friendica/mod/api.php

<?php
/**
 * @file mod/api.php
 */

use Friendica\App;
use Friendica\Core\Renderer;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Module\Security\Login;

require_once __DIR__ . '/../include/api.php';

function oauth_get_client(OAuthRequest $request)
{
	$params = $request->get_parameters();
	$token = $params['oauth_token'];

	$r = q("SELECT `clients`.*
			FROM `clients`, `tokens`
			WHERE `clients`.`client_id`=`tokens`.`client_id`
			AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", DBA::escape($token));

	if (!DBA::isResult($r)) {
		return null;
	}

	return $r[0];
}

function api_post(App $a)
{
	if (!local_user()) {
		notice(DI::l10n()->t('Permission denied.') . EOL);
		return;
	}

	if (count($a->user) && !empty($a->user['uid']) && $a->user['uid'] != local_user()) {
		notice(DI::l10n()->t('Permission denied.') . EOL);
		return;
	}
}

function api_content(App $a)
{
	if (DI::args()->getCommand() == 'api/oauth/authorize') {
		/*
		 * api/oauth/authorize interact with the user. return a standard page
		 */

		DI::page()['template'] = "minimal";

		// get consumer/client from request token
		try {
			$request = OAuthRequest::from_request();
		} catch (Exception $e) {
			echo "<pre>";
			var_dump($e);
			exit();
		}

		if (!empty($_POST['oauth_yes'])) {
			$app = oauth_get_client($request);
			if (is_null($app)) {
				return "Invalid request. Unknown token.";
			}
			$consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);

			$verifier = md5($app['secret'] . local_user());
			DI::config()->set("oauth", $verifier, local_user());

			if ($consumer->callback_url != null) {
				$params = $request->get_parameters();
				$glue = "?";
				if (strstr($consumer->callback_url, $glue)) {
					$glue = "?";
				}
				DI::baseUrl()->redirect($consumer->callback_url . $glue . 'oauth_token=' . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . '&oauth_verifier=' . OAuthUtil::urlencode_rfc3986($verifier));
				exit();
			}

			$tpl = Renderer::getMarkupTemplate("oauth_authorize_done.tpl");
			$o = Renderer::replaceMacros($tpl, [
				'$title' => DI::l10n()->t('Authorize application connection'),
				'$info' => DI::l10n()->t('Return to your app and insert this Securty Code:'),
				'$code' => $verifier,
			]);

			return $o;
		}

		if (!local_user()) {
			/// @TODO We need login form to redirect to this page
			notice(DI::l10n()->t('Please login to continue.') . EOL);
			return Login::form(DI::args()->getQueryString(), false, $request->get_parameters());
		}
		//FKOAuth1::loginUser(4);

		$app = oauth_get_client($request);
		if (is_null($app)) {
			return "Invalid request. Unknown token.";
		}

		$tpl = Renderer::getMarkupTemplate('oauth_authorize.tpl');
		$o = Renderer::replaceMacros($tpl, [
			'$title' => DI::l10n()->t('Authorize application connection'),
			'$app' => $app,
			'$authorize' => DI::l10n()->t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
			'$yes' => DI::l10n()->t('Yes'),
			'$no' => DI::l10n()->t('No'),
		]);

		return $o;
	}

	echo api_call($a);
	exit();
}
First attemp of api 2011-02-15 06:24:21 -05:00			`<?php`
Many t() calls modify many t() calls. 2018-01-21 13:33:59 -05:00			`/**`
			`* @file mod/api.php`
			`*/`
Add Drone CI - Add drone test environment - Add drone config - apt phpunit - Fix api.php - Fix item.php - Fix DBStructure - Check if caching is possible during tests 2019-09-16 08:47:49 -04:00
Move App to src - Add `use Friendica\App;` wherever needed 2017-04-30 00:07:00 -04:00			`use Friendica\App;`
replace macros implement new replaceMacros function 2018-10-31 10:35:50 -04:00			`use Friendica\Core\Renderer;`
Rename DBM method calls to DBA method calls 2018-07-21 08:40:21 -04:00			`use Friendica\Database\DBA;`
Refactor deprecated App::internalRedirect() to DI::baseUrl()->redirect() 2019-12-15 18:28:31 -05:00			`use Friendica\DI;`
Move Login/Logout/TwoFactor to bundled submodule "Security" 2019-12-27 16:19:28 -05:00			`use Friendica\Module\Security\Login;`
Move App to src - Add `use Friendica\App;` wherever needed 2017-04-30 00:07:00 -04:00
Add Drone CI - Add drone test environment - Add drone config - apt phpunit - Fix api.php - Fix item.php - Fix DBStructure - Check if caching is possible during tests 2019-09-16 08:47:49 -04:00			`require_once __DIR__ . '/../include/api.php';`
First attemp of api 2011-02-15 06:24:21 -05:00
Remove unused code in mod/ - Remove commented code - Remove unused/immediately overwritten variables - Remove extraneous parameters - Remove unreachable code 2019-01-07 01:23:49 -05:00			`function oauth_get_client(OAuthRequest $request)`
Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request 2017-12-16 20:13:10 -05:00			`{`
oauthapi: authorize app 2011-10-26 11:15:36 -04:00			`$params = $request->get_parameters();`
			`$token = $params['oauth_token'];`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
			$r = q("SELECT `clients`.*
			FROM `clients`, `tokens`
			WHERE `clients`.`client_id`=`tokens`.`client_id`
Rename dbesc to DBA::escape 2018-07-21 09:10:13 -04:00			AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", DBA::escape($token));
oauthapi: authorize app 2011-10-26 11:15:36 -04:00
Rename DBA::is_result to DBA::isResult 2018-07-21 08:46:04 -04:00			`if (!DBA::isResult($r)) {`
oauthapi: authorize app 2011-10-26 11:15:36 -04:00			`return null;`
Many t() calls modify many t() calls. 2018-01-21 13:33:59 -05:00			`}`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
oauthapi: authorize app 2011-10-26 11:15:36 -04:00			`return $r[0];`
			`}`

Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request 2017-12-16 20:13:10 -05:00			`function api_post(App $a)`
			`{`
			`if (!local_user()) {`
Move L10n::t() calls to DI::l10n()->t() calls 2020-01-18 14:52:34 -05:00			`notice(DI::l10n()->t('Permission denied.') . EOL);`
oauthapi: authorize app 2011-10-26 11:15:36 -04:00			`return;`
			`}`

Replace x() by isset(), !empty() or defaults() - Remove extraneous parentheses around empty() calls - Remove duplicate calls to intval(), count() or strlen() after empty() - Replace ternary operators outputting binary value with empty() return value - Rewrite defaults() without x() 2018-11-30 09:06:22 -05:00			`if (count($a->user) && !empty($a->user['uid']) && $a->user['uid'] != local_user()) {`
Move L10n::t() calls to DI::l10n()->t() calls 2020-01-18 14:52:34 -05:00			`notice(DI::l10n()->t('Permission denied.') . EOL);`
oauthapi: authorize app 2011-10-26 11:15:36 -04:00			`return;`
			`}`
			`}`

Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request 2017-12-16 20:13:10 -05:00			`function api_content(App $a)`
			`{`
Remove deprecated App::cmd - replace with DI::args()->getCommand() 2019-12-15 19:33:13 -05:00			`if (DI::args()->getCommand() == 'api/oauth/authorize') {`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00			`/*`
oauthapi: authorize app 2011-10-26 11:15:36 -04:00			`* api/oauth/authorize interact with the user. return a standard page`
			`*/`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
Replace deprecated $a->page with DI::page() 2019-12-30 14:02:09 -05:00			`DI::page()['template'] = "minimal";`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
oauth: authorize 2011-11-07 11:36:41 -05:00			`// get consumer/client from request token`
			`try {`
			`$request = OAuthRequest::from_request();`
Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request 2017-12-16 20:13:10 -05:00			`} catch (Exception $e) {`
			`echo "<pre>";`
			`var_dump($e);`
Remove/replace killme() with *exit() 2018-12-26 00:40:12 -05:00			`exit();`
oauth: authorize 2011-11-07 11:36:41 -05:00			`}`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
Replace x() by isset(), !empty() or defaults() - Remove extraneous parentheses around empty() calls - Remove duplicate calls to intval(), count() or strlen() after empty() - Replace ternary operators outputting binary value with empty() return value - Rewrite defaults() without x() 2018-11-30 09:06:22 -05:00			`if (!empty($_POST['oauth_yes'])) {`
oauth: authorize 2011-11-07 11:36:41 -05:00			`$app = oauth_get_client($request);`
Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request 2017-12-16 20:13:10 -05:00			`if (is_null($app)) {`
			`return "Invalid request. Unknown token.";`
			`}`
oauth: authorize 2011-11-07 11:36:41 -05:00			`$consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);`
oauth: authorize view, wrong verifier. 2011-11-02 04:54:07 -04:00
Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request 2017-12-16 20:13:10 -05:00			`$verifier = md5($app['secret'] . local_user());`
Move Config::set() to DI::config()->set() 2020-01-19 15:21:53 -05:00			`DI::config()->set("oauth", $verifier, local_user());`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request 2017-12-16 20:13:10 -05:00			`if ($consumer->callback_url != null) {`
oauth: authorize 2011-11-07 11:36:41 -05:00			`$params = $request->get_parameters();`
Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request 2017-12-16 20:13:10 -05:00			`$glue = "?";`
			`if (strstr($consumer->callback_url, $glue)) {`
			`$glue = "?";`
			`}`
Refactor deprecated App::internalRedirect() to DI::baseUrl()->redirect() 2019-12-15 18:28:31 -05:00			`DI::baseUrl()->redirect($consumer->callback_url . $glue . 'oauth_token=' . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . '&oauth_verifier=' . OAuthUtil::urlencode_rfc3986($verifier));`
Remove/replace killme() with *exit() 2018-12-26 00:40:12 -05:00			`exit();`
oauth: authorize 2011-11-07 11:36:41 -05:00			`}`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
get markup template implement getMarkupTemplate function 2018-10-31 10:44:06 -04:00			`$tpl = Renderer::getMarkupTemplate("oauth_authorize_done.tpl");`
replace macros implement new replaceMacros function 2018-10-31 10:35:50 -04:00			`$o = Renderer::replaceMacros($tpl, [`
Move L10n::t() calls to DI::l10n()->t() calls 2020-01-18 14:52:34 -05:00			`'$title' => DI::l10n()->t('Authorize application connection'),`
			`'$info' => DI::l10n()->t('Return to your app and insert this Securty Code:'),`
oauth: authorize view, wrong verifier. 2011-11-02 04:54:07 -04:00			`'$code' => $verifier,`
Use short form array syntax everywhere - Add short form array syntax to po2php.php generation 2018-01-15 08:05:12 -05:00			`]);`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
oauthapi: authorize app 2011-10-26 11:15:36 -04:00			`return $o;`
			`}`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request 2017-12-16 20:13:10 -05:00			`if (!local_user()) {`
reformat todo according to doxygen style 2015-12-25 17:17:34 -05:00			`/// @TODO We need login form to redirect to this page`
Move L10n::t() calls to DI::l10n()->t() calls 2020-01-18 14:52:34 -05:00			`notice(DI::l10n()->t('Please login to continue.') . EOL);`
Remove deprecated App::query_string - replace with DI::args()->getQueryString() 2019-12-15 19:30:34 -05:00			`return Login::form(DI::args()->getQueryString(), false, $request->get_parameters());`
oauthapi: authorize app 2011-10-26 11:15:36 -04:00			`}`
oauth: authorize 2011-11-07 11:36:41 -05:00			`//FKOAuth1::loginUser(4);`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
oauth: authorize 2011-11-07 11:36:41 -05:00			`$app = oauth_get_client($request);`
Fix formatting in mod - mod/api - mod/bookmarklet - mod/dfrn_request 2017-12-16 20:13:10 -05:00			`if (is_null($app)) {`
			`return "Invalid request. Unknown token.";`
			`}`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
get markup template implement getMarkupTemplate function 2018-10-31 10:44:06 -04:00			`$tpl = Renderer::getMarkupTemplate('oauth_authorize.tpl');`
replace macros implement new replaceMacros function 2018-10-31 10:35:50 -04:00			`$o = Renderer::replaceMacros($tpl, [`
Move L10n::t() calls to DI::l10n()->t() calls 2020-01-18 14:52:34 -05:00			`'$title' => DI::l10n()->t('Authorize application connection'),`
oauthapi: authorize app 2011-10-26 11:15:36 -04:00			`'$app' => $app,`
Move L10n::t() calls to DI::l10n()->t() calls 2020-01-18 14:52:34 -05:00			`'$authorize' => DI::l10n()->t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),`
			`'$yes' => DI::l10n()->t('Yes'),`
			`'$no' => DI::l10n()->t('No'),`
Use short form array syntax everywhere - Add short form array syntax to po2php.php generation 2018-01-15 08:05:12 -05:00			`]);`
New versions of Twidere crashed during posting. 2015-08-17 16:38:05 -04:00
oauthapi: authorize app 2011-10-26 11:15:36 -04:00			`return $o;`
			`}`
API: API is reworked in many parts so that it should be compatible to more statusnet clients then before (like AndStatus) 2013-12-15 17:00:47 -05:00
First attemp of api 2011-02-15 06:24:21 -05:00			`echo api_call($a);`
Remove/replace killme() with *exit() 2018-12-26 00:40:12 -05:00			`exit();`
First attemp of api 2011-02-15 06:24:21 -05:00			`}`