p3k
/
Telegraph
mirror of https://github.com/aaronpk/Telegraph.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 Commits
3 Branches
25 MiB
Tree: 44cdf1d6f2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '44cdf1d6f2'
${ noResults }
Telegraph/controllers/API.php

214 lines
6.3 KiB
Raw Normal View History

implement indieauth sign-in
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
implement indieauth sign-in
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
enables webmention sending forms from dashboard
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
fix callback param URL validation
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
fix callback param URL validation
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
fix callback param URL validation
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
move subdomain check into a function
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
implement indieauth sign-in
8 years ago
implement status API
8 years ago
implement indieauth sign-in
8 years ago
 
  1. <?php
  2. use Symfony\Component\HttpFoundation\Request;
  3. use Symfony\Component\HttpFoundation\Response;
  4. 

  5. class API {
  6. 

  7.   public $http;
  8. 

  9.   public function __construct() {
  10.     $this->http = new Telegraph\HTTP();
  11.   }
  12. 

  13.   private function respond(Response $response, $code, $params, $headers=[]) {
  14.     $response->setStatusCode($code);
  15.     foreach($headers as $k=>$v) {
  16.       $response->headers->set($k, $v);
  17.     }
  18.     $response->headers->set('Content-Type', 'application/json');
  19.     $response->setContent(json_encode($params));
  20.     return $response;
  21.   }
  22. 

  23.   private static function toHtmlEntities($input) {
  24.     return mb_convert_encoding($input, 'HTML-ENTITIES', mb_detect_encoding($input));
  25.   }
  26. 

  27.   private static function generateStatusToken() {
  28.     $str = dechex(date('y'));
  29.     $chs = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  30.     $len = strlen($chs);
  31.     for($i = 0; $i < 16; $i++) {
  32.       $str .= $chs[mt_rand(0, $len - 1)];
  33.     }
  34.     return $str;
  35.   }
  36. 

  37.   public function webmention(Request $request, Response $response) {
  38. 

  39.     # Require the token parameter

  40.     if(!$token=$request->get('token')) {
  41.       return $this->respond($response, 401, [
  42.         'error' => 'authentication_required',
  43.         'error_description' => 'A token is required to use the API'
  44.       ]);
  45.     }
  46. 

  47.     # Require source and target or target_domain parameters

  48.     $target = $target_domain = null;
  49.     if((!$source=$request->get('source')) || ((!$target=$request->get('target')) && (!$target_domain=$request->get('target_domain')))) {
  50.       return $this->respond($response, 400, [
  51.         'error' => 'missing_parameters',
  52.         'error_description' => 'The source or target or target_domain parameters were missing'
  53.       ]);
  54.     }
  55.     if($target && $target_domain) {
  56.       return $this->respond($response, 400, [
  57.         'error' => 'invalid_parameter',
  58.         'error_description' => 'Can\'t provide both target and target_domain together'
  59.       ]);
  60.     }
  61. 

  62.     $urlregex = '/^https?:\/\/[^ ]+\.[^ ]+$/';
  63.     $domainregex = '/^[^ ]+$/';
  64. 

  65.     # Verify source, target, and callback are URLs

  66.     $callback = $request->get('callback');
  67.     if(!preg_match($urlregex, $source) ||
  68.        (!preg_match($urlregex, $target) && !preg_match($domainregex, $target_domain)) ||
  69.        ($callback && !preg_match($urlregex, $callback))) {
  70.       return $this->respond($response, 400, [
  71.         'error' => 'invalid_parameter',
  72.         'error_description' => 'The source, target, or callback parameters were invalid'
  73.       ]);
  74.     }
  75. 

  76.     # Verify the token is valid

  77.     $role = ORM::for_table('roles')->where('token', $token)->find_one();
  78. 

  79.     if(!$role) {
  80.       return $this->respond($response, 401, [
  81.         'error' => 'invalid_token',
  82.         'error_description' => 'The token provided is not valid'
  83.       ]);
  84.     }
  85. 

  86.     # Synchronously check the source URL and verify that it actually contains

  87.     # a link to the target. This way we prevent this API from sending known invalid mentions.

  88.     $sourceData = $this->http->get($source);
  89. 

  90.     $doc = new DOMDocument();
  91.     @$doc->loadHTML(self::toHtmlEntities($sourceData['body']));
  92. 

  93.     if(!$doc) {
  94.       return $this->respond($response, 400, [
  95.         'error' => 'source_not_html',
  96.         'error_description' => 'The source document could not be parsed as HTML'
  97.       ]);
  98.     }
  99. 

  100.     $xpath = new DOMXPath($doc);
  101. 

  102.     $found = [];
  103.     foreach($xpath->query('//a[@href]') as $href) {
  104.       $url = $href->getAttribute('href');
  105.       $domain = parse_url($url, PHP_URL_HOST);
  106.       if($url == $target || $domain == $target_domain || str_ends_with($domain, $target_domain)) {
  107.         $found[$url] = null;
  108.       }
  109.     }
  110. 

  111.     if(!$found) {
  112.       return $this->respond($response, 400, [
  113.         'error' => 'no_link_found',
  114.         'error_description' => 'The source document does not have a link to the target URL or domain'
  115.       ]);
  116.     }
  117. 

  118.     # Everything checked out, so write the webmention to the log and queue a job to start sending

  119.     # TODO: database transaction?

  120. 

  121.     $statusURLs = [];
  122.     foreach($found as $url=>$_) {
  123.       $w = ORM::for_table('webmentions')->create();
  124.       $w->site_id = $role->site_id;
  125.       $w->created_by = $role->user_id;
  126.       $w->created_at = date('Y-m-d H:i:s');
  127.       $w->token = self::generateStatusToken();
  128.       $w->source = $source;
  129.       $w->target = $url;
  130.       $w->vouch = $request->get('vouch');
  131.       $w->callback = $callback;
  132.       $w->save();
  133. 

  134.       q()->queue('Telegraph\Webmention', 'send', [$w->id]);
  135. 

  136.       $statusURLs[] = Config::$base . 'webmention/' . $w->token;
  137.     }
  138. 

  139.     if ($target) {
  140.       $body = [
  141.         'status' => 'queued',
  142.         'location' => $statusURLs[0]
  143.       ];
  144.       $headers = ['Location' => $statusURLs[0]];
  145.     } else {
  146.       $body = [
  147.         'status' => 'queued',
  148.         'location' => $statusURLs
  149.       ];
  150.       $headers = [];
  151.     }
  152.     return $this->respond($response, 201, $body, $headers);
  153.   }
  154. 

  155.   public function webmention_status(Request $request, Response $response, $args) {
  156. 

  157.     $webmention = ORM::for_table('webmentions')->where('token', $args['code'])->find_one();
  158. 

  159.     if(!$webmention) {
  160.       return $this->respond($response, 404, [
  161.         'status' => 'not_found',
  162.       ]);
  163.     }
  164. 

  165.     $status = ORM::for_table('webmention_status')->where('webmention_id', $webmention->id)->order_by_desc('created_at')->find_one();
  166. 

  167.     $statusURL = Config::$base . 'webmention/' . $webmention->token;
  168. 

  169.     if(!$status) {
  170.       $code = 'queued';
  171.     } else {
  172.       $code = $status->status;
  173.     }
  174. 

  175.     $data = [
  176.       'status' => $code,
  177.     ];
  178. 

  179.     if($webmention->webmention_endpoint) {
  180.       $data['type'] = 'webmention';
  181.       $data['endpoint'] = $webmention->webmention_endpoint;
  182.     }
  183.     if($webmention->pingback_endpoint) {
  184.       $data['type'] = 'pingback';
  185.       $data['endpoint'] = $webmention->pingback_endpoint;
  186.     }
  187. 

  188.     switch($code) {
  189.       case 'queued':
  190.         $summary = 'The webmention is still in the processing queue';
  191.         break;
  192.       case 'not_supported':
  193.         $summary = 'No webmention or pingback endpoint were found at the target';
  194.         break;
  195.       case 'accepted':
  196.         $summary = 'The '.$data['type'].' request was accepted';
  197.         break;
  198.       default:
  199.         $summary = false;
  200.     }
  201. 

  202.     if($status && $status->http_code)
  203.       $data['http_code'] = (int)$status->http_code;
  204. 

  205.     if($summary)
  206.       $data['summary'] = $summary;
  207. 

  208.     if($webmention->complete == 0)
  209.       $data['location'] = $statusURL;
  210. 

  211.     return $this->respond($response, 200, $data);
  212.   }
  213. 

  214. }