oembed provider cleanup, add oembed to cards

6 files changed, 139 insertions, 14 deletions

diff --git a/Zotlabs/Module/Cards.php b/Zotlabs/Module/Cards.php
index 33688cba0..f354544d5 100644
--- a/Zotlabs/Module/Cards.php
+++ b/Zotlabs/Module/Cards.php
@@ -38,6 +38,14 @@ class Cards extends \Zotlabs\Web\Controller {
 
 		nav_set_selected(t('Cards'));
 
+		head_add_link([ 
+			'rel'   => 'alternate',
+			'type'  => 'application/json+oembed',
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'title' => 'oembed'
+		]);
+
+
 		$category = (($_REQUEST['cat']) ? escape_tags(trim($_REQUEST['cat'])) : '');
 					
 		if($category) {
diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php
index c006d65d4..5e7db79d9 100644
--- a/Zotlabs/Module/Channel.php
+++ b/Zotlabs/Module/Channel.php
@@ -180,7 +180,12 @@ class Channel extends \Zotlabs\Web\Controller {
 
 		$simple_update = (($update) ? " AND item_unseen = 1 " : '');
 
-		\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
+		head_add_link([ 
+			'rel'   => 'alternate',
+			'type'  => 'application/json+oembed',
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'title' => 'oembed'
+		]);
 
 		if($update && $_SESSION['loadtime'])
 			$simple_update = " AND (( item_unseen = 1 AND item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' )  OR item.changed > '" . datetime_convert('UTC','UTC',$_SESSION['loadtime']) . "' ) ";
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 1077cbdb9..b698513ba 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -175,9 +175,12 @@ class Display extends \Zotlabs\Web\Controller {
 				'$mid' => $item_hash
 			));
 
-			\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
-	
-	
+			head_add_link([ 
+				'rel'   => 'alternate',
+				'type'  => 'application/json+oembed',
+				'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+				'title' => 'oembed'
+			]);
 		}
 	
 		$observer_hash = get_observer_hash();
diff --git a/Zotlabs/Module/Oep.php b/Zotlabs/Module/Oep.php
index 6469a7007..02aa4aba9 100644
--- a/Zotlabs/Module/Oep.php
+++ b/Zotlabs/Module/Oep.php
@@ -41,6 +41,8 @@ class Oep extends \Zotlabs\Web\Controller {
 			$arr = $this->oep_profile_reply($_REQUEST);
 		elseif(fnmatch('*/profile/*',$url))
 			$arr = $this->oep_profile_reply($_REQUEST);
+		elseif(fnmatch('*/cards/*',$url))
+			$arr = $this->oep_cards_reply($_REQUEST);
 	
 		if($arr) {
 			if($html) {
@@ -89,7 +91,10 @@ class Oep extends \Zotlabs\Web\Controller {
 	
 		if(! ($c && $res))
 			return;
-	
+
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream'))
+			return;
+
 		$sql_extra = item_permissions_sql($c['channel_id']);
 	
 		$p = q("select * from item where mid like '%s' and uid = %d $sql_extra $item_normal limit 1",
@@ -140,6 +145,91 @@ class Oep extends \Zotlabs\Web\Controller {
 		return $ret;
 	
 	}
+
+
+	function oep_cards_reply($args) {
+	
+		$ret = [];
+		$url = $args['url'];
+		$maxwidth  = intval($args['maxwidth']);
+		$maxheight = intval($args['maxheight']);
+
+		if(preg_match('#//(.*?)/cards/(.*?)/(.*?)(&|\?|$)#',$url,$matches)) {
+			$nick = $matches[2];
+			$res = $matches[3];
+		}
+		if(! ($nick && $res))
+			return $ret; 
+
+		$channel = channelx_by_nick($nick);
+
+		if(! $channel)
+			return $ret;
+
+
+		if(! perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_pages'))
+			return $ret;
+
+		$sql_extra = items_permissions_sql($channel['channel_id'],get_observer_hash());
+
+		$r = q("select * from iconfig where iconfig.cat = 'system' and iconfig.k = 'CARD' and iconfig.v = '%s' limit 1",
+			dbesc($res)
+		);
+		if($r) {
+			$sql_extra = "and item.id = " . intval($r[0]['iid']) . " ";
+		}
+		else {
+			return $ret;
+		}
+				
+		$r = q("select * from item 
+			where item.uid = %d and item_type = %d 
+			$sql_extra order by item.created desc",
+			intval($channel['channel_id']),
+			intval(ITEM_TYPE_CARD)
+		);
+
+		$item_normal = " and item.item_hidden = 0 and item.item_type in (0,6) and item.item_deleted = 0
+			and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_pending_remove = 0
+			and item.item_blocked = 0 ";
+
+		if($r) {
+			xchan_query($r);
+			$p = fetch_post_tags($r, true);
+		}
+
+		$x = '2eGriplW^*Jmf4';
+
+	        
+		$o = "[share author='".urlencode($p[0]['author']['xchan_name']).
+            "' profile='".$p[0]['author']['xchan_url'] .
+            "' avatar='".$p[0]['author']['xchan_photo_s'].
+            "' link='".$p[0]['plink'].
+            "' posted='".$p[0]['created'].
+            "' message_id='".$p[0]['mid']."']";
+	    if($p[0]['title'])
+            $o .= '[b]'.$p[0]['title'].'[/b]'."\r\n";
+
+		$o .= $x; 
+		$o .= "[/share]";
+		$o = bbcode($o);
+	
+		$o = str_replace($x,bbcode($p[0]['body']),$o);
+	
+		$ret['type'] = 'rich';
+	
+		$w = (($maxwidth) ? $maxwidth : 640);
+		$h = (($maxheight) ? $maxheight : intval($w * 2 / 3));
+	
+		$ret['html'] = '<div style="width: ' . $w . '; height: ' . $h . '; font-family: sans-serif,arial,freesans;" >' . $o . '</div>';
+		
+		$ret['width'] = $w;
+		$ret['height'] = $h;
+	
+		return $ret;
+	
+	}
+
 	
 	function oep_mid_reply($args) {
 	
@@ -161,6 +251,9 @@ class Oep extends \Zotlabs\Web\Controller {
 	
 		if(! $c)
 			return;
+
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_stream'))
+			return;
 	
 		$sql_extra = item_permissions_sql($c[0]['channel_id']);
 	
@@ -279,6 +372,9 @@ class Oep extends \Zotlabs\Web\Controller {
 		if(! $c)
 			return;
 	
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
+			return;
+
 		$sql_extra = permissions_sql($c[0]['channel_id']);
 	
 		$p = q("select resource_id from photo where album = '%s' and uid = %d and imgscale = 0 $sql_extra order by created desc limit 1",
@@ -340,6 +436,9 @@ class Oep extends \Zotlabs\Web\Controller {
 		if(! $c)
 			return;
 	
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
+			return;
+
 		$sql_extra = permissions_sql($c[0]['channel_id']);
 	
 		$p = q("select resource_id from photo where uid = %d and imgscale = 0 $sql_extra order by created desc limit 1",
@@ -400,7 +499,10 @@ class Oep extends \Zotlabs\Web\Controller {
 	
 		if(! $c)
 			return;
-	
+
+		if(! perm_is_allowed($c[0]['channel_id'],get_observer_hash(),'view_files'))
+			return;
+
 		$sql_extra = permissions_sql($c[0]['channel_id']);
 	
 	
diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php
index 0f80f46a5..bb7079a6a 100644
--- a/Zotlabs/Module/Photos.php
+++ b/Zotlabs/Module/Photos.php
@@ -671,8 +671,13 @@ class Photos extends \Zotlabs\Web\Controller {
 		 */
 	
 		if($datatype === 'album') {
-	
-			\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$cmd) . '" title="oembed" />' . "\r\n";
+
+			head_add_link([ 
+				'rel'   => 'alternate',
+				'type'  => 'application/json+oembed',
+				'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+				'title' => 'oembed'
+			]);
 
 			if($x = photos_album_exists($owner_uid, get_observer_hash(), $datum)) {
 				\App::set_pager_itemspage(60);
diff --git a/Zotlabs/Module/Profile.php b/Zotlabs/Module/Profile.php
index 6930d50ca..43106e3af 100644
--- a/Zotlabs/Module/Profile.php
+++ b/Zotlabs/Module/Profile.php
@@ -94,7 +94,6 @@ class Profile extends \Zotlabs\Web\Controller {
 			echo \App::$profile['profile_vcard'];
 			killme();
 		}
-
 	
 		$is_owner = ((local_channel()) && (local_channel() == \App::$profile['profile_uid']) ? true : false);
 	
@@ -102,11 +101,14 @@ class Profile extends \Zotlabs\Web\Controller {
 			notice( t('Permission denied.') . EOL);
 			return;
 		}
-	
-		//$o .= profile_tabs($a, $is_owner, \App::$profile['channel_address']);
-	
-		\App::$page['htmlhead'] .= "\r\n" . '<link rel="alternate" type="application/json+oembed" href="' . z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string) . '" title="oembed" />' . "\r\n";
-	
+		
+		head_add_link([ 
+			'rel'   => 'alternate',
+			'type'  => 'application/json+oembed',
+			'href'  => z_root() . '/oep?f=&url=' . urlencode(z_root() . '/' . \App::$query_string),
+			'title' => 'oembed'
+		]);
+
 		$o .= advanced_profile($a);
 		call_hooks('profile_advanced',$o);
 		return $o;