2019-12-05 08:12:59 -05:00
< ? php
2020-02-09 09:45:36 -05:00
/**
2021-03-29 02:40:20 -04:00
* @ copyright Copyright ( C ) 2010 - 2021 , the Friendica project
2020-02-09 09:45:36 -05:00
*
* @ license GNU AGPL version 3 or any later version
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation , either version 3 of the
* License , or ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*
*/
2019-12-05 08:12:59 -05:00
2020-01-27 21:18:42 -05:00
namespace Friendica\Module ;
2019-12-05 08:12:59 -05:00
use Friendica\BaseModule ;
2021-05-08 05:14:19 -04:00
use Friendica\Core\Logger ;
use Friendica\Core\System ;
2019-12-15 16:34:11 -05:00
use Friendica\DI ;
2021-11-18 17:20:19 -05:00
use Friendica\Model\Contact ;
2021-07-08 09:47:46 -04:00
use Friendica\Model\Post ;
2021-11-20 04:36:17 -05:00
use Friendica\Model\User ;
2019-12-05 08:12:59 -05:00
use Friendica\Network\HTTPException ;
2021-06-08 02:32:24 -04:00
use Friendica\Security\BasicAuth ;
use Friendica\Security\OAuth ;
2021-07-08 09:47:46 -04:00
use Friendica\Util\DateTimeFormat ;
2021-05-28 02:10:32 -04:00
use Friendica\Util\HTTPInputData ;
2019-12-05 08:12:59 -05:00
2020-01-27 21:18:42 -05:00
class BaseApi extends BaseModule
2019-12-05 08:12:59 -05:00
{
2021-05-16 03:37:11 -04:00
const SCOPE_READ = 'read' ;
const SCOPE_WRITE = 'write' ;
const SCOPE_FOLLOW = 'follow' ;
const SCOPE_PUSH = 'push' ;
2021-06-16 11:02:33 -04:00
/**
* @ var array
*/
protected static $boundaries = [];
/**
* @ var array
*/
protected static $request = [];
2021-11-14 17:13:47 -05:00
public function delete ()
2021-05-08 05:14:19 -04:00
{
2021-06-08 16:41:46 -04:00
self :: checkAllowedScope ( self :: SCOPE_WRITE );
2021-05-08 05:14:19 -04:00
2021-08-08 15:30:21 -04:00
if ( ! DI :: app () -> isLoggedIn ()) {
2021-05-08 05:14:19 -04:00
throw new HTTPException\ForbiddenException ( DI :: l10n () -> t ( 'Permission denied.' ));
}
}
2021-11-14 17:13:47 -05:00
public function patch ()
2021-05-08 05:14:19 -04:00
{
2021-06-08 16:41:46 -04:00
self :: checkAllowedScope ( self :: SCOPE_WRITE );
2021-05-08 05:14:19 -04:00
2021-08-08 15:30:21 -04:00
if ( ! DI :: app () -> isLoggedIn ()) {
2021-05-08 05:14:19 -04:00
throw new HTTPException\ForbiddenException ( DI :: l10n () -> t ( 'Permission denied.' ));
}
}
2021-11-14 17:13:47 -05:00
public function post ()
2019-12-05 08:12:59 -05:00
{
2021-06-08 16:41:46 -04:00
self :: checkAllowedScope ( self :: SCOPE_WRITE );
2019-12-05 08:12:59 -05:00
2021-08-08 15:30:21 -04:00
if ( ! DI :: app () -> isLoggedIn ()) {
2020-01-18 14:52:34 -05:00
throw new HTTPException\ForbiddenException ( DI :: l10n () -> t ( 'Permission denied.' ));
2019-12-05 08:12:59 -05:00
}
}
2021-11-14 17:13:47 -05:00
public function put ()
2021-05-08 05:14:19 -04:00
{
2021-06-08 16:41:46 -04:00
self :: checkAllowedScope ( self :: SCOPE_WRITE );
2021-05-08 05:14:19 -04:00
2021-08-08 15:30:21 -04:00
if ( ! DI :: app () -> isLoggedIn ()) {
2021-05-08 05:14:19 -04:00
throw new HTTPException\ForbiddenException ( DI :: l10n () -> t ( 'Permission denied.' ));
}
}
2021-05-18 02:31:22 -04:00
/**
* Processes data from GET requests and sets defaults
*
* @ return array request data
*/
2021-05-29 06:40:47 -04:00
public static function getRequest ( array $defaults )
{
2021-05-28 02:10:32 -04:00
$httpinput = HTTPInputData :: process ();
$input = array_merge ( $httpinput [ 'variables' ], $httpinput [ 'files' ], $_REQUEST );
2021-06-16 11:02:33 -04:00
self :: $request = $input ;
self :: $boundaries = [];
unset ( self :: $request [ 'pagename' ]);
2021-05-18 02:31:22 -04:00
$request = [];
foreach ( $defaults as $parameter => $defaultvalue ) {
if ( is_string ( $defaultvalue )) {
2021-05-28 02:10:32 -04:00
$request [ $parameter ] = $input [ $parameter ] ? ? $defaultvalue ;
2021-05-18 02:31:22 -04:00
} elseif ( is_int ( $defaultvalue )) {
2021-05-28 02:10:32 -04:00
$request [ $parameter ] = ( int )( $input [ $parameter ] ? ? $defaultvalue );
2021-05-18 02:31:22 -04:00
} elseif ( is_float ( $defaultvalue )) {
2021-05-28 02:10:32 -04:00
$request [ $parameter ] = ( float )( $input [ $parameter ] ? ? $defaultvalue );
2021-05-18 02:31:22 -04:00
} elseif ( is_array ( $defaultvalue )) {
2021-05-28 02:10:32 -04:00
$request [ $parameter ] = $input [ $parameter ] ? ? [];
2021-05-18 02:31:22 -04:00
} elseif ( is_bool ( $defaultvalue )) {
2021-05-28 02:10:32 -04:00
$request [ $parameter ] = in_array ( strtolower ( $input [ $parameter ] ? ? '' ), [ 'true' , '1' ]);
2021-05-18 02:31:22 -04:00
} else {
Logger :: notice ( 'Unhandled default value type' , [ 'parameter' => $parameter , 'type' => gettype ( $defaultvalue )]);
}
}
2021-05-28 02:10:32 -04:00
foreach ( $input ? ? [] as $parameter => $value ) {
2021-05-18 02:31:22 -04:00
if ( $parameter == 'pagename' ) {
continue ;
}
if ( ! in_array ( $parameter , array_keys ( $defaults ))) {
Logger :: notice ( 'Unhandled request field' , [ 'parameter' => $parameter , 'value' => $value , 'command' => DI :: args () -> getCommand ()]);
}
}
Logger :: debug ( 'Got request parameters' , [ 'request' => $request , 'command' => DI :: args () -> getCommand ()]);
return $request ;
}
2021-06-16 11:02:33 -04:00
/**
* Set boundaries for the " link " header
* @ param array $boundaries
* @ param int $id
*/
protected static function setBoundaries ( int $id )
{
if ( ! isset ( self :: $boundaries [ 'min' ])) {
self :: $boundaries [ 'min' ] = $id ;
}
if ( ! isset ( self :: $boundaries [ 'max' ])) {
self :: $boundaries [ 'max' ] = $id ;
}
self :: $boundaries [ 'min' ] = min ( self :: $boundaries [ 'min' ], $id );
self :: $boundaries [ 'max' ] = max ( self :: $boundaries [ 'max' ], $id );
}
/**
* Set the " link " header with " next " and " prev " links
* @ return void
*/
protected static function setLinkHeader ()
{
if ( empty ( self :: $boundaries )) {
return ;
}
$request = self :: $request ;
unset ( $request [ 'min_id' ]);
unset ( $request [ 'max_id' ]);
unset ( $request [ 'since_id' ]);
$prev_request = $next_request = $request ;
2021-06-16 13:57:01 -04:00
$prev_request [ 'min_id' ] = self :: $boundaries [ 'max' ];
$next_request [ 'max_id' ] = self :: $boundaries [ 'min' ];
2021-06-16 11:02:33 -04:00
$command = DI :: baseUrl () . '/' . DI :: args () -> getCommand ();
$prev = $command . '?' . http_build_query ( $prev_request );
$next = $command . '?' . http_build_query ( $next_request );
header ( 'Link: <' . $next . '>; rel="next", <' . $prev . '>; rel="prev"' );
}
2021-05-15 18:40:57 -04:00
/**
2021-06-08 02:32:24 -04:00
* Get current application token
2021-05-15 18:40:57 -04:00
*
* @ return array token
*/
protected static function getCurrentApplication ()
{
2021-06-08 02:32:24 -04:00
$token = OAuth :: getCurrentApplicationToken ();
2021-05-11 02:30:20 -04:00
2021-06-08 02:32:24 -04:00
if ( empty ( $token )) {
$token = BasicAuth :: getCurrentApplicationToken ();
2021-05-11 15:15:05 -04:00
}
2021-05-15 18:40:57 -04:00
return $token ;
2021-05-11 02:30:20 -04:00
}
2021-05-12 08:08:30 -04:00
/**
2021-06-08 02:32:24 -04:00
* Get current user id , returns 0 if not logged in
2021-05-12 08:08:30 -04:00
*
2021-06-08 02:32:24 -04:00
* @ return int User ID
2021-05-12 08:08:30 -04:00
*/
2021-11-09 16:41:37 -05:00
public static function getCurrentUserID ()
2021-05-11 02:30:20 -04:00
{
2021-06-08 02:32:24 -04:00
$uid = OAuth :: getCurrentUserID ();
2021-05-28 02:10:32 -04:00
2021-06-08 02:32:24 -04:00
if ( empty ( $uid )) {
$uid = BasicAuth :: getCurrentUserID ( false );
2021-05-11 02:30:20 -04:00
}
2021-06-08 02:32:24 -04:00
return ( int ) $uid ;
2021-05-11 02:30:20 -04:00
}
2021-05-12 02:50:27 -04:00
2021-06-08 05:11:56 -04:00
/**
* Check if the provided scope does exist .
* halts execution on missing scope or when not logged in .
*
* @ param string $scope the requested scope ( read , write , follow , push )
*/
public static function checkAllowedScope ( string $scope )
{
$token = self :: getCurrentApplication ();
if ( empty ( $token )) {
Logger :: notice ( 'Empty application token' );
DI :: mstdnError () -> Forbidden ();
}
if ( ! isset ( $token [ $scope ])) {
Logger :: warning ( 'The requested scope does not exist' , [ 'scope' => $scope , 'application' => $token ]);
DI :: mstdnError () -> Forbidden ();
}
if ( empty ( $token [ $scope ])) {
Logger :: warning ( 'The requested scope is not allowed' , [ 'scope' => $scope , 'application' => $token ]);
DI :: mstdnError () -> Forbidden ();
}
}
2021-07-08 09:47:46 -04:00
public static function checkThrottleLimit ()
{
$uid = self :: getCurrentUserID ();
// Check for throttling (maximum posts per day, week and month)
$throttle_day = DI :: config () -> get ( 'system' , 'throttle_limit_day' );
if ( $throttle_day > 0 ) {
$datefrom = date ( DateTimeFormat :: MYSQL , time () - 24 * 60 * 60 );
$condition = [ " `gravity` = ? AND `uid` = ? AND `wall` AND `received` > ? " , GRAVITY_PARENT , $uid , $datefrom ];
2021-07-08 13:32:41 -04:00
$posts_day = Post :: countThread ( $condition );
2021-07-08 09:47:46 -04:00
if ( $posts_day > $throttle_day ) {
Logger :: info ( 'Daily posting limit reached' , [ 'uid' => $uid , 'posts' => $posts_day , 'limit' => $throttle_day ]);
$error = DI :: l10n () -> t ( 'Too Many Requests' );
$error_description = DI :: l10n () -> tt ( " Daily posting limit of %d post reached. The post was rejected. " , " Daily posting limit of %d posts reached. The post was rejected. " , $throttle_day );
$errorobj = new \Friendica\Object\Api\Mastodon\Error ( $error , $error_description );
System :: jsonError ( 429 , $errorobj -> toArray ());
}
}
$throttle_week = DI :: config () -> get ( 'system' , 'throttle_limit_week' );
if ( $throttle_week > 0 ) {
$datefrom = date ( DateTimeFormat :: MYSQL , time () - 24 * 60 * 60 * 7 );
$condition = [ " `gravity` = ? AND `uid` = ? AND `wall` AND `received` > ? " , GRAVITY_PARENT , $uid , $datefrom ];
2021-07-08 13:32:41 -04:00
$posts_week = Post :: countThread ( $condition );
2021-07-08 09:47:46 -04:00
if ( $posts_week > $throttle_week ) {
Logger :: info ( 'Weekly posting limit reached' , [ 'uid' => $uid , 'posts' => $posts_week , 'limit' => $throttle_week ]);
$error = DI :: l10n () -> t ( 'Too Many Requests' );
$error_description = DI :: l10n () -> tt ( " Weekly posting limit of %d post reached. The post was rejected. " , " Weekly posting limit of %d posts reached. The post was rejected. " , $throttle_week );
$errorobj = new \Friendica\Object\Api\Mastodon\Error ( $error , $error_description );
System :: jsonError ( 429 , $errorobj -> toArray ());
}
}
$throttle_month = DI :: config () -> get ( 'system' , 'throttle_limit_month' );
if ( $throttle_month > 0 ) {
$datefrom = date ( DateTimeFormat :: MYSQL , time () - 24 * 60 * 60 * 30 );
$condition = [ " `gravity` = ? AND `uid` = ? AND `wall` AND `received` > ? " , GRAVITY_PARENT , $uid , $datefrom ];
2021-07-08 13:32:41 -04:00
$posts_month = Post :: countThread ( $condition );
2021-07-08 09:47:46 -04:00
if ( $posts_month > $throttle_month ) {
Logger :: info ( 'Monthly posting limit reached' , [ 'uid' => $uid , 'posts' => $posts_month , 'limit' => $throttle_month ]);
$error = DI :: l10n () -> t ( 'Too Many Requests' );
$error_description = DI :: l10n () -> t ( " Monthly posting limit of %d post reached. The post was rejected. " , " Monthly posting limit of %d posts reached. The post was rejected. " , $throttle_month );
$errorobj = new \Friendica\Object\Api\Mastodon\Error ( $error , $error_description );
System :: jsonError ( 429 , $errorobj -> toArray ());
}
}
}
2021-11-18 17:20:19 -05:00
2021-11-21 11:59:09 -05:00
public static function getContactIDForSearchterm ( string $screen_name = null , int $cid = null , int $uid )
2021-11-18 17:20:19 -05:00
{
2021-11-20 04:36:17 -05:00
if ( ! empty ( $cid )) {
return $cid ;
}
if ( strpos ( $screen_name , '@' ) !== false ) {
$cid = Contact :: getIdForURL ( $screen_name , 0 , false );
2021-11-18 17:20:19 -05:00
} else {
2021-11-20 04:36:17 -05:00
$user = User :: getByNickname ( $screen_name , [ 'uid' ]);
if ( ! empty ( $user [ 'uid' ])) {
$cid = Contact :: getPublicIdByUserId ( $user [ 'uid' ]);
}
}
if ( empty ( $cid ) && ( $uid != 0 )) {
$cid = Contact :: getPublicIdByUserId ( $uid );
2021-11-18 17:20:19 -05:00
}
return $cid ;
}
2019-12-05 08:12:59 -05:00
}