p3k
/
Telegraph
mirror of https://github.com/aaronpk/Telegraph.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
83 Commits
3 Branches
6.8 MiB
Tree: 243c9c7802
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '243c9c7802'
${ noResults }
Telegraph/controllers/API.php

313 lines
10 KiB
Raw Normal View History

implement indieauth sign-in
8 years ago
log input received from superfeedr
8 years ago
implement indieauth sign-in
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
implement indieauth sign-in
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
enables webmention sending forms from dashboard
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
fix callback param URL validation
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
fix callback param URL validation
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
fix callback param URL validation
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
don't send self-mentions using target_domain feature
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
move blacklist checking into a function
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
fix sending a single target parameter
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
implement indieauth sign-in
8 years ago
adds API route to handle Superfeedr payload * new API route to handle Superfeedr notification of a mention * sends webmentions to all URLs on the target domain of the notification * adds "url" column to sites to specify the domain to use for superfeedr pings * includes database migration
8 years ago
decode JSON input from superfeedr
8 years ago
log input received from superfeedr
8 years ago
adds API route to handle Superfeedr payload * new API route to handle Superfeedr notification of a mention * sends webmentions to all URLs on the target domain of the notification * adds "url" column to sites to specify the domain to use for superfeedr pings * includes database migration
8 years ago
don't send self-mentions using target_domain feature
8 years ago
suppress libxml warnings
8 years ago
adds API route to handle Superfeedr payload * new API route to handle Superfeedr notification of a mention * sends webmentions to all URLs on the target domain of the notification * adds "url" column to sites to specify the domain to use for superfeedr pings * includes database migration
8 years ago
change http response to 200 to see if that helps superfeedr
8 years ago
adds API route to handle Superfeedr payload * new API route to handle Superfeedr notification of a mention * sends webmentions to all URLs on the target domain of the notification * adds "url" column to sites to specify the domain to use for superfeedr pings * includes database migration
8 years ago
implement status API
8 years ago
include source and target in status json
8 years ago
implement status API
8 years ago
implement indieauth sign-in
8 years ago
 
  1. <?php
  2. use Symfony\Component\HttpFoundation\Request;
  3. use Symfony\Component\HttpFoundation\Response;
  4. 

  5. use Monolog\Logger;
  6. 

  7. class API {
  8. 

  9.   public $http;
  10. 

  11.   public function __construct() {
  12.     $this->http = new Telegraph\HTTP();
  13.   }
  14. 

  15.   private function respond(Response $response, $code, $params, $headers=[]) {
  16.     $response->setStatusCode($code);
  17.     foreach($headers as $k=>$v) {
  18.       $response->headers->set($k, $v);
  19.     }
  20.     $response->headers->set('Content-Type', 'application/json');
  21.     $response->setContent(json_encode($params));
  22.     return $response;
  23.   }
  24. 

  25.   private static function toHtmlEntities($input) {
  26.     return mb_convert_encoding($input, 'HTML-ENTITIES', mb_detect_encoding($input));
  27.   }
  28. 

  29.   private static function generateStatusToken() {
  30.     $str = dechex(date('y'));
  31.     $chs = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  32.     $len = strlen($chs);
  33.     for($i = 0; $i < 16; $i++) {
  34.       $str .= $chs[mt_rand(0, $len - 1)];
  35.     }
  36.     return $str;
  37.   }
  38. 

  39.   public function webmention(Request $request, Response $response) {
  40.     # Require the token parameter

  41.     if(!$token=$request->get('token')) {
  42.       return $this->respond($response, 401, [
  43.         'error' => 'authentication_required',
  44.         'error_description' => 'A token is required to use the API'
  45.       ]);
  46.     }
  47. 

  48.     # Require source and target or target_domain parameters

  49.     $target = $target_domain = null;
  50.     if((!$source=$request->get('source')) || ((!$target=$request->get('target')) && (!$target_domain=$request->get('target_domain')))) {
  51.       return $this->respond($response, 400, [
  52.         'error' => 'missing_parameters',
  53.         'error_description' => 'The source or target or target_domain parameters were missing'
  54.       ]);
  55.     }
  56.     if($target && $target_domain) {
  57.       return $this->respond($response, 400, [
  58.         'error' => 'invalid_parameter',
  59.         'error_description' => 'Can\'t provide both target and target_domain together'
  60.       ]);
  61.     }
  62. 

  63.     $urlregex = '/^https?:\/\/[^ ]+\.[^ ]+$/';
  64.     $domainregex = '/^[^ ]+$/';
  65. 

  66.     # Verify source, target, and callback are URLs

  67.     $callback = $request->get('callback');
  68.     if(!preg_match($urlregex, $source) ||
  69.        (!preg_match($urlregex, $target) && !preg_match($domainregex, $target_domain)) ||
  70.        ($callback && !preg_match($urlregex, $callback))) {
  71.       return $this->respond($response, 400, [
  72.         'error' => 'invalid_parameter',
  73.         'error_description' => 'The source, target, or callback parameters were invalid'
  74.       ]);
  75.     }
  76. 

  77.     # Don't send anything if the source domain matches the target domain

  78.     # The problem is someone pushing to Superfeedr who is also subscribed, will cause a 

  79.     # request to be sent with the source of one of their posts, and their own target domain.

  80.     # This causes a whole slew of webmentions to be queued up, almost all of which are not needed.

  81.     if($target_domain) {
  82.       $source_domain = parse_url($source, PHP_URL_HOST);
  83.       if($target_domain == $source_domain) {
  84.         # Return 200 so Superfeedr doesn't think something is broken

  85.         return $this->respond($response, 200, [
  86.           'error' => 'not_supported',
  87.           'error_description' => 'You cannot use the target_domain feature to send webmentions to the same domain as the source URL'
  88.         ]);
  89.       }
  90.     }
  91. 

  92.     # Verify the token is valid

  93.     $role = ORM::for_table('roles')->where('token', $token)->find_one();
  94. 

  95.     if(!$role) {
  96.       return $this->respond($response, 401, [
  97.         'error' => 'invalid_token',
  98.         'error_description' => 'The token provided is not valid'
  99.       ]);
  100.     }
  101. 

  102.     # Check the blacklist of domains that are known to not accept webmentions

  103.     if($target && !Telegraph\Webmention::isProbablySupported($target)) {
  104.       return $this->respond($response, 400, [
  105.         'error' => 'not_supported',
  106.         'error_description' => 'The target domain is known to not accept webmentions. If you believe this is in error, please file an issue at https://github.com/aaronpk/Telegraph/issues'
  107.       ]);
  108.     }
  109. 

  110.     # If there is no code given,

  111.     # Synchronously check the source URL and verify that it actually contains

  112.     # a link to the target. This way we prevent this API from sending known invalid mentions.

  113.     if($request->get('code')) {
  114.       # target URL is required

  115.       if(!$target) {
  116.         return $this->respond($response, 400, [
  117.           'error' => 'not_supported',
  118.           'error_description' => 'The target_domain parameter is not supported for sending private webmentions'
  119.         ]);
  120.       }
  121. 

  122.       $found[$target] = null;
  123.     } else {
  124.       $sourceData = $this->http->get($source);
  125. 

  126.       $doc = new DOMDocument();
  127.       libxml_use_internal_errors(true); # suppress parse errors and warnings

  128.       @$doc->loadHTML(self::toHtmlEntities($sourceData['body']), LIBXML_NOWARNING|LIBXML_NOERROR);
  129.       libxml_clear_errors();
  130. 

  131.       if(!$doc) {
  132.         return $this->respond($response, 400, [
  133.           'error' => 'source_not_html',
  134.           'error_description' => 'The source document could not be parsed as HTML'
  135.         ]);
  136.       }
  137. 

  138.       $xpath = new DOMXPath($doc);
  139. 

  140.       $found = [];
  141.       foreach($xpath->query('//a[@href]') as $href) {
  142.         $url = $href->getAttribute('href');
  143.         if($target) {
  144.           # target parameter was provided

  145.           if($url == $target) {
  146.             $found[$url] = null;
  147.           }
  148.         } elseif($target_domain) {
  149.           # target_domain parameter was provided

  150.           $domain = parse_url($url, PHP_URL_HOST);
  151.           if($domain && ($domain == $target_domain || str_ends_with($domain, '.' . $target_domain))) {
  152.             $found[$url] = null;
  153.           }
  154.         }
  155.       }
  156. 

  157.       if(!$found) {
  158.         return $this->respond($response, 400, [
  159.           'error' => 'no_link_found',
  160.           'error_description' => 'The source document does not have a link to the target URL or domain'
  161.         ]);
  162.       }
  163.     }
  164. 

  165.     # Write the webmention to the database and queue a job to start sending

  166. 

  167.     $statusURLs = [];
  168.     foreach($found as $url=>$_) {
  169.       $w = ORM::for_table('webmentions')->create();
  170.       $w->site_id = $role->site_id;
  171.       $w->created_by = $role->user_id;
  172.       $w->created_at = date('Y-m-d H:i:s');
  173.       $w->token = self::generateStatusToken();
  174.       $w->source = $source;
  175.       $w->target = $url;
  176.       $w->vouch = $request->get('vouch');
  177.       $w->code = $request->get('code');
  178.       $w->realm = $request->get('realm');
  179.       $w->callback = $callback;
  180.       $w->save();
  181. 

  182.       q()->queue('Telegraph\Webmention', 'send', [$w->id]);
  183. 

  184.       $statusURLs[] = Config::$base . 'webmention/' . $w->token;
  185.     }
  186. 

  187.     if ($target) {
  188.       $body = [
  189.         'status' => 'queued',
  190.         'location' => $statusURLs[0]
  191.       ];
  192.       $headers = ['Location' => $statusURLs[0]];
  193.     } else {
  194.       $body = [
  195.         'status' => 'queued',
  196.         'location' => $statusURLs
  197.       ];
  198.       $headers = [];
  199.     }
  200.     return $this->respond($response, 201, $body, $headers);
  201.   }
  202. 

  203.   public function superfeedr_tracker(Request $request, Response $response, $args) {
  204.     logger()->addInfo("Got payload from superfeedr: " . $request->getContent());
  205. 

  206.     $input = json_decode($request->getContent(), true);
  207. 

  208.     # Require the code parameter

  209.     if(!$token=$args['token']) {
  210.       return $this->respond($response, 401, [
  211.         'error' => 'authentication_required',
  212.         'error_description' => 'A token is required to use the API'
  213.       ]);
  214.     }
  215. 

  216.     # Verify the token is valid

  217.     $role = ORM::for_table('roles')->where('token', $token)->find_one();
  218. 

  219.     if(!$role) {
  220.       return $this->respond($response, 401, [
  221.         'error' => 'invalid_token',
  222.         'error_description' => 'The token provided is not valid'
  223.       ]);
  224.     }
  225. 

  226.     $site = ORM::for_table('sites')->where('id', $role->site_id)->find_one();
  227. 

  228.     if(is_array($input)
  229.       && array_key_exists('items', $input) 
  230.       && ($items = $input['items'])
  231.       && is_array($items)
  232.       && array_key_exists(0, $items)
  233.       && ($item = $items[0])
  234.       && array_key_exists('permalinkUrl', $item)) {
  235.       $url = $item['permalinkUrl'];
  236. 

  237.       $domain = parse_url($site->url, PHP_URL_HOST);
  238. 

  239.       # Create a new request that looks like a request to the API with a target_domain parameter

  240.       $new_request = new Request(['token' => $token, 'source' => $url, 'target_domain' => $domain]);
  241. 

  242.       return $this->webmention($new_request, $response);
  243. 

  244.     } else {
  245.       return $this->respond($response, 200, [
  246.         'error' => 'invalid_request',
  247.         'error_description' => 'Could not find source URL from the superfeedr payload'
  248.       ]);
  249.     }
  250.   }
  251. 

  252.   public function webmention_status(Request $request, Response $response, $args) {
  253. 

  254.     $webmention = ORM::for_table('webmentions')->where('token', $args['code'])->find_one();
  255. 

  256.     if(!$webmention) {
  257.       return $this->respond($response, 404, [
  258.         'status' => 'not_found',
  259.       ]);
  260.     }
  261. 

  262.     $status = ORM::for_table('webmention_status')->where('webmention_id', $webmention->id)->order_by_desc('created_at')->find_one();
  263. 

  264.     $statusURL = Config::$base . 'webmention/' . $webmention->token;
  265. 

  266.     if(!$status) {
  267.       $code = 'queued';
  268.     } else {
  269.       $code = $status->status;
  270.     }
  271. 

  272.     $data = [
  273.       'source' => $webmention->source,
  274.       'target' => $webmention->target,
  275.       'status' => $code,
  276.     ];
  277. 

  278.     if($webmention->webmention_endpoint) {
  279.       $data['type'] = 'webmention';
  280.       $data['endpoint'] = $webmention->webmention_endpoint;
  281.     }
  282.     if($webmention->pingback_endpoint) {
  283.       $data['type'] = 'pingback';
  284.       $data['endpoint'] = $webmention->pingback_endpoint;
  285.     }
  286. 

  287.     switch($code) {
  288.       case 'queued':
  289.         $summary = 'The webmention is still in the processing queue';
  290.         break;
  291.       case 'not_supported':
  292.         $summary = 'No webmention or pingback endpoint were found at the target';
  293.         break;
  294.       case 'accepted':
  295.         $summary = 'The '.$data['type'].' request was accepted';
  296.         break;
  297.       default:
  298.         $summary = false;
  299.     }
  300. 

  301.     if($status && $status->http_code)
  302.       $data['http_code'] = (int)$status->http_code;
  303. 

  304.     if($summary)
  305.       $data['summary'] = $summary;
  306. 

  307.     if($webmention->complete == 0)
  308.       $data['location'] = $statusURL;
  309. 

  310.     return $this->respond($response, 200, $data);
  311.   }
  312. 

  313. }