function api_dispatch($method)
{
if (!$GLOBALS['cfg']['enable_feature_api']) {
api_output_error(999, 'API disabled');
}
$method = filter_strict($method);
$enc_method = htmlspecialchars($method);
$methods = $GLOBALS['cfg']['api']['methods'];
if (!$method || !isset($methods[$method])) {
api_output_error(404, "Method '{$enc_method}' not found");
}
$method_row = $methods[$method];
if (!$method_row['enabled']) {
api_output_error(404, "Method '{$enc_method}' not found");
}
$method_row['name'] = $method;
# TO DO: check API keys here
# TO DO: actually check auth here (whatever that means...)
if ($method_row['requires_auth']) {
api_auth_ensure_auth($method_row);
}
if ($method_row['requires_crumb']) {
api_auth_ensure_crumb($method_row);
}
loadlib($method_row['library']);
$parts = explode(".", $method);
$method = array_pop($parts);
$func = "{$method_row['library']}_{$method}";
call_user_func($func);
exit;
}
function api_dots_dotsForUser()
{
// these keys not important
$skipKeys = array("details", "details_json", "index_on", "details_listview", "type_of_co");
$u = request_str('user');
$owner = users_get_by_id($u);
$output = array();
if ($owner) {
$dots = dots_get_dots_for_user($owner);
// please say there is a better way
if ($dots) {
foreach ($dots as &$row) {
$a = array();
foreach ($row as $k => $v) {
if (!in_array($k, $skipKeys)) {
$a[$k] = $v;
}
}
$output[] = $a;
}
}
}
if (count($output)) {
api_output_ok($output);
} else {
api_output_error();
}
}
function api_keys_ensure_valid_key($key_row)
{
$rsp = api_keys_utils_is_valid_key($key_row);
if (!$rsp['ok']) {
api_output_error($rsp['error_code'], $rsp['error']);
}
return 1;
}
function api_utils_ensure_upload($param, $more = array())
{
$rsp = api_utils_get_upload($param, $more);
if (!$rsp['ok']) {
api_output_error(400, $rsp['error']);
}
return $rsp;
}
function api_utils_flickr_ensure_token_perms(&$user, $str_perms)
{
$perms_map = flickr_api_authtoken_perms_map();
$flickr_user = flickr_users_get_by_user_id($user['id']);
if ($perms_map[$flickr_user['token_perms']] != $str_perms) {
api_output_error(999, "Insufficient Flickr API permissions");
}
return $flickr_user;
}
function api_dispatch()
{
#
# Output formats
#
$format = request_str('format');
if ($format = request_str('format')) {
if (in_array($format, $GLOBALS['cfg']['api']['formats']['valid'])) {
$GLOBALS['cfg']['api']['formats']['current'] = $format;
} else {
$format = null;
}
}
if (!$format) {
$GLOBALS['cfg']['api']['formats']['current'] = $GLOBALS['cfg']['api']['formats']['default'];
}
#
# Can I get a witness?
#
if (!$GLOBALS['cfg']['enable_feature_api']) {
api_output_error(999, 'The API is currently disabled');
}
#
# Is this a valid method?
#
$method = request_str('method');
if (!$method) {
api_output_error(404, 'Method not found');
}
if (!isset($GLOBALS['cfg']['api']['methods'][$method])) {
api_output_error(404, 'Method not found');
}
$method_row = $GLOBALS['cfg']['api']['methods'][$method];
if (!$method_row['enabled']) {
api_output_error(404, 'Method not found');
}
$lib = $method_row['library'];
loadlib($lib);
$method = explode(".", $method);
$function = $lib . "_" . array_pop($method);
if (!function_exists($function)) {
api_output_error(404, 'Method not found');
}
#
# Auth-y bits
#
if ($method_row['required_login']) {
# Please, to write me...
}
#
# Go!
#
call_user_func($function);
exit;
}
function api_privatesquare_venues_checkin()
{
$venue_id = post_str("venue_id");
$status_id = post_int32("status_id");
if (!$venue_id) {
api_output_error(999, "Missing venue ID");
}
if (!isset($status_id)) {
api_output_error(999, "Missing status ID");
}
$fsq_user = foursquare_users_get_by_user_id($GLOBALS['cfg']['user']['id']);
$checkin = array('user_id' => $GLOBALS['cfg']['user']['id'], 'venue_id' => $venue_id, 'status_id' => $status_id);
# where am I?
$venue = foursquare_venues_get_by_venue_id($venue_id);
if (!$venue) {
$rsp = foursquare_venues_archive_venue($venue_id);
if ($rsp['ok']) {
$venue = $rsp['venue'];
}
}
if ($venue) {
$checkin['locality'] = $venue['locality'];
$checkin['latitude'] = $venue['latitude'];
$checkin['longitude'] = $venue['longitude'];
}
# check to see if we're checking in to 4sq too
if ($broadcast = post_str("broadcast")) {
$method = 'checkins/add';
$args = array('oauth_token' => $fsq_user['oauth_token'], 'venueId' => $venue_id, 'broadcast' => $broadcast);
$more = array('method' => 'POST');
$rsp = foursquare_api_call($method, $args, $more);
if ($rsp['ok']) {
$checkin['checkin_id'] = $rsp['rsp']['checkin']['id'];
}
# on error, then what?
}
if ($GLOBALS['cfg']['enable_feature_weather_tracking']) {
loadlib("weather_google");
$rsp = weather_google_conditions($checkin['latitude'], $checkin['longitude']);
if ($rsp['ok']) {
$conditions = $rsp['conditions'];
$conditions['source'] = $rsp['source'];
$checkin['weather'] = json_encode($conditions);
}
}
$rsp = privatesquare_checkins_create($checkin);
if (!$rsp['ok']) {
api_output_error(999, "Check in failed");
}
$out = array('checkin' => $rsp['checkin']);
api_output_ok($out);
}
function api_flickr_favorites_remove()
{
$flickr_user = api_utils_flickr_ensure_token_perms($GLOBALS['cfg']['user'], 'write');
$photo_id = post_int64("photo_id");
if (!$photo_id) {
api_output_error(999, "Missing photo ID");
}
$method = 'flickr.favorites.remove';
$args = array('photo_id' => $photo_id, 'auth_token' => $flickr_user['auth_token']);
$rsp = flickr_api_call($method, $args);
# Just ignore if not in faves already...
if (!$rsp['ok'] && $rsp['error_code'] != '1') {
api_output_error(999, $rsp['error']);
}
$out = array('photo_id' => $photo_id);
api_output_ok($out);
}
function api_flickr_photos_friends_faves()
{
if (!$GLOBALS['cfg']['enable_feature_flickr_push']) {
api_output_error(999, "disabled");
}
if (!$GLOBALS['cfg']['flickr_push_enable_photos_friends_faves']) {
api_output_error(999, "disabled");
}
$topic_map = flickr_push_topic_map("string keys");
$topic_id = $topic_map["contacts_faves"];
$sub = flickr_push_subscriptions_get_by_user_and_topic($GLOBALS['cfg']['user'], $topic_id);
if (!$sub) {
api_output_error(999, "no subscription");
}
$older_than = get_int32("older_than");
$rsp = flickr_push_photos_for_subscription($sub, $older_than);
if (!$rsp['ok']) {
api_output_error(999, $rsp['error']);
}
$out = array('photos' => $rsp['rows']);
$more = array('inline' => 1);
api_output_ok($out, $more);
}
function _api_foursquare_error(&$rsp)
{
$error = json_decode($rsp['body'], 'as hash');
$meta = $error['meta'];
$msg = "{$meta['code']}: {$meta['errorType']},\t{$meta['errorDetail']}";
api_output_error(999, $msg);
}
function api_auth_ensure_crumb(&$method, $ttl = 0)
{
if (!api_auth_has_valid_crumb($method, $ttl)) {
api_output_error(999, "Missing or invalid crumb");
}
}
function api_test_error()
{
api_output_error(500, 'This is the network of our disconnect');
}
function api_auth_ensure_auth()
{
if (!api_auth_has_auth()) {
api_output_error(403, 'Forbidden');
}
}
<?php
include "include/init.php";
loadlib("reverse_geoplanet");
loadlib("api_output");
$lat = get_str('lat');
$lon = get_str('lon');
$ll = get_str('ll');
$more = array('inline' => get_str('inline'));
if ($ll) {
list($lat, $lon) = explode(",", $ll, 2);
$lat = trim($lat);
$lon = trim($lon);
}
if ($lat == '' || $lon == '') {
api_output_error(999, "Missing lat/lon", $more);
}
$rsp = reverse_geoplanet($lat, $lon);
if (!$rsp['ok']) {
api_output_error(999, $rsp['error'], $more);
}
api_output_ok($rsp['data'], $more);
exit;
function _api_flickr_photos_geo_get_photo($photo_id, $ensure_is_own = 1)
{
if (!$photo_id) {
api_output_error(999, "Missing photo ID");
}
$photo = flickr_photos_get_by_id($photo_id);
if (!$photo['id']) {
api_output_error(999, "Invalid photo ID");
}
if ($ensure_is_own && $photo['user_id'] != $GLOBALS['cfg']['user']['id']) {
api_output_error(999, "Insufficient permissions");
}
if (!$photo['hasgeo']) {
api_output_error(999, "Photo is not geotagged");
}
return $photo;
}
function _api_config_freakout_and_die($reason = null)
{
$msg = "The API is currently throwing a temper tantrum. That's not good.";
if ($reason) {
$msg .= " This is what we know so far: {$reason}.";
}
# Because if we're here it's probably because the actual config
# file is busted (20121026/straup)
if (!isset($GLOBALS['cfg']['api']['default_format'])) {
$GLOBALS['cfg']['api']['default_format'] = 'json';
}
loadlib("api_output");
loadlib("api_log");
api_output_error(500, $msg);
exit;
}
function api_dispatch($method)
{
if (!$GLOBALS['cfg']['enable_feature_api']) {
api_output_error(999, 'API disabled');
}
$method = filter_strict($method);
$api_key = request_str("api_key");
$access_token = request_str("access_token");
# Log the basics
api_log(array('api_key' => $api_key, 'method' => $method, 'access_token' => $access_token, 'remote_addr' => $_SERVER['REMOTE_ADDR']));
$methods = $GLOBALS['cfg']['api']['methods'];
if (!$method || !isset($methods[$method])) {
$enc_method = htmlspecialchars($method);
api_output_error(404, "Method '{$enc_method}' not found");
}
apache_setenv("API_METHOD", $method);
$method_row = $methods[$method];
$key_row = null;
$token_row = null;
if (!$method_row['enabled']) {
$enc_method = htmlspecialchars($method);
api_output_error(404, "Method '{$enc_method}' not found");
}
$method_row['name'] = $method;
if ($GLOBALS['cfg']['api_auth_type'] == 'oauth2') {
if ($_SERVER['REQUEST_METHOD'] != 'POST' && !$GLOBALS['cfg']['api_oauth2_allow_get_parameters']) {
api_output_error(405, 'Method not allowed');
}
}
if (isset($method_row['request_method'])) {
if ($_SERVER['REQUEST_METHOD'] != $method_row['request_method']) {
api_output_error(405, 'Method not allowed');
}
}
# Okay – now we get in to validation and authorization. Which means a
# whole world of pedantic stupid if we're using Oauth2. Note that you
# could use OAuth2 and require API keys be passed explictly but since
# that's not part of the spec if you enable the two features simultaneously
# don't be surprised when hilarity ensues. Good times. (20121026/straup)
# First API keys
if (features_is_enabled("api_require_keys")) {
if (!$api_key) {
api_output_error(999, "Required API key is missing");
}
$key_row = api_keys_get_by_key($api_key);
api_keys_utils_ensure_valid_key($key_row);
}
# Second auth-y bits
$auth_rsp = api_auth_ensure_auth($method_row, $key_row);
if (isset($auth_rsp['api_key'])) {
$key_row = $auth_rsp['api_key'];
}
if (isset($auth_rsp['access_token'])) {
$token_row = $auth_rsp['access_token'];
}
if ($auth_rsp['user']) {
$GLOBALS['cfg']['user'] = $auth_rsp['user'];
}
apache_setenv("API_KEY", $key_row['api_key']);
# Check for require-iness of users here ?
# Roles - for API keys (things like only the site keys)
api_config_ensure_role($method_row, $key_row, $token_row);
# Blessings and other method specific access controls
api_config_ensure_blessing($method_row, $key_row, $token_row);
# Finally, crumbs - because they are tastey
if ($method_row['requires_crumb']) {
api_auth_ensure_crumb($method_row);
}
# GO!
loadlib($method_row['library']);
$parts = explode(".", $method);
$method = array_pop($parts);
$func = "{$method_row['library']}_{$method}";
if (!function_exists($func)) {
api_output_error(404, "Method not found");
}
call_user_func($func);
exit;
}
