. * - * @param string $body - * @param int $uriid + * @param string $type Return type (atom, rss, xml, json) * - * @return array + * @return array|string + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException * @throws InternalServerErrorException + * @throws NotFoundException + * @throws UnauthorizedException + * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/new-message */ -function api_get_attachments(&$body, $uriid) +function api_direct_messages_new($type) { - $body = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $body); - $body = preg_replace("/\[img\=(.*?)\](.*?)\[\/img\]/ism", '[img]$1[/img]', $body); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - $URLSearchString = "^\[\]"; - if (!preg_match_all("/\[img\]([$URLSearchString]*)\[\/img\]/ism", $body, $images)) { - return []; + if (empty($_POST["text"]) || empty($_POST['screen_name']) && empty($_POST['user_id'])) { + return; } - // Remove all embedded pictures, since they are added as attachments - foreach ($images[0] as $orig) { - $body = str_replace($orig, '', $body); + $sender = DI::twitterUser()->createFromUserId($uid, true)->toArray(); + + $cid = BaseApi::getContactIDForSearchterm($_POST['screen_name'] ?? '', $_POST['user_id'] ?? 0, $uid); + if (empty($cid)) { + throw new NotFoundException('Recipient not found'); } - $attachments = []; + $replyto = ''; + if (!empty($_REQUEST['replyto'])) { + $mail = DBA::selectFirst('mail', ['parent-uri', 'title'], ['uid' => $uid, 'id' => $_REQUEST['replyto']]); + $replyto = $mail['parent-uri']; + $sub = $mail['title']; + } else { + if (!empty($_REQUEST['title'])) { + $sub = $_REQUEST['title']; + } else { + $sub = ((strlen($_POST['text'])>10) ? substr($_POST['text'], 0, 10)."...":$_POST['text']); + } + } - foreach ($images[1] as $image) { - $imagedata = Images::getInfoFromURLCached($image); + $cdata = Contact::getPublicAndUserContactID($cid, $uid); - if ($imagedata) { - $attachments[] = ["url" => Post\Link::getByLink($uriid, $image), "mimetype" => $imagedata["mime"], "size" => $imagedata["size"]]; - } + $id = Mail::send($cdata['user'], $_POST['text'], $sub, $replyto); + + if ($id > -1) { + $mail = DBA::selectFirst('mail', [], ['id' => $id]); + $ret = api_format_messages($mail, DI::twitterUser()->createFromContactId($cid, $uid, true)->toArray(), $sender); + } else { + $ret = ["error" => $id]; } - return $attachments; + return DI::apiResponse()->formatData("direct-messages", $type, ['direct_message' => $ret], Contact::getPublicIdByUserId($uid)); } +api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, API_METHOD_POST); + /** + * delete a direct_message from mail table through api * - * @param string $text - * @param string $bbcode - * - * @return array + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string|array + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException * @throws InternalServerErrorException - * @todo Links at the first character of the post + * @throws UnauthorizedException + * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/delete-message */ -function api_get_entitities(&$text, $bbcode, $uriid) +function api_direct_messages_destroy($type) { - $include_entities = strtolower($_REQUEST['include_entities'] ?? 'false'); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - if ($include_entities != "true") { - preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images); + //required + $id = $_REQUEST['id'] ?? 0; + // optional + $parenturi = $_REQUEST['friendica_parenturi'] ?? ''; + $verbose = (!empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"); + /// @todo optional parameter 'include_entities' from Twitter API not yet implemented - foreach ($images[1] as $image) { - $replace = Post\Link::getByLink($uriid, $image); - $text = str_replace($image, $replace, $text); - } - return []; + // error if no id or parenturi specified (for clients posting parent-uri as well) + if ($verbose == "true" && ($id == 0 || $parenturi == "")) { + $answer = ['result' => 'error', 'message' => 'message id or parenturi not specified']; + return DI::apiResponse()->formatData("direct_messages_delete", $type, ['$result' => $answer]); } - $bbcode = BBCode::cleanPictureLinks($bbcode); - - // Change pure links in text to bbcode uris - $bbcode = preg_replace("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", '$1[url=$2]$2[/url]', $bbcode); + // BadRequestException if no id specified (for clients using Twitter API) + if ($id == 0) { + throw new BadRequestException('Message id not specified'); + } - $entities = []; - $entities["hashtags"] = []; - $entities["symbols"] = []; - $entities["urls"] = []; - $entities["user_mentions"] = []; + // add parent-uri to sql command if specified by calling app + $sql_extra = ($parenturi != "" ? " AND `parent-uri` = '" . DBA::escape($parenturi) . "'" : ""); - $URLSearchString = "^\[\]"; + // error message if specified id is not in database + if (!DBA::exists('mail', ["`uid` = ? AND `id` = ? " . $sql_extra, $uid, $id])) { + if ($verbose == "true") { + $answer = ['result' => 'error', 'message' => 'message id not in database']; + return DI::apiResponse()->formatData("direct_messages_delete", $type, ['$result' => $answer]); + } + /// @todo BadRequestException ok for Twitter API clients? + throw new BadRequestException('message id not in database'); + } - $bbcode = preg_replace("/#\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '#$2', $bbcode); + // delete message + $result = DBA::delete('mail', ["`uid` = ? AND `id` = ? " . $sql_extra, $uid, $id]); - $bbcode = preg_replace("/\[bookmark\=([$URLSearchString]*)\](.*?)\[\/bookmark\]/ism", '[url=$1]$2[/url]', $bbcode); - $bbcode = preg_replace("/\[video\](.*?)\[\/video\]/ism", '[url=$1]$1[/url]', $bbcode); + if ($verbose == "true") { + if ($result) { + // return success + $answer = ['result' => 'ok', 'message' => 'message deleted']; + return DI::apiResponse()->formatData("direct_message_delete", $type, ['$result' => $answer]); + } else { + $answer = ['result' => 'error', 'message' => 'unknown error']; + return DI::apiResponse()->formatData("direct_messages_delete", $type, ['$result' => $answer]); + } + } + /// @todo return JSON data like Twitter API not yet implemented +} - $bbcode = preg_replace( - "/\[youtube\]([A-Za-z0-9\-_=]+)(.*?)\[\/youtube\]/ism", - '[url=https://www.youtube.com/watch?v=$1]https://www.youtube.com/watch?v=$1[/url]', - $bbcode - ); - $bbcode = preg_replace("/\[youtube\](.*?)\[\/youtube\]/ism", '[url=$1]$1[/url]', $bbcode); +api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', true, API_METHOD_DELETE); - $bbcode = preg_replace( - "/\[vimeo\]([0-9]+)(.*?)\[\/vimeo\]/ism", - '[url=https://vimeo.com/$1]https://vimeo.com/$1[/url]', - $bbcode - ); - $bbcode = preg_replace("/\[vimeo\](.*?)\[\/vimeo\]/ism", '[url=$1]$1[/url]', $bbcode); +/** + * Unfollow Contact + * + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string|array + * @throws HTTPException\BadRequestException + * @throws HTTPException\ExpectationFailedException + * @throws HTTPException\ForbiddenException + * @throws HTTPException\InternalServerErrorException + * @throws HTTPException\NotFoundException + * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/post-friendships-destroy.html + */ +function api_friendships_destroy($type) +{ + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - $bbcode = preg_replace("/\[img\=([0-9]*)x([0-9]*)\](.*?)\[\/img\]/ism", '[img]$3[/img]', $bbcode); + $owner = User::getOwnerDataById($uid); + if (!$owner) { + Logger::notice(API_LOG_PREFIX . 'No owner {uid} found', ['module' => 'api', 'action' => 'friendships_destroy', 'uid' => $uid]); + throw new HTTPException\NotFoundException('Error Processing Request'); + } - preg_match_all("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", $bbcode, $urls); + $contact_id = $_REQUEST['user_id'] ?? 0; - $ordered_urls = []; - foreach ($urls[1] as $id => $url) { - $start = iconv_strpos($text, $url, 0, "UTF-8"); - if (!($start === false)) { - $ordered_urls[$start] = ["url" => $url, "title" => $urls[2][$id]]; - } + if (empty($contact_id)) { + Logger::notice(API_LOG_PREFIX . 'No user_id specified', ['module' => 'api', 'action' => 'friendships_destroy']); + throw new HTTPException\BadRequestException('no user_id specified'); } - ksort($ordered_urls); + // Get Contact by given id + $contact = DBA::selectFirst('contact', ['url'], ['id' => $contact_id, 'uid' => 0, 'self' => false]); - $offset = 0; + if(!DBA::isResult($contact)) { + Logger::notice(API_LOG_PREFIX . 'No public contact found for ID {contact}', ['module' => 'api', 'action' => 'friendships_destroy', 'contact' => $contact_id]); + throw new HTTPException\NotFoundException('no contact found to given ID'); + } - foreach ($ordered_urls as $url) { - if ((substr($url["title"], 0, 7) != "http://") && (substr($url["title"], 0, 8) != "https://") - && !strpos($url["title"], "http://") && !strpos($url["title"], "https://") - ) { - $display_url = $url["title"]; - } else { - $display_url = str_replace(["http://www.", "https://www."], ["", ""], $url["url"]); - $display_url = str_replace(["http://", "https://"], ["", ""], $display_url); + $url = $contact['url']; - if (strlen($display_url) > 26) { - $display_url = substr($display_url, 0, 25)."…"; - } - } + $condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)", + $uid, Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url), + Strings::normaliseLink($url), $url]; + $contact = DBA::selectFirst('contact', [], $condition); - $start = iconv_strpos($text, $url["url"], $offset, "UTF-8"); - if (!($start === false)) { - $entities["urls"][] = ["url" => $url["url"], - "expanded_url" => $url["url"], - "display_url" => $display_url, - "indices" => [$start, $start+strlen($url["url"])]]; - $offset = $start + 1; - } + if (!DBA::isResult($contact)) { + Logger::notice(API_LOG_PREFIX . 'Not following contact', ['module' => 'api', 'action' => 'friendships_destroy']); + throw new HTTPException\NotFoundException('Not following Contact'); } - preg_match_all("/\[img\=(.*?)\](.*?)\[\/img\]/ism", $bbcode, $images, PREG_SET_ORDER); - $ordered_images = []; - foreach ($images as $image) { - $start = iconv_strpos($text, $image[1], 0, "UTF-8"); - if (!($start === false)) { - $ordered_images[$start] = ['url' => $image[1], 'alt' => $image[2]]; + try { + $result = Contact::terminateFriendship($owner, $contact); + + if ($result === null) { + Logger::notice(API_LOG_PREFIX . 'Not supported for {network}', ['module' => 'api', 'action' => 'friendships_destroy', 'network' => $contact['network']]); + throw new HTTPException\ExpectationFailedException('Unfollowing is currently not supported by this contact\'s network.'); } - } - preg_match_all("/\[img](.*?)\[\/img\]/ism", $bbcode, $images); - foreach ($images[1] as $image) { - $start = iconv_strpos($text, $image, 0, "UTF-8"); - if (!($start === false)) { - $ordered_images[$start] = ['url' => $image, 'alt' => '']; + if ($result === false) { + throw new HTTPException\ServiceUnavailableException('Unable to unfollow this contact, please retry in a few minutes or contact your administrator.'); } + } catch (Exception $e) { + Logger::error(API_LOG_PREFIX . $e->getMessage(), ['owner' => $owner, 'contact' => $contact]); + throw new HTTPException\InternalServerErrorException('Unable to unfollow this contact, please contact your administrator'); } - $offset = 0; + // "uid" is only needed for some internal stuff, so remove it from here + unset($contact['uid']); - foreach ($ordered_images as $image) { - $url = $image['url']; - $ext_alt_text = $image['alt']; + // Set screen_name since Twidere requests it + $contact['screen_name'] = $contact['nick']; - $display_url = str_replace(["http://www.", "https://www."], ["", ""], $url); - $display_url = str_replace(["http://", "https://"], ["", ""], $display_url); - - if (strlen($display_url) > 26) { - $display_url = substr($display_url, 0, 25)."…"; - } - - $start = iconv_strpos($text, $url, $offset, "UTF-8"); - if (!($start === false)) { - $image = Images::getInfoFromURLCached($url); - if ($image) { - $media_url = Post\Link::getByLink($uriid, $url); - $sizes["medium"] = ["w" => $image[0], "h" => $image[1], "resize" => "fit"]; - - $entities["media"][] = [ - "id" => $start+1, - "id_str" => (string) ($start + 1), - "indices" => [$start, $start+strlen($url)], - "media_url" => Strings::normaliseLink($media_url), - "media_url_https" => $media_url, - "url" => $url, - "display_url" => $display_url, - "expanded_url" => $url, - "ext_alt_text" => $ext_alt_text, - "type" => "photo", - "sizes" => $sizes]; - } - $offset = $start + 1; - } - } - - return $entities; -} - -/** - * - * @param array $item - * @param string $text - * - * @return string - */ -function api_format_items_embeded_images($item, $text) -{ - $text = preg_replace_callback( - '|data:image/([^;]+)[^=]+=*|m', - function () use ($item) { - return DI::baseUrl() . '/display/' . $item['guid']; - }, - $text - ); - return $text; -} - -/** - * return name as array - * - * @param string $txt text - * @return array - * 'name' => 'name', - * 'url => 'url' - */ -function api_contactlink_to_array($txt) -{ - $match = []; - $r = preg_match_all('|([^<]*)|', $txt, $match); - if ($r && count($match)==3) { - $res = [ - 'name' => $match[2], - 'url' => $match[1] - ]; - } else { - $res = [ - 'name' => $txt, - 'url' => "" - ]; - } - return $res; -} + return DI::apiResponse()->formatData('friendships-destroy', $type, ['user' => $contact]); +} +api_register_func('api/friendships/destroy', 'api_friendships_destroy', true, API_METHOD_POST); /** - * return likes, dislikes and attend status for item * - * @param array $item array * @param string $type Return type (atom, rss, xml, json) + * @param string $box + * @param string $verbose * - * @return array - * likes => int count, - * dislikes => int count - * @throws BadRequestException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_format_items_activities($item, $type = "json") -{ - $a = DI::app(); - - $activities = [ - 'like' => [], - 'dislike' => [], - 'attendyes' => [], - 'attendno' => [], - 'attendmaybe' => [], - 'announce' => [], - ]; - - $condition = ['uid' => $item['uid'], 'thr-parent' => $item['uri'], 'gravity' => GRAVITY_ACTIVITY]; - $ret = Post::selectForUser($item['uid'], ['author-id', 'verb'], $condition); - - while ($parent_item = Post::fetch($ret)) { - // not used as result should be structured like other user data - //builtin_activity_puller($i, $activities); - - // get user data and add it to the array of the activity - $user = api_get_user($parent_item['author-id']); - switch ($parent_item['verb']) { - case Activity::LIKE: - $activities['like'][] = $user; - break; - case Activity::DISLIKE: - $activities['dislike'][] = $user; - break; - case Activity::ATTEND: - $activities['attendyes'][] = $user; - break; - case Activity::ATTENDNO: - $activities['attendno'][] = $user; - break; - case Activity::ATTENDMAYBE: - $activities['attendmaybe'][] = $user; - break; - case Activity::ANNOUNCE: - $activities['announce'][] = $user; - break; - default: - break; - } - } - - DBA::close($ret); - - if ($type == "xml") { - $xml_activities = []; - foreach ($activities as $k => $v) { - // change xml element from "like" to "friendica:like" - $xml_activities["friendica:".$k] = $v; - // add user data into xml output - $k_user = 0; - foreach ($v as $user) { - $xml_activities["friendica:".$k][$k_user++.":user"] = $user; - } - } - $activities = $xml_activities; - } - - return $activities; -} - -/** - * format items to be returned by api - * - * @param array $items array of items - * @param array $user_info - * @param bool $filter_user filter items by $user_info - * @param string $type Return type (atom, rss, xml, json) - * @return array + * @return array|string * @throws BadRequestException + * @throws ForbiddenException * @throws ImagickException * @throws InternalServerErrorException * @throws UnauthorizedException */ -function api_format_items($items, $user_info, $filter_user = false, $type = "json") +function api_direct_messages_box($type, $box, $verbose) { - $a = Friendica\DI::app(); - - $ret = []; - - if (empty($items)) { - return $ret; - } - - foreach ((array)$items as $item) { - list($status_user, $author_user, $owner_user) = api_item_get_user($a, $item); - - // Look if the posts are matching if they should be filtered by user id - if ($filter_user && ($status_user["id"] != $user_info["id"])) { - continue; - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - $status = api_format_item($item, $type, $status_user, $author_user, $owner_user); - - $ret[] = $status; - } - - return $ret; -} + // params + $count = $_GET['count'] ?? 20; + $page = $_REQUEST['page'] ?? 1; -/** - * @param array $item Item record - * @param string $type Return format (atom, rss, xml, json) - * @param array $status_user User record of the item author, can be provided by api_item_get_user() - * @param array $author_user User record of the item author, can be provided by api_item_get_user() - * @param array $owner_user User record of the item owner, can be provided by api_item_get_user() - * @return array API-formatted status - * @throws BadRequestException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_format_item($item, $type = "json", $status_user = null, $author_user = null, $owner_user = null) -{ - $a = Friendica\DI::app(); + $since_id = $_REQUEST['since_id'] ?? 0; + $max_id = $_REQUEST['max_id'] ?? 0; - if (empty($status_user) || empty($author_user) || empty($owner_user)) { - list($status_user, $author_user, $owner_user) = api_item_get_user($a, $item); - } + $user_id = $_REQUEST['user_id'] ?? ''; + $screen_name = $_REQUEST['screen_name'] ?? ''; - DI::contentItem()->localize($item); + $user_info = DI::twitterUser()->createFromUserId($uid, true)->toArray(); - $in_reply_to = api_in_reply_to($item); + $profile_url = $user_info["url"]; - $converted = api_convert_item($item); + // pagination + $start = max(0, ($page - 1) * $count); - if ($type == "xml") { - $geo = "georss:point"; - } else { - $geo = "geo"; - } - - $status = [ - 'text' => $converted["text"], - 'truncated' => false, - 'created_at'=> api_date($item['created']), - 'in_reply_to_status_id' => $in_reply_to['status_id'], - 'in_reply_to_status_id_str' => $in_reply_to['status_id_str'], - 'source' => (($item['app']) ? $item['app'] : 'web'), - 'id' => intval($item['id']), - 'id_str' => (string) intval($item['id']), - 'in_reply_to_user_id' => $in_reply_to['user_id'], - 'in_reply_to_user_id_str' => $in_reply_to['user_id_str'], - 'in_reply_to_screen_name' => $in_reply_to['screen_name'], - $geo => null, - 'favorited' => $item['starred'] ? true : false, - 'user' => $status_user, - 'friendica_author' => $author_user, - 'friendica_owner' => $owner_user, - 'friendica_private' => $item['private'] == Item::PRIVATE, - //'entities' => NULL, - 'statusnet_html' => $converted["html"], - 'statusnet_conversation_id' => $item['parent'], - 'external_url' => DI::baseUrl() . "/display/" . $item['guid'], - 'friendica_activities' => api_format_items_activities($item, $type), - 'friendica_title' => $item['title'], - 'friendica_html' => BBCode::convertForUriId($item['uri-id'], $item['body'], BBCode::EXTERNAL) - ]; + $sql_extra = ""; - if (count($converted["attachments"]) > 0) { - $status["attachments"] = $converted["attachments"]; + // filters + if ($box=="sentbox") { + $sql_extra = "`mail`.`from-url`='" . DBA::escape($profile_url) . "'"; + } elseif ($box == "conversation") { + $sql_extra = "`mail`.`parent-uri`='" . DBA::escape($_GET['uri'] ?? '') . "'"; + } elseif ($box == "all") { + $sql_extra = "true"; + } elseif ($box == "inbox") { + $sql_extra = "`mail`.`from-url`!='" . DBA::escape($profile_url) . "'"; } - if (count($converted["entities"]) > 0) { - $status["entities"] = $converted["entities"]; + if ($max_id > 0) { + $sql_extra .= ' AND `mail`.`id` <= ' . intval($max_id); } - if ($status["source"] == 'web') { - $status["source"] = ContactSelector::networkToName($item['author-network'], $item['author-link'], $item['network']); - } elseif (ContactSelector::networkToName($item['author-network'], $item['author-link'], $item['network']) != $status["source"]) { - $status["source"] = trim($status["source"].' ('.ContactSelector::networkToName($item['author-network'], $item['author-link'], $item['network']).')'); + if ($user_id != "") { + $sql_extra .= ' AND `mail`.`contact-id` = ' . intval($user_id); + } elseif ($screen_name !="") { + $sql_extra .= " AND `contact`.`nick` = '" . DBA::escape($screen_name). "'"; } - $retweeted_item = []; - $quoted_item = []; - - if (empty($retweeted_item) && ($item['owner-id'] == $item['author-id'])) { - $announce = api_get_announce($item); - if (!empty($announce)) { - $retweeted_item = $item; - $item = $announce; - $status['friendica_owner'] = api_get_user($announce['author-id']); - } + $r = DBA::toArray(DBA::p( + "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid` = ? AND $sql_extra AND `mail`.`id` > ? ORDER BY `mail`.`id` DESC LIMIT ?,?", + $uid, + $since_id, + $start, + $count + )); + if ($verbose == "true" && !DBA::isResult($r)) { + $answer = ['result' => 'error', 'message' => 'no mails available']; + return DI::apiResponse()->formatData("direct_messages_all", $type, ['$result' => $answer]); } - if (!empty($quoted_item)) { - if ($quoted_item['id'] != $item['id']) { - $quoted_status = api_format_item($quoted_item); - /// @todo Only remove the attachments that are also contained in the quotes status - unset($status['attachments']); - unset($status['entities']); - } else { - $conv_quoted = api_convert_item($quoted_item); - $quoted_status = $status; - unset($quoted_status['attachments']); - unset($quoted_status['entities']); - unset($quoted_status['statusnet_conversation_id']); - $quoted_status['text'] = $conv_quoted['text']; - $quoted_status['statusnet_html'] = $conv_quoted['html']; - try { - $quoted_status["user"] = api_get_user($quoted_item["author-id"]); - } catch (BadRequestException $e) { - // user not found. should be found? - /// @todo check if the user should be always found - $quoted_status["user"] = []; - } - } - unset($quoted_status['friendica_author']); - unset($quoted_status['friendica_owner']); - unset($quoted_status['friendica_activities']); - unset($quoted_status['friendica_private']); - } - - if (!empty($retweeted_item)) { - $retweeted_status = $status; - unset($retweeted_status['friendica_author']); - unset($retweeted_status['friendica_owner']); - unset($retweeted_status['friendica_activities']); - unset($retweeted_status['friendica_private']); - unset($retweeted_status['statusnet_conversation_id']); - $status['user'] = $status['friendica_owner']; - try { - $retweeted_status["user"] = api_get_user($retweeted_item["author-id"]); - } catch (BadRequestException $e) { - // user not found. should be found? - /// @todo check if the user should be always found - $retweeted_status["user"] = []; - } - - $rt_converted = api_convert_item($retweeted_item); - - $retweeted_status['text'] = $rt_converted["text"]; - $retweeted_status['statusnet_html'] = $rt_converted["html"]; - $retweeted_status['friendica_html'] = $rt_converted["html"]; - $retweeted_status['created_at'] = api_date($retweeted_item['created']); - - if (!empty($quoted_status)) { - $retweeted_status['quoted_status'] = $quoted_status; + $ret = []; + foreach ($r as $item) { + if ($box == "inbox" || $item['from-url'] != $profile_url) { + $recipient = $user_info; + $sender = DI::twitterUser()->createFromContactId($item['contact-id'], $uid, true)->toArray(); + } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { + $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], $uid, true)->toArray(); + $sender = $user_info; } - $status['friendica_author'] = $retweeted_status['user']; - $status['retweeted_status'] = $retweeted_status; - } elseif (!empty($quoted_status)) { - $root_status = api_convert_item($item); - - $status['text'] = $root_status["text"]; - $status['statusnet_html'] = $root_status["html"]; - $status['quoted_status'] = $quoted_status; - } - - // "uid" and "self" are only needed for some internal stuff, so remove it from here - unset($status["user"]["uid"]); - unset($status["user"]["self"]); - - if ($item["coord"] != "") { - $coords = explode(' ', $item["coord"]); - if (count($coords) == 2) { - if ($type == "json") { - $status["geo"] = ['type' => 'Point', - 'coordinates' => [(float) $coords[0], - (float) $coords[1]]]; - } else {// Not sure if this is the official format - if someone founds a documentation we can check - $status["georss:point"] = $item["coord"]; - } + if (isset($recipient) && isset($sender)) { + $ret[] = api_format_messages($item, $recipient, $sender); } } - return $status; + return DI::apiResponse()->formatData("direct-messages", $type, ['direct_message' => $ret], Contact::getPublicIdByUserId($uid)); } /** - * Returns all lists the user subscribes to. + * Returns the most recent direct messages sent by the user. * * @param string $type Return type (atom, rss, xml, json) * * @return array|string - * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/get-lists-list + * @throws BadRequestException + * @throws ForbiddenException + * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/get-sent-message */ -function api_lists_list($type) +function api_direct_messages_sentbox($type) { - $ret = []; - /// @TODO $ret is not filled here? - return BaseApi::formatData('lists', $type, ["lists_list" => $ret]); + $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; + return api_direct_messages_box($type, "sentbox", $verbose); } -/// @TODO move to top of file or somewhere better -api_register_func('api/lists/list', 'api_lists_list', true); -api_register_func('api/lists/subscriptions', 'api_lists_list', true); +api_register_func('api/direct_messages/sent', 'api_direct_messages_sentbox', true); /** - * Returns all groups the user owns. + * Returns the most recent direct messages sent to the user. * * @param string $type Return type (atom, rss, xml, json) * * @return array|string * @throws BadRequestException * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/get-lists-ownerships + * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/get-messages */ -function api_lists_ownerships($type) +function api_direct_messages_inbox($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - // params - $user_info = api_get_user(); - $uid = $user_info['uid']; - - $groups = DBA::select('group', [], ['deleted' => 0, 'uid' => $uid]); - - // loop through all groups - $lists = []; - foreach ($groups as $group) { - if ($group['visible']) { - $mode = 'public'; - } else { - $mode = 'private'; - } - $lists[] = [ - 'name' => $group['name'], - 'id' => intval($group['id']), - 'id_str' => (string) $group['id'], - 'user' => $user_info, - 'mode' => $mode - ]; - } - return BaseApi::formatData("lists", $type, ['lists' => ['lists' => $lists]]); + $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; + return api_direct_messages_box($type, "inbox", $verbose); } -/// @TODO move to top of file or somewhere better -api_register_func('api/lists/ownerships', 'api_lists_ownerships', true); +api_register_func('api/direct_messages', 'api_direct_messages_inbox', true); /** - * Returns recent statuses from users in the specified group. * * @param string $type Return type (atom, rss, xml, json) * * @return array|string * @throws BadRequestException * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/accounts-and-users/create-manage-lists/api-reference/get-lists-ownerships */ -function api_lists_statuses($type) +function api_direct_messages_all($type) { - $a = DI::app(); - - $user_info = api_get_user(); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } - - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); - - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); - - if (empty($_REQUEST['list_id'])) { - throw new BadRequestException('list_id not specified'); - } - - // params - $count = $_REQUEST['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - $exclude_replies = (!empty($_REQUEST['exclude_replies']) ? 1 : 0); - $conversation_id = $_REQUEST['conversation_id'] ?? 0; - - $start = max(0, ($page - 1) * $count); - - $groups = DBA::selectToArray('group_member', ['contact-id'], ['gid' => 1]); - $gids = array_column($groups, 'contact-id'); - $condition = ['uid' => api_user(), 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], 'group-id' => $gids]; - $condition = DBA::mergeConditions($condition, ["`id` > ?", $since_id]); - - if ($max_id > 0) { - $condition[0] .= " AND `id` <= ?"; - $condition[] = $max_id; - } - if ($exclude_replies > 0) { - $condition[0] .= ' AND `gravity` = ?'; - $condition[] = GRAVITY_PARENT; - } - if ($conversation_id > 0) { - $condition[0] .= " AND `parent` = ?"; - $condition[] = $conversation_id; - } - - $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); - - $items = api_format_items(Post::toArray($statuses), $user_info, false, $type); - - $data = ['status' => $items]; - switch ($type) { - case "atom": - break; - case "rss": - $data = api_rss_extra($a, $data, $user_info); - break; - } - - return BaseApi::formatData("statuses", $type, $data); + $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; + return api_direct_messages_box($type, "all", $verbose); } -/// @TODO move to top of file or somewhere better -api_register_func('api/lists/statuses', 'api_lists_statuses', true); +api_register_func('api/direct_messages/all', 'api_direct_messages_all', true); /** - * Returns either the friends of the follower list * - * Considers friends and followers lists to be private and won't return - * anything if any user_id parameter is passed. + * @param string $type Return type (atom, rss, xml, json) * - * @param string $qtype Either "friends" or "followers" - * @return boolean|array + * @return array|string * @throws BadRequestException * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException */ -function api_statuses_f($qtype) -{ - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - // pagination - $count = $_GET['count'] ?? 20; - $page = $_GET['page'] ?? 1; - - $start = max(0, ($page - 1) * $count); - - $user_info = api_get_user(); - - if (!empty($_GET['cursor']) && $_GET['cursor'] == 'undefined') { - /* this is to stop Hotot to load friends multiple times - * I'm not sure if I'm missing return something or - * is a bug in hotot. Workaround, meantime - */ - - /*$ret=Array(); - return array('$users' => $ret);*/ - return false; - } - - $sql_extra = ''; - if ($qtype == 'friends') { - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(Contact::SHARING), intval(Contact::FRIEND)); - } elseif ($qtype == 'followers') { - $sql_extra = sprintf(" AND ( `rel` = %d OR `rel` = %d ) ", intval(Contact::FOLLOWER), intval(Contact::FRIEND)); - } - - // friends and followers only for self - if ($user_info['self'] == 0) { - $sql_extra = " AND false "; - } - - if ($qtype == 'blocks') { - $sql_filter = 'AND `blocked` AND NOT `pending`'; - } elseif ($qtype == 'incoming') { - $sql_filter = 'AND `pending`'; - } else { - $sql_filter = 'AND (NOT `blocked` OR `pending`)'; - } - - // @todo This query most likely can be replaced with a Contact::select... - $r = DBA::toArray(DBA::p( - "SELECT `nurl` - FROM `contact` - WHERE `uid` = ? - AND NOT `self` - $sql_filter - $sql_extra - ORDER BY `nick` - LIMIT ?, ?", - api_user(), - $start, - $count - )); - - $ret = []; - foreach ($r as $cid) { - $user = api_get_user($cid['nurl']); - // "uid" and "self" are only needed for some internal stuff, so remove it from here - unset($user["uid"]); - unset($user["self"]); - - if ($user) { - $ret[] = $user; - } - } - - return ['user' => $ret]; -} - - -/** - * Returns the list of friends of the provided user - * - * @deprecated By Twitter API in favor of friends/list - * - * @param string $type Either "json" or "xml" - * @return boolean|string|array - * @throws BadRequestException - * @throws ForbiddenException - */ -function api_statuses_friends($type) -{ - $data = api_statuses_f("friends"); - if ($data === false) { - return false; - } - return BaseApi::formatData("users", $type, $data); -} - -/** - * Returns the list of followers of the provided user - * - * @deprecated By Twitter API in favor of friends/list - * - * @param string $type Either "json" or "xml" - * @return boolean|string|array - * @throws BadRequestException - * @throws ForbiddenException - */ -function api_statuses_followers($type) -{ - $data = api_statuses_f("followers"); - if ($data === false) { - return false; - } - return BaseApi::formatData("users", $type, $data); -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/statuses/friends', 'api_statuses_friends', true); -api_register_func('api/statuses/followers', 'api_statuses_followers', true); - -/** - * Returns the list of blocked users - * - * @see https://developer.twitter.com/en/docs/accounts-and-users/mute-block-report-users/api-reference/get-blocks-list - * - * @param string $type Either "json" or "xml" - * - * @return boolean|string|array - * @throws BadRequestException - * @throws ForbiddenException - */ -function api_blocks_list($type) -{ - $data = api_statuses_f('blocks'); - if ($data === false) { - return false; - } - return BaseApi::formatData("users", $type, $data); -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/blocks/list', 'api_blocks_list', true); - -/** - * Returns the list of pending users IDs - * - * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-friendships-incoming - * - * @param string $type Either "json" or "xml" - * - * @return boolean|string|array - * @throws BadRequestException - * @throws ForbiddenException - */ -function api_friendships_incoming($type) -{ - $data = api_statuses_f('incoming'); - if ($data === false) { - return false; - } - - $ids = []; - foreach ($data['user'] as $user) { - $ids[] = $user['id']; - } - - return BaseApi::formatData("ids", $type, ['id' => $ids]); -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/friendships/incoming', 'api_friendships_incoming', true); - -/** - * Returns the instance's configuration information. - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws InternalServerErrorException - */ -function api_statusnet_config($type) -{ - $name = DI::config()->get('config', 'sitename'); - $server = DI::baseUrl()->getHostname(); - $logo = DI::baseUrl() . '/images/friendica-64.png'; - $email = DI::config()->get('config', 'admin_email'); - $closed = intval(DI::config()->get('config', 'register_policy')) === \Friendica\Module\Register::CLOSED ? 'true' : 'false'; - $private = DI::config()->get('system', 'block_public') ? 'true' : 'false'; - $textlimit = (string) DI::config()->get('config', 'api_import_size', DI::config()->get('config', 'max_import_size', 200000)); - $ssl = DI::config()->get('system', 'have_ssl') ? 'true' : 'false'; - $sslserver = DI::config()->get('system', 'have_ssl') ? str_replace('http:', 'https:', DI::baseUrl()) : ''; - - $config = [ - 'site' => ['name' => $name,'server' => $server, 'theme' => 'default', 'path' => '', - 'logo' => $logo, 'fancy' => true, 'language' => 'en', 'email' => $email, 'broughtby' => '', - 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => false, - 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, - 'shorturllength' => '30', - 'friendica' => [ - 'FRIENDICA_PLATFORM' => FRIENDICA_PLATFORM, - 'FRIENDICA_VERSION' => FRIENDICA_VERSION, - 'DFRN_PROTOCOL_VERSION' => DFRN_PROTOCOL_VERSION, - 'DB_UPDATE_VERSION' => DB_UPDATE_VERSION - ] - ], - ]; - - return BaseApi::formatData('config', $type, ['config' => $config]); -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/gnusocial/config', 'api_statusnet_config', false); -api_register_func('api/statusnet/config', 'api_statusnet_config', false); - -/** - * Sends a new direct message. - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws NotFoundException - * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/new-message - */ -function api_direct_messages_new($type) -{ - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - if (empty($_POST["text"]) || empty($_POST["screen_name"]) && empty($_POST["user_id"])) { - return; - } - - $sender = api_get_user(); - - $recipient = null; - if (!empty($_POST['screen_name'])) { - $contacts = Contact::selectToArray(['id', 'nurl', 'network'], ['uid' => api_user(), 'nick' => $_POST['screen_name']]); - if (DBA::isResult($contacts)) { - // Selecting the id by priority, friendica first - api_best_nickname($contacts); - - $recipient = api_get_user($contacts[0]['nurl']); - } - } else { - $recipient = api_get_user($_POST['user_id']); - } - - if (empty($recipient)) { - throw new NotFoundException('Recipient not found'); - } - - $replyto = ''; - if (!empty($_REQUEST['replyto'])) { - $mail = DBA::selectFirst('mail', ['parent-uri', 'title'], ['uid' => api_user(), 'id' => $_REQUEST['replyto']]); - $replyto = $mail['parent-uri']; - $sub = $mail['title']; - } else { - if (!empty($_REQUEST['title'])) { - $sub = $_REQUEST['title']; - } else { - $sub = ((strlen($_POST['text'])>10) ? substr($_POST['text'], 0, 10)."...":$_POST['text']); - } - } - - $id = Mail::send($recipient['cid'], $_POST['text'], $sub, $replyto); - - if ($id > -1) { - $mail = DBA::selectFirst('mail', [], ['id' => $id]); - $ret = api_format_messages($mail, $recipient, $sender); - } else { - $ret = ["error" => $id]; - } - - $data = ['direct_message'=>$ret]; - - switch ($type) { - case "atom": - break; - case "rss": - $data = api_rss_extra($a, $data, $sender); - break; - } - - return BaseApi::formatData("direct-messages", $type, $data); -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, API_METHOD_POST); - -/** - * delete a direct_message from mail table through api - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/delete-message - */ -function api_direct_messages_destroy($type) -{ - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - // params - $user_info = api_get_user(); - //required - $id = $_REQUEST['id'] ?? 0; - // optional - $parenturi = $_REQUEST['friendica_parenturi'] ?? ''; - $verbose = (!empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"); - /// @todo optional parameter 'include_entities' from Twitter API not yet implemented - - $uid = $user_info['uid']; - // error if no id or parenturi specified (for clients posting parent-uri as well) - if ($verbose == "true" && ($id == 0 || $parenturi == "")) { - $answer = ['result' => 'error', 'message' => 'message id or parenturi not specified']; - return BaseApi::formatData("direct_messages_delete", $type, ['$result' => $answer]); - } - - // BadRequestException if no id specified (for clients using Twitter API) - if ($id == 0) { - throw new BadRequestException('Message id not specified'); - } - - // add parent-uri to sql command if specified by calling app - $sql_extra = ($parenturi != "" ? " AND `parent-uri` = '" . DBA::escape($parenturi) . "'" : ""); - - // error message if specified id is not in database - if (!DBA::exists('mail', ["`uid` = ? AND `id` = ? " . $sql_extra, $uid, $id])) { - if ($verbose == "true") { - $answer = ['result' => 'error', 'message' => 'message id not in database']; - return BaseApi::formatData("direct_messages_delete", $type, ['$result' => $answer]); - } - /// @todo BadRequestException ok for Twitter API clients? - throw new BadRequestException('message id not in database'); - } - - // delete message - $result = DBA::delete('mail', ["`uid` = ? AND `id` = ? " . $sql_extra, $uid, $id]); - - if ($verbose == "true") { - if ($result) { - // return success - $answer = ['result' => 'ok', 'message' => 'message deleted']; - return BaseApi::formatData("direct_message_delete", $type, ['$result' => $answer]); - } else { - $answer = ['result' => 'error', 'message' => 'unknown error']; - return BaseApi::formatData("direct_messages_delete", $type, ['$result' => $answer]); - } - } - /// @todo return JSON data like Twitter API not yet implemented -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', true, API_METHOD_DELETE); - -/** - * Unfollow Contact - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array - * @throws HTTPException\BadRequestException - * @throws HTTPException\ExpectationFailedException - * @throws HTTPException\ForbiddenException - * @throws HTTPException\InternalServerErrorException - * @throws HTTPException\NotFoundException - * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/post-friendships-destroy.html - */ -function api_friendships_destroy($type) -{ - $uid = api_user(); - - if ($uid === false) { - throw new HTTPException\ForbiddenException(); - } - - $owner = User::getOwnerDataById($uid); - if (!$owner) { - Logger::notice(API_LOG_PREFIX . 'No owner {uid} found', ['module' => 'api', 'action' => 'friendships_destroy', 'uid' => $uid]); - throw new HTTPException\NotFoundException('Error Processing Request'); - } - - $contact_id = $_REQUEST['user_id'] ?? 0; - - if (empty($contact_id)) { - Logger::notice(API_LOG_PREFIX . 'No user_id specified', ['module' => 'api', 'action' => 'friendships_destroy']); - throw new HTTPException\BadRequestException('no user_id specified'); - } - - // Get Contact by given id - $contact = DBA::selectFirst('contact', ['url'], ['id' => $contact_id, 'uid' => 0, 'self' => false]); - - if(!DBA::isResult($contact)) { - Logger::notice(API_LOG_PREFIX . 'No public contact found for ID {contact}', ['module' => 'api', 'action' => 'friendships_destroy', 'contact' => $contact_id]); - throw new HTTPException\NotFoundException('no contact found to given ID'); - } - - $url = $contact['url']; - - $condition = ["`uid` = ? AND (`rel` = ? OR `rel` = ?) AND (`nurl` = ? OR `alias` = ? OR `alias` = ?)", - $uid, Contact::SHARING, Contact::FRIEND, Strings::normaliseLink($url), - Strings::normaliseLink($url), $url]; - $contact = DBA::selectFirst('contact', [], $condition); - - if (!DBA::isResult($contact)) { - Logger::notice(API_LOG_PREFIX . 'Not following contact', ['module' => 'api', 'action' => 'friendships_destroy']); - throw new HTTPException\NotFoundException('Not following Contact'); - } - - try { - $result = Contact::terminateFriendship($owner, $contact); - - if ($result === null) { - Logger::notice(API_LOG_PREFIX . 'Not supported for {network}', ['module' => 'api', 'action' => 'friendships_destroy', 'network' => $contact['network']]); - throw new HTTPException\ExpectationFailedException('Unfollowing is currently not supported by this contact\'s network.'); - } - - if ($result === false) { - throw new HTTPException\ServiceUnavailableException('Unable to unfollow this contact, please retry in a few minutes or contact your administrator.'); - } - } catch (Exception $e) { - Logger::error(API_LOG_PREFIX . $e->getMessage(), ['owner' => $owner, 'contact' => $contact]); - throw new HTTPException\InternalServerErrorException('Unable to unfollow this contact, please contact your administrator'); - } - - // "uid" and "self" are only needed for some internal stuff, so remove it from here - unset($contact['uid']); - unset($contact['self']); - - // Set screen_name since Twidere requests it - $contact['screen_name'] = $contact['nick']; - - return BaseApi::formatData('friendships-destroy', $type, ['user' => $contact]); -} -api_register_func('api/friendships/destroy', 'api_friendships_destroy', true, API_METHOD_POST); - -/** - * - * @param string $type Return type (atom, rss, xml, json) - * @param string $box - * @param string $verbose - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_direct_messages_box($type, $box, $verbose) -{ - $a = DI::app(); - if (api_user() === false) { - throw new ForbiddenException(); - } - // params - $count = $_GET['count'] ?? 20; - $page = $_REQUEST['page'] ?? 1; - - $since_id = $_REQUEST['since_id'] ?? 0; - $max_id = $_REQUEST['max_id'] ?? 0; - - $user_id = $_REQUEST['user_id'] ?? ''; - $screen_name = $_REQUEST['screen_name'] ?? ''; - - // caller user info - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); - - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); - - $user_info = api_get_user(); - if ($user_info === false) { - throw new ForbiddenException(); - } - $profile_url = $user_info["url"]; - - // pagination - $start = max(0, ($page - 1) * $count); - - $sql_extra = ""; - - // filters - if ($box=="sentbox") { - $sql_extra = "`mail`.`from-url`='" . DBA::escape($profile_url) . "'"; - } elseif ($box == "conversation") { - $sql_extra = "`mail`.`parent-uri`='" . DBA::escape($_GET['uri'] ?? '') . "'"; - } elseif ($box == "all") { - $sql_extra = "true"; - } elseif ($box == "inbox") { - $sql_extra = "`mail`.`from-url`!='" . DBA::escape($profile_url) . "'"; - } - - if ($max_id > 0) { - $sql_extra .= ' AND `mail`.`id` <= ' . intval($max_id); - } - - if ($user_id != "") { - $sql_extra .= ' AND `mail`.`contact-id` = ' . intval($user_id); - } elseif ($screen_name !="") { - $sql_extra .= " AND `contact`.`nick` = '" . DBA::escape($screen_name). "'"; - } - - $r = DBA::toArray(DBA::p( - "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid` = ? AND $sql_extra AND `mail`.`id` > ? ORDER BY `mail`.`id` DESC LIMIT ?,?", - api_user(), - $since_id, - $start, - $count - )); - if ($verbose == "true" && !DBA::isResult($r)) { - $answer = ['result' => 'error', 'message' => 'no mails available']; - return BaseApi::formatData("direct_messages_all", $type, ['$result' => $answer]); - } - - $ret = []; - foreach ($r as $item) { - if ($box == "inbox" || $item['from-url'] != $profile_url) { - $recipient = $user_info; - $sender = api_get_user(Strings::normaliseLink($item['contact-url'])); - } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user(Strings::normaliseLink($item['contact-url'])); - $sender = $user_info; - } - - if (isset($recipient) && isset($sender)) { - $ret[] = api_format_messages($item, $recipient, $sender); - } - } - - - $data = ['direct_message' => $ret]; - switch ($type) { - case "atom": - break; - case "rss": - $data = api_rss_extra($a, $data, $user_info); - break; - } - - return BaseApi::formatData("direct-messages", $type, $data); -} - -/** - * Returns the most recent direct messages sent by the user. - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/get-sent-message - */ -function api_direct_messages_sentbox($type) -{ - $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; - return api_direct_messages_box($type, "sentbox", $verbose); -} - -/** - * Returns the most recent direct messages sent to the user. - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @see https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/get-messages - */ -function api_direct_messages_inbox($type) -{ - $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; - return api_direct_messages_box($type, "inbox", $verbose); -} - -/** - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - */ -function api_direct_messages_all($type) -{ - $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; - return api_direct_messages_box($type, "all", $verbose); -} - -/** - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - */ -function api_direct_messages_conversation($type) -{ - $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; - return api_direct_messages_box($type, "conversation", $verbose); -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/direct_messages/conversation', 'api_direct_messages_conversation', true); -api_register_func('api/direct_messages/all', 'api_direct_messages_all', true); -api_register_func('api/direct_messages/sent', 'api_direct_messages_sentbox', true); -api_register_func('api/direct_messages', 'api_direct_messages_inbox', true); - -/** - * delete a complete photoalbum with all containing photos from database through api - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array - * @throws BadRequestException - * @throws ForbiddenException - * @throws InternalServerErrorException - */ -function api_fr_photoalbum_delete($type) -{ - if (api_user() === false) { - throw new ForbiddenException(); - } - // input params - $album = $_REQUEST['album'] ?? ''; - - // we do not allow calls without album string - if ($album == "") { - throw new BadRequestException("no albumname specified"); - } - // check if album is existing - - $photos = DBA::selectToArray('photo', ['resource-id'], ['uid' => api_user(), 'album' => $album], ['group_by' => ['resource-id']]); - if (!DBA::isResult($photos)) { - throw new BadRequestException("album not available"); - } - - $resourceIds = array_column($photos, 'resource-id'); - - // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore - // to the user and the contacts of the users (drop_items() performs the federation of the deletion to other networks - $condition = ['uid' => api_user(), 'resource-id' => $resourceIds, 'type' => 'photo']; - Item::deleteForUser($condition, api_user()); - - // now let's delete all photos from the album - $result = Photo::delete(['uid' => api_user(), 'album' => $album]); - - // return success of deletion or error message - if ($result) { - $answer = ['result' => 'deleted', 'message' => 'album `' . $album . '` with all containing photos has been deleted.']; - return BaseApi::formatData("photoalbum_delete", $type, ['$result' => $answer]); - } else { - throw new InternalServerErrorException("unknown error - deleting from database failed"); - } -} - -/** - * update the name of the album for all photos of an album - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array - * @throws BadRequestException - * @throws ForbiddenException - * @throws InternalServerErrorException - */ -function api_fr_photoalbum_update($type) -{ - if (api_user() === false) { - throw new ForbiddenException(); - } - // input params - $album = $_REQUEST['album'] ?? ''; - $album_new = $_REQUEST['album_new'] ?? ''; - - // we do not allow calls without album string - if ($album == "") { - throw new BadRequestException("no albumname specified"); - } - if ($album_new == "") { - throw new BadRequestException("no new albumname specified"); - } - // check if album is existing - if (!Photo::exists(['uid' => api_user(), 'album' => $album])) { - throw new BadRequestException("album not available"); - } - // now let's update all photos to the albumname - $result = Photo::update(['album' => $album_new], ['uid' => api_user(), 'album' => $album]); - - // return success of updating or error message - if ($result) { - $answer = ['result' => 'updated', 'message' => 'album `' . $album . '` with all containing photos has been renamed to `' . $album_new . '`.']; - return BaseApi::formatData("photoalbum_update", $type, ['$result' => $answer]); - } else { - throw new InternalServerErrorException("unknown error - updating in database failed"); - } -} - - -/** - * list all photos of the authenticated user - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array - * @throws ForbiddenException - * @throws InternalServerErrorException - */ -function api_fr_photos_list($type) -{ - if (api_user() === false) { - throw new ForbiddenException(); - } - $r = DBA::toArray(DBA::p( - "SELECT `resource-id`, MAX(scale) AS `scale`, `album`, `filename`, `type`, MAX(`created`) AS `created`, - MAX(`edited`) AS `edited`, MAX(`desc`) AS `desc` FROM `photo` - WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) GROUP BY `resource-id`, `album`, `filename`, `type`", - local_user(), Photo::CONTACT_AVATAR, Photo::CONTACT_BANNER - )); - $typetoext = [ - 'image/jpeg' => 'jpg', - 'image/png' => 'png', - 'image/gif' => 'gif' - ]; - $data = ['photo'=>[]]; - if (DBA::isResult($r)) { - foreach ($r as $rr) { - $photo = []; - $photo['id'] = $rr['resource-id']; - $photo['album'] = $rr['album']; - $photo['filename'] = $rr['filename']; - $photo['type'] = $rr['type']; - $thumb = DI::baseUrl() . "/photo/" . $rr['resource-id'] . "-" . $rr['scale'] . "." . $typetoext[$rr['type']]; - $photo['created'] = $rr['created']; - $photo['edited'] = $rr['edited']; - $photo['desc'] = $rr['desc']; - - if ($type == "xml") { - $data['photo'][] = ["@attributes" => $photo, "1" => $thumb]; - } else { - $photo['thumb'] = $thumb; - $data['photo'][] = $photo; - } - } - } - return BaseApi::formatData("photos", $type, $data); -} - -/** - * upload a new photo or change an existing photo - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws NotFoundException - */ -function api_fr_photo_create_update($type) -{ - if (api_user() === false) { - throw new ForbiddenException(); - } - // input params - $photo_id = $_REQUEST['photo_id'] ?? null; - $desc = $_REQUEST['desc'] ?? null; - $album = $_REQUEST['album'] ?? null; - $album_new = $_REQUEST['album_new'] ?? null; - $allow_cid = $_REQUEST['allow_cid'] ?? null; - $deny_cid = $_REQUEST['deny_cid' ] ?? null; - $allow_gid = $_REQUEST['allow_gid'] ?? null; - $deny_gid = $_REQUEST['deny_gid' ] ?? null; - $visibility = !$allow_cid && !$deny_cid && !$allow_gid && !$deny_gid; - - // do several checks on input parameters - // we do not allow calls without album string - if ($album == null) { - throw new BadRequestException("no albumname specified"); - } - // if photo_id == null --> we are uploading a new photo - if ($photo_id == null) { - $mode = "create"; - - // error if no media posted in create-mode - if (empty($_FILES['media'])) { - // Output error - throw new BadRequestException("no media data submitted"); - } - - // album_new will be ignored in create-mode - $album_new = ""; - } else { - $mode = "update"; - - // check if photo is existing in databasei - if (!Photo::exists(['resource-id' => $photo_id, 'uid' => api_user(), 'album' => $album])) { - throw new BadRequestException("photo not available"); - } - } - - // checks on acl strings provided by clients - $acl_input_error = false; - $acl_input_error |= check_acl_input($allow_cid); - $acl_input_error |= check_acl_input($deny_cid); - $acl_input_error |= check_acl_input($allow_gid); - $acl_input_error |= check_acl_input($deny_gid); - if ($acl_input_error) { - throw new BadRequestException("acl data invalid"); - } - // now let's upload the new media in create-mode - if ($mode == "create") { - $media = $_FILES['media']; - $data = save_media_to_database("photo", $media, $type, $album, trim($allow_cid), trim($deny_cid), trim($allow_gid), trim($deny_gid), $desc, Photo::DEFAULT, $visibility); - - // return success of updating or error message - if (!is_null($data)) { - return BaseApi::formatData("photo_create", $type, $data); - } else { - throw new InternalServerErrorException("unknown error - uploading photo failed, see Friendica log for more information"); - } - } - - // now let's do the changes in update-mode - if ($mode == "update") { - $updated_fields = []; - - if (!is_null($desc)) { - $updated_fields['desc'] = $desc; - } - - if (!is_null($album_new)) { - $updated_fields['album'] = $album_new; - } - - if (!is_null($allow_cid)) { - $allow_cid = trim($allow_cid); - $updated_fields['allow_cid'] = $allow_cid; - } - - if (!is_null($deny_cid)) { - $deny_cid = trim($deny_cid); - $updated_fields['deny_cid'] = $deny_cid; - } - - if (!is_null($allow_gid)) { - $allow_gid = trim($allow_gid); - $updated_fields['allow_gid'] = $allow_gid; - } - - if (!is_null($deny_gid)) { - $deny_gid = trim($deny_gid); - $updated_fields['deny_gid'] = $deny_gid; - } - - $result = false; - if (count($updated_fields) > 0) { - $nothingtodo = false; - $result = Photo::update($updated_fields, ['uid' => api_user(), 'resource-id' => $photo_id, 'album' => $album]); - } else { - $nothingtodo = true; - } - - if (!empty($_FILES['media'])) { - $nothingtodo = false; - $media = $_FILES['media']; - $data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, Photo::DEFAULT, $visibility, $photo_id); - if (!is_null($data)) { - return BaseApi::formatData("photo_update", $type, $data); - } - } - - // return success of updating or error message - if ($result) { - $answer = ['result' => 'updated', 'message' => 'Image id `' . $photo_id . '` has been updated.']; - return BaseApi::formatData("photo_update", $type, ['$result' => $answer]); - } else { - if ($nothingtodo) { - $answer = ['result' => 'cancelled', 'message' => 'Nothing to update for image id `' . $photo_id . '`.']; - return BaseApi::formatData("photo_update", $type, ['$result' => $answer]); - } - throw new InternalServerErrorException("unknown error - update photo entry in database failed"); - } - } - throw new InternalServerErrorException("unknown error - this error on uploading or updating a photo should never happen"); -} - -/** - * delete a single photo from the database through api - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array - * @throws BadRequestException - * @throws ForbiddenException - * @throws InternalServerErrorException - */ -function api_fr_photo_delete($type) -{ - if (api_user() === false) { - throw new ForbiddenException(); - } - - // input params - $photo_id = $_REQUEST['photo_id'] ?? null; - - // do several checks on input parameters - // we do not allow calls without photo id - if ($photo_id == null) { - throw new BadRequestException("no photo_id specified"); - } - - // check if photo is existing in database - if (!Photo::exists(['resource-id' => $photo_id, 'uid' => api_user()])) { - throw new BadRequestException("photo not available"); - } - - // now we can perform on the deletion of the photo - $result = Photo::delete(['uid' => api_user(), 'resource-id' => $photo_id]); - - // return success of deletion or error message - if ($result) { - // function for setting the items to "deleted = 1" which ensures that comments, likes etc. are not shown anymore - // to the user and the contacts of the users (drop_items() do all the necessary magic to avoid orphans in database and federate deletion) - $condition = ['uid' => api_user(), 'resource-id' => $photo_id, 'type' => 'photo']; - Item::deleteForUser($condition, api_user()); - - $result = ['result' => 'deleted', 'message' => 'photo with id `' . $photo_id . '` has been deleted from server.']; - return BaseApi::formatData("photo_delete", $type, ['$result' => $result]); - } else { - throw new InternalServerErrorException("unknown error on deleting photo from database table"); - } -} - - -/** - * returns the details of a specified photo id, if scale is given, returns the photo data in base 64 - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array - * @throws BadRequestException - * @throws ForbiddenException - * @throws InternalServerErrorException - * @throws NotFoundException - */ -function api_fr_photo_detail($type) -{ - if (api_user() === false) { - throw new ForbiddenException(); - } - if (empty($_REQUEST['photo_id'])) { - throw new BadRequestException("No photo id."); - } - - $scale = (!empty($_REQUEST['scale']) ? intval($_REQUEST['scale']) : false); - $photo_id = $_REQUEST['photo_id']; - - // prepare json/xml output with data from database for the requested photo - $data = prepare_photo_data($type, $scale, $photo_id); - - return BaseApi::formatData("photo_detail", $type, $data); -} - - -/** - * updates the profile image for the user (either a specified profile or the default profile) - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * - * @return string|array - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws NotFoundException - * @see https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/post-account-update_profile_image - */ -function api_account_update_profile_image($type) -{ - if (api_user() === false) { - throw new ForbiddenException(); - } - // input params - $profile_id = $_REQUEST['profile_id'] ?? 0; - - // error if image data is missing - if (empty($_FILES['image'])) { - throw new BadRequestException("no media data submitted"); - } - - // check if specified profile id is valid - if ($profile_id != 0) { - $profile = DBA::selectFirst('profile', ['is-default'], ['uid' => api_user(), 'id' => $profile_id]); - // error message if specified profile id is not in database - if (!DBA::isResult($profile)) { - throw new BadRequestException("profile_id not available"); - } - $is_default_profile = $profile['is-default']; - } else { - $is_default_profile = 1; - } - - // get mediadata from image or media (Twitter call api/account/update_profile_image provides image) - $media = null; - if (!empty($_FILES['image'])) { - $media = $_FILES['image']; - } elseif (!empty($_FILES['media'])) { - $media = $_FILES['media']; - } - // save new profile image - $data = save_media_to_database("profileimage", $media, $type, DI::l10n()->t(Photo::PROFILE_PHOTOS), "", "", "", "", "", Photo::USER_AVATAR); - - // get filetype - if (is_array($media['type'])) { - $filetype = $media['type'][0]; - } else { - $filetype = $media['type']; - } - if ($filetype == "image/jpeg") { - $fileext = "jpg"; - } elseif ($filetype == "image/png") { - $fileext = "png"; - } else { - throw new InternalServerErrorException('Unsupported filetype'); - } - - // change specified profile or all profiles to the new resource-id - if ($is_default_profile) { - $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], api_user()]; - Photo::update(['profile' => false, 'photo-type' => Photo::DEFAULT], $condition); - } else { - $fields = ['photo' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext, - 'thumb' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext]; - DBA::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => api_user()]); - } - - Contact::updateSelfFromUserID(api_user(), true); - - // Update global directory in background - Profile::publishUpdate(api_user()); - - // output for client - if ($data) { - return api_account_verify_credentials($type); - } else { - // SaveMediaToDatabase failed for some reason - throw new InternalServerErrorException("image upload failed"); - } -} - -// place api-register for photoalbum calls before 'api/friendica/photo', otherwise this function is never reached -api_register_func('api/friendica/photoalbum/delete', 'api_fr_photoalbum_delete', true, API_METHOD_DELETE); -api_register_func('api/friendica/photoalbum/update', 'api_fr_photoalbum_update', true, API_METHOD_POST); -api_register_func('api/friendica/photos/list', 'api_fr_photos_list', true); -api_register_func('api/friendica/photo/create', 'api_fr_photo_create_update', true, API_METHOD_POST); -api_register_func('api/friendica/photo/update', 'api_fr_photo_create_update', true, API_METHOD_POST); -api_register_func('api/friendica/photo/delete', 'api_fr_photo_delete', true, API_METHOD_DELETE); -api_register_func('api/friendica/photo', 'api_fr_photo_detail', true); -api_register_func('api/account/update_profile_image', 'api_account_update_profile_image', true, API_METHOD_POST); - -/** - * Update user profile - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_account_update_profile($type) -{ - $local_user = api_user(); - $api_user = api_get_user(); - - if (!empty($_POST['name'])) { - DBA::update('profile', ['name' => $_POST['name']], ['uid' => $local_user]); - DBA::update('user', ['username' => $_POST['name']], ['uid' => $local_user]); - Contact::update(['name' => $_POST['name']], ['uid' => $local_user, 'self' => 1]); - Contact::update(['name' => $_POST['name']], ['id' => $api_user['id']]); - } - - if (isset($_POST['description'])) { - DBA::update('profile', ['about' => $_POST['description']], ['uid' => $local_user]); - Contact::update(['about' => $_POST['description']], ['uid' => $local_user, 'self' => 1]); - Contact::update(['about' => $_POST['description']], ['id' => $api_user['id']]); - } - - Profile::publishUpdate($local_user); - - return api_account_verify_credentials($type); -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/account/update_profile', 'api_account_update_profile', true, API_METHOD_POST); - -/** - * - * @param string $acl_string - * @return bool - * @throws Exception - */ -function check_acl_input($acl_string) -{ - if (empty($acl_string)) { - return false; - } - - $contact_not_found = false; - - // split into array of cid's - preg_match_all("/<[A-Za-z0-9]+>/", $acl_string, $array); - - // check for each cid if it is available on server - $cid_array = $array[0]; - foreach ($cid_array as $cid) { - $cid = str_replace("<", "", $cid); - $cid = str_replace(">", "", $cid); - $condition = ['id' => $cid, 'uid' => api_user()]; - $contact_not_found |= !DBA::exists('contact', $condition); - } - return $contact_not_found; -} - -/** - * @param string $mediatype - * @param array $media - * @param string $type - * @param string $album - * @param string $allow_cid - * @param string $deny_cid - * @param string $allow_gid - * @param string $deny_gid - * @param string $desc - * @param integer $phototype - * @param boolean $visibility - * @param string $photo_id - * @return array - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws NotFoundException - * @throws UnauthorizedException - */ -function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, $phototype = 0, $visibility = false, $photo_id = null) +function api_direct_messages_conversation($type) { - $visitor = 0; - $src = ""; - $filetype = ""; - $filename = ""; - $filesize = 0; - - if (is_array($media)) { - if (is_array($media['tmp_name'])) { - $src = $media['tmp_name'][0]; - } else { - $src = $media['tmp_name']; - } - if (is_array($media['name'])) { - $filename = basename($media['name'][0]); - } else { - $filename = basename($media['name']); - } - if (is_array($media['size'])) { - $filesize = intval($media['size'][0]); - } else { - $filesize = intval($media['size']); - } - if (is_array($media['type'])) { - $filetype = $media['type'][0]; - } else { - $filetype = $media['type']; - } - } - - $filetype = Images::getMimeTypeBySource($src, $filename, $filetype); - - logger::info( - "File upload src: " . $src . " - filename: " . $filename . - " - size: " . $filesize . " - type: " . $filetype); - - // check if there was a php upload error - if ($filesize == 0 && $media['error'] == 1) { - throw new InternalServerErrorException("image size exceeds PHP config settings, file was rejected by server"); - } - // check against max upload size within Friendica instance - $maximagesize = DI::config()->get('system', 'maximagesize'); - if ($maximagesize && ($filesize > $maximagesize)) { - $formattedBytes = Strings::formatBytes($maximagesize); - throw new InternalServerErrorException("image size exceeds Friendica config setting (uploaded size: $formattedBytes)"); - } - - // create Photo instance with the data of the image - $imagedata = @file_get_contents($src); - $Image = new Image($imagedata, $filetype); - if (!$Image->isValid()) { - throw new InternalServerErrorException("unable to process image data"); - } - - // check orientation of image - $Image->orient($src); - @unlink($src); - - // check max length of images on server - $max_length = DI::config()->get('system', 'max_image_length'); - if ($max_length > 0) { - $Image->scaleDown($max_length); - logger::info("File upload: Scaling picture to new size " . $max_length); - } - $width = $Image->getWidth(); - $height = $Image->getHeight(); - - // create a new resource-id if not already provided - $resource_id = ($photo_id == null) ? Photo::newResource() : $photo_id; - - if ($mediatype == "photo") { - // upload normal image (scales 0, 1, 2) - logger::info("photo upload: starting new photo upload"); - - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 0, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: image upload with scale 0 (original size) failed"); - } - if ($width > 640 || $height > 640) { - $Image->scaleDown(640); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: image upload with scale 1 (640x640) failed"); - } - } - - if ($width > 320 || $height > 320) { - $Image->scaleDown(320); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: image upload with scale 2 (320x320) failed"); - } - } - logger::info("photo upload: new photo upload ended"); - } elseif ($mediatype == "profileimage") { - // upload profile image (scales 4, 5, 6) - logger::info("photo upload: starting new profile image upload"); - - if ($width > 300 || $height > 300) { - $Image->scaleDown(300); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 4, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: profile image upload with scale 4 (300x300) failed"); - } - } - - if ($width > 80 || $height > 80) { - $Image->scaleDown(80); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 5, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: profile image upload with scale 5 (80x80) failed"); - } - } - - if ($width > 48 || $height > 48) { - $Image->scaleDown(48); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 6, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); - if (!$r) { - logger::notice("photo upload: profile image upload with scale 6 (48x48) failed"); - } - } - $Image->__destruct(); - logger::info("photo upload: new profile image upload ended"); - } - - if (!empty($r)) { - // create entry in 'item'-table on new uploads to enable users to comment/like/dislike the photo - if ($photo_id == null && $mediatype == "photo") { - post_photo_item($resource_id, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility); - } - // on success return image data in json/xml format (like /api/friendica/photo does when no scale is given) - return prepare_photo_data($type, false, $resource_id); - } else { - throw new InternalServerErrorException("image upload failed"); - } + $verbose = !empty($_GET['friendica_verbose']) ? strtolower($_GET['friendica_verbose']) : "false"; + return api_direct_messages_box($type, "conversation", $verbose); } -/** - * - * @param string $hash - * @param string $allow_cid - * @param string $deny_cid - * @param string $allow_gid - * @param string $deny_gid - * @param string $filetype - * @param boolean $visibility - * @throws InternalServerErrorException - */ -function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility = false) -{ - // get data about the api authenticated user - $uri = Item::newURI(intval(api_user())); - $owner_record = DBA::selectFirst('contact', [], ['uid' => api_user(), 'self' => true]); - - $arr = []; - $arr['guid'] = System::createUUID(); - $arr['uid'] = intval(api_user()); - $arr['uri'] = $uri; - $arr['type'] = 'photo'; - $arr['wall'] = 1; - $arr['resource-id'] = $hash; - $arr['contact-id'] = $owner_record['id']; - $arr['owner-name'] = $owner_record['name']; - $arr['owner-link'] = $owner_record['url']; - $arr['owner-avatar'] = $owner_record['thumb']; - $arr['author-name'] = $owner_record['name']; - $arr['author-link'] = $owner_record['url']; - $arr['author-avatar'] = $owner_record['thumb']; - $arr['title'] = ""; - $arr['allow_cid'] = $allow_cid; - $arr['allow_gid'] = $allow_gid; - $arr['deny_cid'] = $deny_cid; - $arr['deny_gid'] = $deny_gid; - $arr['visible'] = $visibility; - $arr['origin'] = 1; - - $typetoext = [ - 'image/jpeg' => 'jpg', - 'image/png' => 'png', - 'image/gif' => 'gif' - ]; - - // adds link to the thumbnail scale photo - $arr['body'] = '[url=' . DI::baseUrl() . '/photos/' . $owner_record['nick'] . '/image/' . $hash . ']' - . '[img]' . DI::baseUrl() . '/photo/' . $hash . '-' . "2" . '.'. $typetoext[$filetype] . '[/img]' - . '[/url]'; - - // do the magic for storing the item in the database and trigger the federation to other contacts - Item::insert($arr); -} +api_register_func('api/direct_messages/conversation', 'api_direct_messages_conversation', true); /** + * list all photos of the authenticated user * - * @param string $type - * @param int $scale - * @param string $photo_id - * - * @return array - * @throws BadRequestException + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string|array * @throws ForbiddenException - * @throws ImagickException * @throws InternalServerErrorException - * @throws NotFoundException - * @throws UnauthorizedException */ -function prepare_photo_data($type, $scale, $photo_id) +function api_fr_photos_list($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - if ($user_info === false) { - throw new ForbiddenException(); - } - - $scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale))); - $data_sql = ($scale === false ? "" : "data, "); - - // added allow_cid, allow_gid, deny_cid, deny_gid to output as string like stored in database - // clients needs to convert this in their way for further processing $r = DBA::toArray(DBA::p( - "SELECT $data_sql `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, - `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`, - MIN(`scale`) AS `minscale`, MAX(`scale`) AS `maxscale` - FROM `photo` WHERE `uid` = ? AND `resource-id` = ? $scale_sql GROUP BY - `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, - `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`", - local_user(), - $photo_id + "SELECT `resource-id`, MAX(scale) AS `scale`, `album`, `filename`, `type`, MAX(`created`) AS `created`, + MAX(`edited`) AS `edited`, MAX(`desc`) AS `desc` FROM `photo` + WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) GROUP BY `resource-id`, `album`, `filename`, `type`", + $uid, Photo::CONTACT_AVATAR, Photo::CONTACT_BANNER )); - $typetoext = [ 'image/jpeg' => 'jpg', 'image/png' => 'png', 'image/gif' => 'gif' ]; - - // prepare output data for photo + $data = ['photo'=>[]]; if (DBA::isResult($r)) { - $data = ['photo' => $r[0]]; - $data['photo']['id'] = $data['photo']['resource-id']; - if ($scale !== false) { - $data['photo']['data'] = base64_encode($data['photo']['data']); - } else { - unset($data['photo']['datasize']); //needed only with scale param - } - if ($type == "xml") { - $data['photo']['links'] = []; - for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { - $data['photo']['links'][$k . ":link"]["@attributes"] = ["type" => $data['photo']['type'], - "scale" => $k, - "href" => DI::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]]; - } - } else { - $data['photo']['link'] = []; - // when we have profile images we could have only scales from 4 to 6, but index of array always needs to start with 0 - $i = 0; - for ($k = intval($data['photo']['minscale']); $k <= intval($data['photo']['maxscale']); $k++) { - $data['photo']['link'][$i] = DI::baseUrl() . "/photo/" . $data['photo']['resource-id'] . "-" . $k . "." . $typetoext[$data['photo']['type']]; - $i++; - } - } - unset($data['photo']['resource-id']); - unset($data['photo']['minscale']); - unset($data['photo']['maxscale']); - } else { - throw new NotFoundException(); - } - - // retrieve item element for getting activities (like, dislike etc.) related to photo - $condition = ['uid' => api_user(), 'resource-id' => $photo_id]; - $item = Post::selectFirst(['id', 'uid', 'uri', 'parent', 'allow_cid', 'deny_cid', 'allow_gid', 'deny_gid'], $condition); - if (!DBA::isResult($item)) { - throw new NotFoundException('Photo-related item not found.'); - } - - $data['photo']['friendica_activities'] = api_format_items_activities($item, $type); - - // retrieve comments on photo - $condition = ["`parent` = ? AND `uid` = ? AND `gravity` IN (?, ?)", - $item['parent'], api_user(), GRAVITY_PARENT, GRAVITY_COMMENT]; - - $statuses = Post::selectForUser(api_user(), [], $condition); + foreach ($r as $rr) { + $photo = []; + $photo['id'] = $rr['resource-id']; + $photo['album'] = $rr['album']; + $photo['filename'] = $rr['filename']; + $photo['type'] = $rr['type']; + $thumb = DI::baseUrl() . "/photo/" . $rr['resource-id'] . "-" . $rr['scale'] . "." . $typetoext[$rr['type']]; + $photo['created'] = $rr['created']; + $photo['edited'] = $rr['edited']; + $photo['desc'] = $rr['desc']; - // prepare output of comments - $commentData = api_format_items(Post::toArray($statuses), $user_info, false, $type); - $comments = []; - if ($type == "xml") { - $k = 0; - foreach ($commentData as $comment) { - $comments[$k++ . ":comment"] = $comment; - } - } else { - foreach ($commentData as $comment) { - $comments[] = $comment; + if ($type == "xml") { + $data['photo'][] = ["@attributes" => $photo, "1" => $thumb]; + } else { + $photo['thumb'] = $thumb; + $data['photo'][] = $photo; + } } } - $data['photo']['friendica_comments'] = $comments; - - // include info if rights on photo and rights on item are mismatching - $rights_mismatch = $data['photo']['allow_cid'] != $item['allow_cid'] || - $data['photo']['deny_cid'] != $item['deny_cid'] || - $data['photo']['allow_gid'] != $item['allow_gid'] || - $data['photo']['deny_gid'] != $item['deny_gid']; - $data['photo']['rights_mismatch'] = $rights_mismatch; - - return $data; + return DI::apiResponse()->formatData("photos", $type, $data); } +api_register_func('api/friendica/photos/list', 'api_fr_photos_list', true); + /** - * Return an item with announcer data if it had been announced + * upload a new photo or change an existing photo * - * @param array $item Item array - * @return array Item array with announce data + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string|array + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException + * @throws InternalServerErrorException + * @throws NotFoundException */ -function api_get_announce($item) +function api_fr_photo_create_update($type) { - // Quit if the item already has got a different owner and author - if ($item['owner-id'] != $item['author-id']) { - return []; + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); + + // input params + $photo_id = $_REQUEST['photo_id'] ?? null; + $desc = $_REQUEST['desc'] ?? null; + $album = $_REQUEST['album'] ?? null; + $album_new = $_REQUEST['album_new'] ?? null; + $allow_cid = $_REQUEST['allow_cid'] ?? null; + $deny_cid = $_REQUEST['deny_cid' ] ?? null; + $allow_gid = $_REQUEST['allow_gid'] ?? null; + $deny_gid = $_REQUEST['deny_gid' ] ?? null; + $visibility = !$allow_cid && !$deny_cid && !$allow_gid && !$deny_gid; + + // do several checks on input parameters + // we do not allow calls without album string + if ($album == null) { + throw new BadRequestException("no albumname specified"); } + // if photo_id == null --> we are uploading a new photo + if ($photo_id == null) { + $mode = "create"; - // Don't change original or Diaspora posts - if ($item['origin'] || in_array($item['network'], [Protocol::DIASPORA])) { - return []; + // error if no media posted in create-mode + if (empty($_FILES['media'])) { + // Output error + throw new BadRequestException("no media data submitted"); + } + + // album_new will be ignored in create-mode + $album_new = ""; + } else { + $mode = "update"; + + // check if photo is existing in databasei + if (!Photo::exists(['resource-id' => $photo_id, 'uid' => $uid, 'album' => $album])) { + throw new BadRequestException("photo not available"); + } } - // Quit if we do now the original author and it had been a post from a native network - if (!empty($item['contact-uid']) && in_array($item['network'], Protocol::NATIVE_SUPPORT)) { - return []; + // checks on acl strings provided by clients + $acl_input_error = false; + $acl_input_error |= check_acl_input($allow_cid, $uid); + $acl_input_error |= check_acl_input($deny_cid, $uid); + $acl_input_error |= check_acl_input($allow_gid, $uid); + $acl_input_error |= check_acl_input($deny_gid, $uid); + if ($acl_input_error) { + throw new BadRequestException("acl data invalid"); } + // now let's upload the new media in create-mode + if ($mode == "create") { + $media = $_FILES['media']; + $data = save_media_to_database("photo", $media, $type, $album, trim($allow_cid), trim($deny_cid), trim($allow_gid), trim($deny_gid), $desc, Photo::DEFAULT, $visibility, null, $uid); - $fields = ['author-id', 'author-name', 'author-link', 'author-avatar']; - $condition = ['parent-uri' => $item['uri'], 'gravity' => GRAVITY_ACTIVITY, 'uid' => [0, $item['uid']], 'vid' => Verb::getID(Activity::ANNOUNCE)]; - $announce = Post::selectFirstForUser($item['uid'], $fields, $condition, ['order' => ['received' => true]]); - if (!DBA::isResult($announce)) { - return []; + // return success of updating or error message + if (!is_null($data)) { + return DI::apiResponse()->formatData("photo_create", $type, $data); + } else { + throw new InternalServerErrorException("unknown error - uploading photo failed, see Friendica log for more information"); + } } - return array_merge($item, $announce); -} + // now let's do the changes in update-mode + if ($mode == "update") { + $updated_fields = []; -/** - * - * @param array $item - * - * @return array - * @throws Exception - */ -function api_in_reply_to($item) -{ - $in_reply_to = []; - - $in_reply_to['status_id'] = null; - $in_reply_to['user_id'] = null; - $in_reply_to['status_id_str'] = null; - $in_reply_to['user_id_str'] = null; - $in_reply_to['screen_name'] = null; - - if (($item['thr-parent'] != $item['uri']) && ($item['gravity'] != GRAVITY_PARENT)) { - $parent = Post::selectFirst(['id'], ['uid' => $item['uid'], 'uri' => $item['thr-parent']]); - if (DBA::isResult($parent)) { - $in_reply_to['status_id'] = intval($parent['id']); - } else { - $in_reply_to['status_id'] = intval($item['parent']); + if (!is_null($desc)) { + $updated_fields['desc'] = $desc; + } + + if (!is_null($album_new)) { + $updated_fields['album'] = $album_new; } - $in_reply_to['status_id_str'] = (string) intval($in_reply_to['status_id']); + if (!is_null($allow_cid)) { + $allow_cid = trim($allow_cid); + $updated_fields['allow_cid'] = $allow_cid; + } - $fields = ['author-nick', 'author-name', 'author-id', 'author-link']; - $parent = Post::selectFirst($fields, ['id' => $in_reply_to['status_id']]); + if (!is_null($deny_cid)) { + $deny_cid = trim($deny_cid); + $updated_fields['deny_cid'] = $deny_cid; + } - if (DBA::isResult($parent)) { - $in_reply_to['screen_name'] = (($parent['author-nick']) ? $parent['author-nick'] : $parent['author-name']); - $in_reply_to['user_id'] = intval($parent['author-id']); - $in_reply_to['user_id_str'] = (string) intval($parent['author-id']); + if (!is_null($allow_gid)) { + $allow_gid = trim($allow_gid); + $updated_fields['allow_gid'] = $allow_gid; } - // There seems to be situation, where both fields are identical: - // https://github.com/friendica/friendica/issues/1010 - // This is a bugfix for that. - if (intval($in_reply_to['status_id']) == intval($item['id'])) { - Logger::warning(API_LOG_PREFIX . 'ID {id} is similar to reply-to {reply-to}', ['module' => 'api', 'action' => 'in_reply_to', 'id' => $item['id'], 'reply-to' => $in_reply_to['status_id']]); - $in_reply_to['status_id'] = null; - $in_reply_to['user_id'] = null; - $in_reply_to['status_id_str'] = null; - $in_reply_to['user_id_str'] = null; - $in_reply_to['screen_name'] = null; + if (!is_null($deny_gid)) { + $deny_gid = trim($deny_gid); + $updated_fields['deny_gid'] = $deny_gid; + } + + $result = false; + if (count($updated_fields) > 0) { + $nothingtodo = false; + $result = Photo::update($updated_fields, ['uid' => $uid, 'resource-id' => $photo_id, 'album' => $album]); + } else { + $nothingtodo = true; + } + + if (!empty($_FILES['media'])) { + $nothingtodo = false; + $media = $_FILES['media']; + $data = save_media_to_database("photo", $media, $type, $album, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $desc, Photo::DEFAULT, $visibility, $photo_id, $uid); + if (!is_null($data)) { + return DI::apiResponse()->formatData("photo_update", $type, $data); + } } - } - return $in_reply_to; + // return success of updating or error message + if ($result) { + $answer = ['result' => 'updated', 'message' => 'Image id `' . $photo_id . '` has been updated.']; + return DI::apiResponse()->formatData("photo_update", $type, ['$result' => $answer]); + } else { + if ($nothingtodo) { + $answer = ['result' => 'cancelled', 'message' => 'Nothing to update for image id `' . $photo_id . '`.']; + return DI::apiResponse()->formatData("photo_update", $type, ['$result' => $answer]); + } + throw new InternalServerErrorException("unknown error - update photo entry in database failed"); + } + } + throw new InternalServerErrorException("unknown error - this error on uploading or updating a photo should never happen"); } +api_register_func('api/friendica/photo/create', 'api_fr_photo_create_update', true, API_METHOD_POST); +api_register_func('api/friendica/photo/update', 'api_fr_photo_create_update', true, API_METHOD_POST); + /** + * returns the details of a specified photo id, if scale is given, returns the photo data in base 64 * - * @param string $text - * - * @return string + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' + * @return string|array + * @throws BadRequestException + * @throws ForbiddenException * @throws InternalServerErrorException + * @throws NotFoundException */ -function api_clean_plain_items($text) +function api_fr_photo_detail($type) { - $include_entities = strtolower($_REQUEST['include_entities'] ?? 'false'); - - $text = BBCode::cleanPictureLinks($text); - $URLSearchString = "^\[\]"; - - $text = preg_replace("/([!#@])\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '$1$3', $text); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); - if ($include_entities == "true") { - $text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '[url=$1]$1[/url]', $text); + if (empty($_REQUEST['photo_id'])) { + throw new BadRequestException("No photo id."); } - // Simplify "attachment" element - $text = BBCode::removeAttachment($text); + $scale = (!empty($_REQUEST['scale']) ? intval($_REQUEST['scale']) : false); + $photo_id = $_REQUEST['photo_id']; - return $text; + // prepare json/xml output with data from database for the requested photo + $data = prepare_photo_data($type, $scale, $photo_id, $uid); + + return DI::apiResponse()->formatData("photo_detail", $type, $data); } +api_register_func('api/friendica/photo', 'api_fr_photo_detail', true); + /** + * updates the profile image for the user (either a specified profile or the default profile) * - * @param array $contacts + * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' * - * @return void + * @return string|array + * @throws BadRequestException + * @throws ForbiddenException + * @throws ImagickException + * @throws InternalServerErrorException + * @throws NotFoundException + * @see https://developer.twitter.com/en/docs/accounts-and-users/manage-account-settings/api-reference/post-account-update_profile_image */ -function api_best_nickname(&$contacts) +function api_account_update_profile_image($type) { - $best_contact = []; + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); - if (count($contacts) == 0) { - return; - } + // input params + $profile_id = $_REQUEST['profile_id'] ?? 0; - foreach ($contacts as $contact) { - if ($contact["network"] == "") { - $contact["network"] = "dfrn"; - $best_contact = [$contact]; - } + // error if image data is missing + if (empty($_FILES['image'])) { + throw new BadRequestException("no media data submitted"); } - if (sizeof($best_contact) == 0) { - foreach ($contacts as $contact) { - if ($contact["network"] == "dfrn") { - $best_contact = [$contact]; - } + // check if specified profile id is valid + if ($profile_id != 0) { + $profile = DBA::selectFirst('profile', ['is-default'], ['uid' => $uid, 'id' => $profile_id]); + // error message if specified profile id is not in database + if (!DBA::isResult($profile)) { + throw new BadRequestException("profile_id not available"); } + $is_default_profile = $profile['is-default']; + } else { + $is_default_profile = 1; } - if (sizeof($best_contact) == 0) { - foreach ($contacts as $contact) { - if ($contact["network"] == "dspr") { - $best_contact = [$contact]; - } - } + // get mediadata from image or media (Twitter call api/account/update_profile_image provides image) + $media = null; + if (!empty($_FILES['image'])) { + $media = $_FILES['image']; + } elseif (!empty($_FILES['media'])) { + $media = $_FILES['media']; } + // save new profile image + $data = save_media_to_database("profileimage", $media, $type, DI::l10n()->t(Photo::PROFILE_PHOTOS), "", "", "", "", "", Photo::USER_AVATAR, false, null, $uid); - if (sizeof($best_contact) == 0) { - foreach ($contacts as $contact) { - if ($contact["network"] == "stat") { - $best_contact = [$contact]; - } - } + // get filetype + if (is_array($media['type'])) { + $filetype = $media['type'][0]; + } else { + $filetype = $media['type']; } - - if (sizeof($best_contact) == 0) { - foreach ($contacts as $contact) { - if ($contact["network"] == "pump") { - $best_contact = [$contact]; - } - } + if ($filetype == "image/jpeg") { + $fileext = "jpg"; + } elseif ($filetype == "image/png") { + $fileext = "png"; + } else { + throw new InternalServerErrorException('Unsupported filetype'); } - if (sizeof($best_contact) == 0) { - foreach ($contacts as $contact) { - if ($contact["network"] == "twit") { - $best_contact = [$contact]; - } - } + // change specified profile or all profiles to the new resource-id + if ($is_default_profile) { + $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], $uid]; + Photo::update(['profile' => false, 'photo-type' => Photo::DEFAULT], $condition); + } else { + $fields = ['photo' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext, + 'thumb' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext]; + DBA::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => $uid]); } - if (sizeof($best_contact) == 1) { - $contacts = $best_contact; + Contact::updateSelfFromUserID($uid, true); + + // Update global directory in background + Profile::publishUpdate($uid); + + // output for client + if ($data) { + $skip_status = $_REQUEST['skip_status'] ?? false; + + $user_info = DI::twitterUser()->createFromUserId($uid, $skip_status)->toArray(); + + // "verified" isn't used here in the standard + unset($user_info["verified"]); + + // "uid" is only needed for some internal stuff, so remove it from here + unset($user_info['uid']); + + return DI::apiResponse()->formatData("user", $type, ['user' => $user_info]); } else { - $contacts = [$contacts[0]]; + // SaveMediaToDatabase failed for some reason + throw new InternalServerErrorException("image upload failed"); } } +api_register_func('api/account/update_profile_image', 'api_account_update_profile_image', true, API_METHOD_POST); + /** * Return all or a specified group of the user with the containing contacts. * @@ -4719,17 +2582,12 @@ function api_best_nickname(&$contacts) * @throws UnauthorizedException */ function api_friendica_group_show($type) -{ - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } +{ + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); // params - $user_info = api_get_user(); $gid = $_REQUEST['gid'] ?? 0; - $uid = $user_info['uid']; // get data of the specified group id or all groups if not specified if ($gid != 0) { @@ -4753,81 +2611,22 @@ function api_friendica_group_show($type) $user_element = "users"; $k = 0; foreach ($members as $member) { - $user = api_get_user($member['nurl']); + $user = DI::twitterUser()->createFromContactId($member['contact-id'], $uid, true)->toArray(); $users[$k++.":user"] = $user; } } else { $user_element = "user"; foreach ($members as $member) { - $user = api_get_user($member['nurl']); + $user = DI::twitterUser()->createFromContactId($member['contact-id'], $uid, true)->toArray(); $users[] = $user; } } $grps[] = ['name' => $rr['name'], 'gid' => $rr['id'], $user_element => $users]; } - return BaseApi::formatData("groups", $type, ['group' => $grps]); + return DI::apiResponse()->formatData("groups", $type, ['group' => $grps]); } -api_register_func('api/friendica/group_show', 'api_friendica_group_show', true); - - -/** - * Delete the specified group of the user. - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_friendica_group_delete($type) -{ - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - // params - $user_info = api_get_user(); - $gid = $_REQUEST['gid'] ?? 0; - $name = $_REQUEST['name'] ?? ''; - $uid = $user_info['uid']; - - // error if no gid specified - if ($gid == 0 || $name == "") { - throw new BadRequestException('gid or name not specified'); - } - - // error message if specified gid is not in database - if (!DBA::exists('group', ['uid' => $uid, 'id' => $gid])) { - throw new BadRequestException('gid not available'); - } - - // error message if specified gid is not in database - if (!DBA::exists('group', ['uid' => $uid, 'id' => $gid, 'name' => $name])) { - throw new BadRequestException('wrong group name'); - } - - // delete group - $gid = Group::getIdByName($uid, $name); - if (empty($gid)) { - throw new BadRequestException('other API error'); - } - - $ret = Group::remove($gid); - if ($ret) { - // return success - $success = ['success' => $ret, 'gid' => $gid, 'name' => $name, 'status' => 'deleted', 'wrong users' => []]; - return BaseApi::formatData("group_delete", $type, ['result' => $success]); - } else { - throw new BadRequestException('other API error'); - } -} -api_register_func('api/friendica/group_delete', 'api_friendica_group_delete', true, API_METHOD_DELETE); +api_register_func('api/friendica/group_show', 'api_friendica_group_show', true); /** * Delete a group. @@ -4844,16 +2643,11 @@ api_register_func('api/friendica/group_delete', 'api_friendica_group_delete', tr */ function api_lists_destroy($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); // params - $user_info = api_get_user(); $gid = $_REQUEST['list_id'] ?? 0; - $uid = $user_info['uid']; // error if no gid specified if ($gid == 0) { @@ -4872,67 +2666,14 @@ function api_lists_destroy($type) 'name' => $group['name'], 'id' => intval($gid), 'id_str' => (string) $gid, - 'user' => $user_info + 'user' => DI::twitterUser()->createFromUserId($uid, true)->toArray() ]; - return BaseApi::formatData("lists", $type, ['lists' => $list]); + return DI::apiResponse()->formatData("lists", $type, ['lists' => $list]); } } -api_register_func('api/lists/destroy', 'api_lists_destroy', true, API_METHOD_DELETE); - -/** - * Add a new group to the database. - * - * @param string $name Group name - * @param int $uid User ID - * @param array $users List of users to add to the group - * - * @return array - * @throws BadRequestException - */ -function group_create($name, $uid, $users = []) -{ - // error if no name specified - if ($name == "") { - throw new BadRequestException('group name not specified'); - } - - // error message if specified group name already exists - if (DBA::exists('group', ['uid' => $uid, 'name' => $name, 'deleted' => false])) { - throw new BadRequestException('group name already exists'); - } - - // Check if the group needs to be reactivated - if (DBA::exists('group', ['uid' => $uid, 'name' => $name, 'deleted' => true])) { - $reactivate_group = true; - } - - // create group - $ret = Group::create($uid, $name); - if ($ret) { - $gid = Group::getIdByName($uid, $name); - } else { - throw new BadRequestException('other API error'); - } - - // add members - $erroraddinguser = false; - $errorusers = []; - foreach ($users as $user) { - $cid = $user['cid']; - if (DBA::exists('contact', ['id' => $cid, 'uid' => $uid])) { - Group::addMember($gid, $cid); - } else { - $erroraddinguser = true; - $errorusers[] = $cid; - } - } - - // return success message incl. missing users in array - $status = ($erroraddinguser ? "missing user" : ((isset($reactivate_group) && $reactivate_group) ? "reactivated" : "ok")); - return ['success' => true, 'gid' => $gid, 'name' => $name, 'status' => $status, 'wrong users' => $errorusers]; -} +api_register_func('api/lists/destroy', 'api_lists_destroy', true, API_METHOD_DELETE); /** * Create the specified group with the posted array of contacts. @@ -4948,23 +2689,19 @@ function group_create($name, $uid, $users = []) */ function api_friendica_group_create($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); // params - $user_info = api_get_user(); $name = $_REQUEST['name'] ?? ''; - $uid = $user_info['uid']; $json = json_decode($_POST['json'], true); $users = $json['user']; $success = group_create($name, $uid, $users); - return BaseApi::formatData("group_create", $type, ['result' => $success]); + return DI::apiResponse()->formatData("group_create", $type, ['result' => $success]); } + api_register_func('api/friendica/group_create', 'api_friendica_group_create', true, API_METHOD_POST); /** @@ -4982,16 +2719,11 @@ api_register_func('api/friendica/group_create', 'api_friendica_group_create', tr */ function api_lists_create($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); // params - $user_info = api_get_user(); $name = $_REQUEST['name'] ?? ''; - $uid = $user_info['uid']; $success = group_create($name, $uid); if ($success['success']) { @@ -4999,12 +2731,13 @@ function api_lists_create($type) 'name' => $success['name'], 'id' => intval($success['gid']), 'id_str' => (string) $success['gid'], - 'user' => $user_info + 'user' => DI::twitterUser()->createFromUserId($uid, true)->toArray() ]; - return BaseApi::formatData("lists", $type, ['lists'=>$grp]); + return DI::apiResponse()->formatData("lists", $type, ['lists' => $grp]); } } + api_register_func('api/lists/create', 'api_lists_create', true, API_METHOD_POST); /** @@ -5021,15 +2754,10 @@ api_register_func('api/lists/create', 'api_lists_create', true, API_METHOD_POST) */ function api_friendica_group_update($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); // params - $user_info = api_get_user(); - $uid = $user_info['uid']; $gid = $_REQUEST['gid'] ?? 0; $name = $_REQUEST['name'] ?? ''; $json = json_decode($_POST['json'], true); @@ -5075,7 +2803,7 @@ function api_friendica_group_update($type) // return success message incl. missing users in array $status = ($erroraddinguser ? "missing user" : "ok"); $success = ['success' => true, 'gid' => $gid, 'name' => $name, 'status' => $status, 'wrong users' => $errorusers]; - return BaseApi::formatData("group_update", $type, ['result' => $success]); + return DI::apiResponse()->formatData("group_update", $type, ['result' => $success]); } api_register_func('api/friendica/group_update', 'api_friendica_group_update', true, API_METHOD_POST); @@ -5095,17 +2823,12 @@ api_register_func('api/friendica/group_update', 'api_friendica_group_update', tr */ function api_lists_update($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); // params - $user_info = api_get_user(); $gid = $_REQUEST['list_id'] ?? 0; $name = $_REQUEST['name'] ?? ''; - $uid = $user_info['uid']; // error if no gid specified if ($gid == 0) { @@ -5124,219 +2847,15 @@ function api_lists_update($type) 'name' => $name, 'id' => intval($gid), 'id_str' => (string) $gid, - 'user' => $user_info + 'user' => DI::twitterUser()->createFromUserId($uid, true)->toArray() ]; - return BaseApi::formatData("lists", $type, ['lists' => $list]); + return DI::apiResponse()->formatData("lists", $type, ['lists' => $list]); } } api_register_func('api/lists/update', 'api_lists_update', true, API_METHOD_POST); -/** - * - * @param string $type Return type (atom, rss, xml, json) - * - * @return array|string - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - */ -function api_friendica_activity($type) -{ - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - $verb = strtolower(DI::args()->getArgv()[3]); - $verb = preg_replace("|\..*$|", "", $verb); - - $id = $_REQUEST['id'] ?? 0; - - $res = Item::performActivity($id, $verb, api_user()); - - if ($res) { - if ($type == "xml") { - $ok = "true"; - } else { - $ok = "ok"; - } - return BaseApi::formatData('ok', $type, ['ok' => $ok]); - } else { - throw new BadRequestException('Error adding activity'); - } -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/friendica/activity/like', 'api_friendica_activity', true, API_METHOD_POST); -api_register_func('api/friendica/activity/dislike', 'api_friendica_activity', true, API_METHOD_POST); -api_register_func('api/friendica/activity/attendyes', 'api_friendica_activity', true, API_METHOD_POST); -api_register_func('api/friendica/activity/attendno', 'api_friendica_activity', true, API_METHOD_POST); -api_register_func('api/friendica/activity/attendmaybe', 'api_friendica_activity', true, API_METHOD_POST); -api_register_func('api/friendica/activity/unlike', 'api_friendica_activity', true, API_METHOD_POST); -api_register_func('api/friendica/activity/undislike', 'api_friendica_activity', true, API_METHOD_POST); -api_register_func('api/friendica/activity/unattendyes', 'api_friendica_activity', true, API_METHOD_POST); -api_register_func('api/friendica/activity/unattendno', 'api_friendica_activity', true, API_METHOD_POST); -api_register_func('api/friendica/activity/unattendmaybe', 'api_friendica_activity', true, API_METHOD_POST); - -/** - * Returns notifications - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * - * @return string|array - * @throws ForbiddenException - * @throws BadRequestException - * @throws Exception - */ -function api_friendica_notification($type) -{ - if (api_user() === false) { - throw new ForbiddenException(); - } - if (DI::args()->getArgc()!==3) { - throw new BadRequestException('Invalid argument count'); - } - - $Notifies = DI::notify()->selectAllForUser(local_user(), 50); - - $notifications = new ApiNotifications(); - foreach ($Notifies as $Notify) { - $notifications[] = new ApiNotification($Notify); - } - - if ($type == 'xml') { - $xmlnotes = []; - foreach ($notifications as $notification) { - $xmlnotes[] = ['@attributes' => $notification->toArray()]; - } - - $result = $xmlnotes; - } elseif (count($notifications) > 0) { - $result = $notifications->getArrayCopy(); - } else { - $result = false; - } - - return BaseApi::formatData('notes', $type, ['note' => $result]); -} - -/** - * Set notification as seen and returns associated item (if possible) - * - * POST request with 'id' param as notification id - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_friendica_notification_seen($type) -{ - $a = DI::app(); - $user_info = api_get_user(); - - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } - if (DI::args()->getArgc() !== 4) { - throw new BadRequestException('Invalid argument count'); - } - - $id = intval($_REQUEST['id'] ?? 0); - - try { - $Notify = DI::notify()->selectOneById($id); - if ($Notify->uid !== api_user()) { - throw new NotFoundException(); - } - - if ($Notify->uriId) { - DI::notification()->setAllSeenForUser($Notify->uid, ['target-uri-id' => $Notify->uriId]); - } - - $Notify->setSeen(); - DI::notify()->save($Notify); - - if ($Notify->otype === Notification\ObjectType::ITEM) { - $item = Post::selectFirstForUser(api_user(), [], ['id' => $Notify->iid, 'uid' => api_user()]); - if (DBA::isResult($item)) { - // we found the item, return it to the user - $ret = api_format_items([$item], $user_info, false, $type); - $data = ['status' => $ret]; - return BaseApi::formatData('status', $type, $data); - } - // the item can't be found, but we set the notification as seen, so we count this as a success - } - - return BaseApi::formatData('result', $type, ['result' => 'success']); - } catch (NotFoundException $e) { - throw new BadRequestException('Invalid argument', $e); - } catch (Exception $e) { - throw new InternalServerErrorException('Internal Server exception', $e); - } -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/friendica/notification/seen', 'api_friendica_notification_seen', true, API_METHOD_POST); -api_register_func('api/friendica/notification', 'api_friendica_notification', true, API_METHOD_GET); - -/** - * update a direct_message to seen state - * - * @param string $type Known types are 'atom', 'rss', 'xml' and 'json' - * @return string|array (success result=ok, error result=error with error message) - * @throws BadRequestException - * @throws ForbiddenException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_friendica_direct_messages_setseen($type) -{ - $a = DI::app(); - if (api_user() === false) { - throw new ForbiddenException(); - } - - // params - $user_info = api_get_user(); - $uid = $user_info['uid']; - $id = $_REQUEST['id'] ?? 0; - - // return error if id is zero - if ($id == "") { - $answer = ['result' => 'error', 'message' => 'message id not specified']; - return BaseApi::formatData("direct_messages_setseen", $type, ['$result' => $answer]); - } - - // error message if specified id is not in database - if (!DBA::exists('mail', ['id' => $id, 'uid' => $uid])) { - $answer = ['result' => 'error', 'message' => 'message id not in database']; - return BaseApi::formatData("direct_messages_setseen", $type, ['$result' => $answer]); - } - - // update seen indicator - $result = DBA::update('mail', ['seen' => true], ['id' => $id]); - - if ($result) { - // return success - $answer = ['result' => 'ok', 'message' => 'message set to seen']; - return BaseApi::formatData("direct_message_setseen", $type, ['$result' => $answer]); - } else { - $answer = ['result' => 'error', 'message' => 'unknown error']; - return BaseApi::formatData("direct_messages_setseen", $type, ['$result' => $answer]); - } -} - -/// @TODO move to top of file or somewhere better -api_register_func('api/friendica/direct_messages_setseen', 'api_friendica_direct_messages_setseen', true); - /** * search for direct_messages containing a searchstring through api * @@ -5353,21 +2872,17 @@ api_register_func('api/friendica/direct_messages_setseen', 'api_friendica_direct */ function api_friendica_direct_messages_search($type, $box = "") { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $uid = BaseApi::getCurrentUserID(); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId($uid, true)->toArray(); $searchstring = $_REQUEST['searchstring'] ?? ''; - $uid = $user_info['uid']; // error if no searchstring specified if ($searchstring == "") { $answer = ['result' => 'error', 'message' => 'searchstring not specified']; - return BaseApi::formatData("direct_messages_search", $type, ['$result' => $answer]); + return DI::apiResponse()->formatData("direct_messages_search", $type, ['$result' => $answer]); } // get data for the specified searchstring @@ -5389,9 +2904,9 @@ function api_friendica_direct_messages_search($type, $box = "") foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = api_get_user(Strings::normaliseLink($item['contact-url'])); + $sender = DI::twitterUser()->createFromContactId($item['contact-id'], $uid, true)->toArray(); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user(Strings::normaliseLink($item['contact-url'])); + $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], $uid, true)->toArray(); $sender = $user_info; } @@ -5402,86 +2917,7 @@ function api_friendica_direct_messages_search($type, $box = "") $success = ['success' => true, 'search_results' => $ret]; } - return BaseApi::formatData("direct_message_search", $type, ['$result' => $success]); + return DI::apiResponse()->formatData("direct_message_search", $type, ['$result' => $success]); } -/// @TODO move to top of file or somewhere better api_register_func('api/friendica/direct_messages_search', 'api_friendica_direct_messages_search', true); - -/* - * Number of comments - * - * Bind comment numbers(friendica_comments: Int) on each statuses page of *_timeline / favorites / search - * - * @param object $data [Status, Status] - * - * @return void - */ -function bindComments(&$data) -{ - if (count($data) == 0) { - return; - } - - $ids = []; - $comments = []; - foreach ($data as $item) { - $ids[] = $item['id']; - } - - $idStr = DBA::escape(implode(', ', $ids)); - $sql = "SELECT `parent`, COUNT(*) as comments FROM `post-user-view` WHERE `parent` IN ($idStr) AND `deleted` = ? AND `gravity`= ? GROUP BY `parent`"; - $items = DBA::p($sql, 0, GRAVITY_COMMENT); - $itemsData = DBA::toArray($items); - - foreach ($itemsData as $item) { - $comments[$item['parent']] = $item['comments']; - } - - foreach ($data as $idx => $item) { - $id = $item['id']; - $data[$idx]['friendica_comments'] = isset($comments[$id]) ? $comments[$id] : 0; - } -} - -/* -@TODO Maybe open to implement? -To.Do: - [pagename] => api/1.1/statuses/lookup.json - [id] => 605138389168451584 - [include_cards] => true - [cards_platform] => Android-12 - [include_entities] => true - [include_my_retweet] => 1 - [include_rts] => 1 - [include_reply_count] => true - [include_descendent_reply_count] => true -(?) - - -Not implemented by now: -statuses/retweets_of_me -friendships/create -friendships/destroy -friendships/exists -friendships/show -account/update_location -account/update_profile_background_image -blocks/create -blocks/destroy -friendica/profile/update -friendica/profile/create -friendica/profile/delete - -Not implemented in status.net: -statuses/retweeted_to_me -statuses/retweeted_by_me -direct_messages/destroy -account/end_session -account/update_delivery_device -notifications/follow -notifications/leave -blocks/exists -blocks/blocking -lists -*/