aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Api.php
blob: 8574ae1cd5158ea184544bab69e34cfe38af25be (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<?php
namespace Zotlabs\Module;

use Zotlabs\Lib\Config;

require_once('include/api.php');

class Api extends \Zotlabs\Web\Controller {


	function init() {
		zot_api_init();

		api_register_func('api/client/register', 'api_client_register', false);
		api_register_func('api/oauth/request_token', 'api_oauth_request_token', false);
		api_register_func('api/oauth/access_token', 'api_oauth_access_token', false);

		$args = [];
		call_hooks('api_register',$args);

		return;
	}

	function post() {
		if(! local_channel()) {
			notice( t('Permission denied.') . EOL);
			return;
		}

	}

	function get() {

		if(\App::$cmd === 'api/oauth/authorize'){

			/*
			 * api/oauth/authorize interact with the user. return a standard page
			 */

			\App::$page['template'] = 'minimal';

			// get consumer/client from request token
			try {
				$request = \OAuth1Request::from_request();
			}
			catch(\Exception $e) {
				logger('OAuth exception: ' . print_r($e,true));
				// echo "<pre>"; var_dump($e);
				killme();
			}


			if(x($_POST,'oauth_yes')){

				$app = $this->oauth_get_client($request);
				if (is_null($app))
					return "Invalid request. Unknown token.";

				$consumer = new \OAuth1Consumer($app['client_id'], $app['pw'], $app['redirect_uri']);

				$verifier = md5($app['secret'] . local_channel());
				Config::Set('oauth', $verifier, local_channel());


				if($consumer->callback_url != null) {
					$params = $request->get_parameters();
					$glue = '?';
					if(strstr($consumer->callback_url,$glue))
						$glue = '?';
					goaway($consumer->callback_url . $glue . "oauth_token=" . \OAuth1Util::urlencode_rfc3986($params['oauth_token']) . "&oauth_verifier=" . \OAuth1Util::urlencode_rfc3986($verifier));
					killme();
				}

				$tpl = get_markup_template("oauth_authorize_done.tpl");
				$o = replace_macros($tpl, array(
					'$title' => t('Authorize application connection'),
					'$info' => t('Return to your app and insert this Security Code:'),
					'$code' => $verifier,
				));

				return $o;
			}


			if(! local_channel()) {
				//TODO: we need login form to redirect to this page
				notice( t('Please login to continue.') . EOL );
				return login(false,'api-login',$request->get_parameters());
			}

			$app = $this->oauth_get_client($request);
			if (is_null($app))
				return "Invalid request. Unknown token.";

			$tpl = get_markup_template('oauth_authorize.tpl');
			$o = replace_macros($tpl, array(
				'$title'     => t('Authorize application connection'),
				'$app'       => $app,
				'$authorize' => t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
				'$yes'	     => t('Yes'),
				'$no'	     => t('No'),
			));

			//echo "<pre>"; var_dump($app); killme();

			return $o;
		}

		echo api_call();
		killme();
	}

	function oauth_get_client($request){

		$params = $request->get_parameters();
		$token  = $params['oauth_token'];

		$r = q("SELECT clients.* FROM clients, tokens WHERE clients.client_id = tokens.client_id
			AND tokens.id = '%s' AND tokens.auth_scope = 'request' ",
			dbesc($token)
		);
		if($r)
			return $r[0];

		return null;

	}

}