X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FBaseApi.php;h=d6e5f748f23d35976b5cf99eb84e2ddffb0ed520;hb=be8251ef0ca39376745dd0ab298208fb41395cce;hp=c67671954fd8979fb057042433090cf7b82c4c55;hpb=61f1a4d14dbb30002aed9d607ff44d945374d56a;p=friendica.git diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index c67671954f..d6e5f748f2 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -1,6 +1,6 @@ app = $app; } - protected function delete() + /** + * Additionally checks, if the caller is permitted to do this action + * + * {@inheritDoc} + * + * @throws HTTPException\ForbiddenException + */ + public function run(ModuleHTTPException $httpException, array $request = [], bool $scopecheck = true): ResponseInterface { - self::checkAllowedScope(self::SCOPE_WRITE); - - if (!$this->app->isLoggedIn()) { - throw new HTTPException\ForbiddenException($this->t('Permission denied.')); + if ($scopecheck) { + switch ($this->args->getMethod()) { + case Router::DELETE: + case Router::PATCH: + case Router::POST: + case Router::PUT: + self::checkAllowedScope(self::SCOPE_WRITE); + + if (!self::getCurrentUserID()) { + throw new HTTPException\ForbiddenException($this->t('Permission denied.')); + } + break; + } } + + return parent::run($httpException, $request); } - protected function patch() + /** + * Processes data from GET requests and sets paging conditions + * + * @param array $request Custom REQUEST array + * @param array $condition Existing conditions to merge + * @return array paging data condition parameters data + * @throws \Exception + */ + protected function addPagingConditions(array $request, array $condition): array { - self::checkAllowedScope(self::SCOPE_WRITE); + $requested_order = $request['friendica_order']; + if ($requested_order == TimelineOrderByTypes::ID) { + if (!empty($request['max_id'])) { + $condition = DBA::mergeConditions($condition, ["`uri-id` < ?", intval($request['max_id'])]); + } + + if (!empty($request['since_id'])) { + $condition = DBA::mergeConditions($condition, ["`uri-id` > ?", intval($request['since_id'])]); + } + + if (!empty($request['min_id'])) { + $condition = DBA::mergeConditions($condition, ["`uri-id` > ?", intval($request['min_id'])]); + } + } else { + switch ($requested_order) { + case TimelineOrderByTypes::RECEIVED: + case TimelineOrderByTypes::CHANGED: + case TimelineOrderByTypes::EDITED: + case TimelineOrderByTypes::CREATED: + case TimelineOrderByTypes::COMMENTED: + $order_field = $requested_order; + break; + default: + throw new \Exception("Unrecognized request order: $requested_order"); + } - if (!$this->app->isLoggedIn()) { - throw new HTTPException\ForbiddenException($this->t('Permission denied.')); + if (!empty($request['max_id'])) { + $condition = DBA::mergeConditions($condition, ["`$order_field` < ?", DateTimeFormat::convert($request['max_id'], DateTimeFormat::MYSQL)]); + } + + if (!empty($request['since_id'])) { + $condition = DBA::mergeConditions($condition, ["`$order_field` > ?", DateTimeFormat::convert($request['since_id'], DateTimeFormat::MYSQL)]); + } + + if (!empty($request['min_id'])) { + $condition = DBA::mergeConditions($condition, ["`$order_field` > ?", DateTimeFormat::convert($request['min_id'], DateTimeFormat::MYSQL)]); + } } + + return $condition; } - protected function post(array $request = [], array $post = []) + /** + * Processes data from GET requests and sets paging conditions + * + * @param array $request Custom REQUEST array + * @param array $params Existing $params element to build on + * @return array ordering data added to the params blocks that was passed in + * @throws \Exception + */ + protected function buildOrderAndLimitParams(array $request, array $params = []): array { - self::checkAllowedScope(self::SCOPE_WRITE); + $requested_order = $request['friendica_order']; + switch ($requested_order) { + case TimelineOrderByTypes::CHANGED: + case TimelineOrderByTypes::CREATED: + case TimelineOrderByTypes::COMMENTED: + case TimelineOrderByTypes::EDITED: + case TimelineOrderByTypes::RECEIVED: + $order_field = $requested_order; + break; + case TimelineOrderByTypes::ID: + default: + $order_field = 'uri-id'; + } - if (!$this->app->isLoggedIn()) { - throw new HTTPException\ForbiddenException($this->t('Permission denied.')); + if (!empty($request['min_id'])) { + $params['order'] = [$order_field]; + } else { + $params['order'] = [$order_field => true]; } + + $params['limit'] = $request['limit']; + + return $params; } - public function put() + /** + * Update the ID/time boundaries for this result set. Used for building Link Headers + * + * @param Status $status + * @param array $post_item + * @param string $order + * @return void + * @throws \Exception + */ + protected function updateBoundaries(Status $status, array $post_item, string $order) { - self::checkAllowedScope(self::SCOPE_WRITE); - - if (!$this->app->isLoggedIn()) { - throw new HTTPException\ForbiddenException($this->t('Permission denied.')); + try { + switch ($order) { + case TimelineOrderByTypes::CHANGED: + if (!empty($status->friendicaExtension()->changedAt())) { + self::setBoundaries(new DateTime(DateTimeFormat::utc($status->friendicaExtension()->changedAt(), DateTimeFormat::JSON))); + } + break; + case TimelineOrderByTypes::CREATED: + if (!empty($status->createdAt())) { + self::setBoundaries(new DateTime(DateTimeFormat::utc($status->createdAt(), DateTimeFormat::JSON))); + } + break; + case TimelineOrderByTypes::COMMENTED: + if (!empty($status->friendicaExtension()->commentedAt())) { + self::setBoundaries(new DateTime(DateTimeFormat::utc($status->friendicaExtension()->commentedAt(), DateTimeFormat::JSON))); + } + break; + case TimelineOrderByTypes::EDITED: + if (!empty($status->editedAt())) { + self::setBoundaries(new DateTime(DateTimeFormat::utc($status->editedAt(), DateTimeFormat::JSON))); + } + break; + case TimelineOrderByTypes::RECEIVED: + if (!empty($status->friendicaExtension()->receivedAt())) { + self::setBoundaries(new DateTime(DateTimeFormat::utc($status->friendicaExtension()->receivedAt(), DateTimeFormat::JSON))); + } + break; + case TimelineOrderByTypes::ID: + default: + self::setBoundaries($post_item['uri-id']); + } + } catch (\Exception $e) { + Logger::debug('Error processing page boundary calculation, skipping', ['error' => $e]); } } @@ -112,57 +244,26 @@ class BaseApi extends BaseModule * * @param array $defaults Associative array of expected request keys and their default typed value. A null * value will remove the request key from the resulting value array. - * @param array|null $request Custom REQUEST array, superglobal instead + * @param array $request Custom REQUEST array, superglobal instead * @return array request data * @throws \Exception */ - public static function getRequest(array $defaults, array $request = null): array + public function getRequest(array $defaults, array $request): array { - $httpinput = HTTPInputData::process(); - $input = array_merge($httpinput['variables'], $httpinput['files'], $request ?? $_REQUEST); - - self::$request = $input; + self::$request = $request; self::$boundaries = []; unset(self::$request['pagename']); - $request = []; - - foreach ($defaults as $parameter => $defaultvalue) { - if (is_string($defaultvalue)) { - $request[$parameter] = $input[$parameter] ?? $defaultvalue; - } elseif (is_int($defaultvalue)) { - $request[$parameter] = (int)($input[$parameter] ?? $defaultvalue); - } elseif (is_float($defaultvalue)) { - $request[$parameter] = (float)($input[$parameter] ?? $defaultvalue); - } elseif (is_array($defaultvalue)) { - $request[$parameter] = $input[$parameter] ?? []; - } elseif (is_bool($defaultvalue)) { - $request[$parameter] = in_array(strtolower($input[$parameter] ?? ''), ['true', '1']); - } else { - Logger::notice('Unhandled default value type', ['parameter' => $parameter, 'type' => gettype($defaultvalue)]); - } - } - - foreach ($input ?? [] as $parameter => $value) { - if ($parameter == 'pagename') { - continue; - } - if (!in_array($parameter, array_keys($defaults))) { - Logger::notice('Unhandled request field', ['parameter' => $parameter, 'value' => $value, 'command' => DI::args()->getCommand()]); - } - } - - Logger::debug('Got request parameters', ['request' => $request, 'command' => DI::args()->getCommand()]); - return $request; + return $this->checkDefaults($defaults, $request); } /** * Set boundaries for the "link" header * @param array $boundaries - * @param int $id + * @param int|\DateTime $id */ - protected static function setBoundaries(int $id) + protected static function setBoundaries($id) { if (!isset(self::$boundaries['min'])) { self::$boundaries['min'] = $id; @@ -177,13 +278,13 @@ class BaseApi extends BaseModule } /** - * Set the "link" header with "next" and "prev" links - * @return void + * Get the "link" header with "next" and "prev" links + * @return string */ - protected static function setLinkHeader() + protected static function getLinkHeader(bool $asDate = false): string { if (empty(self::$boundaries)) { - return; + return ''; } $request = self::$request; @@ -194,15 +295,85 @@ class BaseApi extends BaseModule $prev_request = $next_request = $request; - $prev_request['min_id'] = self::$boundaries['max']; - $next_request['max_id'] = self::$boundaries['min']; + if ($asDate) { + $max_date = self::$boundaries['max']; + $min_date = self::$boundaries['min']; + $prev_request['min_id'] = $max_date->format(DateTimeFormat::JSON); + $next_request['max_id'] = $min_date->format(DateTimeFormat::JSON); + } else { + $prev_request['min_id'] = self::$boundaries['max']; + $next_request['max_id'] = self::$boundaries['min']; + } + + $command = DI::baseUrl() . '/' . DI::args()->getCommand(); + + $prev = $command . '?' . http_build_query($prev_request); + $next = $command . '?' . http_build_query($next_request); + + return 'Link: <' . $next . '>; rel="next", <' . $prev . '>; rel="prev"'; + } + + /** + * Get the "link" header with "next" and "prev" links for an offset/limit type call + * @return string + */ + protected static function getOffsetAndLimitLinkHeader(int $offset, int $limit): string + { + $request = self::$request; + + unset($request['offset']); + $request['limit'] = $limit; + + $prev_request = $next_request = $request; + + $prev_request['offset'] = $offset - $limit; + $next_request['offset'] = $offset + $limit; $command = DI::baseUrl() . '/' . DI::args()->getCommand(); $prev = $command . '?' . http_build_query($prev_request); $next = $command . '?' . http_build_query($next_request); - header('Link: <' . $next . '>; rel="next", <' . $prev . '>; rel="prev"'); + if ($prev_request['offset'] >= 0) { + return 'Link: <' . $next . '>; rel="next", <' . $prev . '>; rel="prev"'; + } else { + return 'Link: <' . $next . '>; rel="next"'; + } + } + + /** + * Set the "link" header with "next" and "prev" links + * @return void + */ + protected static function setLinkHeader(bool $asDate = false) + { + $header = self::getLinkHeader($asDate); + if (!empty($header)) { + header($header); + } + } + + /** + * Set the "link" header with "next" and "prev" links + * @return void + */ + protected static function setLinkHeaderByOffsetLimit(int $offset, int $limit) + { + $header = self::getOffsetAndLimitLinkHeader($offset, $limit); + if (!empty($header)) { + header($header); + } + } + + /** + * Check if the app is known to support quoted posts + * + * @return bool + */ + public static function appSupportsQuotes(): bool + { + $token = OAuth::getCurrentApplicationToken(); + return (!empty($token['name']) && in_array($token['name'], ['Fedilab'])); } /** @@ -272,11 +443,11 @@ class BaseApi extends BaseModule if ($throttle_day > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", Item::GRAVITY_PARENT, $uid, $datefrom]; $posts_day = Post::countThread($condition); if ($posts_day > $throttle_day) { - Logger::info('Daily posting limit reached', ['uid' => $uid, 'posts' => $posts_day, 'limit' => $throttle_day]); + Logger::notice('Daily posting limit reached', ['uid' => $uid, 'posts' => $posts_day, 'limit' => $throttle_day]); $error = DI::l10n()->t('Too Many Requests'); $error_description = DI::l10n()->tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day); $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); @@ -288,11 +459,11 @@ class BaseApi extends BaseModule if ($throttle_week > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*7); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", Item::GRAVITY_PARENT, $uid, $datefrom]; $posts_week = Post::countThread($condition); if ($posts_week > $throttle_week) { - Logger::info('Weekly posting limit reached', ['uid' => $uid, 'posts' => $posts_week, 'limit' => $throttle_week]); + Logger::notice('Weekly posting limit reached', ['uid' => $uid, 'posts' => $posts_week, 'limit' => $throttle_week]); $error = DI::l10n()->t('Too Many Requests'); $error_description = DI::l10n()->tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week); $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); @@ -304,13 +475,13 @@ class BaseApi extends BaseModule if ($throttle_month > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*30); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, $uid, $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", Item::GRAVITY_PARENT, $uid, $datefrom]; $posts_month = Post::countThread($condition); if ($posts_month > $throttle_month) { - Logger::info('Monthly posting limit reached', ['uid' => $uid, 'posts' => $posts_month, 'limit' => $throttle_month]); + Logger::notice('Monthly posting limit reached', ['uid' => $uid, 'posts' => $posts_month, 'limit' => $throttle_month]); $error = DI::l10n()->t('Too Many Requests'); - $error_description = DI::l10n()->t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month); + $error_description = DI::l10n()->tt('Monthly posting limit of %d post reached. The post was rejected.', 'Monthly posting limit of %d posts reached. The post was rejected.', $throttle_month); $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); System::jsonError(429, $errorobj->toArray()); }