Esempio n. 1
0
 /**
  * Get the site index.
  *
  * This endpoint describes the capabilities of the site.
  *
  * @since 4.1
  * @return array Index entity
  */
 public function get_index()
 {
     // General site data
     $available = array('store' => array('name' => get_option('blogname'), 'description' => get_option('blogdescription'), 'URL' => get_option('siteurl'), 'fue_version' => FUE_VERSION, 'routes' => array(), 'meta' => array()));
     // Find the available routes
     foreach ($this->get_routes() as $route => $callbacks) {
         $data = array();
         $route = preg_replace('#\\(\\?P(<\\w+?>).*?\\)#', '$1', $route);
         foreach (self::$method_map as $name => $bitmask) {
             foreach ($callbacks as $callback) {
                 // Skip to the next route if any callback is hidden
                 if ($callback[1] & self::HIDDEN_ENDPOINT) {
                     continue 3;
                 }
                 if ($callback[1] & $bitmask) {
                     $data['supports'][] = $name;
                 }
                 if ($callback[1] & self::ACCEPT_DATA) {
                     $data['accepts_data'] = true;
                 }
                 // For non-variable routes, generate links
                 if (strpos($route, '<') === false) {
                     $data['meta'] = array('self' => fue_get_api_url($route));
                 }
             }
         }
         $available['store']['routes'][$route] = apply_filters('fue_api_endpoints_description', $data);
     }
     return apply_filters('fue_api_index', $available);
 }
 /**
  * Verify that the consumer-provided request signature matches our generated signature, this ensures the consumer
  * has a valid key/secret
  *
  * @param WP_User $user
  * @param array $params the request parameters
  * @throws Exception
  */
 private function check_oauth_signature($user, $params)
 {
     $http_method = strtoupper(Follow_Up_Emails::instance()->api->server->method);
     $base_request_uri = rawurlencode(untrailingslashit(fue_get_api_url('')) . Follow_Up_Emails::instance()->api->server->path);
     // get the signature provided by the consumer and remove it from the parameters prior to checking the signature
     $consumer_signature = rawurldecode($params['oauth_signature']);
     unset($params['oauth_signature']);
     // remove filters and convert them from array to strings to void normalize issues
     if (isset($params['filter'])) {
         $filters = $params['filter'];
         unset($params['filter']);
         foreach ($filters as $filter => $filter_value) {
             $params['filter[' . $filter . ']'] = $filter_value;
         }
     }
     // normalize parameter key/values
     $params = $this->normalize_parameters($params);
     // sort parameters
     if (!uksort($params, 'strcmp')) {
         throw new Exception(__('Invalid Signature - failed to sort parameters', 'follow_up_emails'), 401);
     }
     // form query string
     $query_params = array();
     foreach ($params as $param_key => $param_value) {
         $query_params[] = $param_key . '%3D' . $param_value;
         // join with equals sign
     }
     $query_string = implode('%26', $query_params);
     // join with ampersand
     $string_to_sign = $http_method . '&' . $base_request_uri . '&' . $query_string;
     if ($params['oauth_signature_method'] !== 'HMAC-SHA1' && $params['oauth_signature_method'] !== 'HMAC-SHA256') {
         throw new Exception(__('Invalid Signature - signature method is invalid', 'follow_up_emails'), 401);
     }
     $hash_algorithm = strtolower(str_replace('HMAC-', '', $params['oauth_signature_method']));
     $signature = base64_encode(hash_hmac($hash_algorithm, $string_to_sign, $user->fue_api_consumer_secret, true));
     if ($signature !== $consumer_signature) {
         throw new Exception(__('Invalid Signature - provided signature does not match', 'follow_up_emails'), 401);
     }
 }