public static function invalidateGadgetCache(GadgetContext $context)
{
$request = new RemoteContentRequest($context->getUrl());
$cache = Cache::createCache(Shindig_Config::get('data_cache'), 'RemoteContent');
$cacheData = $cache->get($request->toHash());
if ($cacheData) {
$uris = array();
$xml = $cacheData->getResponseContent();
$parserClass = Shindig_Config::get('gadget_spec_parser');
$parser = new $parserClass();
$gadgetSpec = $parser->parse($xml, $context);
if ($gadgetSpec->locales) {
foreach ($gadgetSpec->locales as $locale) {
if (!empty($locale['messages'])) {
$uris[] = RemoteContentRequest::transformRelativeUrl($locale['messages'], $context->getUrl());
}
}
}
if (is_array($gadgetSpec->preloads)) {
foreach ($gadgetSpec->preloads as $preload) {
if (!empty($preload['href'])) {
$uris[] = RemoteContentRequest::transformRelativeUrl($preload['href'], $context->getUrl());
}
}
}
if (is_array($gadgetSpec->templatesRequireLibraries)) {
foreach ($gadgetSpec->templatesRequireLibraries as $libraryUrl) {
$uris[] = RemoteContentRequest::transformRelativeUrl($locale['messages'], $context->getUrl());
}
}
$uris[] = $request->getUrl();
self::invalidateRemoteContents($uris);
}
}
protected function getInvalidationMark(RemoteContentRequest $request)
{
$token = $request->getToken();
if (!$token) {
return null;
}
$currentInvalidation = '';
if ($token->getOwnerId()) {
$ownerKey = $this->getKey($token->getOwnerId(), $token);
$cached = $this->invalidationEntry->expiredGet($ownerKey);
$ownerStamp = $cached['found'] ? $cached['data'] : false;
}
if ($token->getViewerId()) {
$viewerKey = $this->getKey($token->getViewerId(), $token);
$cached = $this->invalidationEntry->expiredGet($viewerKey);
$viewerStamp = $cached['found'] ? $cached['data'] : false;
}
if (isset($ownerStamp)) {
$currentInvalidation = $currentInvalidation . 'o=' . $ownerStamp . ';';
}
if (isset($viewerStamp)) {
$currentInvalidation = $currentInvalidation . 'v=' . $viewerStamp . ';';
}
return $currentInvalidation;
}
/**
* Retrieves a gadget specification from the Internet, processes its views and
* adds it to the cache.
*/
private function fetchFromWeb($url, $ignoreCache)
{
$remoteContentRequest = new RemoteContentRequest($url);
$remoteContentRequest->getRequest($url, $ignoreCache);
$spec = $this->fetcher->fetchRequest($remoteContentRequest);
$specParser = new GadgetSpecParser();
$context = new ProxyGadgetContext($url);
$gadgetSpec = $specParser->parse($spec->getResponseContent(), $context);
return $gadgetSpec;
}
/**
* Retrieves a gadget specification from the Internet, processes its views and
* adds it to the cache.
*/
private function fetchFromWeb($url, $ignoreCache)
{
$remoteContentRequest = new RemoteContentRequest($url);
$remoteContentRequest->getOptions()->ignoreCache = $ignoreCache;
$remoteContent = new BasicRemoteContent();
$spec = $remoteContent->fetch($remoteContentRequest);
$gadgetSpecParser = new GadgetSpecParser();
$gadgetSpec = $gadgetSpecParser->parse($spec->getResponseContent());
return $gadgetSpec;
}
/**
* Retrieves a gadget specification from the Internet, processes its views and
* adds it to the cache.
*/
private function fetchFromWeb($url, $ignoreCache)
{
$remoteContentRequest = new RemoteContentRequest($url);
$remoteContentRequest->getOptions()->ignoreCache = $ignoreCache;
$remoteContent = new BasicRemoteContent();
$spec = $remoteContent->fetch($remoteContentRequest);
$gadgetSpecParserClass = Config::get('gadget_spec_parser');
$gadgetSpecParser = new $gadgetSpecParserClass();
$gadgetSpec = $gadgetSpecParser->parse($spec->getResponseContent(), $this->context);
return $gadgetSpec;
}
public function getFeatureContent($feature, GadgetContext $context, $isGadgetContext)
{
if (empty($feature)) {
return '';
}
if (!isset($this->features[$feature])) {
throw new GadgetException("Invalid feature: " . htmlentities($feature));
}
$featureName = $feature;
$feature = $this->features[$feature];
$filesContext = $isGadgetContext ? 'gadgetJs' : 'containerJs';
if (!isset($feature[$filesContext])) {
// no javascript specified for this context
return '';
}
$ret = '';
if (Config::get('compress_javascript')) {
$featureCache = Cache::createCache(Config::get('feature_cache'), 'FeatureCache');
if ($featureContent = $featureCache->get(md5('features:' . $featureName . $isGadgetContext))) {
return $featureContent;
}
}
foreach ($feature[$filesContext] as $entry) {
switch ($entry['type']) {
case 'URL':
$request = new RemoteContentRequest($entry['content']);
$request->getOptions()->ignoreCache = $context->getIgnoreCache();
$response = $context->getHttpFetcher()->fetch($request);
if ($response->getHttpCode() == '200') {
$ret .= $response->getResponseContent() . "\n";
}
break;
case 'FILE':
$file = $feature['basePath'] . '/' . $entry['content'];
$ret .= file_get_contents($file) . "\n";
break;
case 'INLINE':
$ret .= $entry['content'] . "\n";
break;
}
}
if (Config::get('compress_javascript')) {
$ret = JsMin::minify($ret);
$featureCache->set(md5('features:' . $featureName . $isGadgetContext), $ret);
}
return $ret;
}
/**
* Basic GET request.
*
* @param uri
*/
public function createRemoteContentRequestWithUri($uri)
{
$this->createRemoteContentRequest("GET", $uri, null, null, RemoteContentRequest::getDefaultOptions());
}
private static function setStrictNoCache(RemoteContentRequest $response)
{
$response->setResponseHeader('Pragma', 'no-cache');
$response->setResponseHeader('Cache-Control', 'no-cache');
}
/**
* Sets the headers and post body for the request if they are specified
*
* @param RemoteContentRequest $request
*/
private function setHeaders(RemoteContentRequest $request)
{
if ($request->hasHeaders()) {
$headers = explode("\n", $request->getHeaders());
$outHeaders = array();
foreach ($headers as $header) {
if (strpos($header, ':')) {
$key = trim(substr($header, 0, strpos($header, ':')));
$key = str_replace(' ', '-', ucwords(str_replace('-', ' ', $key)));
$val = trim(substr($header, strpos($header, ':') + 1));
if (!in_array($key, $this->disallowedHeaders)) {
$outHeaders[] = "{$key}: {$val}";
}
}
}
$outHeaders[] = "User-Agent: " . BasicRemoteContentFetcher::USER_AGENT;
curl_setopt($request->handle, CURLOPT_HTTPHEADER, $outHeaders);
}
$method = $request->getMethod();
if ($request->isPost()) {
curl_setopt($request->handle, CURLOPT_POST, 1);
curl_setopt($request->handle, CURLOPT_POSTFIELDS, $request->getPostBody());
} else {
if ($method == 'DELETE' || $method == 'HEAD' || $method == 'PUT') {
curl_setopt($request->handle, CURLOPT_CUSTOMREQUEST, $method);
if ($method == "PUT") {
curl_setopt($request->handle, CURLOPT_POSTFIELDS, $request->getPostBody());
}
}
}
}
/**
* Parse OAuth WWW-Authenticate header and either add them to an existing
* message or create a new message.
*
* @param msg
* @param resp
* @return the updated message.
*/
private function parseAuthHeader(OAuthRequest $msg = null, RemoteContentRequest $resp)
{
if ($msg == null) {
$msg = OAuthRequest::from_request();
}
$authHeaders = $resp->getResponseHeader("WWW-Authenticate");
if ($authHeaders != null) {
$msg->set_parameters(OAuthUtil::decodeAuthorization($authHeaders));
}
return $msg;
}
private function rewriteContent($gadgetUrl, RemoteContentRequest &$result)
{
try {
// At the moment we're only able to rewrite CSS files, so check the content type and/or the file extension before rewriting
$headers = $result->getResponseHeaders();
$isCss = false;
if (isset($headers['Content-Type']) && strtolower($headers['Content-Type'] == 'text/csss')) {
$isCss = true;
} else {
$ext = substr($_GET['url'], strrpos($_GET['url'], '.') + 1);
$isCss = strtolower($ext) == 'css';
}
if ($isCss) {
$gadget = $this->createGadget($gadgetUrl);
$rewrite = $gadget->gadgetSpec->rewrite;
if (is_array($rewrite)) {
$contentRewriter = new ContentRewriter($this->context, $gadget);
$result->setResponseContent($contentRewriter->rewriteCSS($result->getResponseContent()));
}
}
} catch (Exception $e) {
// ignore, not being able to rewrite anything isn't fatal
}
}
/**
* Builds the outgoing URL by taking the href attribute of the view and appending
* the country, lang, and opensocial query params to it
*
* @param array $view
* @param SecurityToken $token
* @param Gadget $gadget
* @return string the url
*/
private function buildHref($view, $authz, $gadget)
{
$href = RemoteContentRequest::transformRelativeUrl($gadget->substitutions->substituteUri(null, $view['href']), $this->context->getUrl());
if (empty($href)) {
throw new Exception("Invalid empty href in the gadget view");
}
// add the required country and lang param to the URL
$lang = isset($_GET['lang']) ? $_GET['lang'] : 'en';
$country = isset($_GET['country']) ? $_GET['country'] : 'US';
$firstSeperator = strpos($href, '?') === false ? '?' : '&';
$href .= $firstSeperator . 'lang=' . urlencode($lang);
$href .= '&country=' . urlencode($country);
if ($authz != 'none') {
$href .= '&opensocial_proxied_content=1';
}
return $href;
}
private function signRequest(RemoteContentRequest $request)
{
$url = $request->getUrl();
$method = $request->getMethod();
try {
// Parse the request into parameters for OAuth signing, stripping out
// any OAuth or OpenSocial parameters injected by the client
$parsedUri = parse_url($url);
$resource = $url;
$contentType = $request->getHeader('Content-Type');
$signBody = stripos($contentType, 'application/x-www-form-urlencoded') !== false || $contentType == null;
$msgParams = array();
$postParams = array();
if ($request->getPostBody()) {
if ($signBody) {
// on normal application/x-www-form-urlencoded type post's encode and parse the post vars
parse_str($request->getPostBody(), $postParams);
$postParams = $this->sanitize($postParams);
} else {
// on any other content-type of post (application/{json,xml,xml+atom}) use the body signing hash
// see http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html for details
$msgParams['oauth_body_hash'] = base64_encode(sha1($request->getPostBody(), true));
}
}
if ($signBody && isset($postParams)) {
$msgParams = array_merge($msgParams, $postParams);
}
$this->addOpenSocialParams($msgParams, $request->getToken(), $request->getOptions()->ownerSigned, $request->getOptions()->viewerSigned);
$this->addOAuthParams($msgParams, $request->getToken());
$consumer = new OAuthConsumer(NULL, NULL, NULL);
$signatureMethod = new ShindigRsaSha1SignatureMethod($this->privateKeyObject, null);
$req_req = OAuthRequest::from_consumer_and_token($consumer, NULL, $method, $resource, $msgParams);
$req_req->sign_request($signatureMethod, $consumer, NULL);
// Rebuild the query string, including all of the parameters we added.
// We have to be careful not to copy POST parameters into the query.
// If post and query parameters share a name, they end up being removed
// from the query.
$forPost = array();
$postData = false;
if ($method == 'POST' && $signBody) {
foreach ($postParams as $key => $param) {
$forPost[$key] = $param;
if ($postData === false) {
$postData = array();
}
$postData[] = OAuthUtil::urlencode_rfc3986($key) . "=" . OAuthUtil::urlencode_rfc3986($param);
}
if ($postData !== false) {
$postData = implode("&", $postData);
}
}
$newQueryParts = array();
foreach ($req_req->get_parameters() as $key => $param) {
if (!isset($forPost[$key])) {
if (!is_array($param)) {
$newQueryParts[] = urlencode($key) . '=' . urlencode($param);
} else {
foreach ($param as $elem) {
$newQueryParts[] = urlencode($key) . '=' . urlencode($elem);
}
}
}
$newQuery = implode('&', $newQueryParts);
}
// Careful here; the OAuth form encoding scheme is slightly different than
// the normal form encoding scheme, so we have to use the OAuth library
// formEncode method.
$url = $parsedUri['scheme'] . '://' . $parsedUri['host'] . (isset($parsedUri['port']) ? ':' . $parsedUri['port'] : '') . (isset($parsedUri['path']) ? $parsedUri['path'] : '') . '?' . $newQuery;
$request->setUri($url);
if ($signBody) {
$request->setPostBody($postData);
}
} catch (Exception $e) {
throw new GadgetException($e);
}
}
public function fetchRequest(RemoteContentRequest $request)
{
$outHeaders = array();
if ($request->hasHeaders()) {
$headers = explode("\n", $request->getHeaders());
foreach ($headers as $header) {
if (strpos($header, ':')) {
$key = trim(substr($header, 0, strpos($header, ':')));
$val = trim(substr($header, strpos($header, ':') + 1));
if (strcmp($key, "User-Agent") != 0 && strcasecmp($key, "Transfer-Encoding") != 0 && strcasecmp($key, "Cache-Control") != 0 && strcasecmp($key, "Expries") != 0 && strcasecmp($key, "Content-Length") != 0) {
$outHeaders[$key] = $val;
}
}
}
}
$outHeaders['User-Agent'] = "Shindig PHP";
$options = array();
$options['timeout'] = Shindig_Config::get('curl_connection_timeout');
// configure proxy
$proxyUrl = Shindig_Config::get('proxy');
if (!empty($proxyUrl)) {
$options['adapter'] = 'Zend_Http_Client_Adapter_Proxy';
$proxy = parse_url($proxyUrl);
if (isset($proxy['host'])) {
$options['proxy_host'] = $proxy['host'];
}
if (isset($proxy['port'])) {
$options['proxy_port'] = $proxy['port'];
}
if (isset($proxy['user'])) {
$options['proxy_user'] = $proxy['user'];
}
if (isset($proxy['pass'])) {
$options['proxy_pass'] = $proxy['pass'];
}
}
$client = new Zend_Http_Client();
$client->setConfig($options);
$client->setUri($request->getUrl());
$client->setHeaders($outHeaders);
if ($request->getContentType()) {
$client->setHeaders(Zend_Http_Client::CONTENT_TYPE, $request->getContentType());
}
if ($request->isPost()) {
$client->setMethod(Zend_Http_Client::POST);
$client->setRawData($request->getPostBody());
} else {
$client->setMethod(Zend_Http_Client::GET);
}
$response = $client->request();
$request->setHttpCode($response->getStatus());
$request->setContentType($response->getHeader('Content-Type'));
$request->setResponseHeaders($response->getHeaders());
$request->setResponseContent($response->getBody());
$request->setResponseSize(strlen($response->getBody()));
return $request;
}
private function verifySignedRequest(RemoteContentRequest $request)
{
$url = parse_url($request->getUrl());
$query = array();
parse_str($url['query'], $query);
$post = array();
$contentType = $request->getHeader('Content-Type');
if (stripos($contentType, 'application/x-www-form-urlencoded') !== false || $contentType == null) {
parse_str($request->getPostBody(), $post);
} else {
$this->assertEquals(base64_encode(sha1($request->getPostBody(), true)), $query['oauth_body_hash']);
}
$oauthRequest = OAuthRequest::from_request($request->getMethod(), $request->getUrl(), array_merge($query, $post));
$signature_method = new MockSignatureMethod();
$signature_valid = $signature_method->check_signature($oauthRequest, null, null, $query['oauth_signature']);
$this->assertTrue($signature_valid);
}
private function fetchContentDivert($url, $method, $signer)
{
$authz = isset($_GET['authz']) ? $_GET['authz'] : (isset($_POST['authz']) ? $_POST['authz'] : '');
$token = $this->context->extractAndValidateToken($signer);
switch (strtoupper($authz)) {
case 'SIGNED':
$fetcher = $this->signingFetcher->getSigningFetcher(new BasicRemoteContentFetcher(), $token);
return $fetcher->fetch($url, $method);
case 'OAUTH':
$params = new OAuthRequestParams();
$fetcher = $this->signingFetcher->getSigningFetcher(new BasicRemoteContentFetcher(), $token);
$oAuthFetcherFactory = new OAuthFetcherFactory($fetcher);
$this->oauthFetcher = $oAuthFetcherFactory->getOAuthFetcher($fetcher, $token, $params);
$request = new RemoteContentRequest($url);
$request->createRemoteContentRequestWithUri($url);
return $this->oauthFetcher->fetch($request);
case 'NONE':
default:
return $this->fetchContent($url, $method);
}
}
/**
* Returns the cached request, or false if there's no cached copy of this request, ignoreCache = true or if it's invalidated
*
* @param RemoteContentRequest $request
* @return unknown
*/
public function getCachedRequest(RemoteContentRequest $request)
{
$ignoreCache = $request->getOptions()->ignoreCache;
if (!$ignoreCache && ($this->cachePostRequest || !$request->isPost()) && ($cachedRequest = $this->cache->get($request->toHash())) !== false && $this->invalidateService->isValid($cachedRequest)) {
return $cachedRequest;
} else {
return false;
}
}
/**
* Peforms the actual http fetching of the data-pipelining requests, all social requests
* are made to $_SERVER['HTTP_HOST'] (the virtual host name of this server) / (optional) web_prefix / social / rpc, and
* the httpRequest's are made to $_SERVER['HTTP_HOST'] (the virtual host name of this server) / (optional) web_prefix / gadgets / makeRequest
* both request types use the current security token ($_GET['st']) when performing the requests so they happen in the correct context
*
* @param array $requests
* @return array response
*/
private static function performRequests($requests, $context)
{
$jsonRequests = array();
$httpRequests = array();
$decodedResponse = array();
// Using the same gadget security token for all social & http requests so everything happens in the right context
if (!isset($_GET['st'])) {
throw new ExpressionException("No security token set, required for data-pipeling");
}
$securityToken = $_GET['st'];
foreach ($requests as $request) {
switch ($request['type']) {
case 'os:DataRequest':
// Add to the social request batch
$id = $request['key'];
$method = $request['method'];
// remove our internal fields so we can use the remainder as params
unset($request['key']);
unset($request['method']);
unset($request['type']);
if (isset($request['fields'])) {
$request['fields'] = explode(',', $request['fields']);
}
$jsonRequests[] = array('method' => $method, 'id' => $id, 'params' => $request);
break;
case 'os:HttpRequest':
$id = $request['key'];
$url = $request['href'];
$format = isset($request['format']) ? $request['format'] : 'json';
unset($request['key']);
unset($request['type']);
unset($request['href']);
$httpRequests[$url] = array('id' => $id, 'url' => $url, 'format' => $format, 'queryStr' => implode('&', $request));
break;
}
}
if (count($jsonRequests)) {
// perform social api requests
$request = new RemoteContentRequest('http://' . $_SERVER['HTTP_HOST'] . Config::get('web_prefix') . '/rpc?st=' . urlencode($securityToken) . '&format=json', "Content-Type: application/json\n", json_encode($jsonRequests));
$request->setMethod('POST');
$remoteFetcherClass = Config::get('remote_content_fetcher');
$remoteFetcher = new $remoteFetcherClass();
$basicRemoteContent = new BasicRemoteContent($remoteFetcher);
$response = $basicRemoteContent->fetch($request);
$decodedResponse = json_decode($response->getResponseContent(), true);
}
if (count($httpRequests)) {
$requestQueue = array();
foreach ($httpRequests as $request) {
$req = new RemoteContentRequest($_SERVER['HTTP_HOST'] . Config::get('web_prefix') . '/gadgets/makeRequest?url=' . urlencode($request['url']) . '&st=' . urlencode($securityToken) . (!empty($request['queryStr']) ? '&' . $request['queryStr'] : ''));
$req->getOptions()->ignoreCache = $context->getIgnoreCache();
$req->setNotSignedUri($request['url']);
$requestQueue[] = $req;
}
$basicRemoteContent = new BasicRemoteContent();
$resps = $basicRemoteContent->multiFetch($requestQueue);
foreach ($resps as $response) {
//FIXME: this isn't completely correct yet since this picks up the status code and headers
// as they are returned by the makeRequest handler and not the ones from the original request
$url = $response->getNotSignedUrl();
$id = $httpRequests[$url]['id'];
// strip out the UNPARSEABLE_CRUFT (see makeRequestHandler.php) on assigning the body
$resp = json_decode(str_replace("throw 1; < don't be evil' >", '', $response->getResponseContent()), true);
if (is_array($resp)) {
$statusCode = $response->getHttpCode();
$statusCodeMessage = $response->getHttpCodeMsg();
$headers = $response->getHeaders();
if (intval($statusCode) == 200) {
$content = $httpRequests[$url]['format'] == 'json' ? json_decode($resp[$url]['body'], true) : $resp[$url]['body'];
$toAdd = array('result' => array('content' => $content, 'status' => $statusCode, 'headers' => $headers));
} else {
$content = $resp[$url]['body'];
$toAdd = array('error' => array('code' => $statusCode, 'message' => $statusCodeMessage, 'result' => array('content' => $content, 'headers' => $headers)));
}
//$toAdd[$id] = array('id' => $id, 'result' => $httpRequests[$url]['format'] == 'json' ? json_decode($resp[$url]['body'], true) : $resp[$url]['body']);
$decodedResponse[] = array('id' => $id, 'result' => $toAdd);
}
}
}
return $decodedResponse;
}
/**
* Renders a 'proxied content' view, for reference see:
* http://opensocial-resources.googlecode.com/svn/spec/draft/OpenSocial-Data-Pipelining.xml
*
* @param Gadget $gadget
* @param array $view
*/
public function renderGadget(Shindig_Gadget $gadget, $view)
{
$this->setGadget($gadget);
if (Shindig_Config::get('P3P') != '') {
header("P3P: " . Shindig_Config::get('P3P'));
}
/* TODO
* We should really re-add OAuth fetching support some day, uses these view atributes:
* $view['oauthServiceName'], $view['oauthTokenName'], $view['oauthRequestToken'], $view['oauthRequestTokenSecret'];
*/
$authz = $this->getAuthz($view);
$refreshInterval = $this->getRefreshInterval($view);
$href = $this->buildHref($view, $authz);
if (count($view['dataPipelining'])) {
$request = new RemoteContentRequest($href, "Content-type: application/json\n");
$request->setMethod('POST');
$request->getOptions()->ignoreCache = $gadget->gadgetContext->getIgnoreCache();
} else {
// no data-pipelining set, use GET and set cache/refresh interval options
$request = new RemoteContentRequest($href);
$request->setMethod('GET');
$request->setRefreshInterval($refreshInterval);
$request->getOptions()->ignoreCache = $gadget->gadgetContext->getIgnoreCache();
}
$signingFetcherFactory = $gadgetSigner = false;
if ($authz != 'none') {
$gadgetSigner = Shindig_Config::get('security_token_signer');
$gadgetSigner = new $gadgetSigner();
$token = $gadget->gadgetContext->extractAndValidateToken($gadgetSigner);
$request->setToken($token);
$request->setAuthType($authz);
$request->getOptions()->ownerSigned = $this->getSignOwner($view);
$request->getOptions()->viewerSigned = $this->getSignViewer($view);
$signingFetcherFactory = new SigningFetcherFactory(Shindig_Config::get("private_key_file"));
}
$remoteFetcherClass = Shindig_Config::get('remote_content_fetcher');
$remoteFetcher = new $remoteFetcherClass();
$basicRemoteContent = new BasicRemoteContent($remoteFetcher, $signingFetcherFactory, $gadgetSigner);
// Cache POST's as if they were GET's, since we don't want to re-fetch and repost the social data for each view
$basicRemoteContent->setCachePostRequest(true);
if (($response = $basicRemoteContent->getCachedRequest($request)) == false) {
// Don't fetch the data-pipelining social data unless we don't have a cached version of the gadget's content
$dataPipeliningResults = DataPipelining::fetch($view['dataPipelining'], $this->context);
// spec stats that the proxied content data-pipelinging data is *not* available to templates (to avoid duplicate posting
// of the data to the gadget dev's server and once to js space), so we don't assign it to the data context, and just
// post the json encoded results to the remote url.
$request->setPostBody(json_encode($dataPipeliningResults));
$response = $basicRemoteContent->fetch($request);
}
if ($response->getHttpCode() != '200') {
// an error occured fetching the proxied content's gadget content
$content = '<html><body><h1>An error occured fetching the gadget content</h1><p>http error code: ' . $response->getHttpCode() . '</p><p>' . $response->getResponseContent() . '</body></html>';
} else {
// fetched ok, build the response document and output it
$content = $response->getResponseContent();
$content = $this->parseTemplates($content);
$content = $this->rewriteContent($content);
$content = $this->addTemplates($content);
}
echo $content;
}
/**
* Builds a request to retrieve the actual content.
*
* @param GadgetContext $context The rendering context.
* @param MakeRequestOptions $params Options for crafting the request.
* @param SecurityTokenDecoder $signer A signer needed for signed requests.
* @return RemoteContentRequest An initialized request object.
*/
public function buildRequest(GadgetContext $context, MakeRequestOptions $params, SecurityTokenDecoder $signer = null)
{
// Check the protocol requested - curl doesn't really support file://
// requests but the 'error' should be handled properly
$protocolSplit = explode('://', $params->getHref(), 2);
if (count($protocolSplit) < 2) {
throw new Exception("Invalid protocol specified");
}
$protocol = strtoupper($protocolSplit[0]);
if ($protocol != "HTTP" && $protocol != "HTTPS") {
throw new Exception("Invalid protocol specified in url: " . htmlentities($protocol));
}
$method = $params->getHttpMethod();
if ($method == 'POST' || $method == 'PUT') {
// even if postData is an empty string, it will still post
// (since RemoteContentRquest checks if its false)
// so the request to POST is still honored
$request = new RemoteContentRequest($params->getHref(), null, $params->getRequestBody());
} else {
$request = new RemoteContentRequest($params->getHref());
}
if ($signer) {
switch ($params->getAuthz()) {
case 'SIGNED':
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
break;
case 'OAUTH':
$request->setAuthType(RemoteContentRequest::$AUTH_OAUTH);
$request->setOAuthRequestParams($params->getOAuthRequestParameters());
break;
}
$st = $params->getSecurityTokenString();
if ($st === false) {
throw new Exception("A security token is required for signed requests");
}
$token = $context->validateToken($st, $signer);
$request->setToken($token);
}
// Strip invalid request headers. This limits the utility of the
// MakeRequest class a little bit, but ensures that none of the invalid
// headers are present in any request going through this class.
$headers = $params->getRequestHeadersArray();
if ($headers !== false) {
$headers = $this->stripInvalidArrayKeys($headers, MakeRequest::$BAD_REQUEST_HEADERS);
$params->setRequestHeaders($headers);
}
// The request expects headers to be stored as a normal header text blob.
// ex: Content-Type: application/atom+xml
// Accept-Language: en-us
$formattedHeaders = $params->getFormattedRequestHeaders();
if ($formattedHeaders !== false) {
$request->setHeaders($formattedHeaders);
}
return $request;
}
/**
* Tests through SigningFetcher
*/
public function testSigningFetch()
{
$request1 = new RemoteContentRequest('http://test.chabotc.com/signing.html');
$token = BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default');
$request1->setToken($token);
$request1->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request2 = new RemoteContentRequest('http://test.chabotc.com/ok.html');
$this->basicRemoteContent->invalidate($request1);
$this->basicRemoteContent->invalidate($request2);
$requests = array($request1, $request2);
$this->basicRemoteContent->multiFetch($requests);
$content = $request1->getResponseContent();
$this->assertEquals("OK", trim($content));
$content = $request2->getResponseContent();
$this->assertEquals("OK", trim($content));
}
/**
* Appends data from <Preload> elements to make them available to
* gadgets.io.
*
* @param gadget
*/
private function appendPreloads(Gadget $gadget, GadgetContext $context)
{
$resp = array();
$gadgetSigner = Config::get('security_token_signer');
$gadgetSigner = new $gadgetSigner();
$token = '';
try {
$token = $context->extractAndValidateToken($gadgetSigner);
} catch (Exception $e) {
$token = '';
// no token given, safe to ignore
}
$unsignedRequests = $unsignedContexts = array();
$signedRequests = array();
foreach ($gadget->getPreloads() as $preload) {
try {
if (($preload->getAuth() == Auth::$NONE || $token != null) && (count($preload->getViews()) == 0 || in_array($context->getView(), $preload->getViews()))) {
$request = new RemoteContentRequest($preload->getHref());
$request->createRemoteContentRequestWithUri($preload->getHref());
$request->getOptions()->ownerSigned = $preload->isSignOwner();
$request->getOptions()->viewerSigned = $preload->isSignViewer();
switch (strtoupper(trim($preload->getAuth()))) {
case "NONE":
// Unify all unsigned requests to one single multi request
$unsignedRequests[] = $request;
$unsignedContexts[] = $context;
break;
case "SIGNED":
// Unify all signed requests to one single multi request
$signingFetcherFactory = new SigningFetcherFactory(Config::get("private_key_file"));
$fetcher = $signingFetcherFactory->getSigningFetcher(new BasicRemoteContentFetcher(), $token);
$req = $fetcher->signRequest($preload->getHref(), $request->getMethod());
$req->setNotSignedUri($preload->getHref());
$signedRequests[] = $req;
break;
default:
@ob_end_clean();
header("HTTP/1.0 500 Internal Server Error", true);
echo "<html><body><h1>" . "500 - Internal Server Error" . "</h1></body></html>";
die;
}
}
} catch (Exception $e) {
throw new Exception($e);
}
}
if (count($unsignedRequests)) {
try {
$brc = new BasicRemoteContent();
$responses = $brc->multiFetch($unsignedRequests, $unsignedContexts);
foreach ($responses as $response) {
$resp[$response->getUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
} catch (Exception $e) {
throw new Exception($e);
}
}
if (count($signedRequests)) {
try {
$fetcher = $signingFetcherFactory->getSigningFetcher(new BasicRemoteContentFetcher(), $token);
$responses = $fetcher->multiFetchRequest($signedRequests);
foreach ($responses as $response) {
$resp[$response->getNotSignedUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
} catch (Exception $e) {
throw new Exception($e);
}
}
$resp = count($resp) ? json_encode($resp) : "{}";
return "gadgets.io.preloaded_ = " . $resp . ";\n";
}
/**
* Fetches the remote media content and saves it as a temporary file. Returns the meta data of the file.
*/
private function processRemoteContent($uri)
{
$request = new RemoteContentRequest($uri);
$request->createRemoteContentRequestWithUri($uri);
$brc = new BasicRemoteContent();
$response = $brc->fetch($request);
if ($response->getHttpCode() != 200) {
throw new SocialSpiException("Failed to fetch the content from {$uri} code: " . $response->getHttpCode(), ResponseError::$BAD_REQUEST);
}
if (!$this->isValidContentType($response->getContentType())) {
throw new SocialSpiException("The content type " . $response->getContentType() . " fetched from {$uri} is not valid.", ResponseError::$BAD_REQUEST);
}
return $this->writeBinaryContent($response->getResponseContent(), $response->getContentType());
}
/**
* Handles (RSS & Atom) Type.FEED parsing using Zend's feed parser
*
* @param RemoteContentRequest $result
* @param string $url
* @param int $numEntries
* @param boolean $getSummaries
* @return response string, either a json encoded feed structure or an error message
*/
private function parseFeed($result, $url, $numEntries = 3, $getSummaries = false)
{
require 'external/Zend/Feed.php';
$channel = array();
if ((int) $result->getHttpCode() == 200) {
$content = $result->getResponseContent();
try {
$feed = Zend_Feed::importString($content);
if ($feed instanceof Zend_Feed_Rss) {
// Try get author
if ($feed->author()) {
$author = $feed->author();
} else {
if ($feed->creator()) {
$author = $feed->creator();
} else {
$author = null;
}
}
// Loop over each channel item and store relevant data
$counter = 0;
$channel['Entry'] = array();
foreach ($feed as $item) {
if ($counter >= $numEntries) {
break;
}
$_entry = array();
$_entry['Title'] = $item->title();
$_entry['Link'] = $item->link();
if (!is_string($_entry['Link']) && isset($_entry['Link'][1]) && $_entry['Link'][1] instanceof DOMElement) {
$_entry['Link'] = $_entry['Link'][1]->getAttribute('href');
}
if ($getSummaries && $item->description()) {
$_entry['Summary'] = $item->description();
}
$date = 0;
if ($item->date()) {
$date = strtotime($item->date());
} else {
if ($item->pubDate()) {
$date = strtotime($item->pubDate());
}
}
$_entry['Date'] = $date;
$channel['Entry'][] = $_entry;
// Remember author if first found
if (empty($author) && $item->author()) {
$author = $item->author();
} else {
if ($item->creator()) {
$author = $item->creator();
}
}
$counter++;
}
$channel['Title'] = $feed->title();
$channel['URL'] = $url;
$channel['Description'] = $feed->description();
if ($feed->link()) {
if (is_array($feed->link())) {
foreach ($feed->link() as $_link) {
if ($_link->nodeValue) {
$channel['Link'] = $_link->nodeValue;
}
}
} else {
$channel['Link'] = $feed->link();
}
}
if ($author != null) {
$channel['Author'] = $author;
}
} elseif ($feed instanceof Zend_Feed_Atom) {
// Try get author
if ($feed->author()) {
if ($feed->author->name()) {
$author = $feed->author->name();
} else {
if ($feed->author->email()) {
$author = $feed->author->email();
} else {
$author = $feed->author();
}
}
} else {
$author = null;
}
// Loop over each entries and store relevant data
$counter = 0;
$channel['Entry'] = array();
foreach ($feed as $entry) {
if ($counter >= $numEntries) {
break;
}
$_entry = array();
$_entry['Title'] = $entry->title();
// get Link if rel="alternate"
if ($entry->link('alternate')) {
$_entry['Link'] = $entry->link('alternate');
} else {
// if there's no alternate, pick the one without "rel" attribtue
$_links = $entry->link;
if (is_array($_links)) {
foreach ($_links as $_link) {
if (empty($_link['rel'])) {
$_entry['Link'] = $_link['href'];
break;
}
}
} else {
$_entry['Link'] = $_links['href'];
}
}
if ($getSummaries && $entry->summary()) {
$_entry['Summary'] = $entry->summary();
}
$date = 0;
if ($entry->updated()) {
$date = strtotime($entry->updated());
} else {
if ($entry->published()) {
$date = strtotime($entry->published());
}
}
$_entry['Date'] = $date;
$channel['Entry'][] = $_entry;
// Remember author if first found
if (empty($author) && $entry->author()) {
if ($entry->author->name()) {
$author = $entry->author->name();
} else {
if ($entry->author->email()) {
$author = $entry->author->email();
} else {
$author = $entry->author();
}
}
} elseif (empty($author)) {
$author = null;
}
$counter++;
}
$channel['Title'] = $feed->title();
$channel['URL'] = $url;
$channel['Description'] = $feed->subtitle();
// get Link if rel="alternate"
if ($feed->link('alternate')) {
$channel['Link'] = $feed->link('alternate');
} else {
// if there's no alternate, pick the one without "rel" attribtue
$_links = $feed->link;
if (is_array($_links)) {
foreach ($_links as $_link) {
if (empty($_link['rel'])) {
$channel['Link'] = $_link['href'];
break;
}
}
} else {
$channel['Link'] = $_links['href'];
}
}
if (!empty($author)) {
$channel['Author'] = $author;
}
} else {
throw new Exception('Invalid feed type');
}
$resp = json_encode($channel);
} catch (Zend_Feed_Exception $e) {
$resp = 'Error parsing feed: ' . $e->getMessage();
}
} else {
// feed import failed
$resp = "Error fetching feed, response code: " . $result->getHttpCode();
}
return $resp;
}
public function testInvalidateUserResourcesWithEmptyAppId()
{
$token = BasicSecurityToken::createFromValues('owner', 'viewer', null, 'domain', 'appUrl', '1', 'default');
$token->setAuthenticationMode(AuthenticationMode::$OAUTH_CONSUMER_REQUEST);
$request = new RemoteContentRequest('http://url');
$request->setToken($token);
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$this->service->markResponse($request);
$opensocialIds = array('owner');
$this->service->invalidateUserResources($opensocialIds, $token);
$this->assertFalse($this->service->isValid($request));
$this->service->markResponse($request);
$this->assertTrue($this->service->isValid($request));
}
/**
* Fetches the gadget xml for the requested URL using the http fetcher
*
* @param unknown_type $gadgetUrl
* @return string gadget's xml content
*/
protected function fetchGadget($gadgetUrl)
{
$request = new RemoteContentRequest($gadgetUrl);
$request->setToken($this->token);
$request->getOptions()->ignoreCache = $this->context->getIgnoreCache();
$xml = $this->context->getHttpFetcher()->fetch($request);
if ($xml->getHttpCode() != '200') {
throw new GadgetException("Failed to retrieve gadget content (recieved http code " . $xml->getHttpCode() . ")");
}
return $xml->getResponseContent();
}
/**
* POST request with headers
* @param uri
* @param headers
* @param postBody
*/
public function createRemoteContentRequestWithUriHeadersPostBody($uri, $headers, $postBody)
{
$this->createRemoteContentRequest("POST", $uri, $headers, $postBody, RemoteContentRequest::getDefaultOptions());
}
