Ejemplo n.º 1
0
 /**
  * {@inheritdoc}
  */
 public function connect(Application $app)
 {
     $controllers = $app['controllers_factory'];
     $controllers->get('/login', function (Application $app, Request $request) {
         $username = $request->get('username');
         $password = $request->get('password');
         if (!strlen(trim($username)) || !strlen(trim($password))) {
             return H::apiError('Username and password are two required fields.');
         }
         @(list($auth, $apisecret) = $app['lamest']->verifyUserCredentials($username, $password));
         if (!isset($auth)) {
             return H::apiError('No match for the specified username / password pair.');
         }
         return H::apiOK(array('auth' => $auth, 'apisecret' => $apisecret));
     });
     $controllers->post('/logout', function (Application $app, Request $request) {
         if (!H::isRequestValid($app['user'], $request->get('apisecret'), $error)) {
             return $error;
         }
         $app['lamest']->updateAuthToken($app['user']['id']);
         return H::apiOK();
     });
     $controllers->post('/create_account', function (Application $app, Request $request) {
         $engine = $app['lamest'];
         $username = $request->get('username');
         $password = $request->get('password');
         if (!strlen(trim($username)) || !strlen(trim($password))) {
             return H::apiError('Username and password are two required fields.');
         }
         if ($engine->rateLimited(3600 * 15, array('create_user', $request->getClientIp()))) {
             return H::apiError('Please wait some time before creating a new user.');
         }
         if (strlen($password) < ($minPwdLen = $engine->getOption('password_min_length'))) {
             return H::apiError("Password is too short. Min length: {$minPwdLen}");
         }
         $authToken = $engine->createUser($username, $password);
         if (!$authToken) {
             return H::apiError('Username is busy. Please select a different one.');
         }
         return H::apiOK(array('auth' => $authToken));
     });
     $controllers->post('/submit', function (Application $app, Request $request) {
         if (!H::isRequestValid($app['user'], $request->get('apisecret'), $error)) {
             return $error;
         }
         $engine = $app['lamest'];
         $newsID = $request->get('news_id');
         $title = $request->get('title');
         $url = $request->get('url');
         $text = $request->get('text');
         // We can have an empty url or an empty first comment, but not both.
         if (empty($newsID) || empty($title) || !strlen(trim($url)) && !strlen(trim($text))) {
             return H::apiError('Please specify a news title and address or text.');
         }
         // Make sure the news has an accepted URI scheme (only http or https for now).
         if (!empty($url)) {
             $scheme = parse_url($url, PHP_URL_SCHEME);
             if ($scheme !== 'http' && $scheme !== 'https') {
                 return H::apiError('We only accept http:// and https:// news.');
             }
         }
         if ($newsID == -1) {
             if (($eta = $engine->getNewPostEta($app['user'])) > 0) {
                 return H::apiError("You have submitted a story too recently, please wait {$eta} seconds.");
             }
             $newsID = $engine->insertNews($title, $url, $text, $app['user']['id']);
         } else {
             $newsID = $engine->editNews($app['user'], $newsID, $title, $url, $text);
             if (!$newsID) {
                 return H::apiError('Invalid parameters, news too old to be modified or URL recently posted.');
             }
         }
         return H::apiOK(array('news_id' => $newsID));
     });
     $controllers->post('/delnews', function (Application $app, Request $request) {
         if (!H::isRequestValid($app['user'], $request->get('apisecret'), $error)) {
             return $error;
         }
         $newsID = $request->get('news_id');
         if (empty($newsID)) {
             return H::apiError('Please specify a news title.');
         }
         if (!$app['lamest']->deleteNews($app['user'], $newsID)) {
             return H::apiError('News too old or wrong ID/owner.');
         }
         return H::apiOK(array('news_id' => -1));
     });
     $controllers->post('/votenews', function (Application $app, Request $request) {
         if (!H::isRequestValid($app['user'], $request->get('apisecret'), $error)) {
             return $error;
         }
         $newsID = $request->get('news_id');
         $voteType = $request->get('vote_type');
         if (empty($newsID) || $voteType !== 'up' && $voteType !== 'down') {
             return H::apiError('Missing news ID or invalid vote type.');
         }
         if ($app['lamest']->voteNews($newsID, $app['user'], $voteType, $error) === false) {
             return H::apiError($error);
         }
         return H::apiOK();
     });
     $controllers->post('/postcomment', function (Application $app, Request $request) {
         if (!H::isRequestValid($app['user'], $request->get('apisecret'), $error)) {
             return $error;
         }
         $newsID = $request->get('news_id');
         $commentID = $request->get('comment_id');
         $parentID = $request->get('parent_id');
         $comment = $request->get('comment');
         if (empty($newsID) || empty($commentID) || empty($parentID) || !isset($comment)) {
             return H::apiError('Missing news_id, comment_id, parent_id, or comment parameter.');
         }
         $info = $app['lamest']->handleComment($app['user'], $newsID, $commentID, $parentID, $comment);
         if (!$info) {
             return H::apiError('Invalid news, comment, or edit time expired.');
         }
         return H::apiOK(array('op' => $info['op'], 'comment_id' => $info['comment_id'], 'parent_id' => $parentID, 'news_id' => $newsID));
     });
     $controllers->post('/votecomment', function (Application $app, Request $request) {
         if (!H::isRequestValid($app['user'], $request->get('apisecret'), $error)) {
             return $error;
         }
         $compositeID = $request->get('comment_id');
         $voteType = $request->get('vote_type');
         if (!preg_match('/^\\d+-\\d+$/', $compositeID) || $voteType !== 'up' && $voteType !== 'down') {
             return H::apiError('Missing or invalid comment ID or invalid vote type.');
         }
         list($newsID, $commentID) = explode('-', $compositeID);
         if (!$app['lamest']->voteComment($app['user'], $newsID, $commentID, $voteType)) {
             return H::apiError('Invalid parameters or duplicated vote.');
         }
         return H::apiOK(array('comment_id' => $compositeID));
     });
     $controllers->post('/updateprofile', function (Application $app, Request $request) {
         if (!H::isRequestValid($app['user'], $request->get('apisecret'), $error)) {
             return $error;
         }
         $about = $request->get('about');
         $email = $request->get('email');
         $password = $request->get('password');
         $attributes = array('about' => $about, 'email' => $email);
         if (($pwdLen = strlen($password)) > 0) {
             if ($pwdLen < ($minPwdLen = $app['lamest']->getOption('password_min_length'))) {
                 return H::apiError("Password is too short. Min length: {$minPwdLen}");
             }
             $attributes['password'] = H::pbkdf2($password, $app['user']['salt']);
         }
         $app['lamest']->updateUserProfile($app['user'], $attributes);
         return H::apiOK();
     });
     $controllers->get('/getnews/{sort}/{start}/{count}', function (Application $app, $sort, $start, $count) {
         $engine = $app['lamest'];
         if ($sort !== 'latest' && $sort !== 'top') {
             return H::apiError('Invalid sort parameter');
         }
         if ($count > $engine->getOption('api_max_news_count')) {
             return H::apiError('Count is too big');
         }
         if ($start < 0) {
             $start = 0;
         }
         $newslist = $engine->{"get{$sort}News"}($app['user'], $start, $count);
         foreach ($newslist['news'] as &$news) {
             unset($news['rank'], $news['score'], $news['user_id']);
         }
         return H::apiOK(array('news' => $newslist['news'], 'count' => $newslist['count']));
     });
     $controllers->get('/getcomments/{newsID}', function (Application $app, $newsID) {
         $engine = $app['lamest'];
         $user = $app['user'];
         @(list($news) = $engine->getNewsByID($user, $newsID));
         if (!$news) {
             return H::apiError('Wrong news ID.');
         }
         $topcomments = array();
         $thread = $engine->getNewsComments($user, $news);
         foreach ($thread as $parentID => &$replies) {
             if ($parentID == -1) {
                 $topcomments =& $replies;
             }
             foreach ($replies as &$reply) {
                 $poster = $engine->getUserByID($reply['user_id']) ?: H::getDeletedUser();
                 $reply['username'] = $poster['username'];
                 if (isset($thread[$reply['id']])) {
                     $reply['replies'] =& $thread[$reply['id']];
                 } else {
                     $reply['replies'] = array();
                 }
                 if (!H::commentVoted($user, $reply)) {
                     unset($reply['voted']);
                 }
                 if (isset($reply['up'])) {
                     $reply['up'] = count($reply['up']);
                 }
                 if (isset($reply['down'])) {
                     $reply['down'] = count($reply['down']);
                 }
                 unset($reply['user'], $reply['id'], $reply['thread_id'], $reply['score'], $reply['parent_id'], $reply['user_id']);
             }
         }
         return H::apiOK(array('comments' => $topcomments));
     });
     return $controllers;
 }
Ejemplo n.º 2
0
 /**
  * {@inheritdoc}
  */
 public function connect(Application $app)
 {
     $controllers = $app['controllers_factory'];
     $controllers->get('/', function (Application $app) {
         $newslist = $app['lamest']->getTopNews($app['user']);
         return $app['twig']->render('newslist.html.twig', array('title' => 'Top news', 'head_title' => 'Top news', 'newslist' => $newslist['news']));
     });
     $controllers->get('/rss', function (Application $app, Request $request) {
         $newslist = $app['lamest']->getLatestNews($app['user']);
         $rss = $app['twig']->render('newslist.rss.twig', array('site_name' => 'Lamer News', 'description' => 'Latest news', 'newslist' => $newslist['news']));
         return new Response($rss, 200, array('Content-Type' => 'text/xml'));
     });
     $controllers->get('/latest/{start}', function (Application $app, $start) {
         $engine = $app['lamest'];
         $perpage = $engine->getOption('latest_news_per_page');
         $newslist = $engine->getLatestNews($app['user'], $start, $perpage);
         return $app['twig']->render('newslist.html.twig', array('title' => 'Latest news', 'newslist' => $newslist['news'], 'pagination' => array('start' => $start, 'count' => $newslist['count'], 'perpage' => $perpage, 'linkbase' => 'latest')));
     })->value('start', 0);
     $controllers->get('/saved/{start}', function (Application $app, $start) {
         if (!$app['user']) {
             return $app->redirect('/login');
         }
         $engine = $app['lamest'];
         $perpage = $engine->getOption('latest_news_per_page');
         $newslist = $engine->getSavedNews($app['user'], $start);
         return $app['twig']->render('newslist.html.twig', array('title' => 'Saved news', 'head_title' => 'Your saved news', 'newslist' => $newslist['news'], 'pagination' => array('start' => $start, 'count' => $newslist['count'], 'perpage' => $perpage, 'linkbase' => 'saved')));
     })->value('start', 0);
     $controllers->get('/usercomments/{username}/{start}', function (Application $app, $username, $start) {
         $user = $app['lamest']->getUserByUsername($username);
         if (!$user) {
             return $app->abort(404, 'Non existing user');
         }
         $perpage = $app['lamest']->getOption('user_comments_per_page');
         $comments = $app['lamest']->getUserComments($user, $start ?: 0, $perpage);
         return $app['twig']->render('user_comments.html.twig', array('title' => "{$username} comments", 'comments' => $comments['list'], 'username' => $username, 'pagination' => array('start' => $start, 'count' => $comments['total'], 'perpage' => $perpage)));
     })->value('start', 0);
     $controllers->get('/login', function (Application $app) {
         return $app['twig']->render('login.html.twig', array('title' => 'Login'));
     });
     $controllers->get('/logout', function (Application $app, Request $request) {
         $apisecret = $request->get('apisecret');
         if (isset($app['user']) && H::verifyApiSecret($app['user'], $apisecret)) {
             $app['lamest']->updateAuthToken($app['user']['id']);
         }
         return $app->redirect('/');
     });
     $controllers->get('/submit', function (Application $app, Request $request) {
         if (!$app['user']) {
             return $app->redirect('/login');
         }
         return $app['twig']->render('submit_news.html.twig', array('title' => 'Submit a new story', 'bm_url' => $request->get('u'), 'bm_title' => $request->get('t')));
     });
     $controllers->get('/news/{newsID}', function (Application $app, $newsID) {
         $engine = $app['lamest'];
         @(list($news) = $engine->getNewsByID($app['user'], $newsID));
         if (!$news) {
             return $app->abort(404, 'This news does not exist.');
         }
         return $app['twig']->render('news.html.twig', array('title' => $news['title'], 'news' => $news, 'user' => $engine->getUserByID($news['user_id']), 'comments' => $engine->getNewsComments($app['user'], $news)));
     });
     $controllers->get('/comment/{newsID}/{commentID}', function (Application $app, $newsID, $commentID) {
         $engine = $app['lamest'];
         if (!($news = $engine->getNewsByID($app['user'], $newsID))) {
             return $app->abort(404, 'This news does not exist.');
         }
         if (!($comment = $engine->getComment($newsID, $commentID))) {
             return $app->abort(404, 'This comment does not exist.');
         }
         if (!($user = $engine->getUserByID($comment['user_id']))) {
             $user = H::getDeletedUser();
         }
         list($news) = $news;
         return $app['twig']->render('permalink_to_comment.html.twig', array('title' => $news['title'], 'news' => $news, 'comment' => array_merge($comment, array('id' => $commentID, 'user' => $user, 'voted' => H::commentVoted($app['user'], $comment))), 'comments' => $engine->getNewsComments($app['user'], $news)));
     });
     $controllers->get('/reply/{newsID}/{commentID}', function (Application $app, $newsID, $commentID) {
         $engine = $app['lamest'];
         if (!$app['user']) {
             return $app->redirect('/login');
         }
         if (!($news = $engine->getNewsByID($app['user'], $newsID))) {
             return $app->abort(404, 'This news does not exist.');
         }
         if (!($comment = $engine->getComment($newsID, $commentID))) {
             return $app->abort(404, 'This comment does not exist.');
         }
         if (!($user = $engine->getUserByID($comment['user_id']))) {
             $user = H::getDeletedUser();
         }
         list($news) = $news;
         return $app['twig']->render('reply_to_comment.html.twig', array('title' => 'Reply to comment', 'news' => $news, 'comment' => array_merge($comment, array('id' => $commentID, 'user' => $user, 'voted' => H::commentVoted($app['user'], $comment)))));
     });
     $controllers->get('/replies', function (Application $app) {
         $engine = $app['lamest'];
         if (!$app['user']) {
             return $app->redirect('/login');
         }
         $perpage = $engine->getOption('subthreads_in_replies_page') - 1;
         $comments = $engine->getReplies($app['user'], $perpage, true);
         return $app['twig']->render('user_replies.html.twig', array('title' => 'Your threads', 'comments' => $comments));
     });
     $controllers->get('/editcomment/{newsID}/{commentID}', function (Application $app, $newsID, $commentID) {
         $engine = $app['lamest'];
         if (!$app['user']) {
             return $app->redirect('/login');
         }
         if (!($news = $engine->getNewsByID($app['user'], $newsID))) {
             return $app->abort(404, 'This news does not exist.');
         }
         if (!($comment = $engine->getComment($newsID, $commentID))) {
             return $app->abort(404, 'This comment does not exist.');
         }
         $user = $engine->getUserByID($comment['user_id']);
         if (!$user || $app['user']['id'] != $user['id']) {
             return $app->abort(500, 'Permission denied.');
         }
         list($news) = $news;
         return $app['twig']->render('edit_comment.html.twig', array('title' => 'Edit comment', 'news' => $news, 'comment' => array_merge($comment, array('id' => $commentID, 'user' => $user, 'voted' => H::commentVoted($app['user'], $comment)))));
     });
     $controllers->get('/editnews/{newsID}', function (Application $app, $newsID) {
         $engine = $app['lamest'];
         if (!$app['user']) {
             return $app->redirect('/login');
         }
         if (!($news = $engine->getNewsByID($app['user'], $newsID))) {
             return $app->abort(404, 'This news does not exist.');
         }
         list($news) = $news;
         $user = $engine->getUserByID($news['user_id']);
         if (!$user || $app['user']['id'] != $user['id']) {
             return $app->abort(500, 'Permission denied.');
         }
         $text = '';
         if (!H::getNewsDomain($news)) {
             $text = H::getNewsText($news);
             $news['url'] = '';
         }
         return $app['twig']->render('edit_news.html.twig', array('title' => 'Edit news', 'news' => $news, 'text' => $text));
     });
     $controllers->get('/user/{username}', function (Application $app, $username) {
         $engine = $app['lamest'];
         $user = $engine->getUserByUsername($username);
         if (!$user) {
             return $app->abort(404, 'Non existing user');
         }
         return $app['twig']->render('userprofile.html.twig', array('title' => $username, 'user' => $user, 'user_counters' => $engine->getUserCounters($user)));
     });
     return $controllers;
 }
Ejemplo n.º 3
0
 /**
  * {@inheritdoc}
  */
 public function voteComment(array $user, $newsID, $commentID, $type)
 {
     if ($type !== 'up' && $type !== 'down') {
         return false;
     }
     $comment = $this->getComment($newsID, $commentID);
     if (!$comment) {
         return false;
     }
     if (H::commentVoted($user, $comment)) {
         return false;
     }
     $votes[] = (int) $user['id'];
     return $this->editComment($newsID, $commentID, array($type => $votes));
 }
Ejemplo n.º 4
0
 /**
  * Verifies if the request for the user is valid.
  *
  * @param array $user User details.
  * @param string $apisecret API secret token.
  * @param string $response Error message on invalid requests.
  * @return boolean
  */
 public static function isRequestValid(array $user, $apisecret, &$response)
 {
     if (!$user) {
         $response = Helpers::apiError('Not authenticated.');
         return false;
     }
     if (!Helpers::verifyApiSecret($user, $apisecret)) {
         $response = Helpers::apiError('Wrong form secret.');
         return false;
     }
     return true;
 }