aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorFabio Comuni <fabrix.xm@gmail.com>2011-10-20 15:57:35 +0200
committerFabio Comuni <fabrix.xm@gmail.com>2011-10-20 15:57:35 +0200
commitb06588ffa1c925d0a008a34bf8fa5c316b964b87 (patch)
treee17dd8db74a6da2742011d87d48a305db7d11a31 /include
parentdf996a8b5ed2ac33c26a522d65eca6d6a4abe439 (diff)
downloadvolse-hubzilla-b06588ffa1c925d0a008a34bf8fa5c316b964b87.tar.gz
volse-hubzilla-b06588ffa1c925d0a008a34bf8fa5c316b964b87.tar.bz2
volse-hubzilla-b06588ffa1c925d0a008a34bf8fa5c316b964b87.zip
Initial work adding oauth to api
Diffstat (limited to 'include')
-rw-r--r--include/api.php31
-rw-r--r--include/oauth.php194
2 files changed, 224 insertions, 1 deletions
diff --git a/include/api.php b/include/api.php
index 1334d8eae..252caeb8e 100644
--- a/include/api.php
+++ b/include/api.php
@@ -2,7 +2,7 @@
require_once("bbcode.php");
require_once("datetime.php");
require_once("conversation.php");
-
+ require_once("oauth.php");
/*
* Twitter-Like API
*
@@ -1135,3 +1135,32 @@
}
api_register_func('api/direct_messages/sent','api_direct_messages_sentbox',true);
api_register_func('api/direct_messages','api_direct_messages_inbox',true);
+
+
+
+ function api_oauth_request_token(&$a, $type){
+ try{
+ $oauth = new FKOAuth1();
+ $r = $oauth->fetch_request_token(OAuthRequest::from_request());
+ }catch(Exception $e){
+ echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
+ }
+ echo "oauth_token=".$r->key."&oauth_secret=".$r->secret;
+ killme();
+ }
+ function api_oauth_access_token(&$a, $type){
+ try{
+ $oauth = new FKOAuth1();
+ $r = $oauth->fetch_access_token(OAuthRequest::from_request());
+ }catch(Exception $e){
+ echo "error=". OAuthUtil::urlencode_rfc3986($e->getMessage()); killme();
+ }
+ echo "oauth_token=".$r->key."&oauth_secret=".$r->secret;
+ killme();
+ }
+ function api_oauth_authorize(&$a, $type){
+ }
+ api_register_func('api/oauth/request_token', 'api_oauth_request_token', false);
+ api_register_func('api/oauth/access_token', 'api_oauth_access_token', false);
+ api_register_func('api/oauth/authorize', 'api_oauth_authorize', false);
+
diff --git a/include/oauth.php b/include/oauth.php
new file mode 100644
index 000000000..63d5fcd92
--- /dev/null
+++ b/include/oauth.php
@@ -0,0 +1,194 @@
+<?php
+/**
+ * OAuth server
+ * Based on oauth2-php <http://code.google.com/p/oauth2-php/>
+ *
+ */
+
+define('TOKEN_DURATION', 300);
+
+require_once("library/OAuth1.php");
+require_once("library/oauth2-php/lib/OAuth2.inc");
+
+class FKOAuthDataStore extends OAuthDataStore {
+ function gen_token(){
+ return md5(base64_encode(pack('N6', mt_rand(), mt_rand(), mt_rand(), mt_rand(), mt_rand(), uniqid())));
+ }
+
+ function lookup_consumer($consumer_key) {
+ //echo "<pre>"; var_dump($consumer_key); killme();
+
+ $r = q("SELECT client_id, pw, redirect_uri FROM clients WHERE client_id='%s'",
+ dbesc($consumer_key)
+ );
+ if (count($r))
+ return new OAuthConsumer($r[0]['client_id'],$r[0]['pw'],$r[0]['redirect_uri']);
+ return null;
+ }
+
+ function lookup_token($consumer, $token_type, $token) {
+ //echo __file__.":".__line__."<pre>"; var_dump($consumer, $token_type, $token); killme();
+ $r = q("SELECT id, secret,scope, expires FROM tokens WHERE client_id='%s' AND scope='%s' AND id='%s'",
+ dbesc($consumer->key),
+ dbesc($token_type),
+ dbesc($token)
+ );
+ if (count($r)){
+ $ot=new OAuthToken($r[0]['id'],$r[0]['secret']);
+ $ot->scope=$r[0]['scope'];
+ $ot->expires = $r[0]['expires'];
+ return $ot;
+ }
+ return null;
+ }
+
+ function lookup_nonce($consumer, $token, $nonce, $timestamp) {
+ //echo __file__.":".__line__."<pre>"; var_dump($consumer,$key); killme();
+ $r = q("SELECT id, secret FROM tokens WHERE client_id='%s' AND id='%s' AND expires=%d",
+ dbesc($consumer->key),
+ dbesc($nonce),
+ intval($timestamp)
+ );
+ if (count($r))
+ return new OAuthToken($r[0]['id'],$r[0]['secret']);
+ return null;
+ }
+
+ function new_request_token($consumer, $callback = null) {
+ $key = $this->gen_token();
+ $sec = $this->gen_token();
+ $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
+ dbesc($key),
+ dbesc($sec),
+ dbesc($consumer->key),
+ 'request',
+ intval(TOKEN_DURATION));
+ if (!$r) return null;
+ return new OAuthToken($key,$sec);
+ }
+
+ function new_access_token($token, $consumer, $verifier = null) {
+ // return a new access token attached to this consumer
+ // for the user associated with this token if the request token
+ // is authorized
+ // should also invalidate the request token
+
+ $ret=Null;
+
+ if (!is_null($token) && $token->expires > time()){
+
+ $key = $this->gen_token();
+ $sec = $this->gen_token();
+ $r = q("INSERT INTO tokens (id, secret, client_id, scope, expires) VALUES ('%s','%s','%s','%s', UNIX_TIMESTAMP()+%d)",
+ dbesc($key),
+ dbesc($sec),
+ dbesc($consumer->$key),
+ 'access',
+ intval(TOKEN_DURATION));
+ if ($r)
+ $ret = new OAuthToken($key,$sec);
+ }
+
+
+ q("DELETE FROM tokens WHERE id='%s'", $token->key);
+
+ return $ret;
+
+ }
+}
+
+class FKOAuth1 extends OAuthServer {
+ function __construct() {
+ parent::__construct(new FKOAuthDataStore());
+ $this->add_signature_method(new OAuthSignatureMethod_PLAINTEXT());
+ }
+}
+
+class FKOAuth2 extends OAuth2 {
+
+ private function db_secret($client_secret){
+ return hash('whirlpool',$client_secret);
+ }
+
+ public function addClient($client_id, $client_secret, $redirect_uri) {
+ $client_secret = $this->db_secret($client_secret);
+ $r = q("INSERT INTO clients (client_id, pw, redirect_uri) VALUES ('%s', '%s', '%s')",
+ dbesc($client_id),
+ dbesc($client_secret),
+ dbesc($redirect_uri)
+ );
+
+ return $r;
+ }
+
+ protected function checkClientCredentials($client_id, $client_secret = NULL) {
+ $client_secret = $this->db_secret($client_secret);
+
+ $r = q("SELECT pw FROM clients WHERE client_id = '%s'",
+ dbesc($client_id));
+
+ if ($client_secret === NULL)
+ return $result !== FALSE;
+
+ return $result["client_secret"] == $client_secret;
+ }
+
+ protected function getRedirectUri($client_id) {
+ $r = q("SELECT redirect_uri FROM clients WHERE client_id = '%s'",
+ dbesc($client_id));
+ if ($r === FALSE)
+ return FALSE;
+
+ return isset($r[0]["redirect_uri"]) && $r[0]["redirect_uri"] ? $r[0]["redirect_uri"] : NULL;
+ }
+
+ protected function getAccessToken($oauth_token) {
+ $r = q("SELECT client_id, expires, scope FROM tokens WHERE id = '%s'",
+ dbesc($oauth_token));
+
+ if (count($r))
+ return $r[0];
+ return null;
+ }
+
+
+
+ protected function setAccessToken($oauth_token, $client_id, $expires, $scope = NULL) {
+ $r = q("INSERT INTO tokens (id, client_id, expires, scope) VALUES ('%s', '%s', %d, '%s')",
+ dbesc($oauth_token),
+ dbesc($client_id),
+ intval($expires),
+ dbesc($scope));
+
+ return $r;
+ }
+
+ protected function getSupportedGrantTypes() {
+ return array(
+ OAUTH2_GRANT_TYPE_AUTH_CODE,
+ );
+ }
+
+
+ protected function getAuthCode($code) {
+ $r = q("SELECT id, client_id, redirect_uri, expires, scope FROM auth_codes WHERE id = '%s'",
+ dbesc($code));
+
+ if (count($r))
+ return $r[0];
+ return null;
+ }
+
+ protected function setAuthCode($code, $client_id, $redirect_uri, $expires, $scope = NULL) {
+ $r = q("INSERT INTO auth_codes
+ (id, client_id, redirect_uri, expires, scope) VALUES
+ ('%s', '%s', '%s', %d, '%s')",
+ dbesc($code),
+ dbesc($client_id),
+ dbesc($redirect_uri),
+ intval($expires),
+ dbesc($scope));
+ return $r;
+ }
+
+}