diff options
Diffstat (limited to 'actions/api.php')
-rw-r--r-- | actions/api.php | 53 |
1 files changed, 30 insertions, 23 deletions
diff --git a/actions/api.php b/actions/api.php index ea4553543..4cdda5ff6 100644 --- a/actions/api.php +++ b/actions/api.php @@ -10,11 +10,11 @@ * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. + * along with this program. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('LACONICA')) { exit(1); } @@ -40,7 +40,7 @@ class ApiAction extends Action { $this->api_method = $method; $this->content_type = strtolower($cmdext[1]); } else { - + # Requested format / content-type will be an extension on the method $cmdext = explode('.', $method); $this->api_method = $cmdext[0]; @@ -72,13 +72,13 @@ class ApiAction extends Action { # Caller might give us a username even if not required if (isset($_SERVER['PHP_AUTH_USER'])) { - $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); + $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); if ($user) { $this->user = $user; } # Twitter doesn't throw an error if the user isn't found } - + $this->process_command(); } } @@ -109,7 +109,7 @@ class ApiAction extends Action { # Whitelist of API methods that don't need authentication function requires_auth() { - static $noauth = array( 'statuses/public_timeline', + static $noauth = array( 'statuses/public_timeline', 'statuses/show', 'users/show', 'help/test', @@ -138,10 +138,10 @@ class ApiAction extends Action { } } - function show_basic_auth_error() { - header('HTTP/1.1 401 Unauthorized'); - $msg = 'Could not authenticate you.'; - + function show_basic_auth_error() { + header('HTTP/1.1 401 Unauthorized'); + $msg = 'Could not authenticate you.'; + if ($this->content_type == 'xml') { header('Content-Type: application/xml; charset=utf-8'); common_start_xml(); @@ -151,7 +151,7 @@ class ApiAction extends Action { common_element_end('hash'); common_end_xml(); } else if ($this->content_type == 'json') { - header('Content-Type: application/json; charset=utf-8'); + header('Content-Type: application/json; charset=utf-8'); $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); print(json_encode($error_array)); } else { @@ -165,20 +165,27 @@ class ApiAction extends Action { $apiaction = $_REQUEST['apiaction']; $method = $_REQUEST['method']; list($cmdtext, $fmt) = explode('.', $method); - - # FIXME: probably need a table here, instead of this switch - - switch ($apiaction) { - case 'statuses': - switch ($cmdtext) { - case 'update': - case 'destroy': - return false; - default: + + static $write_methods = array( + 'account' => array('update_location', 'update_delivery_device', 'end_session'), + 'blocks' => array('create', 'destroy'), + 'direct_messages' => array('create', 'destroy'), + 'favorites' => array('create', 'destroy'), + 'friendships' => array('create', 'destroy'), + 'help' => array(), + 'notifications' => array('follow', 'leave'), + 'statuses' => array('update', 'destroy'), + 'users' => array() + ); + + if (array_key_exists($apiaction, $write_methods)) { + common_debug("checking method"); + if (!in_array($cmdtext, $write_methods[$apiaction])) { return true; } - default: - return false; } + + return false; } + } |