From 8111ede2e5dede2f7e9c5be1b0dc9fd72bdff34d Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Sun, 10 May 2020 10:24:35 -0400
Subject: [PATCH] Add support for max_id parameter in new Twitter contact API
 endpoints

- Use filter_input instead of manual type casting
---
 doc/API-Twitter.md                         |  6 +-
 src/Module/Api/Twitter/ContactEndpoint.php | 65 ++++++++++++++--------
 src/Module/Api/Twitter/FollowersIds.php    | 21 +++++--
 src/Module/Api/Twitter/FollowersList.php   | 25 ++++++---
 src/Module/Api/Twitter/FriendsIds.php      | 21 +++++--
 src/Module/Api/Twitter/FriendsList.php     | 24 +++++---
 6 files changed, 112 insertions(+), 50 deletions(-)

diff --git a/doc/API-Twitter.md b/doc/API-Twitter.md
index 86a3178752..fab26ae5b5 100644
--- a/doc/API-Twitter.md
+++ b/doc/API-Twitter.md
@@ -157,11 +157,13 @@ These endpoints use the [Friendica API entities](help/API-Entities).
   - [GET api/followers/list](https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-followers-list)
   - [GET api/friends/ids](https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-friends-ids)
   - [GET api/friends/list](https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-friends-list)
-    - Additional parameter:
-        - `since_id`: Same behavior as `cursor`, use the `next_cursor` value to load the next page.
+    - Additional parameters:
+        - `since_id`: You can use the `next_cursor` value to load the next page.
+        - `max_id`: You can use the inverse of the `previous_cursor` value to load the previous page.
     - Unsupported parameter:
         - `skip_status`: No status is returned even if it isn't set to true.
     - Caveats:
+        - `cursor` trumps `since_id` trumps `max_id` if any combination is provided. 
         - `user_id` must be the ID of a contact associated with a local user account.
         - `screen_name` must be associated with a local user account.
         - `screen_name` trumps `user_id` if both are provided (undocumented Twitter behavior).
diff --git a/src/Module/Api/Twitter/ContactEndpoint.php b/src/Module/Api/Twitter/ContactEndpoint.php
index 0e45488e1e..116f8eea2d 100644
--- a/src/Module/Api/Twitter/ContactEndpoint.php
+++ b/src/Module/Api/Twitter/ContactEndpoint.php
@@ -114,8 +114,6 @@ abstract class ContactEndpoint extends BaseApi
 			'total_count' => $return['total_count'],
 		];
 
-
-
 		return $return;
 	}
 
@@ -140,28 +138,33 @@ abstract class ContactEndpoint extends BaseApi
 			$hide_friends = (bool)$profile['hide-friends'];
 		}
 
-		$condition = DBA::collapseCondition([
-			'rel' => $rel,
-			'uid' => $uid,
-			'self' => false,
-			'deleted' => false,
-			'hidden' => false,
-			'archive' => false,
-			'pending' => false
-		]);
-
-		if ($cursor !== -1) {
-			$condition[0] .= " AND `id` > ?";
-			$condition[] = $cursor;
-		}
-
 		$ids = [];
 		$next_cursor = 0;
 		$previous_cursor = 0;
 		$total_count = 0;
 		if (!$hide_friends) {
+			$condition = DBA::collapseCondition([
+				'rel' => $rel,
+				'uid' => $uid,
+				'self' => false,
+				'deleted' => false,
+				'hidden' => false,
+				'archive' => false,
+				'pending' => false
+			]);
+
 			$total_count = DBA::count('contact', $condition);
 
+			if ($cursor !== -1) {
+				if ($cursor > 0) {
+					$condition[0] .= " AND `id` > ?";
+					$condition[] = $cursor;
+				} else {
+					$condition[0] .= " AND `id` < ?";
+					$condition[] = -$cursor;
+				}
+			}
+
 			$contacts = Contact::selectToArray(['id'], $condition, ['limit' => $count, 'order' => ['id']]);
 
 			// Contains user-specific contact ids
@@ -169,9 +172,32 @@ abstract class ContactEndpoint extends BaseApi
 
 			// Cursor is on the user-specific contact id since it's the sort field
 			if (count($ids)) {
+				$previous_cursor = -$ids[0];
 				$next_cursor = $ids[count($ids) -1];
 			}
 
+			// No next page
+			if ($total_count <= count($contacts) || count($contacts) < $count) {
+				$next_cursor = 0;
+			}
+			// End of results
+			if ($cursor < 0 && count($contacts) === 0) {
+				$next_cursor = -1;
+			}
+
+			// No previous page
+			if ($cursor === -1) {
+				$previous_cursor = 0;
+			}
+
+			if ($cursor > 0 && count($contacts) === 0) {
+				$previous_cursor = -$cursor;
+			}
+
+			if ($cursor < 0 && count($contacts) === 0) {
+				$next_cursor = -1;
+			}
+
 			// Conversion to public contact ids
 			array_walk($ids, function (&$contactId) use ($uid, $stringify_ids) {
 				$cdata = Contact::getPublicAndUserContacID($contactId, $uid);
@@ -181,11 +207,6 @@ abstract class ContactEndpoint extends BaseApi
 					$contactId = (int)$cdata['public'];
 				}
 			});
-
-			// No next page
-			if ($total_count <= count($contacts)) {
-				$next_cursor = 0;
-			}
 		}
 
 		$return = [
diff --git a/src/Module/Api/Twitter/FollowersIds.php b/src/Module/Api/Twitter/FollowersIds.php
index 8e0a7da98b..7b0bc84e07 100644
--- a/src/Module/Api/Twitter/FollowersIds.php
+++ b/src/Module/Api/Twitter/FollowersIds.php
@@ -32,16 +32,25 @@ class FollowersIds extends ContactEndpoint
 	public static function rawContent(array $parameters = [])
 	{
 		// Expected value for user_id parameter: public/user contact id
-		$contact_id    = $_GET['user_id'] ?? null;
-		$screen_name   = $_GET['screen_name'] ?? null;
-		$cursor        = $_GET['cursor'] ?? $_GET['since_id'] ?? -1;
-		$stringify_ids = ($_GET['stringify_ids'] ?? 'false') != 'false';
-		$count         = min((int) ($_GET['count'] ?? self::DEFAULT_COUNT), self::MAX_COUNT);
+		$contact_id    = filter_input(INPUT_GET, 'user_id'      , FILTER_VALIDATE_INT);
+		$screen_name   = filter_input(INPUT_GET, 'screen_name');
+		$cursor        = filter_input(INPUT_GET, 'cursor'       , FILTER_VALIDATE_INT);
+		$stringify_ids = filter_input(INPUT_GET, 'stringify_ids', FILTER_VALIDATE_BOOLEAN);
+		$count         = filter_input(INPUT_GET, 'count'        , FILTER_VALIDATE_INT, ['options' => [
+			'default' => self::DEFAULT_COUNT,
+			'min_range' => 1,
+			'max_range' => self::MAX_COUNT,
+		]]);
+		// Friendica-specific
+		$since_id      = filter_input(INPUT_GET, 'since_id'     , FILTER_VALIDATE_INT);
+		$max_id        = filter_input(INPUT_GET, 'max_id'       , FILTER_VALIDATE_INT, ['options' => [
+			'default' => 1,
+		]]);
 
 		System::jsonExit(self::ids(
 			[Contact::FOLLOWER, Contact::FRIEND],
 			self::getUid($contact_id, $screen_name),
-			$cursor,
+			$cursor ?? $since_id ?? - $max_id,
 			$count,
 			$stringify_ids
 		));
diff --git a/src/Module/Api/Twitter/FollowersList.php b/src/Module/Api/Twitter/FollowersList.php
index 867272bfba..7559d8327a 100644
--- a/src/Module/Api/Twitter/FollowersList.php
+++ b/src/Module/Api/Twitter/FollowersList.php
@@ -32,17 +32,28 @@ class FollowersList extends ContactEndpoint
 	public static function rawContent(array $parameters = [])
 	{
 		// Expected value for user_id parameter: public/user contact id
-		$contact_id  = $_GET['user_id'] ?? null;
-		$screen_name = $_GET['screen_name'] ?? null;
-		$cursor      = $_GET['cursor'] ?? $_GET['since_id'] ?? -1;
-		$count       = min((int) ($_GET['count'] ?? self::DEFAULT_COUNT), self::MAX_COUNT);
-		$skip_status = in_array(($_GET['skip_status'] ?? false), [true, 'true', 't', 1, '1']);
-		$include_user_entities = ($_GET['include_user_entities'] ?? 'true') != 'false';
+		$contact_id    = filter_input(INPUT_GET, 'user_id'      , FILTER_VALIDATE_INT);
+		$screen_name   = filter_input(INPUT_GET, 'screen_name');
+		$cursor        = filter_input(INPUT_GET, 'cursor'       , FILTER_VALIDATE_INT);
+		$count         = filter_input(INPUT_GET, 'count'        , FILTER_VALIDATE_INT, ['options' => [
+			'default' => self::DEFAULT_COUNT,
+			'min_range' => 1,
+			'max_range' => self::MAX_COUNT,
+		]]);
+		$skip_status           = filter_input(INPUT_GET, 'skip_status'          , FILTER_VALIDATE_BOOLEAN);
+		$include_user_entities = filter_input(INPUT_GET, 'include_user_entities', FILTER_VALIDATE_BOOLEAN);
+
+		// Friendica-specific
+		$since_id      = filter_input(INPUT_GET, 'since_id'     , FILTER_VALIDATE_INT);
+		$max_id        = filter_input(INPUT_GET, 'max_id'       , FILTER_VALIDATE_INT, ['options' => [
+			'default' => 1,
+		]]);
+
 
 		System::jsonExit(self::list(
 			[Contact::FOLLOWER, Contact::FRIEND],
 			self::getUid($contact_id, $screen_name),
-			$cursor,
+			$cursor ?? $since_id ?? - $max_id,
 			$count,
 			$skip_status,
 			$include_user_entities
diff --git a/src/Module/Api/Twitter/FriendsIds.php b/src/Module/Api/Twitter/FriendsIds.php
index 4086b17a50..1a303bfa75 100644
--- a/src/Module/Api/Twitter/FriendsIds.php
+++ b/src/Module/Api/Twitter/FriendsIds.php
@@ -32,16 +32,25 @@ class FriendsIds extends ContactEndpoint
 	public static function rawContent(array $parameters = [])
 	{
 		// Expected value for user_id parameter: public/user contact id
-		$contact_id    = $_GET['user_id'] ?? null;
-		$screen_name   = $_GET['screen_name'] ?? null;
-		$cursor        = $_GET['cursor'] ?? $_GET['since_id'] ?? -1;
-		$stringify_ids = ($_GET['stringify_ids'] ?? 'false') != 'false';
-		$count         = min((int) ($_GET['count'] ?? self::DEFAULT_COUNT), self::MAX_COUNT);
+		$contact_id    = filter_input(INPUT_GET, 'user_id'      , FILTER_VALIDATE_INT);
+		$screen_name   = filter_input(INPUT_GET, 'screen_name');
+		$cursor        = filter_input(INPUT_GET, 'cursor'       , FILTER_VALIDATE_INT);
+		$stringify_ids = filter_input(INPUT_GET, 'stringify_ids', FILTER_VALIDATE_BOOLEAN);
+		$count         = filter_input(INPUT_GET, 'count'        , FILTER_VALIDATE_INT, ['options' => [
+			'default' => self::DEFAULT_COUNT,
+			'min_range' => 1,
+			'max_range' => self::MAX_COUNT,
+		]]);
+		// Friendica-specific
+		$since_id      = filter_input(INPUT_GET, 'since_id'     , FILTER_VALIDATE_INT);
+		$max_id        = filter_input(INPUT_GET, 'max_id'       , FILTER_VALIDATE_INT, ['options' => [
+			'default' => 1,
+		]]);
 
 		System::jsonExit(self::ids(
 			[Contact::SHARING, Contact::FRIEND],
 			self::getUid($contact_id, $screen_name),
-			$cursor,
+			$cursor ?? $since_id ?? - $max_id,
 			$count,
 			$stringify_ids
 		));
diff --git a/src/Module/Api/Twitter/FriendsList.php b/src/Module/Api/Twitter/FriendsList.php
index e07f558f1d..1a45f07917 100644
--- a/src/Module/Api/Twitter/FriendsList.php
+++ b/src/Module/Api/Twitter/FriendsList.php
@@ -32,17 +32,27 @@ class FriendsList extends ContactEndpoint
 	public static function rawContent(array $parameters = [])
 	{
 		// Expected value for user_id parameter: public/user contact id
-		$contact_id  = $_GET['user_id'] ?? null;
-		$screen_name = $_GET['screen_name'] ?? null;
-		$cursor      = $_GET['cursor'] ?? $_GET['since_id'] ?? -1;
-		$count       = min((int) ($_GET['count'] ?? self::DEFAULT_COUNT), self::MAX_COUNT);
-		$skip_status = in_array(($_GET['skip_status'] ?? false), [true, 'true', 't', 1, '1']);
-		$include_user_entities = ($_GET['include_user_entities'] ?? 'true') != 'false';
+		$contact_id    = filter_input(INPUT_GET, 'user_id'      , FILTER_VALIDATE_INT);
+		$screen_name   = filter_input(INPUT_GET, 'screen_name');
+		$cursor        = filter_input(INPUT_GET, 'cursor'       , FILTER_VALIDATE_INT);
+		$count         = filter_input(INPUT_GET, 'count'        , FILTER_VALIDATE_INT, ['options' => [
+			'default' => self::DEFAULT_COUNT,
+			'min_range' => 1,
+			'max_range' => self::MAX_COUNT,
+		]]);
+		$skip_status           = filter_input(INPUT_GET, 'skip_status'          , FILTER_VALIDATE_BOOLEAN);
+		$include_user_entities = filter_input(INPUT_GET, 'include_user_entities', FILTER_VALIDATE_BOOLEAN);
+
+		// Friendica-specific
+		$since_id      = filter_input(INPUT_GET, 'since_id'     , FILTER_VALIDATE_INT);
+		$max_id        = filter_input(INPUT_GET, 'max_id'       , FILTER_VALIDATE_INT, ['options' => [
+			'default' => 1,
+		]]);
 
 		System::jsonExit(self::list(
 			[Contact::SHARING, Contact::FRIEND],
 			self::getUid($contact_id, $screen_name),
-			$cursor,
+			$cursor ?? $since_id ?? - $max_id,
 			$count,
 			$skip_status,
 			$include_user_entities