function api_dispatch($method) { if (!$GLOBALS['cfg']['enable_feature_api']) { api_output_error(999, 'API disabled'); } $method = filter_strict($method); $enc_method = htmlspecialchars($method); $methods = $GLOBALS['cfg']['api']['methods']; if (!$method || !isset($methods[$method])) { api_output_error(404, "Method '{$enc_method}' not found"); } $method_row = $methods[$method]; if (!$method_row['enabled']) { api_output_error(404, "Method '{$enc_method}' not found"); } $method_row['name'] = $method; # TO DO: check API keys here # TO DO: actually check auth here (whatever that means...) if ($method_row['requires_auth']) { api_auth_ensure_auth($method_row); } if ($method_row['requires_crumb']) { api_auth_ensure_crumb($method_row); } loadlib($method_row['library']); $parts = explode(".", $method); $method = array_pop($parts); $func = "{$method_row['library']}_{$method}"; call_user_func($func); exit; }
function api_dots_dotsForUser() { // these keys not important $skipKeys = array("details", "details_json", "index_on", "details_listview", "type_of_co"); $u = request_str('user'); $owner = users_get_by_id($u); $output = array(); if ($owner) { $dots = dots_get_dots_for_user($owner); // please say there is a better way if ($dots) { foreach ($dots as &$row) { $a = array(); foreach ($row as $k => $v) { if (!in_array($k, $skipKeys)) { $a[$k] = $v; } } $output[] = $a; } } } if (count($output)) { api_output_ok($output); } else { api_output_error(); } }
function api_keys_ensure_valid_key($key_row) { $rsp = api_keys_utils_is_valid_key($key_row); if (!$rsp['ok']) { api_output_error($rsp['error_code'], $rsp['error']); } return 1; }
function api_utils_ensure_upload($param, $more = array()) { $rsp = api_utils_get_upload($param, $more); if (!$rsp['ok']) { api_output_error(400, $rsp['error']); } return $rsp; }
function api_utils_flickr_ensure_token_perms(&$user, $str_perms) { $perms_map = flickr_api_authtoken_perms_map(); $flickr_user = flickr_users_get_by_user_id($user['id']); if ($perms_map[$flickr_user['token_perms']] != $str_perms) { api_output_error(999, "Insufficient Flickr API permissions"); } return $flickr_user; }
function api_dispatch() { # # Output formats # $format = request_str('format'); if ($format = request_str('format')) { if (in_array($format, $GLOBALS['cfg']['api']['formats']['valid'])) { $GLOBALS['cfg']['api']['formats']['current'] = $format; } else { $format = null; } } if (!$format) { $GLOBALS['cfg']['api']['formats']['current'] = $GLOBALS['cfg']['api']['formats']['default']; } # # Can I get a witness? # if (!$GLOBALS['cfg']['enable_feature_api']) { api_output_error(999, 'The API is currently disabled'); } # # Is this a valid method? # $method = request_str('method'); if (!$method) { api_output_error(404, 'Method not found'); } if (!isset($GLOBALS['cfg']['api']['methods'][$method])) { api_output_error(404, 'Method not found'); } $method_row = $GLOBALS['cfg']['api']['methods'][$method]; if (!$method_row['enabled']) { api_output_error(404, 'Method not found'); } $lib = $method_row['library']; loadlib($lib); $method = explode(".", $method); $function = $lib . "_" . array_pop($method); if (!function_exists($function)) { api_output_error(404, 'Method not found'); } # # Auth-y bits # if ($method_row['required_login']) { # Please, to write me... } # # Go! # call_user_func($function); exit; }
function api_privatesquare_venues_checkin() { $venue_id = post_str("venue_id"); $status_id = post_int32("status_id"); if (!$venue_id) { api_output_error(999, "Missing venue ID"); } if (!isset($status_id)) { api_output_error(999, "Missing status ID"); } $fsq_user = foursquare_users_get_by_user_id($GLOBALS['cfg']['user']['id']); $checkin = array('user_id' => $GLOBALS['cfg']['user']['id'], 'venue_id' => $venue_id, 'status_id' => $status_id); # where am I? $venue = foursquare_venues_get_by_venue_id($venue_id); if (!$venue) { $rsp = foursquare_venues_archive_venue($venue_id); if ($rsp['ok']) { $venue = $rsp['venue']; } } if ($venue) { $checkin['locality'] = $venue['locality']; $checkin['latitude'] = $venue['latitude']; $checkin['longitude'] = $venue['longitude']; } # check to see if we're checking in to 4sq too if ($broadcast = post_str("broadcast")) { $method = 'checkins/add'; $args = array('oauth_token' => $fsq_user['oauth_token'], 'venueId' => $venue_id, 'broadcast' => $broadcast); $more = array('method' => 'POST'); $rsp = foursquare_api_call($method, $args, $more); if ($rsp['ok']) { $checkin['checkin_id'] = $rsp['rsp']['checkin']['id']; } # on error, then what? } if ($GLOBALS['cfg']['enable_feature_weather_tracking']) { loadlib("weather_google"); $rsp = weather_google_conditions($checkin['latitude'], $checkin['longitude']); if ($rsp['ok']) { $conditions = $rsp['conditions']; $conditions['source'] = $rsp['source']; $checkin['weather'] = json_encode($conditions); } } $rsp = privatesquare_checkins_create($checkin); if (!$rsp['ok']) { api_output_error(999, "Check in failed"); } $out = array('checkin' => $rsp['checkin']); api_output_ok($out); }
function api_flickr_favorites_remove() { $flickr_user = api_utils_flickr_ensure_token_perms($GLOBALS['cfg']['user'], 'write'); $photo_id = post_int64("photo_id"); if (!$photo_id) { api_output_error(999, "Missing photo ID"); } $method = 'flickr.favorites.remove'; $args = array('photo_id' => $photo_id, 'auth_token' => $flickr_user['auth_token']); $rsp = flickr_api_call($method, $args); # Just ignore if not in faves already... if (!$rsp['ok'] && $rsp['error_code'] != '1') { api_output_error(999, $rsp['error']); } $out = array('photo_id' => $photo_id); api_output_ok($out); }
function api_flickr_photos_friends_faves() { if (!$GLOBALS['cfg']['enable_feature_flickr_push']) { api_output_error(999, "disabled"); } if (!$GLOBALS['cfg']['flickr_push_enable_photos_friends_faves']) { api_output_error(999, "disabled"); } $topic_map = flickr_push_topic_map("string keys"); $topic_id = $topic_map["contacts_faves"]; $sub = flickr_push_subscriptions_get_by_user_and_topic($GLOBALS['cfg']['user'], $topic_id); if (!$sub) { api_output_error(999, "no subscription"); } $older_than = get_int32("older_than"); $rsp = flickr_push_photos_for_subscription($sub, $older_than); if (!$rsp['ok']) { api_output_error(999, $rsp['error']); } $out = array('photos' => $rsp['rows']); $more = array('inline' => 1); api_output_ok($out, $more); }
function _api_foursquare_error(&$rsp) { $error = json_decode($rsp['body'], 'as hash'); $meta = $error['meta']; $msg = "{$meta['code']}: {$meta['errorType']},\t{$meta['errorDetail']}"; api_output_error(999, $msg); }
function api_auth_ensure_crumb(&$method, $ttl = 0) { if (!api_auth_has_valid_crumb($method, $ttl)) { api_output_error(999, "Missing or invalid crumb"); } }
function api_test_error() { api_output_error(500, 'This is the network of our disconnect'); }
function api_auth_ensure_auth() { if (!api_auth_has_auth()) { api_output_error(403, 'Forbidden'); } }
<?php include "include/init.php"; loadlib("reverse_geoplanet"); loadlib("api_output"); $lat = get_str('lat'); $lon = get_str('lon'); $ll = get_str('ll'); $more = array('inline' => get_str('inline')); if ($ll) { list($lat, $lon) = explode(",", $ll, 2); $lat = trim($lat); $lon = trim($lon); } if ($lat == '' || $lon == '') { api_output_error(999, "Missing lat/lon", $more); } $rsp = reverse_geoplanet($lat, $lon); if (!$rsp['ok']) { api_output_error(999, $rsp['error'], $more); } api_output_ok($rsp['data'], $more); exit;
function _api_flickr_photos_geo_get_photo($photo_id, $ensure_is_own = 1) { if (!$photo_id) { api_output_error(999, "Missing photo ID"); } $photo = flickr_photos_get_by_id($photo_id); if (!$photo['id']) { api_output_error(999, "Invalid photo ID"); } if ($ensure_is_own && $photo['user_id'] != $GLOBALS['cfg']['user']['id']) { api_output_error(999, "Insufficient permissions"); } if (!$photo['hasgeo']) { api_output_error(999, "Photo is not geotagged"); } return $photo; }
function _api_config_freakout_and_die($reason = null) { $msg = "The API is currently throwing a temper tantrum. That's not good."; if ($reason) { $msg .= " This is what we know so far: {$reason}."; } # Because if we're here it's probably because the actual config # file is busted (20121026/straup) if (!isset($GLOBALS['cfg']['api']['default_format'])) { $GLOBALS['cfg']['api']['default_format'] = 'json'; } loadlib("api_output"); loadlib("api_log"); api_output_error(500, $msg); exit; }
function api_dispatch($method) { if (!$GLOBALS['cfg']['enable_feature_api']) { api_output_error(999, 'API disabled'); } $method = filter_strict($method); $api_key = request_str("api_key"); $access_token = request_str("access_token"); # Log the basics api_log(array('api_key' => $api_key, 'method' => $method, 'access_token' => $access_token, 'remote_addr' => $_SERVER['REMOTE_ADDR'])); $methods = $GLOBALS['cfg']['api']['methods']; if (!$method || !isset($methods[$method])) { $enc_method = htmlspecialchars($method); api_output_error(404, "Method '{$enc_method}' not found"); } apache_setenv("API_METHOD", $method); $method_row = $methods[$method]; $key_row = null; $token_row = null; if (!$method_row['enabled']) { $enc_method = htmlspecialchars($method); api_output_error(404, "Method '{$enc_method}' not found"); } $method_row['name'] = $method; if ($GLOBALS['cfg']['api_auth_type'] == 'oauth2') { if ($_SERVER['REQUEST_METHOD'] != 'POST' && !$GLOBALS['cfg']['api_oauth2_allow_get_parameters']) { api_output_error(405, 'Method not allowed'); } } if (isset($method_row['request_method'])) { if ($_SERVER['REQUEST_METHOD'] != $method_row['request_method']) { api_output_error(405, 'Method not allowed'); } } # Okay – now we get in to validation and authorization. Which means a # whole world of pedantic stupid if we're using Oauth2. Note that you # could use OAuth2 and require API keys be passed explictly but since # that's not part of the spec if you enable the two features simultaneously # don't be surprised when hilarity ensues. Good times. (20121026/straup) # First API keys if (features_is_enabled("api_require_keys")) { if (!$api_key) { api_output_error(999, "Required API key is missing"); } $key_row = api_keys_get_by_key($api_key); api_keys_utils_ensure_valid_key($key_row); } # Second auth-y bits $auth_rsp = api_auth_ensure_auth($method_row, $key_row); if (isset($auth_rsp['api_key'])) { $key_row = $auth_rsp['api_key']; } if (isset($auth_rsp['access_token'])) { $token_row = $auth_rsp['access_token']; } if ($auth_rsp['user']) { $GLOBALS['cfg']['user'] = $auth_rsp['user']; } apache_setenv("API_KEY", $key_row['api_key']); # Check for require-iness of users here ? # Roles - for API keys (things like only the site keys) api_config_ensure_role($method_row, $key_row, $token_row); # Blessings and other method specific access controls api_config_ensure_blessing($method_row, $key_row, $token_row); # Finally, crumbs - because they are tastey if ($method_row['requires_crumb']) { api_auth_ensure_crumb($method_row); } # GO! loadlib($method_row['library']); $parts = explode(".", $method); $method = array_pop($parts); $func = "{$method_row['library']}_{$method}"; if (!function_exists($func)) { api_output_error(404, "Method not found"); } call_user_func($func); exit; }