/**
* Decode an HTTP Response.
* @static
* @throws apiServiceException
* @param apiHttpRequest $response The http response to be decoded.
* @return mixed|null
*/
static function decodeHttpResponse($response)
{
$code = $response->getResponseHttpCode();
$body = $response->getResponseBody();
$decoded = null;
if ($code != '200' && $code != '201' && $code != '204') {
$decoded = json_decode($body, true);
$err = 'Error calling ' . $response->getMethod() . ' ' . $response->getUrl();
if ($decoded != null && isset($decoded['error']['message']) && isset($decoded['error']['code'])) {
// if we're getting a json encoded error definition, use that instead of the raw response
// body for improved readability
$err .= ": ({$decoded['error']['code']}) " . $decoded['error']['message'];
} else {
$err .= ": ({$code}) {$body}";
}
throw new apiServiceException($err);
}
// Only attempt to decode the response, if the response code wasn't (204) 'no content'
if ($code != '204') {
$decoded = json_decode($body, true);
if ($decoded == null) {
throw new apiServiceException("Invalid json in service response: {$body}");
}
}
return $decoded;
}
/**
* Sign the request using OAuth. This uses the consumer token and key
*
* @param string $method the method (get/put/delete/post)
* @param string $url the url to sign (http://site/social/rest/people/1/@me)
* @param array $params the params that should be appended to the url (count=20 fields=foo, etc)
* @param string $postBody for POST/PUT requests, the postBody is included in the signature
* @return string the signed url
*/
public function sign(apiHttpRequest $request)
{
// add the developer key to the request before signing it
if ($this->developerKey) {
$request->setUrl($request->getUrl() . (strpos($request->getUrl(), '?') === false ? '?' : '&') . 'key=' . urlencode($this->developerKey));
}
// and sign the request
$oauthRequest = apiClientOAuthRequest::from_request($request->getMethod(), $request->getBaseUrl(), $request->getQueryParams());
$params = $this->mergeParameters($request->getQueryParams());
foreach ($params as $key => $val) {
if (is_array($val)) {
$val = implode(',', $val);
}
$oauthRequest->set_parameter($key, $val);
}
$oauthRequest->sign_request($this->signatureMethod, $this->consumerToken, $this->accessToken);
$authHeaders = $oauthRequest->to_header();
$headers = $request->getHeaders();
$headers[] = $authHeaders;
$request->setHeaders($headers);
// and add the access token key to it (since it doesn't include the secret, it's still secure to store this in cache)
$request->accessKey = $this->accessToken->key;
return $request;
}
/**
* Sign the request using OAuth. This uses the consumer token and key
*
* @param string $method the method (get/put/delete/post)
* @param string $url the url to sign (http://site/social/rest/people/1/@me)
* @param array $params the params that should be appended to the url (count=20 fields=foo, etc)
* @param string $postBody for POST/PUT requests, the postBody is included in the signature
* @return string the signed url
*/
public function sign(apiHttpRequest $request)
{
// add the developer key to the request before signing it
if ($this->developerKey) {
$url = $request->getUrl();
$url .= (strpos($url, '?') === false ? '?' : '&') . 'key=' . urlencode($this->developerKey);
}
// and sign the request
$oauthRequest = OAuthRequest::from_request($request->getMethod(), $request->getBaseUrl(), $request->getQueryParams());
$params = $this->mergeParameters($request->getQueryParams());
foreach ($params as $key => $val) {
if (is_array($val)) {
$val = implode(',', $val);
}
$oauthRequest->set_parameter($key, $val);
}
$oauthRequest->sign_request($this->signatureMethod, $this->consumerToken, $this->accessToken);
$signedUrl = $oauthRequest->to_url();
// Set an originalUrl property that can be used to cache the resource
$request->originalUrl = $request->getUrl();
// and add the access token key to it (since it doesn't include the secret, it's still secure to store this in cache)
$request->accessKey = $this->accessToken->key;
$request->setUrl($signedUrl);
return $request;
}
private function setCachedRequest(apiHttpRequest $request)
{
// Only cache GET requests
if ($request->getMethod() != 'GET') {
return false;
}
// Analyze the request headers to see if there is a valid caching strategy.
$headers = $this->getNormalizedHeaders($request);
// And parse all the bits that are required for the can-cache evaluation
$etag = isset($headers['etag']) ? $headers['etag'] : false;
$expires = isset($headers['expires']) ? strtotime($headers['expires']) : false;
$date = isset($headers['date']) ? strtotime($headers['date']) : time();
$cacheControl = array();
if (isset($headers['cache-control'])) {
$cacheControl = explode(', ', $headers['cache-control']);
foreach ($cacheControl as $key => $val) {
$cacheControl[$key] = strtolower($val);
}
}
$pragmaNoCache = isset($headers['pragma']) ? strtolower($headers['pragma']) == 'no-cache' : false;
// evaluate if the request can be cached
$canCache = !in_array('no-store', $cacheControl) && ($etag || $expires > $date || !$etag && !$expires && !$pragmaNoCache && !in_array('no-cache', $cacheControl));
// or if there is no etag, and no expiration set, but also no pragma: no-cache and no cache-control: no-cache, we can cache (but we'll set our own expires header to make sure it's refreshed frequently)
if ($canCache) {
// Set an 1 hour expiration header if non exists, and no do-not-cache directives exist
if (!$etag && !$expires && !$pragmaNoCache && !in_array('no-cache', $cacheControl)) {
// Add Expires and Date headers to simplify the cache retrieval code path
$request->setResponseHeaders(array_merge(array('Expires' => date('r', time() + 60 * 60), 'Date' => date('r', time())), $request->getHeaders()));
}
apiClient::$cache->set($this->getRequestKey($request), $request);
}
}
