globalapi.php 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
  1. <?php
  2. /**
  3. * StatusNet - the distributed open-source microblogging tool
  4. * Copyright (C) 2011, StatusNet, Inc.
  5. *
  6. * An action that requires an API key
  7. *
  8. * PHP version 5
  9. *
  10. * This program is free software: you can redistribute it and/or modify
  11. * it under the terms of the GNU Affero General Public License as published by
  12. * the Free Software Foundation, either version 3 of the License, or
  13. * (at your option) any later version.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  22. *
  23. * @category DomainStatusNetwork
  24. * @package StatusNet
  25. * @author Evan Prodromou <evan@status.net>
  26. * @copyright 2011 StatusNet, Inc.
  27. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  28. * @link http://status.net/
  29. */
  30. if (!defined('STATUSNET')) {
  31. // This check helps protect against security problems;
  32. // your code file can't be executed directly from the web.
  33. exit(1);
  34. }
  35. /**
  36. * An action that requires an API key
  37. *
  38. * @category General
  39. * @package StatusNet
  40. * @author Evan Prodromou <evan@status.net>
  41. * @copyright 2011 StatusNet, Inc.
  42. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
  43. * @link http://status.net/
  44. */
  45. class GlobalApiAction extends Action
  46. {
  47. var $email;
  48. /**
  49. * Check for an API key, and throw an exception if it's not set
  50. *
  51. * @param array $args URL and POST params
  52. *
  53. * @return boolean continuation flag
  54. */
  55. function prepare(array $args = array())
  56. {
  57. GNUsocial::setApi(true); // reduce exception reports to aid in debugging
  58. parent::prepare($args);
  59. if (!common_config('globalapi', 'enabled')) {
  60. throw new ClientException(_('Global API not enabled.'), 403);
  61. }
  62. $apikey = $this->trimmed('apikey');
  63. if (empty($apikey)) {
  64. throw new ClientException(_('No API key.'), 403);
  65. }
  66. $expected = common_config('globalapi', 'key');
  67. if ($expected != $apikey) {
  68. // FIXME: increment a counter by IP address to prevent brute-force
  69. // attacks on the key.
  70. throw new ClientException(_('Bad API key.'), 403);
  71. }
  72. $email = common_canonical_email($this->trimmed('email'));
  73. if (empty($email)) {
  74. throw new ClientException(_('No email address.'));
  75. }
  76. if (!Validate::email($email, common_config('email', 'check_domain'))) {
  77. throw new ClientException(_('Invalid email address.'));
  78. }
  79. $this->email = $email;
  80. return true;
  81. }
  82. function showError($message, $code=400)
  83. {
  84. $this->showOutput(array('error' => $message), $code);
  85. }
  86. function showSuccess($values=null, $code=200)
  87. {
  88. if (empty($values)) {
  89. $values = array();
  90. }
  91. $values['success'] = 1;
  92. $this->showOutput($values, $code);
  93. }
  94. function showOutput($values, $code)
  95. {
  96. if (array_key_exists($code, ClientErrorAction::$status)) {
  97. $status_string = ClientErrorAction::$status[$code];
  98. } else if (array_key_exists($code, ServerErrorAction::$status)) {
  99. $status_string = ServerErrorAction::$status[$code];
  100. } else {
  101. // bad code!
  102. $code = 500;
  103. $status_string = ServerErrorAction::$status[$code];
  104. }
  105. header('HTTP/1.1 '.$code.' '.$status_string);
  106. header('Content-Type: application/json; charset=utf-8');
  107. print(json_encode($values));
  108. print("\n");
  109. }
  110. }