p3k
/
Telegraph
mirror of https://github.com/aaronpk/Telegraph.git
1
0
Fork 0
Code Issues 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14 Commits
3 Branches
30 MiB
Tree: 83f84154b2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '83f84154b2'
${ noResults }
Telegraph/controllers/API.php

140 lines
4.1 KiB
Raw Normal View History

implement indieauth sign-in
9 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
9 years ago
implement indieauth sign-in
9 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
9 years ago
add infrastructure for background queue
9 years ago
beginning API * API validates and accepts requests and writes to the DB * tests check all API responses
9 years ago
implement indieauth sign-in
9 years ago
 
  1. <?php
  2. use Symfony\Component\HttpFoundation\Request;
  3. use Symfony\Component\HttpFoundation\Response;
  4. 

  5. class API {
  6. 

  7.   public $http;
  8. 

  9.   public function __construct() {
  10.     $this->http = new Telegraph\HTTP();
  11.   }
  12. 

  13.   private function respond(Response $response, $code, $params, $headers=[]) {
  14.     $response->setStatusCode($code);
  15.     foreach($headers as $k=>$v) {
  16.       $response->headers->set($k, $v);
  17.     }
  18.     $response->setContent(json_encode($params));
  19.     return $response;
  20.   }
  21. 

  22.   private static function toHtmlEntities($input) {
  23.     return mb_convert_encoding($input, 'HTML-ENTITIES', mb_detect_encoding($input));
  24.   }
  25. 

  26.   private static function generateStatusToken() {
  27.     $str = dechex(date('y'));
  28.     $chs = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
  29.     $len = strlen($chs);
  30.     for($i = 0; $i < 16; $i++) {
  31.       $str .= $chs[mt_rand(0, $len - 1)];
  32.     }
  33.     return $str;
  34.   }
  35. 

  36.   public function webmention(Request $request, Response $response) {
  37. 

  38.     # Require the token parameter

  39.     if(!$token=$request->get('token')) {
  40.       return $this->respond($response, 401, [
  41.         'error' => 'authentication_required',
  42.         'error_description' => 'A token is required to use the API'
  43.       ]);
  44.     }
  45. 

  46.     # Require source and target parameters

  47.     if((!$source=$request->get('source')) || (!$target=$request->get('target'))) {
  48.       return $this->respond($response, 400, [
  49.         'error' => 'missing_parameters',
  50.         'error_description' => 'The source or target parameters were missing'
  51.       ]);
  52.     }
  53. 

  54.     $urlregex = '/^https?:\/\/[^ ]+\.[^ ]+$/';
  55. 

  56.     # Verify source and target are URLs

  57.     if(!preg_match($urlregex, $source) || !preg_match($urlregex, $target)) {
  58.       return $this->respond($response, 400, [
  59.         'error' => 'invalid_parameter',
  60.         'error_description' => 'The source or target parameters were invalid'
  61.       ]);
  62.     }
  63. 

  64.     # If a callback was provided, verify it is a URL

  65.     if($callback=$request->get('callback')) {
  66.       if(!preg_match($urlregex, $source) || !preg_match($urlregex, $target)) {
  67.         return $this->respond($response, 400, [
  68.           'error' => 'invalid_parameter',
  69.           'error_description' => 'The callback parameter was invalid'
  70.         ]);
  71.       }
  72.     }
  73. 

  74.     # Verify the token is valid

  75.     $role = ORM::for_table('roles')->where('token', $token)->find_one();
  76. 

  77.     if(!$role) {
  78.       return $this->respond($response, 401, [
  79.         'error' => 'invalid_token',
  80.         'error_description' => 'The token provided is not valid'
  81.       ]);
  82.     }
  83. 

  84.     # Synchronously check the source URL and verify that it actually contains

  85.     # a link to the target. This way we prevent this API from sending known invalid mentions.

  86.     $sourceData = $this->http->get($source);
  87. 

  88.     $doc = new DOMDocument();
  89.     @$doc->loadHTML(self::toHtmlEntities($sourceData['body']));
  90. 

  91.     if(!$doc) {
  92.       return $this->respond($response, 400, [
  93.         'error' => 'source_not_html',
  94.         'error_description' => 'The source document could not be parsed as HTML'
  95.       ]);
  96.     }
  97. 

  98.     $xpath = new DOMXPath($doc);
  99. 

  100.     $found = false;
  101.     foreach($xpath->query('//a[@href]') as $href) {
  102.       if($href->getAttribute('href') == $target) {
  103.         $found = true;
  104.         continue;
  105.       }
  106.     }
  107. 

  108.     if(!$found) {
  109.       return $this->respond($response, 400, [
  110.         'error' => 'no_link_found',
  111.         'error_description' => 'The source document does not have a link to the target URL'
  112.       ]);
  113.     }
  114. 

  115.     # Everything checked out, so write the webmention to the log and queue a job to start sending

  116. 

  117.     $w = ORM::for_table('webmentions')->create();
  118.     $w->site_id = $role->site_id;
  119.     $w->created_by = $role->user_id;
  120.     $w->created_at = date('Y-m-d H:i:s');
  121.     $w->token = self::generateStatusToken();
  122.     $w->source = $source;
  123.     $w->target = $target;
  124.     $w->vouch = $request->get('vouch');
  125.     $w->callback = $callback;
  126.     $w->save();
  127. 

  128.     q()->queue('Telegraph\Webmention', 'send', [$w->id]);
  129. 

  130.     $statusURL = Config::$base . 'webmention/' . $w->token;
  131. 

  132.     return $this->respond($response, 201, [
  133.       'result' => 'queued',
  134.       'status' => $statusURL
  135.     ], [
  136.       'Location' => $statusURL
  137.     ]);
  138.   }
  139. 

  140. }