public function invalidateApplicationResources(array $uris, SecurityToken $token) { foreach ($uris as $uri) { $request = new RemoteContentRequest($uri); $this->cache->invalidate($request->toHash()); // GET $request = new RemoteContentRequest($uri); $request->createRemoteContentRequestWithUri($uri); $this->cache->invalidate($request->toHash()); // GET & SIGNED $request = new RemoteContentRequest($uri); $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED); $request->setNotSignedUri($uri); $this->cache->invalidate($request->toHash()); } }
public function invalidateApplicationResources(array $uris, SecurityToken $token) { foreach ($uris as $uri) { $request = new RemoteContentRequest($uri); $this->cache->invalidate($request->toHash()); // GET $request = new RemoteContentRequest($uri); $request->createRemoteContentRequestWithUri($uri); $this->cache->invalidate($request->toHash()); // GET & SIGNED $request = new RemoteContentRequest($uri); $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED); $request->setNotSignedUri($uri); $this->cache->invalidate($request->toHash()); } if (Doctrine::getTable('SnsConfig')->get('is_use_outer_shindig', false) && Doctrine::getTable('SnsConfig')->get('is_relay_invalidation_notice', true)) { require_once 'OAuth.php'; $shindigUrl = Doctrine::getTable('SnsConfig')->get('shindig_url'); if (substr($shindigUrl, -1) !== '/') { $shindigUrl .= '/'; } $invalidateUrl = $shindigUrl . 'gadgets/api/rest/cache'; $key = Doctrine::getTable('SnsConfig')->get('shindig_backend_key'); $secret = Doctrine::getTable('SnsConfig')->get('shindig_backend_secret'); $consumer = new OAuthConsumer($key, $secret); $oauthRequest = OAuthRequest::from_consumer_and_token($consumer, null, 'POST', $invalidateUrl); $oauthRequest->set_parameter('xoauth_requestor_id', 1); $oauthRequest->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, null); $request = new RemoteContentRequest($invalidateUrl . '?xoauth_requestor_id=1'); $request->setMethod('POST'); $request->setContentType('application/json'); $request->setPostBody(json_encode(array('invalidationKeys' => $uris))); $request->setHeaders($oauthRequest->to_header()); $request->getOptions()->ignoreCache = true; $remoteContent = Shindig_Config::get('remote_content'); $fetcher = new $remoteContent(); $fetcher->fetch($request); } }
/** * Fetches all remote resources simultaniously using a multiFetchRequest to optimize rendering time. * * The preloads will be json_encoded to their gadget document injection format, and the locales will * be reduced to only the GadgetContext->getLocale matching entries. * * @param Gadget $gadget * @param GadgetContext $context */ protected function fetchResources(Gadget &$gadget) { $contextLocale = $this->context->getLocale(); $unsignedRequests = $signedRequests = array(); foreach ($gadget->gadgetSpec->locales as $key => $locale) { // Only fetch the locales that match the current context's language and country if ($locale['country'] == 'all' && $locale['lang'] == 'all' || $locale['lang'] == $contextLocale['lang'] && $locale['country'] == 'all' || $locale['lang'] == $contextLocale['lang'] && $locale['country'] == $contextLocale['country']) { if (!empty($locale['messages'])) { $transformedUrl = RemoteContentRequest::transformRelativeUrl($locale['messages'], $this->context->getUrl()); if (!$transformedUrl) { // remove any locales that are not applicable to this context unset($gadget->gadgetSpec->locales[$key]); continue; } else { $gadget->gadgetSpec->locales[$key]['messages'] = $transformedUrl; } // locale matches the current context, add it to the requests queue $request = new RemoteContentRequest($gadget->gadgetSpec->locales[$key]['messages']); $request->createRemoteContentRequestWithUri($gadget->gadgetSpec->locales[$key]['messages']); $request->getOptions()->ignoreCache = $this->context->getIgnoreCache(); $unsignedRequests[] = $request; } } else { // remove any locales that are not applicable to this context unset($gadget->gadgetSpec->locales[$key]); } } if (!$gadget->gadgetContext instanceof MetadataGadgetContext) { // Add preloads to the request queue foreach ($gadget->getPreloads() as $preload) { if (!empty($preload['href'])) { $request = new RemoteContentRequest($preload['href']); if (!empty($preload['authz']) && $preload['authz'] == 'SIGNED') { if ($this->token == '') { throw new GadgetException("Signed preloading requested, but no valid security token set"); } $request = new RemoteContentRequest($preload['href']); $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED); $request->setNotSignedUri($preload['href']); $request->setToken($this->token); $request->getOptions()->ignoreCache = $this->context->getIgnoreCache(); if (strcasecmp($preload['signViewer'], 'false') == 0) { $request->getOptions()->viewerSigned = false; } if (strcasecmp($preload['signOwner'], 'false') == 0) { $request->getOptions()->ownerSigned = false; } $signedRequests[] = $request; } else { $request->createRemoteContentRequestWithUri($preload['href']); $request->getOptions()->ignoreCache = $this->context->getIgnoreCache(); $unsignedRequests[] = $request; } } } // Add template libraries to the request queue if ($gadget->gadgetSpec->templatesRequireLibraries) { foreach ($gadget->gadgetSpec->templatesRequireLibraries as $key => $libraryUrl) { $request = new RemoteContentRequest($libraryUrl); $transformedUrl = RemoteContentRequest::transformRelativeUrl($libraryUrl, $this->context->getUrl()); if (!$transformedUrl) { continue; } else { $gadget->gadgetSpec->templatesRequireLibraries[$key] = $transformedUrl; } $request->createRemoteContentRequestWithUri($gadget->gadgetSpec->templatesRequireLibraries[$key]); $request->getOptions()->ignoreCache = $this->context->getIgnoreCache(); $unsignedRequests[] = $request; } } } // Perform the non-signed requests $responses = array(); if (count($unsignedRequests)) { $brc = new BasicRemoteContent(); $resps = $brc->multiFetch($unsignedRequests); foreach ($resps as $response) { $responses[$response->getUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode()); } } // Perform the signed requests if (count($signedRequests)) { $signingFetcherFactory = new SigningFetcherFactory(Config::get("private_key_file")); $remoteFetcherClass = Config::get('remote_content_fetcher'); $remoteFetcher = new $remoteFetcherClass(); $remoteContent = new BasicRemoteContent($remoteFetcher, $signingFetcherFactory); $resps = $remoteContent->multiFetch($signedRequests); foreach ($resps as $response) { $responses[$response->getNotSignedUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode()); } } // assign the results to the gadget locales and preloads (using the url as the key) foreach ($gadget->gadgetSpec->locales as $key => $locale) { if (!empty($locale['messages']) && isset($responses[$locale['messages']]) && $responses[$locale['messages']]['rc'] == 200) { $gadget->gadgetSpec->locales[$key]['messageBundle'] = $this->parseMessageBundle($responses[$locale['messages']]['body']); } } if (!$gadget->gadgetContext instanceof MetadataGadgetContext) { $preloads = array(); foreach ($gadget->gadgetSpec->preloads as $key => $preload) { if (!empty($preload['href']) && isset($responses[$preload['href']]) && $responses[$preload['href']]['rc'] == 200) { $preloads[] = array_merge(array('id' => $preload['href']), $responses[$preload['href']]); } } $gadget->gadgetSpec->preloads = $preloads; if ($gadget->gadgetSpec->templatesRequireLibraries) { $requiredLibraries = array(); foreach ($gadget->gadgetSpec->templatesRequireLibraries as $key => $libraryUrl) { if (isset($responses[$libraryUrl]) && $responses[$libraryUrl]['rc'] == 200) { $requiredLibraries[$libraryUrl] = $responses[$libraryUrl]['body']; } } $gadget->gadgetSpec->templatesRequireLibraries = $requiredLibraries; } } }
/** * Builds a request to retrieve the actual content. * * @param GadgetContext $context The rendering context. * @param MakeRequestOptions $params Options for crafting the request. * @param SecurityTokenDecoder $signer A signer needed for signed requests. * @return RemoteContentRequest An initialized request object. */ public function buildRequest(GadgetContext $context, MakeRequestOptions $params, SecurityTokenDecoder $signer = null) { // Check the protocol requested - curl doesn't really support file:// // requests but the 'error' should be handled properly $protocolSplit = explode('://', $params->getHref(), 2); if (count($protocolSplit) < 2) { throw new Exception("Invalid protocol specified"); } $protocol = strtoupper($protocolSplit[0]); if ($protocol != "HTTP" && $protocol != "HTTPS") { throw new Exception("Invalid protocol specified in url: " . htmlentities($protocol)); } $method = $params->getHttpMethod(); if ($method == 'POST' || $method == 'PUT') { // even if postData is an empty string, it will still post // (since RemoteContentRquest checks if its false) // so the request to POST is still honored $request = new RemoteContentRequest($params->getHref(), null, $params->getRequestBody()); } else { if ($method == 'DELETE' || $method == 'GET' || $method == 'HEAD') { $request = new RemoteContentRequest($params->getHref()); } else { throw new Exception("Invalid HTTP method."); } } $request->setMethod($method); if ($signer) { switch ($params->getAuthz()) { case 'SIGNED': $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED); break; case 'OAUTH': $request->setAuthType(RemoteContentRequest::$AUTH_OAUTH); $request->setOAuthRequestParams($params->getOAuthRequestParameters()); break; } $st = $params->getSecurityTokenString(); if ($st === false) { throw new Exception("A security token is required for signed requests"); } $token = $context->validateToken($st, $signer); $request->setToken($token); } // Strip invalid request headers. This limits the utility of the // MakeRequest class a little bit, but ensures that none of the invalid // headers are present in any request going through this class. $headers = $params->getRequestHeadersArray(); if ($headers !== false) { $headers = $this->stripInvalidArrayKeys($headers, MakeRequest::$BAD_REQUEST_HEADERS); $params->setRequestHeaders($headers); } // The request expects headers to be stored as a normal header text blob. // ex: Content-Type: application/atom+xml // Accept-Language: en-us $formattedHeaders = $params->getFormattedRequestHeaders(); if ($formattedHeaders !== false) { $request->setHeaders($formattedHeaders); } return $request; }
public function testInvalidateUserResourcesWithEmptyAppId() { $token = BasicSecurityToken::createFromValues('owner', 'viewer', null, 'domain', 'appUrl', '1', 'default'); $token->setAuthenticationMode(AuthenticationMode::$OAUTH_CONSUMER_REQUEST); $request = new RemoteContentRequest('http://url'); $request->setToken($token); $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED); $this->service->markResponse($request); $opensocialIds = array('owner'); $this->service->invalidateUserResources($opensocialIds, $token); $this->assertFalse($this->service->isValid($request)); $this->service->markResponse($request); $this->assertTrue($this->service->isValid($request)); }
/** * Tests through SigningFetcher */ public function testSigningFetch() { $request1 = new RemoteContentRequest('http://test.chabotc.com/signing.html'); $token = BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default'); $request1->setToken($token); $request1->setAuthType(RemoteContentRequest::$AUTH_SIGNED); $request2 = new RemoteContentRequest('http://test.chabotc.com/ok.html'); $this->basicRemoteContent->invalidate($request1); $this->basicRemoteContent->invalidate($request2); $requests = array($request1, $request2); $this->basicRemoteContent->multiFetch($requests); $content = $request1->getResponseContent(); $this->assertEquals("OK", trim($content)); $content = $request2->getResponseContent(); $this->assertEquals("OK", trim($content)); }
/** * Renders a 'proxied content' view, for reference see: * http://opensocial-resources.googlecode.com/svn/spec/draft/OpenSocial-Data-Pipelining.xml * * @param Gadget $gadget * @param array $view */ public function renderGadget(Shindig_Gadget $gadget, $view) { $this->setGadget($gadget); if (Shindig_Config::get('P3P') != '') { header("P3P: " . Shindig_Config::get('P3P')); } /* TODO * We should really re-add OAuth fetching support some day, uses these view atributes: * $view['oauthServiceName'], $view['oauthTokenName'], $view['oauthRequestToken'], $view['oauthRequestTokenSecret']; */ $authz = $this->getAuthz($view); $refreshInterval = $this->getRefreshInterval($view); $href = $this->buildHref($view, $authz); if (count($view['dataPipelining'])) { $request = new RemoteContentRequest($href, "Content-type: application/json\n"); $request->setMethod('POST'); $request->getOptions()->ignoreCache = $gadget->gadgetContext->getIgnoreCache(); } else { // no data-pipelining set, use GET and set cache/refresh interval options $request = new RemoteContentRequest($href); $request->setMethod('GET'); $request->setRefreshInterval($refreshInterval); $request->getOptions()->ignoreCache = $gadget->gadgetContext->getIgnoreCache(); } $signingFetcherFactory = $gadgetSigner = false; if ($authz != 'none') { $gadgetSigner = Shindig_Config::get('security_token_signer'); $gadgetSigner = new $gadgetSigner(); $token = $gadget->gadgetContext->extractAndValidateToken($gadgetSigner); $request->setToken($token); $request->setAuthType($authz); $request->getOptions()->ownerSigned = $this->getSignOwner($view); $request->getOptions()->viewerSigned = $this->getSignViewer($view); $signingFetcherFactory = new SigningFetcherFactory(Shindig_Config::get("private_key_file")); } $remoteFetcherClass = Shindig_Config::get('remote_content_fetcher'); $remoteFetcher = new $remoteFetcherClass(); $basicRemoteContent = new BasicRemoteContent($remoteFetcher, $signingFetcherFactory, $gadgetSigner); // Cache POST's as if they were GET's, since we don't want to re-fetch and repost the social data for each view $basicRemoteContent->setCachePostRequest(true); if (($response = $basicRemoteContent->getCachedRequest($request)) == false) { // Don't fetch the data-pipelining social data unless we don't have a cached version of the gadget's content $dataPipeliningResults = DataPipelining::fetch($view['dataPipelining'], $this->context); // spec stats that the proxied content data-pipelinging data is *not* available to templates (to avoid duplicate posting // of the data to the gadget dev's server and once to js space), so we don't assign it to the data context, and just // post the json encoded results to the remote url. $request->setPostBody(json_encode($dataPipeliningResults)); $response = $basicRemoteContent->fetch($request); } if ($response->getHttpCode() != '200') { // an error occured fetching the proxied content's gadget content $content = '<html><body><h1>An error occured fetching the gadget content</h1><p>http error code: ' . $response->getHttpCode() . '</p><p>' . $response->getResponseContent() . '</body></html>'; } else { // fetched ok, build the response document and output it $content = $response->getResponseContent(); $content = $this->parseTemplates($content); $content = $this->rewriteContent($content); $content = $this->addTemplates($content); } echo $content; }
/** * Tests SigningFetcher->fetchRequest */ public function testFetchRequestWithEmptyPath() { $request = new RemoteContentRequest('http://example.org'); $request->setAuthType(RemoteContentRequest::$AUTH_SIGNED); $request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default')); $request->setPostBody('key=value&anotherkey=value'); $this->signingFetcher->fetchRequest($request); $this->verifySignedRequest($request); }