p3k
/
Telegraph
mirror of https://github.com/aaronpk/Telegraph.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59 Commits
3 Branches
6.8 MiB
Tree: 195b827e0d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '195b827e0d'
${ noResults }
Telegraph/controllers/API.php

268 lines
8.1 KiB
Raw Normal View History

implement indieauth sign-in
8 years ago
log input received from superfeedr
8 years ago
implement indieauth sign-in
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
implement indieauth sign-in
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
enables webmention sending forms from dashboard
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
fix callback param URL validation
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
fix callback param URL validation
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
fix callback param URL validation
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
fix sending a single target parameter
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
implement indieauth sign-in
8 years ago
adds API route to handle Superfeedr payload * new API route to handle Superfeedr notification of a mention * sends webmentions to all URLs on the target domain of the notification * adds "url" column to sites to specify the domain to use for superfeedr pings * includes database migration
8 years ago
log input received from superfeedr
8 years ago
adds API route to handle Superfeedr payload * new API route to handle Superfeedr notification of a mention * sends webmentions to all URLs on the target domain of the notification * adds "url" column to sites to specify the domain to use for superfeedr pings * includes database migration
8 years ago
implement status API
8 years ago
implement indieauth sign-in
8 years ago
 
  1. <?php
  2. use Symfony\Component\HttpFoundation\Request;
  3. use Symfony\Component\HttpFoundation\Response;
  4. 

  5. use Monolog\Logger;
  6. 

  7. class API {
  8. 

  9.   public $http;
  10. 

  11.   public function __construct() {
  12.     $this->http = new Telegraph\HTTP();
  13.   }
  14. 

  15.   private function respond(Response $response, $code, $params, $headers=[]) {
  16.     $response->setStatusCode($code);
  17.     foreach($headers as $k=>$v) {
  18.       $response->headers->set($k, $v);
  19.     }
  20.     $response->headers->set('Content-Type', 'application/json');
  21.     $response->setContent(json_encode($params));
  22.     return $response;
  23.   }
  24. 

  25.   private static function toHtmlEntities($input) {
  26.     return mb_convert_encoding($input, 'HTML-ENTITIES', mb_detect_encoding($input));
  27.   }
  28. 

  29.   private static function generateStatusToken() {
  30.     $str = dechex(date('y'));
  31.     $chs = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  32.     $len = strlen($chs);
  33.     for($i = 0; $i < 16; $i++) {
  34.       $str .= $chs[mt_rand(0, $len - 1)];
  35.     }
  36.     return $str;
  37.   }
  38. 

  39.   public function webmention(Request $request, Response $response) {
  40.     # Require the token parameter

  41.     if(!$token=$request->get('token')) {
  42.       return $this->respond($response, 401, [
  43.         'error' => 'authentication_required',
  44.         'error_description' => 'A token is required to use the API'
  45.       ]);
  46.     }
  47. 

  48.     # Require source and target or target_domain parameters

  49.     $target = $target_domain = null;
  50.     if((!$source=$request->get('source')) || ((!$target=$request->get('target')) && (!$target_domain=$request->get('target_domain')))) {
  51.       return $this->respond($response, 400, [
  52.         'error' => 'missing_parameters',
  53.         'error_description' => 'The source or target or target_domain parameters were missing'
  54.       ]);
  55.     }
  56.     if($target && $target_domain) {
  57.       return $this->respond($response, 400, [
  58.         'error' => 'invalid_parameter',
  59.         'error_description' => 'Can\'t provide both target and target_domain together'
  60.       ]);
  61.     }
  62. 

  63.     $urlregex = '/^https?:\/\/[^ ]+\.[^ ]+$/';
  64.     $domainregex = '/^[^ ]+$/';
  65. 

  66.     # Verify source, target, and callback are URLs

  67.     $callback = $request->get('callback');
  68.     if(!preg_match($urlregex, $source) ||
  69.        (!preg_match($urlregex, $target) && !preg_match($domainregex, $target_domain)) ||
  70.        ($callback && !preg_match($urlregex, $callback))) {
  71.       return $this->respond($response, 400, [
  72.         'error' => 'invalid_parameter',
  73.         'error_description' => 'The source, target, or callback parameters were invalid'
  74.       ]);
  75.     }
  76. 

  77.     # Verify the token is valid

  78.     $role = ORM::for_table('roles')->where('token', $token)->find_one();
  79. 

  80.     if(!$role) {
  81.       return $this->respond($response, 401, [
  82.         'error' => 'invalid_token',
  83.         'error_description' => 'The token provided is not valid'
  84.       ]);
  85.     }
  86. 

  87.     # Synchronously check the source URL and verify that it actually contains

  88.     # a link to the target. This way we prevent this API from sending known invalid mentions.

  89.     $sourceData = $this->http->get($source);
  90. 

  91.     $doc = new DOMDocument();
  92.     @$doc->loadHTML(self::toHtmlEntities($sourceData['body']));
  93. 

  94.     if(!$doc) {
  95.       return $this->respond($response, 400, [
  96.         'error' => 'source_not_html',
  97.         'error_description' => 'The source document could not be parsed as HTML'
  98.       ]);
  99.     }
  100. 

  101.     $xpath = new DOMXPath($doc);
  102. 

  103.     $found = [];
  104.     foreach($xpath->query('//a[@href]') as $href) {
  105.       $url = $href->getAttribute('href');
  106.       if($target) {
  107.         # target parameter was provided

  108.         if($url == $target) {
  109.           $found[$url] = null;
  110.         }
  111.       } elseif($target_domain) {
  112.         # target_domain parameter was provided

  113.         $domain = parse_url($url, PHP_URL_HOST);
  114.         if($domain && ($domain == $target_domain || str_ends_with($domain, '.' . $target_domain))) {
  115.           $found[$url] = null;
  116.         }
  117.       }
  118.     }
  119. 

  120.     if(!$found) {
  121.       return $this->respond($response, 400, [
  122.         'error' => 'no_link_found',
  123.         'error_description' => 'The source document does not have a link to the target URL or domain'
  124.       ]);
  125.     }
  126. 

  127.     # Everything checked out, so write the webmention to the log and queue a job to start sending

  128.     # TODO: database transaction?

  129. 

  130.     $statusURLs = [];
  131.     foreach($found as $url=>$_) {
  132.       $w = ORM::for_table('webmentions')->create();
  133.       $w->site_id = $role->site_id;
  134.       $w->created_by = $role->user_id;
  135.       $w->created_at = date('Y-m-d H:i:s');
  136.       $w->token = self::generateStatusToken();
  137.       $w->source = $source;
  138.       $w->target = $url;
  139.       $w->vouch = $request->get('vouch');
  140.       $w->callback = $callback;
  141.       $w->save();
  142. 

  143.       q()->queue('Telegraph\Webmention', 'send', [$w->id]);
  144. 

  145.       $statusURLs[] = Config::$base . 'webmention/' . $w->token;
  146.     }
  147. 

  148.     if ($target) {
  149.       $body = [
  150.         'status' => 'queued',
  151.         'location' => $statusURLs[0]
  152.       ];
  153.       $headers = ['Location' => $statusURLs[0]];
  154.     } else {
  155.       $body = [
  156.         'status' => 'queued',
  157.         'location' => $statusURLs
  158.       ];
  159.       $headers = [];
  160.     }
  161.     return $this->respond($response, 201, $body, $headers);
  162.   }
  163. 

  164.   public function superfeedr_tracker(Request $request, Response $response, $args) {
  165.     logger()->addInfo("Got payload from superfeedr", $request->request->all());
  166. 

  167.     # Require the code parameter

  168.     if(!$token=$args['token']) {
  169.       return $this->respond($response, 401, [
  170.         'error' => 'authentication_required',
  171.         'error_description' => 'A token is required to use the API'
  172.       ]);
  173.     }
  174. 

  175.     # Verify the token is valid

  176.     $role = ORM::for_table('roles')->where('token', $token)->find_one();
  177. 

  178.     if(!$role) {
  179.       return $this->respond($response, 401, [
  180.         'error' => 'invalid_token',
  181.         'error_description' => 'The token provided is not valid'
  182.       ]);
  183.     }
  184. 

  185.     $site = ORM::for_table('sites')->where('id', $role->site_id)->find_one();
  186. 

  187.     if(($items = $request->get('items'))
  188.       && is_array($items)
  189.       && array_key_exists(0, $items)
  190.       && ($item = $items[0])
  191.       && array_key_exists('permalinkUrl', $item)) {
  192.       $url = $item['permalinkUrl'];
  193. 

  194.       $domain = parse_url($site->url, PHP_URL_HOST);
  195. 

  196.       # Create a new request that looks like a request to the API with a target_domain parameter

  197.       $new_request = new Request(['token' => $token, 'source' => $url, 'target_domain' => $domain]);
  198. 

  199.       return $this->webmention($new_request, $response);
  200. 

  201.     } else {
  202.       return $this->respond($response, 400, [
  203.         'error' => 'invalid_request',
  204.         'error_description' => 'Could not find source URL from the superfeedr payload'
  205.       ]);
  206.     }
  207.   }
  208. 

  209.   public function webmention_status(Request $request, Response $response, $args) {
  210. 

  211.     $webmention = ORM::for_table('webmentions')->where('token', $args['code'])->find_one();
  212. 

  213.     if(!$webmention) {
  214.       return $this->respond($response, 404, [
  215.         'status' => 'not_found',
  216.       ]);
  217.     }
  218. 

  219.     $status = ORM::for_table('webmention_status')->where('webmention_id', $webmention->id)->order_by_desc('created_at')->find_one();
  220. 

  221.     $statusURL = Config::$base . 'webmention/' . $webmention->token;
  222. 

  223.     if(!$status) {
  224.       $code = 'queued';
  225.     } else {
  226.       $code = $status->status;
  227.     }
  228. 

  229.     $data = [
  230.       'status' => $code,
  231.     ];
  232. 

  233.     if($webmention->webmention_endpoint) {
  234.       $data['type'] = 'webmention';
  235.       $data['endpoint'] = $webmention->webmention_endpoint;
  236.     }
  237.     if($webmention->pingback_endpoint) {
  238.       $data['type'] = 'pingback';
  239.       $data['endpoint'] = $webmention->pingback_endpoint;
  240.     }
  241. 

  242.     switch($code) {
  243.       case 'queued':
  244.         $summary = 'The webmention is still in the processing queue';
  245.         break;
  246.       case 'not_supported':
  247.         $summary = 'No webmention or pingback endpoint were found at the target';
  248.         break;
  249.       case 'accepted':
  250.         $summary = 'The '.$data['type'].' request was accepted';
  251.         break;
  252.       default:
  253.         $summary = false;
  254.     }
  255. 

  256.     if($status && $status->http_code)
  257.       $data['http_code'] = (int)$status->http_code;
  258. 

  259.     if($summary)
  260.       $data['summary'] = $summary;
  261. 

  262.     if($webmention->complete == 0)
  263.       $data['location'] = $statusURL;
  264. 

  265.     return $this->respond($response, 200, $data);
  266.   }
  267. 

  268. }