public function invalidateApplicationResources(array $uris, SecurityToken $token)
{
foreach ($uris as $uri) {
$request = new RemoteContentRequest($uri);
$this->cache->invalidate($request->toHash());
// GET
$request = new RemoteContentRequest($uri);
$request->createRemoteContentRequestWithUri($uri);
$this->cache->invalidate($request->toHash());
// GET & SIGNED
$request = new RemoteContentRequest($uri);
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request->setNotSignedUri($uri);
$this->cache->invalidate($request->toHash());
}
if (Doctrine::getTable('SnsConfig')->get('is_use_outer_shindig', false) && Doctrine::getTable('SnsConfig')->get('is_relay_invalidation_notice', true)) {
require_once 'OAuth.php';
$shindigUrl = Doctrine::getTable('SnsConfig')->get('shindig_url');
if (substr($shindigUrl, -1) !== '/') {
$shindigUrl .= '/';
}
$invalidateUrl = $shindigUrl . 'gadgets/api/rest/cache';
$key = Doctrine::getTable('SnsConfig')->get('shindig_backend_key');
$secret = Doctrine::getTable('SnsConfig')->get('shindig_backend_secret');
$consumer = new OAuthConsumer($key, $secret);
$oauthRequest = OAuthRequest::from_consumer_and_token($consumer, null, 'POST', $invalidateUrl);
$oauthRequest->set_parameter('xoauth_requestor_id', 1);
$oauthRequest->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, null);
$request = new RemoteContentRequest($invalidateUrl . '?xoauth_requestor_id=1');
$request->setMethod('POST');
$request->setContentType('application/json');
$request->setPostBody(json_encode(array('invalidationKeys' => $uris)));
$request->setHeaders($oauthRequest->to_header());
$request->getOptions()->ignoreCache = true;
$remoteContent = Shindig_Config::get('remote_content');
$fetcher = new $remoteContent();
$fetcher->fetch($request);
}
}
/**
* Builds a request to retrieve the actual content.
*
* @param GadgetContext $context The rendering context.
* @param MakeRequestOptions $params Options for crafting the request.
* @param SecurityTokenDecoder $signer A signer needed for signed requests.
* @return RemoteContentRequest An initialized request object.
*/
public function buildRequest(GadgetContext $context, MakeRequestOptions $params, SecurityTokenDecoder $signer = null)
{
// Check the protocol requested - curl doesn't really support file://
// requests but the 'error' should be handled properly
$protocolSplit = explode('://', $params->getHref(), 2);
if (count($protocolSplit) < 2) {
throw new Exception("Invalid protocol specified");
}
$protocol = strtoupper($protocolSplit[0]);
if ($protocol != "HTTP" && $protocol != "HTTPS") {
throw new Exception("Invalid protocol specified in url: " . htmlentities($protocol));
}
$method = $params->getHttpMethod();
if ($method == 'POST' || $method == 'PUT') {
// even if postData is an empty string, it will still post
// (since RemoteContentRquest checks if its false)
// so the request to POST is still honored
$request = new RemoteContentRequest($params->getHref(), null, $params->getRequestBody());
} else {
if ($method == 'DELETE' || $method == 'GET' || $method == 'HEAD') {
$request = new RemoteContentRequest($params->getHref());
} else {
throw new Exception("Invalid HTTP method.");
}
}
$request->setMethod($method);
if ($signer) {
switch ($params->getAuthz()) {
case 'SIGNED':
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
break;
case 'OAUTH':
$request->setAuthType(RemoteContentRequest::$AUTH_OAUTH);
$request->setOAuthRequestParams($params->getOAuthRequestParameters());
break;
}
$st = $params->getSecurityTokenString();
if ($st === false) {
throw new Exception("A security token is required for signed requests");
}
$token = $context->validateToken($st, $signer);
$request->setToken($token);
}
// Strip invalid request headers. This limits the utility of the
// MakeRequest class a little bit, but ensures that none of the invalid
// headers are present in any request going through this class.
$headers = $params->getRequestHeadersArray();
if ($headers !== false) {
$headers = $this->stripInvalidArrayKeys($headers, MakeRequest::$BAD_REQUEST_HEADERS);
$params->setRequestHeaders($headers);
}
// The request expects headers to be stored as a normal header text blob.
// ex: Content-Type: application/atom+xml
// Accept-Language: en-us
$formattedHeaders = $params->getFormattedRequestHeaders();
if ($formattedHeaders !== false) {
$request->setHeaders($formattedHeaders);
}
return $request;
}
/**
* Tests SigningFetcher->fetchRequest
*/
public function testFetchRequestForBodyHash()
{
$request = new RemoteContentRequest('http://example.org/signed');
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default'));
$request->setPostBody('Hello World!');
$request->setHeaders('Content-Type: text/plain');
$this->signingFetcher->fetchRequest($request);
$this->verifySignedRequest($request);
$url = parse_url($request->getUrl());
$query = array();
parse_str($url['query'], $query);
// test example 'Hello World!' and 'Lve95gjOVATpfV8EL5X4nxwjKHE=' are from
// OAuth Request Body Hash 1.0 Draft 4 Example
$this->assertEquals('Lve95gjOVATpfV8EL5X4nxwjKHE=', $query['oauth_body_hash']);
}
