2019-12-05 08:12:59 -05:00
< ? php
2020-02-09 09:45:36 -05:00
/**
2021-03-29 02:40:20 -04:00
* @ copyright Copyright ( C ) 2010 - 2021 , the Friendica project
2020-02-09 09:45:36 -05:00
*
* @ license GNU AGPL version 3 or any later version
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation , either version 3 of the
* License , or ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*
*/
2019-12-05 08:12:59 -05:00
2020-01-27 21:18:42 -05:00
namespace Friendica\Module ;
2019-12-05 08:12:59 -05:00
2021-11-21 15:52:36 -05:00
use Friendica\App ;
2019-12-05 08:12:59 -05:00
use Friendica\BaseModule ;
2021-11-21 15:52:36 -05:00
use Friendica\Core\L10n ;
2021-05-08 05:14:19 -04:00
use Friendica\Core\Logger ;
use Friendica\Core\System ;
2019-12-15 16:34:11 -05:00
use Friendica\DI ;
2021-11-18 17:20:19 -05:00
use Friendica\Model\Contact ;
2021-07-08 09:47:46 -04:00
use Friendica\Model\Post ;
2021-11-20 04:36:17 -05:00
use Friendica\Model\User ;
2021-11-21 15:52:36 -05:00
use Friendica\Module\Api\ApiResponse ;
2019-12-05 08:12:59 -05:00
use Friendica\Network\HTTPException ;
2021-06-08 02:32:24 -04:00
use Friendica\Security\BasicAuth ;
use Friendica\Security\OAuth ;
2021-07-08 09:47:46 -04:00
use Friendica\Util\DateTimeFormat ;
2021-05-28 02:10:32 -04:00
use Friendica\Util\HTTPInputData ;
2021-11-21 15:52:36 -05:00
use Friendica\Util\Profiler ;
use Psr\Log\LoggerInterface ;
2019-12-05 08:12:59 -05:00
2020-01-27 21:18:42 -05:00
class BaseApi extends BaseModule
2019-12-05 08:12:59 -05:00
{
2021-11-26 02:55:02 -05:00
const LOG_PREFIX = 'API {action} - ' ;
2021-05-16 03:37:11 -04:00
const SCOPE_READ = 'read' ;
const SCOPE_WRITE = 'write' ;
const SCOPE_FOLLOW = 'follow' ;
const SCOPE_PUSH = 'push' ;
2021-06-16 11:02:33 -04:00
/**
* @ var array
*/
protected static $boundaries = [];
/**
* @ var array
*/
protected static $request = [];
2021-11-21 15:52:36 -05:00
/** @var App */
protected $app ;
/** @var ApiResponse */
protected $response ;
public function __construct ( App $app , L10n $l10n , App\BaseURL $baseUrl , App\Arguments $args , LoggerInterface $logger , Profiler $profiler , ApiResponse $response , array $server , array $parameters = [])
{
parent :: __construct ( $l10n , $baseUrl , $args , $logger , $profiler , $response , $server , $parameters );
}
2021-11-20 09:38:03 -05:00
protected function delete ()
2021-05-08 05:14:19 -04:00
{
2021-06-08 16:41:46 -04:00
self :: checkAllowedScope ( self :: SCOPE_WRITE );
2021-05-08 05:14:19 -04:00
2021-11-21 15:52:36 -05:00
if ( ! $this -> app -> isLoggedIn ()) {
throw new HTTPException\ForbiddenException ( $this -> t ( 'Permission denied.' ));
2021-05-08 05:14:19 -04:00
}
}
2021-11-20 09:38:03 -05:00
protected function patch ()
2021-05-08 05:14:19 -04:00
{
2021-06-08 16:41:46 -04:00
self :: checkAllowedScope ( self :: SCOPE_WRITE );
2021-05-08 05:14:19 -04:00
2021-11-21 15:52:36 -05:00
if ( ! $this -> app -> isLoggedIn ()) {
throw new HTTPException\ForbiddenException ( $this -> t ( 'Permission denied.' ));
2021-05-08 05:14:19 -04:00
}
}
2021-11-20 09:38:03 -05:00
protected function post ( array $request = [], array $post = [])
2019-12-05 08:12:59 -05:00
{
2021-06-08 16:41:46 -04:00
self :: checkAllowedScope ( self :: SCOPE_WRITE );
2019-12-05 08:12:59 -05:00
2021-11-21 15:52:36 -05:00
if ( ! $this -> app -> isLoggedIn ()) {
throw new HTTPException\ForbiddenException ( $this -> t ( 'Permission denied.' ));
2019-12-05 08:12:59 -05:00
}
}
2021-11-14 17:13:47 -05:00
public function put ()
2021-05-08 05:14:19 -04:00
{
2021-06-08 16:41:46 -04:00
self :: checkAllowedScope ( self :: SCOPE_WRITE );
2021-05-08 05:14:19 -04:00
2021-11-21 15:52:36 -05:00
if ( ! $this -> app -> isLoggedIn ()) {
throw new HTTPException\ForbiddenException ( $this -> t ( 'Permission denied.' ));
2021-05-08 05:14:19 -04:00
}
}
2021-05-18 02:31:22 -04:00
/**
* Processes data from GET requests and sets defaults
*
2021-11-27 18:30:41 -05:00
* @ param array $defaults Associative array of expected request keys and their default typed value . A null
* value will remove the request key from the resulting value array .
* @ param array | null $request Custom REQUEST array , superglobal instead
2021-05-18 02:31:22 -04:00
* @ return array request data
2021-11-27 18:30:41 -05:00
* @ throws \Exception
2021-05-18 02:31:22 -04:00
*/
2021-11-27 18:30:41 -05:00
public static function getRequest ( array $defaults , array $request = null ) : array
2021-05-29 06:40:47 -04:00
{
2021-05-28 02:10:32 -04:00
$httpinput = HTTPInputData :: process ();
2021-11-27 18:30:41 -05:00
$input = array_merge ( $httpinput [ 'variables' ], $httpinput [ 'files' ], $request ? ? $_REQUEST );
2021-05-28 02:10:32 -04:00
2021-06-16 11:02:33 -04:00
self :: $request = $input ;
self :: $boundaries = [];
unset ( self :: $request [ 'pagename' ]);
2021-05-18 02:31:22 -04:00
$request = [];
foreach ( $defaults as $parameter => $defaultvalue ) {
if ( is_string ( $defaultvalue )) {
2021-05-28 02:10:32 -04:00
$request [ $parameter ] = $input [ $parameter ] ? ? $defaultvalue ;
2021-05-18 02:31:22 -04:00
} elseif ( is_int ( $defaultvalue )) {
2021-05-28 02:10:32 -04:00
$request [ $parameter ] = ( int )( $input [ $parameter ] ? ? $defaultvalue );
2021-05-18 02:31:22 -04:00
} elseif ( is_float ( $defaultvalue )) {
2021-05-28 02:10:32 -04:00
$request [ $parameter ] = ( float )( $input [ $parameter ] ? ? $defaultvalue );
2021-05-18 02:31:22 -04:00
} elseif ( is_array ( $defaultvalue )) {
2021-05-28 02:10:32 -04:00
$request [ $parameter ] = $input [ $parameter ] ? ? [];
2021-05-18 02:31:22 -04:00
} elseif ( is_bool ( $defaultvalue )) {
2021-05-28 02:10:32 -04:00
$request [ $parameter ] = in_array ( strtolower ( $input [ $parameter ] ? ? '' ), [ 'true' , '1' ]);
2021-05-18 02:31:22 -04:00
} else {
Logger :: notice ( 'Unhandled default value type' , [ 'parameter' => $parameter , 'type' => gettype ( $defaultvalue )]);
}
}
2021-05-28 02:10:32 -04:00
foreach ( $input ? ? [] as $parameter => $value ) {
2021-05-18 02:31:22 -04:00
if ( $parameter == 'pagename' ) {
continue ;
}
if ( ! in_array ( $parameter , array_keys ( $defaults ))) {
Logger :: notice ( 'Unhandled request field' , [ 'parameter' => $parameter , 'value' => $value , 'command' => DI :: args () -> getCommand ()]);
}
}
Logger :: debug ( 'Got request parameters' , [ 'request' => $request , 'command' => DI :: args () -> getCommand ()]);
return $request ;
}
2021-06-16 11:02:33 -04:00
/**
* Set boundaries for the " link " header
* @ param array $boundaries
* @ param int $id
*/
protected static function setBoundaries ( int $id )
{
if ( ! isset ( self :: $boundaries [ 'min' ])) {
self :: $boundaries [ 'min' ] = $id ;
}
if ( ! isset ( self :: $boundaries [ 'max' ])) {
self :: $boundaries [ 'max' ] = $id ;
}
self :: $boundaries [ 'min' ] = min ( self :: $boundaries [ 'min' ], $id );
self :: $boundaries [ 'max' ] = max ( self :: $boundaries [ 'max' ], $id );
}
/**
* Set the " link " header with " next " and " prev " links
* @ return void
*/
protected static function setLinkHeader ()
{
if ( empty ( self :: $boundaries )) {
return ;
}
$request = self :: $request ;
unset ( $request [ 'min_id' ]);
unset ( $request [ 'max_id' ]);
unset ( $request [ 'since_id' ]);
$prev_request = $next_request = $request ;
2021-06-16 13:57:01 -04:00
$prev_request [ 'min_id' ] = self :: $boundaries [ 'max' ];
$next_request [ 'max_id' ] = self :: $boundaries [ 'min' ];
2021-06-16 11:02:33 -04:00
$command = DI :: baseUrl () . '/' . DI :: args () -> getCommand ();
$prev = $command . '?' . http_build_query ( $prev_request );
$next = $command . '?' . http_build_query ( $next_request );
header ( 'Link: <' . $next . '>; rel="next", <' . $prev . '>; rel="prev"' );
}
2021-05-15 18:40:57 -04:00
/**
2021-06-08 02:32:24 -04:00
* Get current application token
2021-05-15 18:40:57 -04:00
*
* @ return array token
*/
2021-11-24 01:44:25 -05:00
public static function getCurrentApplication ()
2021-05-15 18:40:57 -04:00
{
2021-06-08 02:32:24 -04:00
$token = OAuth :: getCurrentApplicationToken ();
2021-05-11 02:30:20 -04:00
2021-06-08 02:32:24 -04:00
if ( empty ( $token )) {
$token = BasicAuth :: getCurrentApplicationToken ();
2021-05-11 15:15:05 -04:00
}
2021-05-15 18:40:57 -04:00
return $token ;
2021-05-11 02:30:20 -04:00
}
2021-05-12 08:08:30 -04:00
/**
2021-06-08 02:32:24 -04:00
* Get current user id , returns 0 if not logged in
2021-05-12 08:08:30 -04:00
*
2021-06-08 02:32:24 -04:00
* @ return int User ID
2021-05-12 08:08:30 -04:00
*/
2021-11-09 16:41:37 -05:00
public static function getCurrentUserID ()
2021-05-11 02:30:20 -04:00
{
2021-06-08 02:32:24 -04:00
$uid = OAuth :: getCurrentUserID ();
2021-05-28 02:10:32 -04:00
2021-06-08 02:32:24 -04:00
if ( empty ( $uid )) {
$uid = BasicAuth :: getCurrentUserID ( false );
2021-05-11 02:30:20 -04:00
}
2021-06-08 02:32:24 -04:00
return ( int ) $uid ;
2021-05-11 02:30:20 -04:00
}
2021-05-12 02:50:27 -04:00
2021-06-08 05:11:56 -04:00
/**
* Check if the provided scope does exist .
* halts execution on missing scope or when not logged in .
*
* @ param string $scope the requested scope ( read , write , follow , push )
*/
public static function checkAllowedScope ( string $scope )
{
$token = self :: getCurrentApplication ();
if ( empty ( $token )) {
Logger :: notice ( 'Empty application token' );
DI :: mstdnError () -> Forbidden ();
}
if ( ! isset ( $token [ $scope ])) {
Logger :: warning ( 'The requested scope does not exist' , [ 'scope' => $scope , 'application' => $token ]);
DI :: mstdnError () -> Forbidden ();
}
if ( empty ( $token [ $scope ])) {
Logger :: warning ( 'The requested scope is not allowed' , [ 'scope' => $scope , 'application' => $token ]);
DI :: mstdnError () -> Forbidden ();
}
}
2021-07-08 09:47:46 -04:00
public static function checkThrottleLimit ()
{
$uid = self :: getCurrentUserID ();
// Check for throttling (maximum posts per day, week and month)
$throttle_day = DI :: config () -> get ( 'system' , 'throttle_limit_day' );
if ( $throttle_day > 0 ) {
$datefrom = date ( DateTimeFormat :: MYSQL , time () - 24 * 60 * 60 );
$condition = [ " `gravity` = ? AND `uid` = ? AND `wall` AND `received` > ? " , GRAVITY_PARENT , $uid , $datefrom ];
2021-07-08 13:32:41 -04:00
$posts_day = Post :: countThread ( $condition );
2021-07-08 09:47:46 -04:00
if ( $posts_day > $throttle_day ) {
Logger :: info ( 'Daily posting limit reached' , [ 'uid' => $uid , 'posts' => $posts_day , 'limit' => $throttle_day ]);
$error = DI :: l10n () -> t ( 'Too Many Requests' );
$error_description = DI :: l10n () -> tt ( " Daily posting limit of %d post reached. The post was rejected. " , " Daily posting limit of %d posts reached. The post was rejected. " , $throttle_day );
$errorobj = new \Friendica\Object\Api\Mastodon\Error ( $error , $error_description );
System :: jsonError ( 429 , $errorobj -> toArray ());
}
}
$throttle_week = DI :: config () -> get ( 'system' , 'throttle_limit_week' );
if ( $throttle_week > 0 ) {
$datefrom = date ( DateTimeFormat :: MYSQL , time () - 24 * 60 * 60 * 7 );
$condition = [ " `gravity` = ? AND `uid` = ? AND `wall` AND `received` > ? " , GRAVITY_PARENT , $uid , $datefrom ];
2021-07-08 13:32:41 -04:00
$posts_week = Post :: countThread ( $condition );
2021-07-08 09:47:46 -04:00
if ( $posts_week > $throttle_week ) {
Logger :: info ( 'Weekly posting limit reached' , [ 'uid' => $uid , 'posts' => $posts_week , 'limit' => $throttle_week ]);
$error = DI :: l10n () -> t ( 'Too Many Requests' );
$error_description = DI :: l10n () -> tt ( " Weekly posting limit of %d post reached. The post was rejected. " , " Weekly posting limit of %d posts reached. The post was rejected. " , $throttle_week );
$errorobj = new \Friendica\Object\Api\Mastodon\Error ( $error , $error_description );
System :: jsonError ( 429 , $errorobj -> toArray ());
}
}
$throttle_month = DI :: config () -> get ( 'system' , 'throttle_limit_month' );
if ( $throttle_month > 0 ) {
$datefrom = date ( DateTimeFormat :: MYSQL , time () - 24 * 60 * 60 * 30 );
$condition = [ " `gravity` = ? AND `uid` = ? AND `wall` AND `received` > ? " , GRAVITY_PARENT , $uid , $datefrom ];
2021-07-08 13:32:41 -04:00
$posts_month = Post :: countThread ( $condition );
2021-07-08 09:47:46 -04:00
if ( $posts_month > $throttle_month ) {
Logger :: info ( 'Monthly posting limit reached' , [ 'uid' => $uid , 'posts' => $posts_month , 'limit' => $throttle_month ]);
$error = DI :: l10n () -> t ( 'Too Many Requests' );
$error_description = DI :: l10n () -> t ( " Monthly posting limit of %d post reached. The post was rejected. " , " Monthly posting limit of %d posts reached. The post was rejected. " , $throttle_month );
$errorobj = new \Friendica\Object\Api\Mastodon\Error ( $error , $error_description );
System :: jsonError ( 429 , $errorobj -> toArray ());
}
}
}
2021-11-18 17:20:19 -05:00
2021-11-26 03:16:06 -05:00
public static function getContactIDForSearchterm ( string $screen_name = null , string $profileurl = null , int $cid = null , int $uid )
2021-11-18 17:20:19 -05:00
{
2021-11-20 04:36:17 -05:00
if ( ! empty ( $cid )) {
return $cid ;
}
2021-11-26 02:55:02 -05:00
if ( ! empty ( $profileurl )) {
return Contact :: getIdForURL ( $profileurl );
}
if ( empty ( $cid ) && ! empty ( $screen_name )) {
if ( strpos ( $screen_name , '@' ) !== false ) {
return Contact :: getIdForURL ( $screen_name , 0 , false );
}
2021-11-20 04:36:17 -05:00
$user = User :: getByNickname ( $screen_name , [ 'uid' ]);
if ( ! empty ( $user [ 'uid' ])) {
2021-11-26 02:55:02 -05:00
return Contact :: getPublicIdByUserId ( $user [ 'uid' ]);
2021-11-20 04:36:17 -05:00
}
}
2021-11-26 02:55:02 -05:00
if ( $uid != 0 ) {
return Contact :: getPublicIdByUserId ( $uid );
2021-11-18 17:20:19 -05:00
}
2021-11-26 02:55:02 -05:00
return null ;
2021-11-18 17:20:19 -05:00
}
2019-12-05 08:12:59 -05:00
}