diff options
-rw-r--r-- | actions/api.php | 85 | ||||
-rw-r--r-- | actions/api_public_timeline.php | 31 | ||||
-rw-r--r-- | htaccess.sample | 23 |
3 files changed, 74 insertions, 65 deletions
diff --git a/actions/api.php b/actions/api.php index 21404e331..2e7ed3558 100644 --- a/actions/api.php +++ b/actions/api.php @@ -19,18 +19,37 @@ if (!defined('LACONICA')) { exit(1); } -// XXX: Not sure of terminology yet... maybe call things "api_methods" insteads of "commands" - class ApiAction extends Action { + var $nickname; + var $content_type; + var $api_arg; + var $api_method; + var $api_action; + function handle($args) { parent::handle($args); - $command = $this->arg('command'); + $this->api_action = $this->arg('apiaction'); + $method = $this->arg('method'); + $argument = $this->arg('argument'); - # XXX Maybe check to see if the command actually exists first + if (isset($argument)) { + $cmdext = explode('.', $argument); + $this->api_arg = $cmdext[0]; + $this->api_method = $method; + $this->content_type = $cmdext[1]; + } else { + #content type will be an extension on the method + $cmdext = explode('.', $method); + $this->api_method = $cmdext[0]; + $this->content_type = $cmdext[1]; + } - if($this->requires_auth($command)) { + # common_debug("apiaction = $this->api_action, method = $this->api_method, argument = $this->api_arg, ctype = $this->content_type"); + + # XXX Maybe check to see if the command actually exists first? + if($this->requires_auth()) { if (!isset($_SERVER['PHP_AUTH_USER'])) { # This header makes basic auth go @@ -44,49 +63,49 @@ class ApiAction extends Action { $user = common_check_user($nickname, $password); if ($user) { - $this->process_command($command, $nickname, $password); + $this->nickname = $nickname; + $this->process_command(); } else { # basic authentication failed common_show_basic_auth_error(); } } - } else { - $this->process_command($command); - } + $this->process_command(); + } } - # this is where we can dispatch off to api Class files - function process_command($command, $nickname=NULL, $password=NULL) { - - $parts = explode('.', $command); - $api_action = "api_$parts[0]"; - $extension = $parts[1]; # requested content type - - $api_actionfile = INSTALLDIR."/actions/$api_action.php"; - - if (file_exists($api_actionfile)) { - require_once($api_actionfile); - $action_class = ucfirst($api_action)."Action"; + function process_command() { + $action = "api$this->api_action"; + $actionfile = INSTALLDIR."/actions/$action.php"; + if (file_exists($actionfile)) { + require_once($actionfile); + $action_class = ucfirst($action)."Action"; $action_obj = new $action_class(); - # need to pass off nick and password and stuff ... put in $args? constructor? - # pull from $_REQUEST later? - call_user_func(array($action_obj, 'handle'), $_REQUEST); - } else { - - # need appropriate API error functs - print "\nerror!\n"; + if (method_exists($action_obj, $this->api_method)) { + + $apidata = array( 'content-type' => $this->content_type, + 'api_method' => $this->api_method, + 'api_arg' => $this->api_arg, + 'nickanme' => $htis->nickanme); + + call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata); + # all API methods should exit() + } } + common_user_error("API method not found!", $code=404); } + # Whitelist of API methods that don't need authentication - function requires_auth($command) { - - # The only command that doesn't in Twitter's API is public_timeline - if (ereg('^public_timeline.*$', $command)) { + function requires_auth() { + static $noauth = array( 'statuses/public_timeline', + 'help/test', + 'help/downtime_schedule'); + if (in_array("$this->api_action/$this->api_method", $noauth)) { return false; - } + } return true; } diff --git a/actions/api_public_timeline.php b/actions/api_public_timeline.php deleted file mode 100644 index 677ddf422..000000000 --- a/actions/api_public_timeline.php +++ /dev/null @@ -1,31 +0,0 @@ -<?php -/* - * Laconica - a distributed open-source microblogging tool - * Copyright (C) 2008, Controlez-Vous, Inc. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -if (!defined('LACONICA')) { exit(1); } - -# This naming convention looks real sick -class Api_public_timelineAction extends Action { - - function handle($args) { - parent::handle($args); - - print "Public Timeline!\n"; - exit(); - } -}
\ No newline at end of file diff --git a/htaccess.sample b/htaccess.sample index 15decf265..3a5198925 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -56,5 +56,26 @@ RewriteRule ^(\w+)/avatar/(original|96|48|24)$ index.php?action=avatarbynickname RewriteRule ^(\w+)$ index.php?action=showstream&nickname=$1 [L,QSA] -RewriteRule ^api/(\w+.\w+)$ index.php?action=api&command=$1 [L,QSA] +# Twitter-compatible API rewrites +RewriteRule ^api/statuses/public_timeline(.*)$ index.php?action=api&apiaction=statuses&method=public_timeline$1 [L,QSA] +RewriteRule ^api/statuses/show/(.*)$ index.php?action=api&apiaction=statuses&method=show&argument=$1 [L,QSA] +RewriteRule ^api/statuses/direct_messages/sent(.*)$ index.php?action=api&apiaction=direct_messages&method=send$1 [L,QSA] +RewriteRule ^api/statuses/direct_messages(.*)$ index.php?action=api&apiaction=direct_messages&method=index$1 [L,QSA] +RewriteRule ^api/direct_messages/(.*)$ index.php?action=api&apiaction=direct_messages&method=$1 [L,QSA] +RewriteRule ^api/friendships/create/(.*)$ index.php?action=api&apiaction=friendships&method=create&argument=$1 [L,QSA] +RewriteRule ^api/friendships/destroy/(.*)$ index.php?action=api&apiaction=friendships&method=destroy&argument=$1 [L,QSA] +RewriteRule ^api/friendships/exists(.*)$ index.php?action=api&apiaction=friendships&method=exists$1 [L,QSA] +RewriteRule ^api/account/verify_credentials(.*)$ index.php?action=api&apiaction=account&method=verify_credentials$1 [L,QSA] +RewriteRule ^api/account/end_session$ index.php?action=api&apiaction=account&method=end_session$1 [L,QSA] +RewriteRule ^api/account/update_location(.*)$ index.php?action=api&apiaction=account&method=update_location$1 [L,QSA] +RewriteRule ^api/account/update_delivery_device(.*)$ index.php?action=api&apiaction=account&method=update_delivery_device$1 [L,QSA] +RewriteRule ^api/account/rate_limit_status(.*)$ index.php?action=api&apiaction=account&method=rate_limit_status$1 [L,QSA] +RewriteRule ^api/favorites(.*)$ index.php?action=api&apiaction=favorites&method=index$1 [L,QSA] +RewriteRule ^api/favorites/create/(.*)$ index.php?action=api&apiaction=favorites&method=create&argument=$1 [L,QSA] +RewriteRule ^api/favorites/destroy/(.*)$ index.php?action=api&apiaction=favorites&method=destroy&argument=$1 [L,QSA] +RewriteRule ^api/notifications/follow/(.*)$ index.php?action=api&apiaction=notifications&method=follow&argument=$1 [L,QSA] +RewriteRule ^api/notifications/leave/(.*)$ index.php?action=api&apiaction=notifications&method=leave&argument=$1 [L,QSA] +RewriteRule ^api/blocks/create/(.*)$ index.php?action=api&apiaction=blocks&method=create&argument=$1 [L,QSA] +RewriteRule ^api/blocks/destroy/(.*)$ index.php?action=api&apiaction=blocks&method=destroy&argument=$1 [L,QSA] +RewriteRule ^api/help/(.*)$ index.php?action=api&apiaction=help&method=$1 [L,QSA] |