mod/api.php

   1 <?php
   2 /**
   3  * @copyright Copyright (C) 2020, Friendica
   4  *
   5  * @license GNU AGPL version 3 or any later version
   6  *
   7  * This program is free software: you can redistribute it and/or modify
   8  * it under the terms of the GNU Affero General Public License as
   9  * published by the Free Software Foundation, either version 3 of the
  10  * License, or (at your option) any later version.
  11  *
  12  * This program is distributed in the hope that it will be useful,
  13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15  * GNU Affero General Public License for more details.
  16  *
  17  * You should have received a copy of the GNU Affero General Public License
  18  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  19  *
  20  */
  21
  22 use Friendica\App;
  23 use Friendica\Core\Renderer;
  24 use Friendica\Database\DBA;
  25 use Friendica\DI;
  26 use Friendica\Module\Security\Login;
  27 use Friendica\Security\OAuth1\OAuthRequest;
  28 use Friendica\Security\OAuth1\OAuthUtil;
  29
  30 require_once __DIR__ . '/../include/api.php';
  31
  32 function oauth_get_client(OAuthRequest $request)
  33 {
  34         $params = $request->get_parameters();
  35         $token = $params['oauth_token'];
  36
  37         $r = q("SELECT `clients`.*
  38                         FROM `clients`, `tokens`
  39                         WHERE `clients`.`client_id`=`tokens`.`client_id`
  40                         AND `tokens`.`id`='%s' AND `tokens`.`scope`='request'", DBA::escape($token));
  41
  42         if (!DBA::isResult($r)) {
  43                 return null;
  44         }
  45
  46         return $r[0];
  47 }
  48
  49 function api_post(App $a)
  50 {
  51         if (!local_user()) {
  52                 notice(DI::l10n()->t('Permission denied.'));
  53                 return;
  54         }
  55
  56         if (count($a->user) && !empty($a->user['uid']) && $a->user['uid'] != local_user()) {
  57                 notice(DI::l10n()->t('Permission denied.'));
  58                 return;
  59         }
  60 }
  61
  62 function api_content(App $a)
  63 {
  64         if (DI::args()->getCommand() == 'api/oauth/authorize') {
  65                 /*
  66                  * api/oauth/authorize interact with the user. return a standard page
  67                  */
  68
  69                 DI::page()['template'] = "minimal";
  70
  71                 // get consumer/client from request token
  72                 try {
  73                         $request = OAuthRequest::from_request();
  74                 } catch (Exception $e) {
  75                         echo "<pre>";
  76                         var_dump($e);
  77                         exit();
  78                 }
  79
  80                 if (!empty($_POST['oauth_yes'])) {
  81                         $app = oauth_get_client($request);
  82                         if (is_null($app)) {
  83                                 return "Invalid request. Unknown token.";
  84                         }
  85                         $consumer = new OAuthConsumer($app['client_id'], $app['pw'], $app['redirect_uri']);
  86
  87                         $verifier = md5($app['secret'] . local_user());
  88                         DI::config()->set("oauth", $verifier, local_user());
  89
  90                         if ($consumer->callback_url != null) {
  91                                 $params = $request->get_parameters();
  92                                 $glue = "?";
  93                                 if (strstr($consumer->callback_url, $glue)) {
  94                                         $glue = "?";
  95                                 }
  96                                 DI::baseUrl()->redirect($consumer->callback_url . $glue . 'oauth_token=' . OAuthUtil::urlencode_rfc3986($params['oauth_token']) . '&oauth_verifier=' . OAuthUtil::urlencode_rfc3986($verifier));
  97                                 exit();
  98                         }
  99
 100                         $tpl = Renderer::getMarkupTemplate("oauth_authorize_done.tpl");
 101                         $o = Renderer::replaceMacros($tpl, [
 102                                 '$title' => DI::l10n()->t('Authorize application connection'),
 103                                 '$info' => DI::l10n()->t('Return to your app and insert this Securty Code:'),
 104                                 '$code' => $verifier,
 105                         ]);
 106
 107                         return $o;
 108                 }
 109
 110                 if (!local_user()) {
 111                         /// @TODO We need login form to redirect to this page
 112                         notice(DI::l10n()->t('Please login to continue.'));
 113                         return Login::form(DI::args()->getQueryString(), false, $request->get_parameters());
 114                 }
 115                 //FKOAuth1::loginUser(4);
 116
 117                 $app = oauth_get_client($request);
 118                 if (is_null($app)) {
 119                         return "Invalid request. Unknown token.";
 120                 }
 121
 122                 $tpl = Renderer::getMarkupTemplate('oauth_authorize.tpl');
 123                 $o = Renderer::replaceMacros($tpl, [
 124                         '$title' => DI::l10n()->t('Authorize application connection'),
 125                         '$app' => $app,
 126                         '$authorize' => DI::l10n()->t('Do you want to authorize this application to access your posts and contacts, and/or create new posts for you?'),
 127                         '$yes' => DI::l10n()->t('Yes'),
 128                         '$no' => DI::l10n()->t('No'),
 129                 ]);
 130
 131                 return $o;
 132         }
 133
 134         echo api_call($a);
 135         exit();
 136 }