/**
* Get the site index.
*
* This endpoint describes the capabilities of the site.
*
* @since 2.3
* @return array Index entity
*/
public function get_index()
{
// General site data
$available = array('store' => array('name' => get_option('blogname'), 'description' => get_option('blogdescription'), 'URL' => get_option('siteurl'), 'spotim_version' => '1', 'routes' => array()));
// Find the available routes
foreach ($this->get_routes() as $route => $callbacks) {
$data = array();
$route = preg_replace('#\\(\\?P(<\\w+?>).*?\\)#', '$1', $route);
foreach (self::$method_map as $name => $bitmask) {
foreach ($callbacks as $callback) {
// Skip to the next route if any callback is hidden
if ($callback[1] & self::HIDDEN_ENDPOINT) {
continue 3;
}
if ($callback[1] & $bitmask) {
$data['supports'][] = $name;
}
if ($callback[1] & self::ACCEPT_DATA) {
$data['accepts_data'] = true;
}
// For non-variable routes, generate links
if (strpos($route, '<') === false) {
$data['meta'] = array('self' => get_spotim_api_url($route));
}
}
}
$available['store']['routes'][$route] = apply_filters('spotim_api_endpoints_description', $data);
}
return apply_filters('spotim_api_index', $available);
}
/**
* Verify that the consumer-provided request signature matches our generated signature, this ensures the consumer
* has a valid key/secret
*
* @param WP_User $user
* @param array $params the request parameters
* @throws Exception
*/
private function check_oauth_signature($user, $params)
{
$http_method = strtoupper(spotim_instance()->spotim_api->server->method);
$base_request_uri = rawurlencode(untrailingslashit(get_spotim_api_url('')) . spotim_instance()->spotim_api->server->path);
// get the signature provided by the consumer and remove it from the parameters prior to checking the signature
$consumer_signature = rawurldecode($params['oauth_signature']);
unset($params['oauth_signature']);
// remove filters and convert them from array to strings to void normalize issues
if (isset($params['filter'])) {
$filters = $params['filter'];
unset($params['filter']);
foreach ($filters as $filter => $filter_value) {
$params['filter[' . $filter . ']'] = $filter_value;
}
}
// normalize parameter key/values
$params = $this->normalize_parameters($params);
// sort parameters
if (!uksort($params, 'strcmp')) {
throw new Exception(__('Invalid Signature - failed to sort parameters', 'wp-spotim'), 401);
}
// form query string
$query_params = array();
foreach ($params as $param_key => $param_value) {
$query_params[] = $param_key . '%3D' . $param_value;
// join with equals sign
}
$query_string = implode('%26', $query_params);
// join with ampersand
$string_to_sign = $http_method . '&' . $base_request_uri . '&' . $query_string;
if ($params['oauth_signature_method'] !== 'HMAC-SHA1' && $params['oauth_signature_method'] !== 'HMAC-SHA256') {
throw new Exception(__('Invalid Signature - signature method is invalid', 'wp-spotim'), 401);
}
$hash_algorithm = strtolower(str_replace('HMAC-', '', $params['oauth_signature_method']));
$signature = base64_encode(hash_hmac($hash_algorithm, $string_to_sign, $user->SpotIM_api_consumer_secret, true));
if (!hash_equals($signature, $consumer_signature)) {
throw new Exception(__('Invalid Signature - provided signature does not match', 'wp-spotim'), 401);
}
}
