From 49d6605377fa27c922735d2aa43f5acc221a7b43 Mon Sep 17 00:00:00 2001 From: ken restivo Date: Sun, 8 Nov 2015 20:50:36 -0800 Subject: First pass at endpoints for exporting users and channels in bulk as admin. --- include/api.php | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) (limited to 'include/api.php') diff --git a/include/api.php b/include/api.php index b51bcc5f0..875bf121f 100644 --- a/include/api.php +++ b/include/api.php @@ -2416,6 +2416,96 @@ logger('Req: ' . var_export($req,true)); api_register_func('api/oauth/request_token', 'api_oauth_request_token', false); api_register_func('api/oauth/access_token', 'api_oauth_access_token', false); + + +function api_export_users(&$a,$type) { + + if (! is_site_admin()){ + header('HTTP/1.0 401 Unauthorized'); + die('Only admin accounts may use this endpoint.'); + } + + $r = q("SELECT * FROM account"); + + // TODO: paginating! + + $ret = array(); + foreach($r as $u){ + $ret[] = $u; + } + + json_return_and_die(array('status' => 'OK', + 'users' => $u)); +} +api_register_func('api/export/users','api_export_users', true); + + + +function api_export_channel_hashes(&$a, $type) { + + if (! is_site_admin()){ + header('HTTP/1.0 401 Unauthorized'); + die('Only admin accounts may use this endpoint.'); + } + + if( $_REQUEST['account_id'] == ''){ + header('HTTP/1.0 422 Unprocessable Entity'); + die('Must supply account_id parameter.'); + + } + + $c = q("select * from channel where channel_account_id = '%d'", + intval($_REQUEST['account_id'])); + + if(! $c){ + header('HTTP/1.0 404 Not Found'); + die('No such account_id '. $_REQUEST['account_id']); + + } + + $ret = array(); + foreach ($c as $r){ + $ret[] = $r['channel_hash']; + } + json_return_and_die(array('status' => 'OK', + 'channel_hashes' => $ret)); +} +api_register_func('api/export/channels','api_export_channel_hashes', true); + + + + +function api_export_identity(&$a, $type) { + + if (! is_site_admin()){ + header('HTTP/1.0 401 Unauthorized'); + die('Only admin accounts may use this endpoint.'); + } + + if( $_REQUEST['channel_hash'] == ''){ + header('HTTP/1.0 422 Unprocessable Entity'); + die('Must supply channel_hash parameter.'); + + } + + require_once('include/identity.php'); + + $c = q("select channel_id from channel where channel_hash = '%s' LIMIT 1", + dbesc($_REQUEST['channel_hash'])); + + if(! $c){ + header('HTTP/1.0 404 Not Found'); + die('No such channel '. $_REQUEST['channel_hash']); + + } + json_return_and_die( + identity_basic_export($c[0]['channel_id'], + (($_REQUEST['posts']) ? intval($_REQUEST['posts']) : 0 ))); +} +api_register_func('api/export/identity','api_export_identity', true); + + + /* Not implemented by now: statuses/retweets_of_me -- cgit v1.2.3 From 741afeea4140acf7ae66dfca43738a4b2fe97db6 Mon Sep 17 00:00:00 2001 From: ken restivo Date: Tue, 10 Nov 2015 14:48:50 -0800 Subject: Moving this out into a plugin; hopefully one that will work with Redmatrix as well. --- include/api.php | 89 --------------------------------------------------------- 1 file changed, 89 deletions(-) (limited to 'include/api.php') diff --git a/include/api.php b/include/api.php index 875bf121f..5970e109a 100644 --- a/include/api.php +++ b/include/api.php @@ -2417,95 +2417,6 @@ logger('Req: ' . var_export($req,true)); api_register_func('api/oauth/access_token', 'api_oauth_access_token', false); - -function api_export_users(&$a,$type) { - - if (! is_site_admin()){ - header('HTTP/1.0 401 Unauthorized'); - die('Only admin accounts may use this endpoint.'); - } - - $r = q("SELECT * FROM account"); - - // TODO: paginating! - - $ret = array(); - foreach($r as $u){ - $ret[] = $u; - } - - json_return_and_die(array('status' => 'OK', - 'users' => $u)); -} -api_register_func('api/export/users','api_export_users', true); - - - -function api_export_channel_hashes(&$a, $type) { - - if (! is_site_admin()){ - header('HTTP/1.0 401 Unauthorized'); - die('Only admin accounts may use this endpoint.'); - } - - if( $_REQUEST['account_id'] == ''){ - header('HTTP/1.0 422 Unprocessable Entity'); - die('Must supply account_id parameter.'); - - } - - $c = q("select * from channel where channel_account_id = '%d'", - intval($_REQUEST['account_id'])); - - if(! $c){ - header('HTTP/1.0 404 Not Found'); - die('No such account_id '. $_REQUEST['account_id']); - - } - - $ret = array(); - foreach ($c as $r){ - $ret[] = $r['channel_hash']; - } - json_return_and_die(array('status' => 'OK', - 'channel_hashes' => $ret)); -} -api_register_func('api/export/channels','api_export_channel_hashes', true); - - - - -function api_export_identity(&$a, $type) { - - if (! is_site_admin()){ - header('HTTP/1.0 401 Unauthorized'); - die('Only admin accounts may use this endpoint.'); - } - - if( $_REQUEST['channel_hash'] == ''){ - header('HTTP/1.0 422 Unprocessable Entity'); - die('Must supply channel_hash parameter.'); - - } - - require_once('include/identity.php'); - - $c = q("select channel_id from channel where channel_hash = '%s' LIMIT 1", - dbesc($_REQUEST['channel_hash'])); - - if(! $c){ - header('HTTP/1.0 404 Not Found'); - die('No such channel '. $_REQUEST['channel_hash']); - - } - json_return_and_die( - identity_basic_export($c[0]['channel_id'], - (($_REQUEST['posts']) ? intval($_REQUEST['posts']) : 0 ))); -} -api_register_func('api/export/identity','api_export_identity', true); - - - /* Not implemented by now: statuses/retweets_of_me -- cgit v1.2.3 From ddce0412ac8fe675153182909d82955c79d1f660 Mon Sep 17 00:00:00 2001 From: ken restivo Date: Tue, 10 Nov 2015 22:50:18 -0800 Subject: Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. --- include/api.php | 90 --------------------------------------------------------- 1 file changed, 90 deletions(-) (limited to 'include/api.php') diff --git a/include/api.php b/include/api.php index 875bf121f..c8ba65992 100644 --- a/include/api.php +++ b/include/api.php @@ -66,96 +66,6 @@ require_once('include/attach.php'); 'auth'=>$auth); } - /** - * Simple HTTP Login - */ - - function api_login(&$a){ - // login with oauth - try { - $oauth = new FKOAuth1(); - $req = OAuthRequest::from_request(); - - list($consumer,$token) = $oauth->verify_request($req); - - if (!is_null($token)){ - $oauth->loginUser($token->uid); - - $a->set_oauth_key($consumer->key); - - call_hooks('logged_in', $a->user); - return; - } - echo __file__.__line__.__function__."
"; 
-//			var_dump($consumer, $token); 
-			die();
-		}
-		catch(Exception $e) {
-			logger(__file__.__line__.__function__."\n".$e);
-		}
-
-		
-		// workaround for HTTP-auth in CGI mode
-		if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
-		 	$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
-			if(strlen($userpass)) {
-			 	list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
-		}
-
-		if(x($_SERVER,'HTTP_AUTHORIZATION')) {
-		 	$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
-			if(strlen($userpass)) {
-			 	list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
-		}
-
-
-		if (!isset($_SERVER['PHP_AUTH_USER'])) {
-		   logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-		    header('WWW-Authenticate: Basic realm="Red"');
-		    header('HTTP/1.0 401 Unauthorized');
-		    die('This api requires login');
-		}
-		
-		// process normal login request
-		require_once('include/auth.php');
-		$channel_login = 0;
-		$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
-		if(! $record) {
-	        $r = q("select * from channel where channel_address = '%s' limit 1",
-    	        dbesc($_SERVER['PHP_AUTH_USER'])
-        	);
-        	if ($r) {
-            	$x = q("select * from account where account_id = %d limit 1",
-                	intval($r[0]['channel_account_id'])
-            	);
-            	if ($x) {
-					$record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
-					if($record)
-						$channel_login = $r[0]['channel_id'];
-				}
-			}
-			if(! $record) {	
-				logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-				header('WWW-Authenticate: Basic realm="Red"');
-				header('HTTP/1.0 401 Unauthorized');
-				die('This api requires login');
-			}
-		}
-
-		require_once('include/security.php');
-		authenticate_success($record);
-
-		if($channel_login)
-			change_channel($channel_login);
-
-		$_SESSION['allow_api'] = true;
-	}
 	
 	/**************************
 	 *  MAIN API ENTRY POINT  *
-- 
cgit v1.2.3


From ffb8059c246d5ddd918daf9e1385f88d69cff5b4 Mon Sep 17 00:00:00 2001
From: ken restivo 
Date: Wed, 11 Nov 2015 02:26:12 -0800
Subject: api_auth.php must be included since the function moved.

---
 include/api.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'include/api.php')

diff --git a/include/api.php b/include/api.php
index b51bcc5f0..98eeb8691 100644
--- a/include/api.php
+++ b/include/api.php
@@ -9,6 +9,7 @@ require_once('include/security.php');
 require_once('include/photos.php');
 require_once('include/items.php');
 require_once('include/attach.php');
+require_once('include/api_auth.php');
 
 	/*
 	 *
-- 
cgit v1.2.3


From 6df98f080ba0c9a0309158c1ea5d48f95aae71ee Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Mon, 16 Nov 2015 19:17:39 -0800
Subject: fix api/direct_messages/new at least for the json case. We seem to
 have a missing template for XML

---
 include/api.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/api.php')

diff --git a/include/api.php b/include/api.php
index 53adcc868..f781987d1 100644
--- a/include/api.php
+++ b/include/api.php
@@ -909,7 +909,7 @@ require_once('include/api_auth.php');
 	function red_item(&$a, $type) {
 
 		if (api_user() === false) {
-			logger('api_red_item_new: no user');
+			logger('api_red_item_full: no user');
 			return false;
 		}
 
@@ -2196,7 +2196,7 @@ require_once('include/api_auth.php');
 			}
 		}
 
-		$id = send_message($recipient['id'], $_POST['text'], $sub, $replyto);
+		$id = send_message(api_user(),$recipient['guid'], $_POST['text'], $sub, $replyto);
 
 		if ($id>-1) {
 			$r = q("SELECT * FROM `mail` WHERE id=%d", intval($id));
-- 
cgit v1.2.3


From a06f7fbe2e78de428489d824c1329ef29c4d1f42 Mon Sep 17 00:00:00 2001
From: redmatrix 
Date: Tue, 17 Nov 2015 15:03:27 -0800
Subject: photo album widget permissions issue

---
 include/api.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'include/api.php')

diff --git a/include/api.php b/include/api.php
index f781987d1..f279b2aa3 100644
--- a/include/api.php
+++ b/include/api.php
@@ -742,6 +742,8 @@ require_once('include/api_auth.php');
 		}
 		$user_info = api_get_user($a);
 
+//		logger('status_with_media: ' . print_r($_REQUEST,true), LOGGER_DEBUG);
+
 		$_REQUEST['type'] = 'wall';
 		$_REQUEST['profile_uid'] = api_user();
 		$_REQUEST['api_source'] = true;
-- 
cgit v1.2.3