/**
* @param \Illuminate\Http\Request $request
* @param Closure $next
* @return mixed
* @throws UnVerifiedException
* @author Paulius Navickas <*****@*****.**>
*/
public function handle($request, Closure $next)
{
$route = $this->router->getCurrentRoute();
if (!$this->auth->check(false)) {
$this->auth->authenticate($route->getAuthenticationProviders());
}
if (config('nodes.api.email-verification.active') && !api_user()->verified_at) {
throw new UnVerifiedException();
}
return $next($request);
}
function api_direct_messages_box(&$a, $type, $box)
{
if (api_user() === false) {
return false;
}
$user_info = api_get_user($a);
// params
$count = x($_GET, 'count') ? $_GET['count'] : 20;
$page = x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0;
if ($page < 0) {
$page = 0;
}
$start = $page * $count;
$channel = $a->get_channel();
$profile_url = $a->get_baseurl() . '/channel/' . $channel['channel_address'];
if ($box == "sentbox") {
$sql_extra = "`from_xchan`='" . dbesc($channel['channel_hash']) . "'";
} elseif ($box == "conversation") {
$sql_extra = "`parent_mid`='" . dbesc($_GET["uri"]) . "'";
} elseif ($box == "all") {
$sql_extra = "true";
} elseif ($box == "inbox") {
$sql_extra = "`from_xchan`!='" . dbesc($channel['channel_hash']) . "'";
}
$r = q("SELECT * FROM `mail` WHERE channel_id = %d AND {$sql_extra} ORDER BY created DESC LIMIT %d OFFSET %d", intval(api_user()), intval($count), intval($start));
$ret = array();
if ($r) {
foreach ($r as $item) {
if ($item['from_xchan'] == $channel['channel_hash']) {
$sender = $user_info;
$recipient = api_get_user($a, null, $item['to_xchan']);
} else {
$sender = api_get_user($a, null, $item['from_xchan']);
$recipient = $user_info;
}
$ret[] = api_format_message($item, $recipient, $sender);
}
}
$data = array('$messages' => $ret);
switch ($type) {
case "atom":
case "rss":
$data = api_rss_extra($a, $data, $user_info);
}
return api_apply_template("direct_messages", $type, $data);
}
/**
* similar as /mod/redir.php
* redirect to 'url' after dfrn auth
*
* why this when there is mod/redir.php already?
* This use api_user() and api_login()
*
* params
* c_url: url of remote contact to auth to
* url: string, url to redirect after auth
*/
function api_friendica_remoteauth(&$a)
{
$url = x($_GET, 'url') ? $_GET['url'] : '';
$c_url = x($_GET, 'c_url') ? $_GET['c_url'] : '';
if ($url === '' || $c_url === '') {
die(api_error($a, 'json', "Wrong parameters"));
}
$c_url = normalise_link($c_url);
// traditional DFRN
$r = q("SELECT * FROM `contact` WHERE `id` = %d AND `nurl` = '%s' LIMIT 1", dbesc($c_url), intval(api_user()));
if (!count($r) || $r[0]['network'] !== NETWORK_DFRN) {
die(api_error($a, 'json', "Unknown contact"));
}
$cid = $r[0]['id'];
$dfrn_id = $orig_id = $r[0]['issued-id'] ? $r[0]['issued-id'] : $r[0]['dfrn-id'];
if ($r[0]['duplex'] && $r[0]['issued-id']) {
$orig_id = $r[0]['issued-id'];
$dfrn_id = '1:' . $orig_id;
}
if ($r[0]['duplex'] && $r[0]['dfrn-id']) {
$orig_id = $r[0]['dfrn-id'];
$dfrn_id = '0:' . $orig_id;
}
$sec = random_string();
q("INSERT INTO `profile_check` ( `uid`, `cid`, `dfrn_id`, `sec`, `expire`)\n\t\t\tVALUES( %d, %s, '%s', '%s', %d )", intval(api_user()), intval($cid), dbesc($dfrn_id), dbesc($sec), intval(time() + 45));
logger($r[0]['name'] . ' ' . $sec, LOGGER_DEBUG);
$dest = $url ? '&destination_url=' . $url : '';
goaway($r[0]['poll'] . '?dfrn_id=' . $dfrn_id . '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest . $quiet);
}
function api_direct_messages_box(&$a, $type, $box)
{
if (api_user() === false) {
return false;
}
$user_info = api_get_user($a);
// params
$count = x($_GET, 'count') ? $_GET['count'] : 20;
$page = x($_REQUEST, 'page') ? $_REQUEST['page'] - 1 : 0;
if ($page < 0) {
$page = 0;
}
$start = $page * $count;
$profile_url = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
if ($box == "sentbox") {
$sql_extra = "`from-url`='" . dbesc($profile_url) . "'";
} elseif ($box == "conversation") {
$sql_extra = "`parent-uri`='" . dbesc($_GET["uri"]) . "'";
} elseif ($box == "all") {
$sql_extra = "true";
} elseif ($box == "inbox") {
$sql_extra = "`from-url`!='" . dbesc($profile_url) . "'";
}
$r = q("SELECT * FROM `mail` WHERE uid=%d AND {$sql_extra} ORDER BY created DESC LIMIT %d,%d", intval(api_user()), intval($start), intval($count));
$ret = array();
foreach ($r as $item) {
if ($box == "inbox" || $item['from-url'] != $profile_url) {
$recipient = $user_info;
$sender = api_get_user($a, $item['contact-id']);
} elseif ($box == "sentbox" || $item['from-url'] != $profile_url) {
$recipient = api_get_user($a, $item['contact-id']);
$sender = $user_info;
}
$ret[] = api_format_messages($item, $recipient, $sender);
}
$data = array('$messages' => $ret);
switch ($type) {
case "atom":
case "rss":
$data = api_rss_extra($a, $data, $user_info);
}
return api_apply_template("direct_messages", $type, $data);
}
function api_fr_photo_detail(&$a, $type)
{
if (api_user() === false) {
return false;
}
if (!$_REQUEST['photo_id']) {
return false;
}
$scale = array_key_exists('scale', $_REQUEST) ? intval($_REQUEST['scale']) : 0;
$r = q("select * from photo where uid = %d and `resource-id` = '%s' and scale = %d limit 1", intval(local_user()), dbesc($_REQUEST['photo_id']), intval($scale));
if ($r) {
header("Content-type: application/json");
$r[0]['data'] = base64_encode($r[0]['data']);
echo json_encode($r[0]);
}
killme();
}
