protected function buildMethodHandler($method)
{
$method_class = ConduitAPIMethod::getClassNameFromAPIMethodName($method);
// Test if the method exists.
$ok = false;
try {
$ok = class_exists($method_class);
} catch (Exception $ex) {
// Discard, we provide a more specific exception below.
}
if (!$ok) {
throw new Exception("Conduit method '{$method}' does not exist.");
}
$class_info = new ReflectionClass($method_class);
if ($class_info->isAbstract()) {
throw new Exception("Method '{$method}' is not valid; the implementation is an abstract " . "base class.");
}
return newv($method_class, array());
}
echo "usage: api.php <user_phid> <method>\n";
exit(1);
}
$user = null;
$user_str = $argv[1];
try {
$user = id(new PhabricatorUser())->loadOneWhere('phid = %s', $user_str);
} catch (Exception $e) {
// no op; we'll error in a line or two
}
if (empty($user)) {
echo "usage: api.php <user_phid> <method>\n" . "user {$user_str} does not exist or failed to load\n";
exit(1);
}
$method = $argv[2];
$method_class_str = ConduitAPIMethod::getClassNameFromAPIMethodName($method);
try {
$method_class = newv($method_class_str, array());
} catch (Exception $e) {
echo "usage: api.php <user_phid> <method>\n" . "method {$method_class_str} does not exist\n";
exit(1);
}
$log = new PhabricatorConduitMethodCallLog();
$log->setMethod($method);
$params = @file_get_contents('php://stdin');
$params = json_decode($params, true);
if (!is_array($params)) {
echo "provide method parameters on stdin as a JSON blob";
exit(1);
}
// build a quick ConduitAPIRequest from stdin PLUS the authenticated user
public function processRequest()
{
$time_start = microtime(true);
$request = $this->getRequest();
$method = $this->method;
$method_class = ConduitAPIMethod::getClassNameFromAPIMethodName($method);
$api_request = null;
$log = new PhabricatorConduitMethodCallLog();
$log->setMethod($method);
$metadata = array();
try {
if (!class_exists($method_class)) {
throw new Exception("Unable to load the implementation class for method '{$method}'. " . "You may have misspelled the method, need to define " . "'{$method_class}', or need to run 'arc build'.");
}
// Fake out checkModule, the class has already been autoloaded by the
// class_exists() call above.
$method_handler = newv($method_class, array());
if (isset($_REQUEST['params']) && is_array($_REQUEST['params'])) {
$params_post = $request->getArr('params');
foreach ($params_post as $key => $value) {
$params_post[$key] = json_decode($value, true);
}
$params = $params_post;
} else {
$params_json = $request->getStr('params');
if (!strlen($params_json)) {
$params = array();
} else {
$params = json_decode($params_json, true);
if (!is_array($params)) {
throw new Exception("Invalid parameter information was passed to method " . "'{$method}', could not decode JSON serialization.");
}
}
}
$metadata = idx($params, '__conduit__', array());
unset($params['__conduit__']);
$result = null;
$api_request = new ConduitAPIRequest($params);
$auth_error = null;
if ($method_handler->shouldRequireAuthentication()) {
$auth_error = $this->authenticateUser($api_request, $metadata);
}
if ($auth_error === null) {
try {
$result = $method_handler->executeMethod($api_request);
$error_code = null;
$error_info = null;
} catch (ConduitException $ex) {
$result = null;
$error_code = $ex->getMessage();
$error_info = $method_handler->getErrorDescription($error_code);
}
} else {
list($error_code, $error_info) = $auth_error;
}
} catch (Exception $ex) {
$result = null;
$error_code = 'ERR-CONDUIT-CORE';
$error_info = $ex->getMessage();
}
$time_end = microtime(true);
$connection_id = null;
if (idx($metadata, 'connectionID')) {
$connection_id = $metadata['connectionID'];
} else {
if ($method == 'conduit.connect' && $result) {
$connection_id = idx($result, 'connectionID');
}
}
$log->setConnectionID($connection_id);
$log->setError((string) $error_code);
$log->setDuration(1000000 * ($time_end - $time_start));
// TODO: This is a hack, but the insert is comparatively expensive and
// we only really care about having these logs for real CLI clients, if
// even that.
if (empty($metadata['authToken'])) {
$log->save();
}
$result = array('result' => $result, 'error_code' => $error_code, 'error_info' => $error_info);
switch ($request->getStr('output')) {
case 'human':
return $this->buildHumanReadableResponse($method, $api_request, $result);
case 'json':
default:
return id(new AphrontFileResponse())->setMimeType('application/json')->setContent('for(;;);' . json_encode($result));
}
}
public function processRequest()
{
$time_start = microtime(true);
$request = $this->getRequest();
$method = $this->method;
$method_class = ConduitAPIMethod::getClassNameFromAPIMethodName($method);
$api_request = null;
$log = new PhabricatorConduitMethodCallLog();
$log->setMethod($method);
$metadata = array();
try {
if (!class_exists($method_class)) {
throw new Exception("Unable to load the implementation class for method '{$method}'. " . "You may have misspelled the method, need to define " . "'{$method_class}', or need to run 'arc build'.");
}
$class_info = new ReflectionClass($method_class);
if ($class_info->isAbstract()) {
throw new Exception("Method '{$method}' is not valid; the implementation is an abstract " . "base class.");
}
$method_handler = newv($method_class, array());
if (isset($_REQUEST['params']) && is_array($_REQUEST['params'])) {
$params_post = $request->getArr('params');
foreach ($params_post as $key => $value) {
if ($value == '') {
// Interpret empty string null (e.g., the user didn't type anything
// into the box).
$value = 'null';
}
$decoded_value = json_decode($value, true);
if ($decoded_value === null && strtolower($value) != 'null') {
// When json_decode() fails, it returns null. This almost certainly
// indicates that a user was using the web UI and didn't put quotes
// around a string value. We can either do what we think they meant
// (treat it as a string) or fail. For now, err on the side of
// caution and fail. In the future, if we make the Conduit API
// actually do type checking, it might be reasonable to treat it as
// a string if the parameter type is string.
throw new Exception("The value for parameter '{$key}' is not valid JSON. All " . "parameters must be encoded as JSON values, including strings " . "(which means you need to surround them in double quotes). " . "Check your syntax. Value was: {$value}");
}
$params_post[$key] = $decoded_value;
}
$params = $params_post;
} else {
$params_json = $request->getStr('params');
if (!strlen($params_json)) {
$params = array();
} else {
$params = json_decode($params_json, true);
if (!is_array($params)) {
throw new Exception("Invalid parameter information was passed to method " . "'{$method}', could not decode JSON serialization.");
}
}
}
$metadata = idx($params, '__conduit__', array());
unset($params['__conduit__']);
$result = null;
$api_request = new ConduitAPIRequest($params);
$allow_unguarded_writes = false;
$auth_error = null;
if ($method_handler->shouldRequireAuthentication()) {
$auth_error = $this->authenticateUser($api_request, $metadata);
// If we've explicitly authenticated the user here and either done
// CSRF validation or are using a non-web authentication mechanism.
$allow_unguarded_writes = true;
if (isset($metadata['actAsUser'])) {
$this->actAsUser($api_request, $metadata['actAsUser']);
}
}
if ($method_handler->shouldAllowUnguardedWrites()) {
$allow_unguarded_writes = true;
}
if ($auth_error === null) {
if ($allow_unguarded_writes) {
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
}
try {
$result = $method_handler->executeMethod($api_request);
$error_code = null;
$error_info = null;
} catch (ConduitException $ex) {
$result = null;
$error_code = $ex->getMessage();
if ($ex->getErrorDescription()) {
$error_info = $ex->getErrorDescription();
} else {
$error_info = $method_handler->getErrorDescription($error_code);
}
}
if ($allow_unguarded_writes) {
unset($unguarded);
}
} else {
list($error_code, $error_info) = $auth_error;
}
} catch (Exception $ex) {
phlog($ex);
$result = null;
$error_code = 'ERR-CONDUIT-CORE';
$error_info = $ex->getMessage();
}
$time_end = microtime(true);
$connection_id = null;
if (idx($metadata, 'connectionID')) {
$connection_id = $metadata['connectionID'];
} else {
if ($method == 'conduit.connect' && $result) {
$connection_id = idx($result, 'connectionID');
}
}
$log->setConnectionID($connection_id);
$log->setError((string) $error_code);
$log->setDuration(1000000 * ($time_end - $time_start));
// TODO: This is a hack, but the insert is comparatively expensive and
// we only really care about having these logs for real CLI clients, if
// even that.
if (empty($metadata['authToken'])) {
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$log->save();
unset($unguarded);
}
$result = array('result' => $result, 'error_code' => $error_code, 'error_info' => $error_info);
switch ($request->getStr('output')) {
case 'human':
return $this->buildHumanReadableResponse($method, $api_request, $result);
case 'json':
default:
return id(new AphrontFileResponse())->setMimeType('application/json')->setContent('for(;;);' . json_encode($result));
}
}
