diff options
-rw-r--r-- | actions/api.php | 53 | ||||
-rw-r--r-- | actions/twitapiaccount.php | 14 | ||||
-rw-r--r-- | actions/twitapidirect_messages.php | 14 | ||||
-rw-r--r-- | actions/twitapifavorites.php | 13 | ||||
-rw-r--r-- | actions/twitapifriendships.php | 14 | ||||
-rw-r--r-- | actions/twitapihelp.php | 4 | ||||
-rw-r--r-- | actions/twitapistatuses.php | 18 | ||||
-rw-r--r-- | actions/twitapiusers.php | 4 |
8 files changed, 34 insertions, 100 deletions
diff --git a/actions/api.php b/actions/api.php index ea4553543..4cdda5ff6 100644 --- a/actions/api.php +++ b/actions/api.php @@ -10,11 +10,11 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } @@ -40,7 +40,7 @@ class ApiAction extends Action { $this->api_method = $method; $this->content_type = strtolower($cmdext[1]); } else { - + # Requested format / content-type will be an extension on the method $cmdext = explode('.', $method); $this->api_method = $cmdext[0]; @@ -72,13 +72,13 @@ class ApiAction extends Action { # Caller might give us a username even if not required if (isset($_SERVER['PHP_AUTH_USER'])) { - $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); + $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); if ($user) { $this->user = $user; } # Twitter doesn't throw an error if the user isn't found } - + $this->process_command(); } } @@ -109,7 +109,7 @@ class ApiAction extends Action { # Whitelist of API methods that don't need authentication function requires_auth() { - static $noauth = array( 'statuses/public_timeline', + static $noauth = array( 'statuses/public_timeline', 'statuses/show', 'users/show', 'help/test', @@ -138,10 +138,10 @@ class ApiAction extends Action { } } - function show_basic_auth_error() { - header('HTTP/1.1 401 Unauthorized'); - $msg = 'Could not authenticate you.'; - + function show_basic_auth_error() { + header('HTTP/1.1 401 Unauthorized'); + $msg = 'Could not authenticate you.'; + if ($this->content_type == 'xml') { header('Content-Type: application/xml; charset=utf-8'); common_start_xml(); @@ -151,7 +151,7 @@ class ApiAction extends Action { common_element_end('hash'); common_end_xml(); } else if ($this->content_type == 'json') { - header('Content-Type: application/json; charset=utf-8'); + header('Content-Type: application/json; charset=utf-8'); $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); print(json_encode($error_array)); } else { @@ -165,20 +165,27 @@ class ApiAction extends Action { $apiaction = $_REQUEST['apiaction']; $method = $_REQUEST['method']; list($cmdtext, $fmt) = explode('.', $method); - - # FIXME: probably need a table here, instead of this switch - - switch ($apiaction) { - case 'statuses': - switch ($cmdtext) { - case 'update': - case 'destroy': - return false; - default: + + static $write_methods = array( + 'account' => array('update_location', 'update_delivery_device', 'end_session'), + 'blocks' => array('create', 'destroy'), + 'direct_messages' => array('create', 'destroy'), + 'favorites' => array('create', 'destroy'), + 'friendships' => array('create', 'destroy'), + 'help' => array(), + 'notifications' => array('follow', 'leave'), + 'statuses' => array('update', 'destroy'), + 'users' => array() + ); + + if (array_key_exists($apiaction, $write_methods)) { + common_debug("checking method"); + if (!in_array($cmdtext, $write_methods[$apiaction])) { return true; } - default: - return false; } + + return false; } + } diff --git a/actions/twitapiaccount.php b/actions/twitapiaccount.php index 4ce61f353..bb59005a9 100644 --- a/actions/twitapiaccount.php +++ b/actions/twitapiaccount.php @@ -23,20 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapiaccountAction extends TwitterapiAction { - function is_readonly() { - - static $write_methods = array( 'update_location', - 'update_delivery_device'); - - $cmdtext = explode('.', $this->arg('method')); - - if (in_array($cmdtext[0], $write_methods)) { - return false; - } - - return true; - } - function verify_credentials($args, $apidata) { if ($apidata['content-type'] == 'xml') { diff --git a/actions/twitapidirect_messages.php b/actions/twitapidirect_messages.php index 466e74823..a31d18a5c 100644 --- a/actions/twitapidirect_messages.php +++ b/actions/twitapidirect_messages.php @@ -23,20 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class Twitapidirect_messagesAction extends TwitterapiAction { - function is_readonly() { - - static $write_methods = array( 'direct_messages', - 'sent'); - - $cmdtext = explode('.', $this->arg('method')); - - if (in_array($cmdtext[0], $write_methods)) { - return false; - } - - return true; - } - function direct_messages($args, $apidata) { parent::handle($args); return $this->show_messages($args, $apidata, 'received'); diff --git a/actions/twitapifavorites.php b/actions/twitapifavorites.php index 2c6c2e1d9..2fdd88544 100644 --- a/actions/twitapifavorites.php +++ b/actions/twitapifavorites.php @@ -23,19 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapifavoritesAction extends TwitterapiAction { - function is_readonly() { - - static $write_methods = array('favorites'); - - $cmdtext = explode('.', $this->arg('method')); - - if (in_array($cmdtext[0], $write_methods)) { - return false; - } - - return true; - } - function favorites($args, $apidata) { parent::handle($args); diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php index 03dd8f063..e4b49cbe4 100644 --- a/actions/twitapifriendships.php +++ b/actions/twitapifriendships.php @@ -23,20 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapifriendshipsAction extends TwitterapiAction { - function is_readonly() { - - static $write_methods = array( 'create', - 'destroy'); - - $cmdtext = explode('.', $this->arg('method')); - - if (in_array($cmdtext[0], $write_methods)) { - return false; - } - - return true; - } - function create($args, $apidata) { parent::handle($args); diff --git a/actions/twitapihelp.php b/actions/twitapihelp.php index 6e9b41f8a..c5d503e11 100644 --- a/actions/twitapihelp.php +++ b/actions/twitapihelp.php @@ -23,10 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapihelpAction extends TwitterapiAction { - function is_readonly() { - return true; - } - /* Returns the string "ok" in the requested format with a 200 OK HTTP status code. * URL:http://identi.ca/api/help/test.format * Formats: xml, json diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index f80db8899..5459db8a0 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -23,20 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapistatusesAction extends TwitterapiAction { - function is_readonly() { - - static $write_methods = array( 'update', - 'destroy'); - - $cmdtext = explode('.', $this->arg('method')); - - if (in_array($cmdtext[0], $write_methods)) { - return false; - } - - return true; - } - function public_timeline($args, $apidata) { parent::handle($args); @@ -242,6 +228,10 @@ class TwitapistatusesAction extends TwitterapiAction { return; } + foreach ($_POST as $p => $v) { + common_debug("_POST: $p = $v"); + } + $this->auth_user = $apidata['user']; $user = $this->auth_user; $status = $this->trimmed('status'); diff --git a/actions/twitapiusers.php b/actions/twitapiusers.php index ec66ad1fa..337ec91d1 100644 --- a/actions/twitapiusers.php +++ b/actions/twitapiusers.php @@ -23,10 +23,6 @@ require_once(INSTALLDIR.'/lib/twitterapi.php'); class TwitapiusersAction extends TwitterapiAction { - function is_readonly() { - return true; - } - function show($args, $apidata) { parent::handle($args); |