You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

672 lines
19 KiB

9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
9 years ago
  1. <?php
  2. function require_login(&$app, $redirect=true) {
  3. $params = $app->request()->params();
  4. if(array_key_exists('token', $params)) {
  5. try {
  6. $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256'));
  7. $_SESSION['user_id'] = $data->user_id;
  8. $_SESSION['me'] = $data->me;
  9. } catch(DomainException $e) {
  10. if($redirect) {
  11. header('X-Error: DomainException');
  12. $app->redirect('/', 301);
  13. } else {
  14. return false;
  15. }
  16. } catch(UnexpectedValueException $e) {
  17. if($redirect) {
  18. header('X-Error: UnexpectedValueException');
  19. $app->redirect('/', 301);
  20. } else {
  21. return false;
  22. }
  23. }
  24. }
  25. if(!array_key_exists('user_id', $_SESSION)) {
  26. if($redirect)
  27. $app->redirect('/');
  28. return false;
  29. } else {
  30. return ORM::for_table('users')->find_one($_SESSION['user_id']);
  31. }
  32. }
  33. function generate_login_token() {
  34. return JWT::encode(array(
  35. 'user_id' => $_SESSION['user_id'],
  36. 'me' => $_SESSION['me'],
  37. 'created_at' => time()
  38. ), Config::$jwtSecret);
  39. }
  40. $app->get('/dashboard', function() use($app) {
  41. if($user=require_login($app)) {
  42. $html = render('dashboard', array(
  43. 'title' => 'Dashboard',
  44. 'authorizing' => false
  45. ));
  46. $app->response()->body($html);
  47. }
  48. });
  49. $app->get('/new', function() use($app) {
  50. if($user=require_login($app)) {
  51. $params = $app->request()->params();
  52. $entry = false;
  53. $photo_url = false;
  54. $in_reply_to = '';
  55. if(array_key_exists('reply', $params))
  56. $in_reply_to = $params['reply'];
  57. $test_response = '';
  58. if($user->last_micropub_response) {
  59. try {
  60. if(@json_decode($user->last_micropub_response)) {
  61. $d = json_decode($user->last_micropub_response);
  62. $test_response = $d->response;
  63. }
  64. } catch(Exception $e) {
  65. }
  66. }
  67. $html = render('new-post', array(
  68. 'title' => 'New Post',
  69. 'in_reply_to' => $in_reply_to,
  70. 'micropub_endpoint' => $user->micropub_endpoint,
  71. 'micropub_scope' => $user->micropub_scope,
  72. 'micropub_access_token' => $user->micropub_access_token,
  73. 'response_date' => $user->last_micropub_response_date,
  74. 'syndication_targets' => json_decode($user->syndication_targets, true),
  75. 'test_response' => $test_response,
  76. 'location_enabled' => $user->location_enabled,
  77. 'authorizing' => false
  78. ));
  79. $app->response()->body($html);
  80. }
  81. });
  82. $app->get('/bookmark', function() use($app) {
  83. if($user=require_login($app)) {
  84. $params = $app->request()->params();
  85. $url = '';
  86. $name = '';
  87. $content = '';
  88. $tags = '';
  89. if(array_key_exists('url', $params))
  90. $url = $params['url'];
  91. if(array_key_exists('name', $params))
  92. $name = $params['name'];
  93. if(array_key_exists('content', $params))
  94. $content = $params['content'];
  95. $html = render('new-bookmark', array(
  96. 'title' => 'New Bookmark',
  97. 'bookmark_url' => $url,
  98. 'bookmark_name' => $name,
  99. 'bookmark_content' => $content,
  100. 'bookmark_tags' => $tags,
  101. 'token' => generate_login_token(),
  102. 'syndication_targets' => json_decode($user->syndication_targets, true),
  103. 'authorizing' => false
  104. ));
  105. $app->response()->body($html);
  106. }
  107. });
  108. $app->get('/favorite', function() use($app) {
  109. if($user=require_login($app)) {
  110. $params = $app->request()->params();
  111. $url = '';
  112. if(array_key_exists('url', $params))
  113. $url = $params['url'];
  114. $html = render('new-favorite', array(
  115. 'title' => 'New Favorite',
  116. 'url' => $url,
  117. 'token' => generate_login_token(),
  118. 'authorizing' => false
  119. ));
  120. $app->response()->body($html);
  121. }
  122. });
  123. $app->get('/itinerary', function() use($app) {
  124. if($user=require_login($app)) {
  125. $params = $app->request()->params();
  126. $html = render('new-itinerary', array(
  127. 'title' => 'Itinerary',
  128. 'authorizing' => false
  129. ));
  130. $app->response()->body($html);
  131. }
  132. });
  133. $app->get('/photo', function() use($app) {
  134. if($user=require_login($app)) {
  135. $params = $app->request()->params();
  136. $html = render('photo', array(
  137. 'title' => 'New Photo',
  138. 'note_content' => '',
  139. 'authorizing' => false
  140. ));
  141. $app->response()->body($html);
  142. }
  143. });
  144. $app->get('/repost', function() use($app) {
  145. if($user=require_login($app)) {
  146. $params = $app->request()->params();
  147. $url = '';
  148. if(array_key_exists('url', $params))
  149. $url = $params['url'];
  150. $html = render('new-repost', array(
  151. 'title' => 'New Repost',
  152. 'url' => $url,
  153. 'token' => generate_login_token(),
  154. 'authorizing' => false
  155. ));
  156. $app->response()->body($html);
  157. }
  158. });
  159. $app->post('/prefs', function() use($app) {
  160. if($user=require_login($app)) {
  161. $params = $app->request()->params();
  162. $user->location_enabled = $params['enabled'];
  163. $user->save();
  164. }
  165. $app->response()->body(json_encode(array(
  166. 'result' => 'ok'
  167. )));
  168. });
  169. $app->get('/creating-a-token-endpoint', function() use($app) {
  170. $app->redirect('http://indiewebcamp.com/token-endpoint', 301);
  171. });
  172. $app->get('/creating-a-micropub-endpoint', function() use($app) {
  173. $html = render('creating-a-micropub-endpoint', array('title' => 'Creating a Micropub Endpoint', 'authorizing' => false));
  174. $app->response()->body($html);
  175. });
  176. $app->get('/docs', function() use($app) {
  177. $html = render('docs', array('title' => 'Documentation', 'authorizing' => false));
  178. $app->response()->body($html);
  179. });
  180. $app->get('/privacy', function() use($app) {
  181. $html = render('privacy', array('title' => 'Quill Privacy Policy', 'authorizing' => false));
  182. $app->response()->body($html);
  183. });
  184. $app->get('/add-to-home', function() use($app) {
  185. $params = $app->request()->params();
  186. header("Cache-Control: no-cache, must-revalidate");
  187. if(array_key_exists('token', $params) && !session('add-to-home-started')) {
  188. unset($_SESSION['add-to-home-started']);
  189. // Verify the token and sign the user in
  190. try {
  191. $data = JWT::decode($params['token'], Config::$jwtSecret, array('HS256'));
  192. $_SESSION['user_id'] = $data->user_id;
  193. $_SESSION['me'] = $data->me;
  194. $app->redirect('/new', 301);
  195. } catch(DomainException $e) {
  196. header('X-Error: DomainException');
  197. $app->redirect('/', 301);
  198. } catch(UnexpectedValueException $e) {
  199. header('X-Error: UnexpectedValueException');
  200. $app->redirect('/', 301);
  201. }
  202. } else {
  203. if($user=require_login($app)) {
  204. if(array_key_exists('start', $params)) {
  205. $_SESSION['add-to-home-started'] = true;
  206. $token = JWT::encode(array(
  207. 'user_id' => $_SESSION['user_id'],
  208. 'me' => $_SESSION['me'],
  209. 'created_at' => time()
  210. ), Config::$jwtSecret);
  211. $app->redirect('/add-to-home?token='.$token, 301);
  212. } else {
  213. unset($_SESSION['add-to-home-started']);
  214. $html = render('add-to-home', array('title' => 'Quill'));
  215. $app->response()->body($html);
  216. }
  217. }
  218. }
  219. });
  220. $app->get('/email', function() use($app) {
  221. if($user=require_login($app)) {
  222. $test_response = '';
  223. if($user->last_micropub_response) {
  224. try {
  225. if(@json_decode($user->last_micropub_response)) {
  226. $d = json_decode($user->last_micropub_response);
  227. $test_response = $d->response;
  228. }
  229. } catch(Exception $e) {
  230. }
  231. }
  232. if(!$user->email_username) {
  233. $host = parse_url($user->url, PHP_URL_HOST);
  234. $user->email_username = $host . '.' . rand(100000,999999);
  235. $user->save();
  236. }
  237. $html = render('email', array(
  238. 'title' => 'Post-by-Email',
  239. 'micropub_endpoint' => $user->micropub_endpoint,
  240. 'test_response' => $test_response,
  241. 'user' => $user
  242. ));
  243. $app->response()->body($html);
  244. }
  245. });
  246. $app->get('/settings', function() use($app) {
  247. if($user=require_login($app)) {
  248. $html = render('settings', array('title' => 'Settings', 'include_facebook' => true, 'authorizing' => false));
  249. $app->response()->body($html);
  250. }
  251. });
  252. $app->post('/settings/html-content', function() use($app) {
  253. if($user=require_login($app)) {
  254. $params = $app->request()->params();
  255. $user->micropub_optin_html_content = $params['html'] ? 1 : 0;
  256. $user->save();
  257. $app->response()->body(json_encode(array(
  258. 'html' => $user->micropub_optin_html_content
  259. )));
  260. }
  261. });
  262. $app->get('/settings/html-content', function() use($app) {
  263. if($user=require_login($app)) {
  264. $app->response()->body(json_encode(array(
  265. 'html' => $user->micropub_optin_html_content
  266. )));
  267. }
  268. });
  269. $app->get('/favorite-popup', function() use($app) {
  270. if($user=require_login($app)) {
  271. $params = $app->request()->params();
  272. $html = $app->render('favorite-popup.php', array(
  273. 'url' => $params['url'],
  274. 'token' => $params['token']
  275. ));
  276. $app->response()->body($html);
  277. }
  278. });
  279. function create_favorite(&$user, $url) {
  280. $micropub_request = array(
  281. 'like-of' => $url
  282. );
  283. $r = micropub_post_for_user($user, $micropub_request);
  284. $facebook_id = false;
  285. $instagram_id = false;
  286. $tweet_id = false;
  287. /*
  288. // Facebook likes are posted via Javascript, so pass the FB ID to the javascript code
  289. if(preg_match('/https?:\/\/(?:www\.)?facebook\.com\/(?:[^\/]+)\/posts\/(\d+)/', $url, $match)) {
  290. $facebook_id = $match[1];
  291. }
  292. if(preg_match('/https?:\/\/(?:www\.)?facebook\.com\/photo\.php\?fbid=(\d+)/', $url, $match)) {
  293. $facebook_id = $match[1];
  294. }
  295. */
  296. if(preg_match('/https?:\/\/(?:www\.)?instagram\.com\/p\/([^\/]+)/', $url, $match)) {
  297. $instagram_id = $match[1];
  298. if($user->instagram_access_token) {
  299. $instagram = instagram_client();
  300. $instagram->setAccessToken($user->instagram_access_token);
  301. $ch = curl_init('https://api.instagram.com/v1/media/shortcode/' . $instagram_id . '?access_token=' . $user->instagram_access_token);
  302. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  303. $result = json_decode(curl_exec($ch));
  304. $result = $instagram->likeMedia($result->data->id);
  305. } else {
  306. // TODO: indicate that the instagram post couldn't be liked because no access token was available
  307. }
  308. }
  309. if($user->twitter_access_token && preg_match('/https?:\/\/(?:www\.)?twitter\.com\/[^\/]+\/status(?:es)?\/(\d+)/', $url, $match)) {
  310. $tweet_id = $match[1];
  311. $twitter = new \TwitterOAuth\Api(Config::$twitterClientID, Config::$twitterClientSecret,
  312. $user->twitter_access_token, $user->twitter_token_secret);
  313. $result = $twitter->post('favorites/create', array(
  314. 'id' => $tweet_id
  315. ));
  316. }
  317. return $r;
  318. }
  319. function create_photo(&$user, $params, $file) {
  320. $error = validate_photo($file);
  321. if(!$error) {
  322. $file_path = $file['tmp_name'];
  323. $micropub_request = array('content' => $params['note_content']);
  324. $r = micropub_post_for_user($user, $micropub_request, $file_path);
  325. } else {
  326. $r = array('error' => $error);
  327. }
  328. return $r;
  329. }
  330. function create_repost(&$user, $url) {
  331. $micropub_request = array(
  332. 'repost-of' => $url
  333. );
  334. $r = micropub_post_for_user($user, $micropub_request);
  335. $tweet_id = false;
  336. if($user->twitter_access_token && preg_match('/https?:\/\/(?:www\.)?twitter\.com\/[^\/]+\/status(?:es)?\/(\d+)/', $url, $match)) {
  337. $tweet_id = $match[1];
  338. $twitter = new \TwitterOAuth\Api(Config::$twitterClientID, Config::$twitterClientSecret,
  339. $user->twitter_access_token, $user->twitter_token_secret);
  340. $result = $twitter->post('statuses/retweet/'.$tweet_id);
  341. }
  342. return $r;
  343. }
  344. $app->get('/favorite.js', function() use($app) {
  345. $app->response()->header("Content-type", "text/javascript");
  346. if($user=require_login($app, false)) {
  347. $params = $app->request()->params();
  348. if(array_key_exists('url', $params)) {
  349. $r = create_favorite($user, $params['url']);
  350. $app->response()->body($app->render('favorite-js.php', array(
  351. 'url' => $params['url'],
  352. 'like_url' => $r['location'],
  353. 'error' => $r['error'],
  354. // 'facebook_id' => $facebook_id
  355. )));
  356. } else {
  357. $app->response()->body('alert("no url");');
  358. }
  359. } else {
  360. $app->response()->body('alert("invalid token");');
  361. }
  362. });
  363. $app->post('/favorite', function() use($app) {
  364. if($user=require_login($app)) {
  365. $params = $app->request()->params();
  366. $r = create_favorite($user, $params['url']);
  367. $app->response()->body(json_encode(array(
  368. 'location' => $r['location'],
  369. 'error' => $r['error']
  370. )));
  371. }
  372. });
  373. $app->post('/photo', function() use($app) {
  374. if($user=require_login($app)) {
  375. // var_dump($app->request()->post());
  376. //
  377. // Since $app->request()->post() with multipart is always
  378. // empty (bug in Slim?) We're using the raw $_POST here
  379. // until this gets fixed.
  380. // PHP empties everything in $_POST if the file upload size exceeds
  381. // that is why we have to test if the variables exist first.
  382. $note_content = isset($_POST['note_content']) ? $_POST['note_content'] : null;
  383. $params = array('note_content' => $note_content);
  384. $file = isset($_FILES['note_photo']) ? $_FILES['note_photo'] : null;
  385. $r = create_photo($user, $params, $file);
  386. // Populate the error if there was no location header.
  387. if(empty($r['location']) && empty($r['error'])) {
  388. $r['error'] = "No 'Location' header in response.";
  389. }
  390. $html = render('photo', array(
  391. 'title' => 'Photo posted',
  392. 'note_content' => $params['note_content'],
  393. 'location' => (isset($r['location']) ? $r['location'] : null),
  394. 'error' => (isset($r['error']) ? $r['error'] : null),
  395. 'response' => (isset($r['response']) ? htmlspecialchars($r['response']) : null),
  396. 'authorizing' => false
  397. ));
  398. $app->response()->body($html);
  399. }
  400. });
  401. $app->post('/repost', function() use($app) {
  402. if($user=require_login($app)) {
  403. $params = $app->request()->params();
  404. $r = create_repost($user, $params['url']);
  405. $app->response()->body(json_encode(array(
  406. 'location' => $r['location'],
  407. 'error' => $r['error']
  408. )));
  409. }
  410. });
  411. $app->post('/itinerary', function() use($app) {
  412. if($user=require_login($app)) {
  413. $params = $app->request()->params();
  414. $r = micropub_post_for_user($user, json_decode($params['data'], true), null, true);
  415. $app->response()->body(json_encode(array(
  416. 'location' => $r['location'],
  417. 'error' => $r['error'],
  418. 'response' => $r['response']
  419. )));
  420. }
  421. });
  422. $app->get('/micropub/syndications', function() use($app) {
  423. if($user=require_login($app)) {
  424. $data = get_syndication_targets($user);
  425. $app->response()->body(json_encode(array(
  426. 'targets' => $data['targets'],
  427. 'response' => $data['response']
  428. )));
  429. }
  430. });
  431. $app->post('/micropub/post', function() use($app) {
  432. if($user=require_login($app)) {
  433. $params = $app->request()->params();
  434. // Remove any blank params
  435. $params = array_filter($params, function($v){
  436. return $v !== '';
  437. });
  438. $r = micropub_post_for_user($user, $params);
  439. $app->response()->body(json_encode(array(
  440. 'request' => htmlspecialchars($r['request']),
  441. 'response' => htmlspecialchars($r['response']),
  442. 'location' => $r['location'],
  443. 'error' => $r['error'],
  444. 'curlinfo' => $r['curlinfo']
  445. )));
  446. }
  447. });
  448. /*
  449. $app->post('/auth/facebook', function() use($app) {
  450. if($user=require_login($app, false)) {
  451. $params = $app->request()->params();
  452. // User just auth'd with facebook, store the access token
  453. $user->facebook_access_token = $params['fb_token'];
  454. $user->save();
  455. $app->response()->body(json_encode(array(
  456. 'result' => 'ok'
  457. )));
  458. } else {
  459. $app->response()->body(json_encode(array(
  460. 'result' => 'error'
  461. )));
  462. }
  463. });
  464. */
  465. $app->post('/auth/twitter', function() use($app) {
  466. if($user=require_login($app, false)) {
  467. $params = $app->request()->params();
  468. // User just auth'd with twitter, store the access token
  469. $user->twitter_access_token = $params['twitter_token'];
  470. $user->twitter_token_secret = $params['twitter_secret'];
  471. $user->save();
  472. $app->response()->body(json_encode(array(
  473. 'result' => 'ok'
  474. )));
  475. } else {
  476. $app->response()->body(json_encode(array(
  477. 'result' => 'error'
  478. )));
  479. }
  480. });
  481. function getTwitterLoginURL(&$twitter) {
  482. $request_token = $twitter->getRequestToken(Config::$base_url . 'auth/twitter/callback');
  483. $_SESSION['twitter_auth'] = $request_token;
  484. return $twitter->getAuthorizeURL($request_token['oauth_token']);
  485. }
  486. $app->get('/auth/twitter', function() use($app) {
  487. $params = $app->request()->params();
  488. if($user=require_login($app, false)) {
  489. // If there is an existing Twitter token, check if it is valid
  490. // Otherwise, generate a Twitter login link
  491. $twitter_login_url = false;
  492. $twitter = new \TwitterOAuth\Api(Config::$twitterClientID, Config::$twitterClientSecret,
  493. $user->twitter_access_token, $user->twitter_token_secret);
  494. if(array_key_exists('login', $params)) {
  495. $twitter = new \TwitterOAuth\Api(Config::$twitterClientID, Config::$twitterClientSecret);
  496. $twitter_login_url = getTwitterLoginURL($twitter);
  497. } else {
  498. if($user->twitter_access_token) {
  499. if ($twitter->get('account/verify_credentials')) {
  500. $app->response()->body(json_encode(array(
  501. 'result' => 'ok'
  502. )));
  503. return;
  504. } else {
  505. // If the existing twitter token is not valid, generate a login link
  506. $twitter_login_url = getTwitterLoginURL($twitter);
  507. }
  508. } else {
  509. $twitter_login_url = getTwitterLoginURL($twitter);
  510. }
  511. }
  512. $app->response()->body(json_encode(array(
  513. 'url' => $twitter_login_url
  514. )));
  515. } else {
  516. $app->response()->body(json_encode(array(
  517. 'result' => 'error'
  518. )));
  519. }
  520. });
  521. $app->get('/auth/twitter/callback', function() use($app) {
  522. if($user=require_login($app)) {
  523. $params = $app->request()->params();
  524. $twitter = new \TwitterOAuth\Api(Config::$twitterClientID, Config::$twitterClientSecret,
  525. $_SESSION['twitter_auth']['oauth_token'], $_SESSION['twitter_auth']['oauth_token_secret']);
  526. $credentials = $twitter->getAccessToken($params['oauth_verifier']);
  527. $user->twitter_access_token = $credentials['oauth_token'];
  528. $user->twitter_token_secret = $credentials['oauth_token_secret'];
  529. $user->twitter_username = $credentials['screen_name'];
  530. $user->save();
  531. $app->redirect('/settings');
  532. }
  533. });
  534. $app->get('/auth/instagram', function() use($app) {
  535. if($user=require_login($app, false)) {
  536. $instagram = instagram_client();
  537. // If there is an existing Instagram auth token, check if it's valid
  538. if($user->instagram_access_token) {
  539. $instagram->setAccessToken($user->instagram_access_token);
  540. $igUser = $instagram->getUser();
  541. if($igUser && $igUser->meta->code == 200) {
  542. $app->response()->body(json_encode(array(
  543. 'result' => 'ok',
  544. 'username' => $igUser->data->username,
  545. 'url' => $instagram->getLoginUrl(array('basic','likes'))
  546. )));
  547. return;
  548. }
  549. }
  550. $app->response()->body(json_encode(array(
  551. 'result' => 'error',
  552. 'url' => $instagram->getLoginUrl(array('basic','likes'))
  553. )));
  554. }
  555. });
  556. $app->get('/auth/instagram/callback', function() use($app) {
  557. if($user=require_login($app)) {
  558. $params = $app->request()->params();
  559. $instagram = instagram_client();
  560. $data = $instagram->getOAuthToken($params['code']);
  561. $user->instagram_access_token = $data->access_token;
  562. $user->save();
  563. $app->redirect('/settings');
  564. }
  565. });