Add all required HTTP methods
This commit is contained in:
parent
8ae2e3caf8
commit
6236870aa4
|
@ -276,11 +276,23 @@ class Module
|
|||
|
||||
$profiler->set(microtime(true) - $timestamp, 'init');
|
||||
|
||||
if ($server['REQUEST_METHOD'] === 'POST') {
|
||||
if ($server['REQUEST_METHOD'] === Router::DELETE) {
|
||||
call_user_func([$this->module_class, 'delete'], $this->module_parameters);
|
||||
}
|
||||
|
||||
if ($server['REQUEST_METHOD'] === Router::PATCH) {
|
||||
call_user_func([$this->module_class, 'patch'], $this->module_parameters);
|
||||
}
|
||||
|
||||
if ($server['REQUEST_METHOD'] === Router::POST) {
|
||||
Core\Hook::callAll($this->module . '_mod_post', $post);
|
||||
call_user_func([$this->module_class, 'post'], $this->module_parameters);
|
||||
}
|
||||
|
||||
if ($server['REQUEST_METHOD'] === Router::PUT) {
|
||||
call_user_func([$this->module_class, 'put'], $this->module_parameters);
|
||||
}
|
||||
|
||||
Core\Hook::callAll($this->module . '_mod_afterpost', $placeholder);
|
||||
call_user_func([$this->module_class, 'afterpost'], $this->module_parameters);
|
||||
|
||||
|
|
|
@ -72,6 +72,26 @@ abstract class BaseModule
|
|||
return $o;
|
||||
}
|
||||
|
||||
/**
|
||||
* Module DELETE method to process submitted data
|
||||
*
|
||||
* Extend this method if the module is supposed to process DELETE requests.
|
||||
* Doesn't display any content
|
||||
*/
|
||||
public static function delete(array $parameters = [])
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* Module PATCH method to process submitted data
|
||||
*
|
||||
* Extend this method if the module is supposed to process PATCH requests.
|
||||
* Doesn't display any content
|
||||
*/
|
||||
public static function patch(array $parameters = [])
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* Module POST method to process submitted data
|
||||
*
|
||||
|
@ -92,6 +112,16 @@ abstract class BaseModule
|
|||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* Module PUT method to process submitted data
|
||||
*
|
||||
* Extend this method if the module is supposed to process PUT requests.
|
||||
* Doesn't display any content
|
||||
*/
|
||||
public static function put(array $parameters = [])
|
||||
{
|
||||
}
|
||||
|
||||
/*
|
||||
* Functions used to protect against Cross-Site Request Forgery
|
||||
* The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key.
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
|
||||
namespace Friendica\Module\Api\Mastodon;
|
||||
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\DI;
|
||||
use Friendica\Module\BaseApi;
|
||||
|
@ -30,6 +31,11 @@ use Friendica\Module\BaseApi;
|
|||
*/
|
||||
class Statuses extends BaseApi
|
||||
{
|
||||
public static function delete(array $parameters = [])
|
||||
{
|
||||
self::unsupported('delete');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $parameters
|
||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||
|
|
|
@ -21,9 +21,6 @@
|
|||
|
||||
namespace Friendica\Module\Api\Mastodon;
|
||||
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\DI;
|
||||
use Friendica\Module\BaseApi;
|
||||
|
||||
/**
|
||||
|
@ -31,17 +28,48 @@ use Friendica\Module\BaseApi;
|
|||
*/
|
||||
class Unimplemented extends BaseApi
|
||||
{
|
||||
/**
|
||||
* @param array $parameters
|
||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||
*/
|
||||
public static function delete(array $parameters = [])
|
||||
{
|
||||
self::unsupported('delete');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $parameters
|
||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||
*/
|
||||
public static function patch(array $parameters = [])
|
||||
{
|
||||
self::unsupported('patch');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $parameters
|
||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||
*/
|
||||
public static function post(array $parameters = [])
|
||||
{
|
||||
self::unsupported('post');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $parameters
|
||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||
*/
|
||||
public static function put(array $parameters = [])
|
||||
{
|
||||
self::unsupported('put');
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array $parameters
|
||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||
*/
|
||||
public static function rawContent(array $parameters = [])
|
||||
{
|
||||
$path = DI::args()->getQueryString();
|
||||
Logger::info('Unimplemented API call', ['path' => $path]);
|
||||
$error = DI::l10n()->t('API endpoint "%s" is not implemented', $path);
|
||||
$error_description = DI::l10n()->t('The API endpoint is currently not implemented but might be in the future.');;
|
||||
$errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description);
|
||||
System::jsonError(501, $errorobj->toArray());
|
||||
self::unsupported('get');
|
||||
}
|
||||
}
|
||||
|
|
|
@ -22,6 +22,8 @@
|
|||
namespace Friendica\Module;
|
||||
|
||||
use Friendica\BaseModule;
|
||||
use Friendica\Core\Logger;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\DI;
|
||||
use Friendica\Network\HTTPException;
|
||||
|
||||
|
@ -53,6 +55,32 @@ class BaseApi extends BaseModule
|
|||
}
|
||||
}
|
||||
|
||||
public static function delete(array $parameters = [])
|
||||
{
|
||||
if (!api_user()) {
|
||||
throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
|
||||
}
|
||||
|
||||
$a = DI::app();
|
||||
|
||||
if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) {
|
||||
throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
|
||||
}
|
||||
}
|
||||
|
||||
public static function patch(array $parameters = [])
|
||||
{
|
||||
if (!api_user()) {
|
||||
throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
|
||||
}
|
||||
|
||||
$a = DI::app();
|
||||
|
||||
if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) {
|
||||
throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
|
||||
}
|
||||
}
|
||||
|
||||
public static function post(array $parameters = [])
|
||||
{
|
||||
if (!api_user()) {
|
||||
|
@ -66,6 +94,29 @@ class BaseApi extends BaseModule
|
|||
}
|
||||
}
|
||||
|
||||
public static function put(array $parameters = [])
|
||||
{
|
||||
if (!api_user()) {
|
||||
throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
|
||||
}
|
||||
|
||||
$a = DI::app();
|
||||
|
||||
if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) {
|
||||
throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
|
||||
}
|
||||
}
|
||||
|
||||
public static function unsupported(string $method = 'all')
|
||||
{
|
||||
$path = DI::args()->getQueryString();
|
||||
Logger::info('Unimplemented API call', ['path' => $path, 'method' => $method]);
|
||||
$error = DI::l10n()->t('API endpoint %s "%s" is not implemented', $method, $path);
|
||||
$error_description = DI::l10n()->t('The API endpoint is currently not implemented but might be in the future.');;
|
||||
$errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description);
|
||||
System::jsonError(501, $errorobj->toArray());
|
||||
}
|
||||
|
||||
/**
|
||||
* Log in user via OAuth1 or Simple HTTP Auth.
|
||||
*
|
||||
|
|
Loading…
Reference in New Issue
Block a user