p3k
/
Telegraph
mirror of https://github.com/aaronpk/Telegraph.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 Commits
3 Branches
6.8 MiB
Tree: 76eeffda72
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '76eeffda72'
${ noResults }
Telegraph/controllers/API.php

339 lines
11 KiB
Raw Normal View History

implement indieauth sign-in
8 years ago
log input received from superfeedr
8 years ago
implement indieauth sign-in
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
implement indieauth sign-in
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
enables webmention sending forms from dashboard
8 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
fix callback param URL validation
8 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
fix callback param URL validation
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
fix callback param URL validation
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
don't send self-mentions using target_domain feature
8 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
don't send self-mentions using target_domain feature
8 years ago
move blacklist checking into a function
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
send http accept header requesting HTML
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
fix sending a single target parameter
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
add `code` and `realm` parameters for sending private webmentions
7 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
add new optional target_domain parameter to /webmention endpoint. for #2 when used instead of target, finds all links to the target domain and subdomains, enqueues webmentions for them all, and returns all status URLs in the response's 'location' field. the HTTP Location header is omitted.
8 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
8 years ago
implement indieauth sign-in
8 years ago
adds API route to handle Superfeedr payload * new API route to handle Superfeedr notification of a mention * sends webmentions to all URLs on the target domain of the notification * adds "url" column to sites to specify the domain to use for superfeedr pings * includes database migration
8 years ago
decode JSON input from superfeedr
8 years ago
log input received from superfeedr
8 years ago
adds API route to handle Superfeedr payload * new API route to handle Superfeedr notification of a mention * sends webmentions to all URLs on the target domain of the notification * adds "url" column to sites to specify the domain to use for superfeedr pings * includes database migration
8 years ago
don't send self-mentions using target_domain feature
8 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
suppress libxml warnings
8 years ago
adds API route to handle Superfeedr payload * new API route to handle Superfeedr notification of a mention * sends webmentions to all URLs on the target domain of the notification * adds "url" column to sites to specify the domain to use for superfeedr pings * includes database migration
8 years ago
change http response to 200 to see if that helps superfeedr
8 years ago
adds API route to handle Superfeedr payload * new API route to handle Superfeedr notification of a mention * sends webmentions to all URLs on the target domain of the notification * adds "url" column to sites to specify the domain to use for superfeedr pings * includes database migration
8 years ago
implement status API
8 years ago
include source and target in status json
8 years ago
implement status API
8 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
include additional info in callback and status API
6 years ago
Allow sending simple source+target webmentions when logged out
6 years ago
include additional info in callback and status API
6 years ago
implement status API
8 years ago
implement indieauth sign-in
8 years ago
 
  1. <?php
  2. use Symfony\Component\HttpFoundation\Request;
  3. use Symfony\Component\HttpFoundation\Response;
  4. 

  5. use Monolog\Logger;
  6. 

  7. class API {
  8. 

  9.   public $http;
  10. 

  11.   public function __construct() {
  12.     $this->http = new Telegraph\HTTP();
  13.   }
  14. 

  15.   private function respond(Response $response, $code, $params, $headers=[]) {
  16.     $response->setStatusCode($code);
  17.     foreach($headers as $k=>$v) {
  18.       $response->headers->set($k, $v);
  19.     }
  20.     $response->headers->set('Content-Type', 'application/json');
  21.     $response->setContent(json_encode($params, JSON_UNESCAPED_SLASHES+JSON_PRETTY_PRINT));
  22.     return $response;
  23.   }
  24. 

  25.   private static function toHtmlEntities($input) {
  26.     return mb_convert_encoding($input, 'HTML-ENTITIES', mb_detect_encoding($input));
  27.   }
  28. 

  29.   private static function generateStatusToken() {
  30.     $str = dechex(date('y'));
  31.     $chs = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  32.     $len = strlen($chs);
  33.     for($i = 0; $i < 16; $i++) {
  34.       $str .= $chs[mt_rand(0, $len - 1)];
  35.     }
  36.     return $str;
  37.   }
  38. 

  39.   public function webmention(Request $request, Response $response) {
  40. 

  41.     # Require the token or csrf parameter

  42.     if($csrf=$request->get('_csrf')) {
  43.       session_start();
  44.       if($csrf != $_SESSION['_csrf']) {
  45.         return $this->respond($response, 401, [
  46.           'error' => 'invalid_csrf_token',
  47.           'error_description' => 'An error occurred. Make sure you have only one tab open.',
  48.         ]);
  49.       }
  50.     } else if(!$token=$request->get('token')) {
  51.       return $this->respond($response, 401, [
  52.         'error' => 'authentication_required',
  53.         'error_description' => 'A token is required to use the API'
  54.       ]);
  55. 

  56.       # Verify the token is valid

  57.       $role = ORM::for_table('roles')->where('token', $token)->find_one();
  58. 

  59.       if(!$role) {
  60.         return $this->respond($response, 401, [
  61.           'error' => 'invalid_token',
  62.           'error_description' => 'The token provided is not valid'
  63.         ]);
  64.       }
  65.     }
  66. 

  67.     # Require source and target or target_domain parameters

  68.     $target = $target_domain = null;
  69.     if((!$source=$request->get('source')) || ((!$target=$request->get('target')) && (!$target_domain=$request->get('target_domain')))) {
  70.       return $this->respond($response, 400, [
  71.         'error' => 'missing_parameters',
  72.         'error_description' => 'The source or target or target_domain parameters were missing'
  73.       ]);
  74.     }
  75.     if($target && $target_domain) {
  76.       return $this->respond($response, 400, [
  77.         'error' => 'invalid_parameter',
  78.         'error_description' => 'Can\'t provide both target and target_domain together'
  79.       ]);
  80.     }
  81. 

  82.     # Can only use source & target if no authentication(role) is set

  83.     if(!isset($role)) {
  84.       if($target_domain) {
  85.         return $this->respond($response, 400, [
  86.           'error' => 'unauthorized',
  87.           'error_description' => 'Can only use the target_domain feature when providing a token from the API',
  88.         ]);
  89.       }
  90.     }
  91. 

  92.     $urlregex = '/^https?:\/\/[^ ]+\.[^ ]+$/';
  93.     $domainregex = '/^[^ ]+$/';
  94. 

  95.     # Verify source, target, and callback are URLs

  96.     $callback = $request->get('callback');
  97.     if(!preg_match($urlregex, $source) ||
  98.        (!preg_match($urlregex, $target) && !preg_match($domainregex, $target_domain)) ||
  99.        ($callback && !preg_match($urlregex, $callback))) {
  100.       return $this->respond($response, 400, [
  101.         'error' => 'invalid_parameter',
  102.         'error_description' => 'The source, target, or callback parameters were invalid'
  103.       ]);
  104.     }
  105. 

  106.     # Don't send anything if the source domain matches the target domain

  107.     # The problem is someone pushing to Superfeedr who is also subscribed, will cause a

  108.     # request to be sent with the source of one of their posts, and their own target domain.

  109.     # This causes a whole slew of webmentions to be queued up, almost all of which are not needed.

  110.     if($target_domain) {
  111.       $source_domain = parse_url($source, PHP_URL_HOST);
  112.       if($target_domain == $source_domain) {
  113.         # Return 200 so Superfeedr doesn't think something is broken

  114.         return $this->respond($response, 200, [
  115.           'error' => 'not_supported',
  116.           'error_description' => 'You cannot use the target_domain feature to send webmentions to the same domain as the source URL'
  117.         ]);
  118.       }
  119.     }
  120. 

  121.     # Check the blacklist of domains that are known to not accept webmentions

  122.     if($target && !Telegraph\Webmention::isProbablySupported($target)) {
  123.       return $this->respond($response, 400, [
  124.         'error' => 'not_supported',
  125.         'error_description' => 'The target domain is known to not accept webmentions. If you believe this is in error, please file an issue at https://github.com/aaronpk/Telegraph/issues'
  126.       ]);
  127.     }
  128. 

  129.     # If there is no code given,

  130.     # Synchronously check the source URL and verify that it actually contains

  131.     # a link to the target. This way we prevent this API from sending known invalid mentions.

  132.     if($request->get('code')) {
  133.       # target URL is required

  134.       if(!$target) {
  135.         return $this->respond($response, 400, [
  136.           'error' => 'not_supported',
  137.           'error_description' => 'The target_domain parameter is not supported for sending private webmentions'
  138.         ]);
  139.       }
  140. 

  141.       $found[$target] = null;
  142.     } else {
  143.       $sourceData = $this->http->get($source, ['Accept: text/html, */*']);
  144. 

  145.       $doc = new DOMDocument();
  146.       libxml_use_internal_errors(true); # suppress parse errors and warnings

  147.       @$doc->loadHTML(self::toHtmlEntities($sourceData['body']), LIBXML_NOWARNING|LIBXML_NOERROR);
  148.       libxml_clear_errors();
  149. 

  150.       if(!$doc) {
  151.         return $this->respond($response, 400, [
  152.           'error' => 'source_not_html',
  153.           'error_description' => 'The source document could not be parsed as HTML'
  154.         ]);
  155.       }
  156. 

  157.       $xpath = new DOMXPath($doc);
  158. 

  159.       $found = [];
  160.       $links = [];
  161.       foreach($xpath->query('//a[@href]') as $href) {
  162.         $url = $href->getAttribute('href');
  163.         if($target) {
  164.           $links[] = $url;
  165.           # target parameter was provided

  166.           if($url == $target) {
  167.             $found[$url] = null;
  168.           }
  169.         } elseif($target_domain) {
  170.           # target_domain parameter was provided

  171.           $domain = parse_url($url, PHP_URL_HOST);
  172.           if($domain && ($domain == $target_domain || str_ends_with($domain, '.' . $target_domain))) {
  173.             $found[$url] = null;
  174.           }
  175.         }
  176.       }
  177. 

  178.       if(!$found) {
  179.         return $this->respond($response, 400, [
  180.           'error' => 'no_link_found',
  181.           'error_description' => 'The source document does not have a link to the target URL or domain',
  182.           'links' => $links
  183.         ]);
  184.       }
  185.     }
  186. 

  187.     # Write the webmention to the database and queue a job to start sending

  188. 

  189.     $statusURLs = [];
  190.     foreach($found as $url=>$_) {
  191.       $w = ORM::for_table('webmentions')->create();
  192.       $w->site_id = isset($role) ? $role->site_id : 0;
  193.       $w->created_by = isset($role) ? $role->user_id : 0;
  194.       $w->created_at = date('Y-m-d H:i:s');
  195.       $w->token = self::generateStatusToken();
  196.       $w->source = $source;
  197.       $w->target = $url;
  198.       $w->vouch = $request->get('vouch');
  199.       $w->code = $request->get('code');
  200.       $w->realm = $request->get('realm');
  201.       $w->callback = $callback;
  202.       $w->save();
  203. 

  204.       q()->queue('Telegraph\Webmention', 'send', [$w->id]);
  205. 

  206.       $statusURLs[] = Config::$base . 'webmention/' . $w->token;
  207.     }
  208. 

  209.     if($target) {
  210.       $body = [
  211.         'status' => 'queued',
  212.         'location' => $statusURLs[0]
  213.       ];
  214.       $headers = ['Location' => $statusURLs[0]];
  215.     } else {
  216.       $body = [
  217.         'status' => 'queued',
  218.         'location' => $statusURLs
  219.       ];
  220.       $headers = [];
  221.     }
  222.     return $this->respond($response, 201, $body, $headers);
  223.   }
  224. 

  225.   public function superfeedr_tracker(Request $request, Response $response, $args) {
  226.     logger()->addInfo("Got payload from superfeedr: " . $request->getContent());
  227. 

  228.     $input = json_decode($request->getContent(), true);
  229. 

  230.     # Require the code parameter

  231.     if(!$token=$args['token']) {
  232.       return $this->respond($response, 401, [
  233.         'error' => 'authentication_required',
  234.         'error_description' => 'A token is required to use the API'
  235.       ]);
  236.     }
  237. 

  238.     # Verify the token is valid

  239.     $role = ORM::for_table('roles')->where('token', $token)->find_one();
  240. 

  241.     if(!$role) {
  242.       return $this->respond($response, 401, [
  243.         'error' => 'invalid_token',
  244.         'error_description' => 'The token provided is not valid'
  245.       ]);
  246.     }
  247. 

  248.     $site = ORM::for_table('sites')->where('id', $role->site_id)->find_one();
  249. 

  250.     if(is_array($input)
  251.       && array_key_exists('items', $input)
  252.       && ($items = $input['items'])
  253.       && is_array($items)
  254.       && array_key_exists(0, $items)
  255.       && ($item = $items[0])
  256.       && array_key_exists('permalinkUrl', $item)) {
  257.       $url = $item['permalinkUrl'];
  258. 

  259.       $domain = parse_url($site->url, PHP_URL_HOST);
  260. 

  261.       # Create a new request that looks like a request to the API with a target_domain parameter

  262.       $new_request = new Request(['token' => $token, 'source' => $url, 'target_domain' => $domain]);
  263. 

  264.       return $this->webmention($new_request, $response);
  265. 

  266.     } else {
  267.       return $this->respond($response, 200, [
  268.         'error' => 'invalid_request',
  269.         'error_description' => 'Could not find source URL from the superfeedr payload'
  270.       ]);
  271.     }
  272.   }
  273. 

  274.   public function webmention_status(Request $request, Response $response, $args) {
  275. 

  276.     $webmention = ORM::for_table('webmentions')->where('token', $args['code'])->find_one();
  277. 

  278.     if(!$webmention) {
  279.       return $this->respond($response, 404, [
  280.         'status' => 'not_found',
  281.       ]);
  282.     }
  283. 

  284.     $status = ORM::for_table('webmention_status')->where('webmention_id', $webmention->id)->order_by_desc('created_at')->find_one();
  285. 

  286.     $statusURL = Config::$base . 'webmention/' . $webmention->token;
  287. 

  288.     if(!$status) {
  289.       $code = 'queued';
  290.     } else {
  291.       $code = $status->status;
  292.     }
  293. 

  294.     $data = [
  295.       'source' => $webmention->source,
  296.       'target' => $webmention->target,
  297.       'status' => $code,
  298.     ];
  299. 

  300.     if($webmention->webmention_endpoint) {
  301.       $data['type'] = 'webmention';
  302.       $data['endpoint'] = $webmention->webmention_endpoint;
  303.     }
  304.     if($webmention->pingback_endpoint) {
  305.       $data['type'] = 'pingback';
  306.       $data['endpoint'] = $webmention->pingback_endpoint;
  307.     }
  308. 

  309.     switch($code) {
  310.       case 'queued':
  311.         $summary = 'The webmention is still in the processing queue';
  312.         break;
  313.       case 'not_supported':
  314.         $summary = 'No webmention or pingback endpoint were found at the target';
  315.         break;
  316.       case 'accepted':
  317.         $summary = 'The '.$data['type'].' request was accepted';
  318.         break;
  319.       default:
  320.         $summary = false;
  321.     }
  322. 

  323.     if($status && $status->http_code)
  324.       $data['http_code'] = (int)$status->http_code;
  325. 

  326.     if($status && $status->raw_response) {
  327.       $data['http_body'] = $status->raw_response;
  328.     }
  329. 

  330.     if($summary)
  331.       $data['summary'] = $summary;
  332. 

  333.     if($webmention->complete == 0)
  334.       $data['location'] = $statusURL;
  335. 

  336.     return $this->respond($response, 200, $data);
  337.   }
  338. 

  339. }