/**
* Tests BasicRemoteContent->fetch() 404 response
*/
public function testFetch404()
{
$request = new RemoteContentRequest('http://test.chabotc.com/fail.html');
$context = new TestContext();
$ret = $this->BasicRemoteContent->fetch($request, $context);
$this->assertEquals('404', $ret->getHttpCode());
}
/**
* Retrieves a gadget specification from the Internet, processes its views and
* adds it to the cache.
*/
private function fetchFromWeb($url, $ignoreCache)
{
$remoteContentRequest = new RemoteContentRequest($url);
$remoteContentRequest->getOptions()->ignoreCache = $ignoreCache;
$remoteContent = new BasicRemoteContent();
$spec = $remoteContent->fetch($remoteContentRequest);
$gadgetSpecParser = new GadgetSpecParser();
$gadgetSpec = $gadgetSpecParser->parse($spec->getResponseContent());
return $gadgetSpec;
}
/**
* Retrieves a gadget specification from the Internet, processes its views and
* adds it to the cache.
*/
private function fetchFromWeb($url, $ignoreCache)
{
$remoteContentRequest = new RemoteContentRequest($url);
$remoteContentRequest->getOptions()->ignoreCache = $ignoreCache;
$remoteContent = new BasicRemoteContent();
$spec = $remoteContent->fetch($remoteContentRequest);
$gadgetSpecParserClass = Config::get('gadget_spec_parser');
$gadgetSpecParser = new $gadgetSpecParserClass();
$gadgetSpec = $gadgetSpecParser->parse($spec->getResponseContent(), $this->context);
return $gadgetSpec;
}
/**
* Tests BasicRemoteContent->Multifetch() 404, 404 and 404 responses
*/
public function testMultiFetch404()
{
$requests = array();
$contexts = array();
$requests[] = new RemoteContentRequest('http://test.chabotc.com/fail.html');
$requests[] = new RemoteContentRequest('http://test.chabotc.com/fail.html');
$requests[] = new RemoteContentRequest('http://test.chabotc.com/fail.html');
$contexts[] = new TestContext();
$contexts[] = new TestContext();
$contexts[] = new TestContext();
$rets = $this->BasicRemoteContent->multiFetch($requests, $contexts);
$this->assertEquals('404', $rets[0]->getHttpCode());
$this->assertEquals('404', $rets[1]->getHttpCode());
$this->assertEquals('404', $rets[2]->getHttpCode());
}
/**
* Fetches all remote resources simultaniously using a multiFetchRequest to optimize rendering time.
*
* The preloads will be json_encoded to their gadget document injection format, and the locales will
* be reduced to only the GadgetContext->getLocale matching entries.
*
* @param Gadget $gadget
* @param GadgetContext $context
*/
protected function fetchResources(Gadget &$gadget)
{
$contextLocale = $this->context->getLocale();
$unsignedRequests = $signedRequests = array();
foreach ($gadget->gadgetSpec->locales as $key => $locale) {
// Only fetch the locales that match the current context's language and country
if ($locale['country'] == 'all' && $locale['lang'] == 'all' || $locale['lang'] == $contextLocale['lang'] && $locale['country'] == 'all' || $locale['lang'] == $contextLocale['lang'] && $locale['country'] == $contextLocale['country']) {
if (!empty($locale['messages'])) {
$transformedUrl = RemoteContentRequest::transformRelativeUrl($locale['messages'], $this->context->getUrl());
if (!$transformedUrl) {
// remove any locales that are not applicable to this context
unset($gadget->gadgetSpec->locales[$key]);
continue;
} else {
$gadget->gadgetSpec->locales[$key]['messages'] = $transformedUrl;
}
// locale matches the current context, add it to the requests queue
$request = new RemoteContentRequest($gadget->gadgetSpec->locales[$key]['messages']);
$request->createRemoteContentRequestWithUri($gadget->gadgetSpec->locales[$key]['messages']);
$request->getOptions()->ignoreCache = $this->context->getIgnoreCache();
$unsignedRequests[] = $request;
}
} else {
// remove any locales that are not applicable to this context
unset($gadget->gadgetSpec->locales[$key]);
}
}
if (!$gadget->gadgetContext instanceof MetadataGadgetContext) {
// Add preloads to the request queue
foreach ($gadget->getPreloads() as $preload) {
if (!empty($preload['href'])) {
$request = new RemoteContentRequest($preload['href']);
if (!empty($preload['authz']) && $preload['authz'] == 'SIGNED') {
if ($this->token == '') {
throw new GadgetException("Signed preloading requested, but no valid security token set");
}
$request = new RemoteContentRequest($preload['href']);
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request->setNotSignedUri($preload['href']);
$request->setToken($this->token);
$request->getOptions()->ignoreCache = $this->context->getIgnoreCache();
if (strcasecmp($preload['signViewer'], 'false') == 0) {
$request->getOptions()->viewerSigned = false;
}
if (strcasecmp($preload['signOwner'], 'false') == 0) {
$request->getOptions()->ownerSigned = false;
}
$signedRequests[] = $request;
} else {
$request->createRemoteContentRequestWithUri($preload['href']);
$request->getOptions()->ignoreCache = $this->context->getIgnoreCache();
$unsignedRequests[] = $request;
}
}
}
// Add template libraries to the request queue
if ($gadget->gadgetSpec->templatesRequireLibraries) {
foreach ($gadget->gadgetSpec->templatesRequireLibraries as $key => $libraryUrl) {
$request = new RemoteContentRequest($libraryUrl);
$transformedUrl = RemoteContentRequest::transformRelativeUrl($libraryUrl, $this->context->getUrl());
if (!$transformedUrl) {
continue;
} else {
$gadget->gadgetSpec->templatesRequireLibraries[$key] = $transformedUrl;
}
$request->createRemoteContentRequestWithUri($gadget->gadgetSpec->templatesRequireLibraries[$key]);
$request->getOptions()->ignoreCache = $this->context->getIgnoreCache();
$unsignedRequests[] = $request;
}
}
}
// Perform the non-signed requests
$responses = array();
if (count($unsignedRequests)) {
$brc = new BasicRemoteContent();
$resps = $brc->multiFetch($unsignedRequests);
foreach ($resps as $response) {
$responses[$response->getUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
}
// Perform the signed requests
if (count($signedRequests)) {
$signingFetcherFactory = new SigningFetcherFactory(Config::get("private_key_file"));
$remoteFetcherClass = Config::get('remote_content_fetcher');
$remoteFetcher = new $remoteFetcherClass();
$remoteContent = new BasicRemoteContent($remoteFetcher, $signingFetcherFactory);
$resps = $remoteContent->multiFetch($signedRequests);
foreach ($resps as $response) {
$responses[$response->getNotSignedUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
}
// assign the results to the gadget locales and preloads (using the url as the key)
foreach ($gadget->gadgetSpec->locales as $key => $locale) {
if (!empty($locale['messages']) && isset($responses[$locale['messages']]) && $responses[$locale['messages']]['rc'] == 200) {
$gadget->gadgetSpec->locales[$key]['messageBundle'] = $this->parseMessageBundle($responses[$locale['messages']]['body']);
}
}
if (!$gadget->gadgetContext instanceof MetadataGadgetContext) {
$preloads = array();
foreach ($gadget->gadgetSpec->preloads as $key => $preload) {
if (!empty($preload['href']) && isset($responses[$preload['href']]) && $responses[$preload['href']]['rc'] == 200) {
$preloads[] = array_merge(array('id' => $preload['href']), $responses[$preload['href']]);
}
}
$gadget->gadgetSpec->preloads = $preloads;
if ($gadget->gadgetSpec->templatesRequireLibraries) {
$requiredLibraries = array();
foreach ($gadget->gadgetSpec->templatesRequireLibraries as $key => $libraryUrl) {
if (isset($responses[$libraryUrl]) && $responses[$libraryUrl]['rc'] == 200) {
$requiredLibraries[$libraryUrl] = $responses[$libraryUrl]['body'];
}
}
$gadget->gadgetSpec->templatesRequireLibraries = $requiredLibraries;
}
}
}
/**
* Makes a request for remote data.
*
* @param GadgetContext $context Gadget context used to make the request.
* @param MakeRequestOptions $params Parameter array used to configure the remote request.
* @return RemoteContentRequest A request/response which has been sent to the target server.
*/
public function fetch(GadgetContext $context, MakeRequestOptions $params)
{
$signingFetcherFactory = $gadgetSigner = null;
if ($params->getAuthz() == "SIGNED" || $params->getAuthz() == "OAUTH") {
$gadgetSigner = Config::get('security_token_signer');
$gadgetSigner = new $gadgetSigner();
$signingFetcherFactory = new SigningFetcherFactory(Config::get("private_key_file"));
}
$basicRemoteContent = new BasicRemoteContent($this->remoteFetcher, $signingFetcherFactory, $gadgetSigner);
$request = $this->buildRequest($context, $params, $gadgetSigner);
$request->getOptions()->ignoreCache = $params->getNoCache();
$request->getOptions()->viewerSigned = $params->getSignViewer();
$request->getOptions()->ownerSigned = $params->getSignOwner();
$result = $basicRemoteContent->fetch($request);
$status = (int) $result->getHttpCode();
if ($status == 200) {
switch ($params->getResponseFormat()) {
case 'FEED':
$content = $this->parseFeed($result, $params->getHref(), $params->getNumEntries(), $params->getGetSummaries());
$result->setResponseContent($content);
break;
}
}
if ((strpos($result->getContentType(), 'text') !== false || strpos($result->getContentType(), 'application') !== false) && strpos($result->getResponseContent(), '\\u')) {
$result->setResponseContent($this->decodeUtf8($result->getResponseContent()));
}
return $result;
}
public function __construct(RemoteContentFetcher $basicFetcher = null, $signingFetcherFactory = null, $signer = null)
{
$basicFetcher = $basicFetcher ? $basicFetcher : new opShindigRemoteContentFetcher();
parent::__construct($basicFetcher, $signingFetcherFactory, $signer);
}
/**
* Appends data from <Preload> elements to make them available to
* gadgets.io.
*
* @param gadget
*/
private function appendPreloads(Gadget $gadget, GadgetContext $context)
{
$resp = array();
$gadgetSigner = Config::get('security_token_signer');
$gadgetSigner = new $gadgetSigner();
$token = '';
try {
$token = $context->extractAndValidateToken($gadgetSigner);
} catch (Exception $e) {
$token = '';
// no token given, safe to ignore
}
$unsignedRequests = $unsignedContexts = array();
$signedRequests = array();
foreach ($gadget->getPreloads() as $preload) {
try {
if (($preload->getAuth() == Auth::$NONE || $token != null) && (count($preload->getViews()) == 0 || in_array($context->getView(), $preload->getViews()))) {
$request = new RemoteContentRequest($preload->getHref());
$request->createRemoteContentRequestWithUri($preload->getHref());
$request->getOptions()->ownerSigned = $preload->isSignOwner();
$request->getOptions()->viewerSigned = $preload->isSignViewer();
switch (strtoupper(trim($preload->getAuth()))) {
case "NONE":
// Unify all unsigned requests to one single multi request
$unsignedRequests[] = $request;
$unsignedContexts[] = $context;
break;
case "SIGNED":
// Unify all signed requests to one single multi request
$signingFetcherFactory = new SigningFetcherFactory(Config::get("private_key_file"));
$fetcher = $signingFetcherFactory->getSigningFetcher(new BasicRemoteContentFetcher(), $token);
$req = $fetcher->signRequest($preload->getHref(), $request->getMethod());
$req->setNotSignedUri($preload->getHref());
$signedRequests[] = $req;
break;
default:
@ob_end_clean();
header("HTTP/1.0 500 Internal Server Error", true);
echo "<html><body><h1>" . "500 - Internal Server Error" . "</h1></body></html>";
die;
}
}
} catch (Exception $e) {
throw new Exception($e);
}
}
if (count($unsignedRequests)) {
try {
$brc = new BasicRemoteContent();
$responses = $brc->multiFetch($unsignedRequests, $unsignedContexts);
foreach ($responses as $response) {
$resp[$response->getUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
} catch (Exception $e) {
throw new Exception($e);
}
}
if (count($signedRequests)) {
try {
$fetcher = $signingFetcherFactory->getSigningFetcher(new BasicRemoteContentFetcher(), $token);
$responses = $fetcher->multiFetchRequest($signedRequests);
foreach ($responses as $response) {
$resp[$response->getNotSignedUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
} catch (Exception $e) {
throw new Exception($e);
}
}
$resp = count($resp) ? json_encode($resp) : "{}";
return "gadgets.io.preloaded_ = " . $resp . ";\n";
}
/**
* Peforms the actual http fetching of the data-pipelining requests, all social requests
* are made to $_SERVER['HTTP_HOST'] (the virtual host name of this server) / (optional) web_prefix / social / rpc, and
* the httpRequest's are made to $_SERVER['HTTP_HOST'] (the virtual host name of this server) / (optional) web_prefix / gadgets / makeRequest
* both request types use the current security token ($_GET['st']) when performing the requests so they happen in the correct context
*
* @param array $requests
* @return array response
*/
private static function performRequests($requests, $context)
{
$jsonRequests = array();
$httpRequests = array();
$decodedResponse = array();
// Using the same gadget security token for all social & http requests so everything happens in the right context
if (!isset($_GET['st'])) {
throw new ExpressionException("No security token set, required for data-pipeling");
}
$securityToken = $_GET['st'];
foreach ($requests as $request) {
switch ($request['type']) {
case 'os:DataRequest':
// Add to the social request batch
$id = $request['key'];
$method = $request['method'];
// remove our internal fields so we can use the remainder as params
unset($request['key']);
unset($request['method']);
unset($request['type']);
if (isset($request['fields'])) {
$request['fields'] = explode(',', $request['fields']);
}
$jsonRequests[] = array('method' => $method, 'id' => $id, 'params' => $request);
break;
case 'os:HttpRequest':
$id = $request['key'];
$url = $request['href'];
$format = isset($request['format']) ? $request['format'] : 'json';
unset($request['key']);
unset($request['type']);
unset($request['href']);
$httpRequests[$url] = array('id' => $id, 'url' => $url, 'format' => $format, 'queryStr' => implode('&', $request));
break;
}
}
if (count($jsonRequests)) {
// perform social api requests
$request = new RemoteContentRequest('http://' . $_SERVER['HTTP_HOST'] . Config::get('web_prefix') . '/rpc?st=' . urlencode($securityToken) . '&format=json', "Content-Type: application/json\n", json_encode($jsonRequests));
$request->setMethod('POST');
$remoteFetcherClass = Config::get('remote_content_fetcher');
$remoteFetcher = new $remoteFetcherClass();
$basicRemoteContent = new BasicRemoteContent($remoteFetcher);
$response = $basicRemoteContent->fetch($request);
$decodedResponse = json_decode($response->getResponseContent(), true);
}
if (count($httpRequests)) {
$requestQueue = array();
foreach ($httpRequests as $request) {
$req = new RemoteContentRequest($_SERVER['HTTP_HOST'] . Config::get('web_prefix') . '/gadgets/makeRequest?url=' . urlencode($request['url']) . '&st=' . urlencode($securityToken) . (!empty($request['queryStr']) ? '&' . $request['queryStr'] : ''));
$req->getOptions()->ignoreCache = $context->getIgnoreCache();
$req->setNotSignedUri($request['url']);
$requestQueue[] = $req;
}
$basicRemoteContent = new BasicRemoteContent();
$resps = $basicRemoteContent->multiFetch($requestQueue);
foreach ($resps as $response) {
//FIXME: this isn't completely correct yet since this picks up the status code and headers
// as they are returned by the makeRequest handler and not the ones from the original request
$url = $response->getNotSignedUrl();
$id = $httpRequests[$url]['id'];
// strip out the UNPARSEABLE_CRUFT (see makeRequestHandler.php) on assigning the body
$resp = json_decode(str_replace("throw 1; < don't be evil' >", '', $response->getResponseContent()), true);
if (is_array($resp)) {
$statusCode = $response->getHttpCode();
$statusCodeMessage = $response->getHttpCodeMsg();
$headers = $response->getHeaders();
if (intval($statusCode) == 200) {
$content = $httpRequests[$url]['format'] == 'json' ? json_decode($resp[$url]['body'], true) : $resp[$url]['body'];
$toAdd = array('result' => array('content' => $content, 'status' => $statusCode, 'headers' => $headers));
} else {
$content = $resp[$url]['body'];
$toAdd = array('error' => array('code' => $statusCode, 'message' => $statusCodeMessage, 'result' => array('content' => $content, 'headers' => $headers)));
}
//$toAdd[$id] = array('id' => $id, 'result' => $httpRequests[$url]['format'] == 'json' ? json_decode($resp[$url]['body'], true) : $resp[$url]['body']);
$decodedResponse[] = array('id' => $id, 'result' => $toAdd);
}
}
}
return $decodedResponse;
}
/**
* Fetches the remote media content and saves it as a temporary file. Returns the meta data of the file.
*/
private function processRemoteContent($uri)
{
$request = new RemoteContentRequest($uri);
$request->createRemoteContentRequestWithUri($uri);
$brc = new BasicRemoteContent();
$response = $brc->fetch($request);
if ($response->getHttpCode() != 200) {
throw new SocialSpiException("Failed to fetch the content from {$uri} code: " . $response->getHttpCode(), ResponseError::$BAD_REQUEST);
}
if (!$this->isValidContentType($response->getContentType())) {
throw new SocialSpiException("The content type " . $response->getContentType() . " fetched from {$uri} is not valid.", ResponseError::$BAD_REQUEST);
}
return $this->writeBinaryContent($response->getResponseContent(), $response->getContentType());
}
/**
* Tests through SigningFetcher
*/
public function testSigningFetch()
{
$request1 = new RemoteContentRequest('http://test.chabotc.com/signing.html');
$token = BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default');
$request1->setToken($token);
$request1->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request2 = new RemoteContentRequest('http://test.chabotc.com/ok.html');
$this->basicRemoteContent->invalidate($request1);
$this->basicRemoteContent->invalidate($request2);
$requests = array($request1, $request2);
$this->basicRemoteContent->multiFetch($requests);
$content = $request1->getResponseContent();
$this->assertEquals("OK", trim($content));
$content = $request2->getResponseContent();
$this->assertEquals("OK", trim($content));
}
/**
* Renders a 'proxied content' view, for reference see:
* http://opensocial-resources.googlecode.com/svn/spec/draft/OpenSocial-Data-Pipelining.xml
*
* @param Gadget $gadget
* @param array $view
*/
public function renderGadget(Shindig_Gadget $gadget, $view)
{
$this->setGadget($gadget);
if (Shindig_Config::get('P3P') != '') {
header("P3P: " . Shindig_Config::get('P3P'));
}
/* TODO
* We should really re-add OAuth fetching support some day, uses these view atributes:
* $view['oauthServiceName'], $view['oauthTokenName'], $view['oauthRequestToken'], $view['oauthRequestTokenSecret'];
*/
$authz = $this->getAuthz($view);
$refreshInterval = $this->getRefreshInterval($view);
$href = $this->buildHref($view, $authz);
if (count($view['dataPipelining'])) {
$request = new RemoteContentRequest($href, "Content-type: application/json\n");
$request->setMethod('POST');
$request->getOptions()->ignoreCache = $gadget->gadgetContext->getIgnoreCache();
} else {
// no data-pipelining set, use GET and set cache/refresh interval options
$request = new RemoteContentRequest($href);
$request->setMethod('GET');
$request->setRefreshInterval($refreshInterval);
$request->getOptions()->ignoreCache = $gadget->gadgetContext->getIgnoreCache();
}
$signingFetcherFactory = $gadgetSigner = false;
if ($authz != 'none') {
$gadgetSigner = Shindig_Config::get('security_token_signer');
$gadgetSigner = new $gadgetSigner();
$token = $gadget->gadgetContext->extractAndValidateToken($gadgetSigner);
$request->setToken($token);
$request->setAuthType($authz);
$request->getOptions()->ownerSigned = $this->getSignOwner($view);
$request->getOptions()->viewerSigned = $this->getSignViewer($view);
$signingFetcherFactory = new SigningFetcherFactory(Shindig_Config::get("private_key_file"));
}
$remoteFetcherClass = Shindig_Config::get('remote_content_fetcher');
$remoteFetcher = new $remoteFetcherClass();
$basicRemoteContent = new BasicRemoteContent($remoteFetcher, $signingFetcherFactory, $gadgetSigner);
// Cache POST's as if they were GET's, since we don't want to re-fetch and repost the social data for each view
$basicRemoteContent->setCachePostRequest(true);
if (($response = $basicRemoteContent->getCachedRequest($request)) == false) {
// Don't fetch the data-pipelining social data unless we don't have a cached version of the gadget's content
$dataPipeliningResults = DataPipelining::fetch($view['dataPipelining'], $this->context);
// spec stats that the proxied content data-pipelinging data is *not* available to templates (to avoid duplicate posting
// of the data to the gadget dev's server and once to js space), so we don't assign it to the data context, and just
// post the json encoded results to the remote url.
$request->setPostBody(json_encode($dataPipeliningResults));
$response = $basicRemoteContent->fetch($request);
}
if ($response->getHttpCode() != '200') {
// an error occured fetching the proxied content's gadget content
$content = '<html><body><h1>An error occured fetching the gadget content</h1><p>http error code: ' . $response->getHttpCode() . '</p><p>' . $response->getResponseContent() . '</body></html>';
} else {
// fetched ok, build the response document and output it
$content = $response->getResponseContent();
$content = $this->parseTemplates($content);
$content = $this->rewriteContent($content);
$content = $this->addTemplates($content);
}
echo $content;
}
/**
* perform all requests
*
* @param array $unsignedRequests
* @param array $signedRequests
* @return array
*/
protected function performRequests($unsignedRequests, $signedRequests)
{
// Perform the non-signed requests
$responses = array();
if (count($unsignedRequests)) {
$brc = new BasicRemoteContent();
$resps = $brc->multiFetch($unsignedRequests);
foreach ($resps as $response) {
$responses[$response->getUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
}
// Perform the signed requests
if (count($signedRequests)) {
$signingFetcherFactory = new SigningFetcherFactory(Config::get("private_key_file"));
$remoteFetcherClass = Config::get('remote_content_fetcher');
$remoteFetcher = new $remoteFetcherClass();
$remoteContent = new BasicRemoteContent($remoteFetcher, $signingFetcherFactory);
$resps = $remoteContent->multiFetch($signedRequests);
foreach ($resps as $response) {
$responses[$response->getNotSignedUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
}
return $responses;
}
