public function view($type = null)
{
getAuthentication()->requireAuthentication();
$note = $this->notification->get($type);
if (empty($note)) {
return $this->notFound('No notifications found', null);
}
return $this->success('Notification', $note);
}
/**
* Retrieve a single action
*
* @param string $id The ID of the action to be retrieved.
* @return string Standard JSON envelope
*/
public function view($id)
{
getAuthentication()->requireAuthentication(false);
$action = $this->action->view($id);
if ($action) {
return $this->success("Action {$id}", $action);
}
return $this->error("Could not retrieve action {$id}", false);
}
/**
* Subscribe to a topic (creates a webhook).
*
* @return void
*/
public function subscribe()
{
getAuthentication()->requireAuthentication();
$params = $_POST;
$params['verify'] = 'sync';
if (isset($params['callback']) && isset($params['mode']) && isset($params['topic'])) {
$urlParts = parse_url($params['callback']);
if (isset($urlParts['scheme']) && isset($urlParts['host'])) {
if (!isset($urlParts['port'])) {
$port = '';
}
if (!isset($urlParts['path'])) {
$path = '';
}
extract($urlParts);
$challenge = uniqid();
$queryParams = array();
if (isset($urlParts['query']) && !empty($urlParts['query'])) {
parse_str($urlParts['query'], $queryParams);
}
$queryParams['mode'] = $params['mode'];
$queryParams['topic'] = $params['topic'];
$queryParams['challenge'] = $challenge;
if (isset($params['verifyToken'])) {
$queryParams['verifyToken'] = $params['verifyToken'];
}
$queryString = '';
if (!empty($queryParams)) {
$queryString = sprintf('?%s', http_build_query($queryParams));
}
$url = sprintf('%s://%s%s%s%s', $scheme, $host, $port, $path, $queryString);
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$handle = getCurl()->addCurl($ch);
// verify a 2xx response and that the body is equal to the challenge
if ($handle->code >= 200 && $handle->code < 300 && $handle->data == $challenge) {
$apiWebhook = $this->api->invoke('/webhook/create.json', EpiRoute::httpPost, array('_POST' => $params));
if ($apiWebhook['code'] === 200) {
header('HTTP/1.1 204 No Content');
getLogger()->info(sprintf('Webhook successfully created: %s', json_encode($params)));
return;
}
}
$message = sprintf('The verification call failed to meet requirements. Code: %d, Response: %s, Expected: %s, URL: %s', $handle->code, $handle->data, $challenge, $url);
getLogger()->warn($message);
} else {
$message = sprintf('Callback url was invalid: %s', $params['callback']);
getLogger()->warn($message);
}
} else {
$message = sprintf('Not all required parameters were passed in to webhook subscribe: %s', json_encode($params));
getLogger()->warn($message);
}
header('HTTP/1.1 400 Bad Request');
echo $message;
}
public function delete($id)
{
getAuthentication()->requireAuthentication();
getAuthentication()->requireCrumb();
$res = $this->token->delete($id);
if ($res === false) {
return $this->error('Could not delete share token', false);
}
return $this->noContent('Successfully deleted share token', true);
}
public function list_()
{
getAuthentication()->requireAuthentication();
$res = getDb()->getCredentials();
if ($res !== false) {
return $this->success('Oauth Credentials', $res);
} else {
return $this->error('Could not retrieve credentials', false);
}
}
/**
* Call the parent constructor
*
* @return void
*/
public function __construct()
{
parent::__construct();
$this->photo = new Photo();
$this->theme->setTheme();
// defaults
if (stristr($_SERVER['REQUEST_URI'], '/manage/apps/callback') === false) {
getAuthentication()->requireAuthentication();
}
}
/**
* API to get versions of the source, filesystem and database
*
* @return string Standard JSON envelope
*/
public function version()
{
getAuthentication()->requireAuthentication();
$apiVersion = Request::getLatestApiVersion();
$systemVersion = getConfig()->get('site')->lastCodeVersion;
$databaseVersion = getDb()->version();
$databaseType = getDb()->identity();
$filesystemVersion = '0.0.0';
$filesystemType = getFs()->identity();
return $this->success('System versions', array('api' => $apiVersion, 'system' => $systemVersion, 'database' => $databaseVersion, 'databaseType' => $databaseType, 'filesystem' => $filesystemVersion, 'filesystemType' => $filesystemType));
}
public function purge()
{
getAuthentication()->requireAuthentication();
getAuthentication()->requireCrumb();
$status = $this->activity->purge();
if ($status !== false) {
return $this->success('Purged user activities', true);
} else {
return $this->error('Purged user activities', false);
}
}
public function routeHandler($route)
{
parent::routeHandler($route);
switch ($route) {
case '/update.json':
getAuthentication()->requireAuthentication();
$user = new User();
$user->setAttribute($_POST['section'], $_POST['key']);
return array('message' => sprintf('Updated tutorial for %s', $_POST['section']), 'code' => 200, 'result' => true);
break;
}
}
/**
* Update a group
*
* @param string $id id of the group to update
* @return string Standard JSON envelope
*/
public function postGroup($id = null)
{
getAuthentication()->requireAuthentication();
if (!$id) {
$id = $this->user->getNextId('group');
}
$res = getDb()->postGroup($id, $_POST);
if ($res) {
return $this->success("Group {$id} was updated", array_merge(array('id' => $id), $_POST));
} else {
return $this->error("Could not updated group {$id}", false);
}
}
public function create()
{
getAuthentication()->requireAuthentication();
$id = $this->resourceMap->create($_POST);
if (!$id) {
return $this->error('Could not generate resource map.', false);
}
$resourceResp = $this->api->invoke("/s/{$id}/view.json");
if ($resourceResp['code'] !== 200) {
return $this->error('Could not retrieve resource map after creating it', false);
}
return $this->created("Resource map {$id} successfully created", $resourceResp['result']);
}
/**
* Update a tag in the tag database.
*
* @return string Standard JSON envelope
*/
public function update($tag)
{
getAuthentication()->requireAuthentication();
$tag = Tag::sanitize($tag);
$params = Tag::validateParams($_POST);
$res = getDb()->postTag($tag, $params);
if ($res) {
$tag = $this->api->invoke("/{$this->apiVersion}/tag/{$tag}/view.json", EpiRoute::httpGet);
return $this->success('Tag created/updated successfully', $tag['result']);
} else {
return $this->error('Tag could not be created/updated', false);
}
}
public function create($attributes)
{
getAuthentication()->requireAuthentication();
$attributes = array_merge($this->getDefaultAttributes(), $attributes);
$attributes = $this->whitelistParams($attributes);
if (!$this->validateParams($attributes)) {
$this->logger->warn('Not all required paramaters were passed to create an activity');
return false;
}
$id = $this->user->getNextId('activity');
if ($id === false) {
$this->logger->warn('Could not fetch the next activity id');
return false;
}
return $this->db->putActivity($id, $attributes);
}
/**
* User's settings page
*
* @return void
*/
public function settings()
{
getAuthentication()->requireAuthentication();
$userObj = new User();
$credentials = $this->api->invoke('/oauth/list.json', EpiRoute::httpGet);
$groups = $this->api->invoke('/groups/list.json', EpiRoute::httpGet);
$webhooks = $this->api->invoke('/webhooks/list.json', EpiRoute::httpGet);
$plugins = $this->api->invoke('/plugins/list.json', EpiRoute::httpGet);
$mobilePassphrase = $userObj->getMobilePassphrase();
if (!empty($mobilePassphrase)) {
$mobilePassphrase['minutes'] = ceil(($mobilePassphrase['expiresAt'] - time()) / 60);
}
$template = sprintf('%s/settings.php', $this->config->paths->templates);
$body = $this->template->get($template, array('crumb' => getSession()->get('crumb'), 'plugins' => $plugins['result'], 'credentials' => $credentials['result'], 'webhooks' => $webhooks['result'], 'groups' => $groups['result'], 'mobilePassphrase' => $mobilePassphrase));
$this->theme->display('template.php', array('body' => $body, 'page' => 'settings'));
}
public function upgradePost()
{
getAuthentication()->requireAuthentication();
getUpgrade()->performUpgrade();
$configObj = getConfig();
// Backwards compatibility
// TODO remove in 2.0
$basePath = dirname(Epi::getPath('config'));
$configFile = sprintf('%s/userdata/configs/%s.ini', $basePath, getenv('HTTP_HOST'));
if (!file_exists($configFile)) {
$configFile = sprintf('%s/generated/%s.ini', Epi::getPath('config'), getenv('HTTP_HOST'));
}
$config = $configObj->getString($configFile);
$config = preg_replace('/lastCodeVersion *= *"\\d+\\.\\d+\\.\\d+"/', sprintf('lastCodeVersion="%s"', getUpgrade()->getCurrentVersion()), $config);
$configObj->write($configFile, $config);
$this->route->redirect('/');
}
public function send($type, $data)
{
getAuthentication()->requireAuthentication();
getAuthentication()->requireCrumb();
$email = $this->session->get('email');
if (empty($email) || empty($_POST['message']) || empty($_POST['recipients'])) {
return $this->error('Not all parameters were passed in', false);
}
$emailer = new Emailer($email);
$emailer->setRecipients(array_merge(array($email), (array) explode(',', $_POST['recipients'])));
if ($type === 'photo') {
$status = $this->sendPhotoEmail($data, $emailer);
} else {
$status = $this->sendAlbumEmail($data, $emailer);
}
if (!$status) {
return $this->error('Could not complete request', false);
}
return $this->success('yes', array('data' => $data, 'post' => $_POST));
}
/**
* Upload a video.
*
* @return string standard json envelope
*/
public function upload()
{
getAuthentication()->requireAuthentication();
getAuthentication()->requireCrumb();
$httpObj = new Http();
$attributes = $_REQUEST;
$this->plugin->invoke('onVideoUpload');
// this determines where to get the photo from and populates $localFile and $name
extract($this->parseVideoFromRequest());
// TODO put this in a whitelist function (see replace())
if (isset($attributes['__route__'])) {
unset($attributes['__route__']);
}
if (isset($attributes['photo'])) {
unset($attributes['photo']);
}
if (isset($attributes['crumb'])) {
unset($attributes['crumb']);
}
$videoId = false;
$attributes['video'] = true;
$attributes['hash'] = sha1_file($localFile);
$attributes['width'] = $this->config->photos->baseSize;
$attributes['height'] = $this->config->photos->baseSize;
$videoId = $this->video->upload($localFile, $name, $attributes);
if ($videoId) {
$apiResp = $this->api->invoke("/{$this->apiVersion}/photo/{$videoId}/view.json", EpiRoute::httpGet, array('_GET' => array()));
$video = $apiResp['result'];
$permission = isset($attributes['permission']) ? $attributes['permission'] : 0;
// TODO webhooks and things
if ($video) {
}
$this->plugin->setData('video', $video);
$this->plugin->setData('videoId', $videoId);
$this->plugin->invoke('onVideoUploaded');
$this->user->setAttribute('stickyPermission', $permission);
$this->user->setAttribute('stickyLicense', $video['license']);
return $this->created("Video {$videoId} uploaded successfully", $video);
}
return $this->error("File upload failure", false);
}
public function update($plugin)
{
getAuthentication()->requireAuthentication();
$params = $_POST;
$pluginObj = getPlugin();
$conf = $pluginObj->loadConf($plugin);
if (!$conf) {
return $this->error('Cannot update settings for a deactivated plugin, try activating first.', false);
}
foreach ($conf as $name => $value) {
if (isset($_POST[$name])) {
$conf[$name] = $_POST[$name];
}
}
$status = $pluginObj->writeConf($plugin, $this->utility->generateIniString($conf));
if ($status) {
return $this->success('Plugin updated successfully', $conf);
} else {
return $this->error('Could not update plugin', false);
}
}
public function updateIndex($albumId, $type, $action)
{
getAuthentication()->requireAuthentication();
getAuthentication()->requireCrumb();
if (!isset($_POST['ids']) || empty($_POST['ids'])) {
return $this->error('Please provide ids', false);
}
$cnt = array('success' => 0, 'failure' => 0);
switch ($action) {
case 'add':
$resp = $this->album->addElement($albumId, $type, $_POST['ids']);
break;
case 'remove':
$resp = $this->album->removeElement($albumId, $type, $_POST['ids']);
break;
}
if (!$resp) {
return $this->error('All items were not updated', false);
}
return $this->success('All items updated', true);
}
/**
* Upload new media.
*
* @return string standard json envelope
*/
public function upload()
{
$httpObj = new Http();
$attributes = $_REQUEST;
$albums = array();
if (isset($attributes['albums']) && !empty($attributes['albums'])) {
$albums = (array) explode(',', $attributes['albums']);
}
$token = null;
if (isset($attributes['token']) && !empty($attributes['token'])) {
$shareTokenObj = new ShareToken();
$tokenArr = $shareTokenObj->get($attributes['token']);
if (empty($tokenArr) || $tokenArr['type'] != 'upload') {
return $this->forbidden('No permissions with the passed in token', false);
}
$attributes['albums'] = $tokenArr['data'];
$token = $tokenArr['id'];
$attributes['permission'] = '0';
} else {
getAuthentication()->requireAuthentication(array(Permission::create), $albums);
getAuthentication()->requireCrumb();
}
// determine localFile
extract($this->parseMediaFromRequest());
// Get file mimetype by instantiating a photo object
// getMediaType is defined in parent abstract class Media
$photoObj = new Photo();
$mediaType = $photoObj->getMediaType($localFile);
// Invoke type-specific
switch ($mediaType) {
case Media::typePhoto:
return $this->api->invoke("/{$this->apiVersion}/photo/upload.json", EpiRoute::httpPost);
case Media::typeVideo:
return $this->api->invoke("/{$this->apiVersion}/video/upload.json", EpiRoute::httpPost);
}
return $this->error('Unsupported media type', false);
}
public function upgradePost()
{
getAuthentication()->requireAuthentication();
getUpgrade()->performUpgrade();
$configObj = getConfig();
// Backwards compatibility
// TODO remove in 2.0
$basePath = dirname(Epi::getPath('config'));
$configFile = sprintf('%s/userdata/configs/%s.ini', $basePath, getenv('HTTP_HOST'));
if (!file_exists($configFile)) {
$configFile = sprintf('%s/generated/%s.ini', Epi::getPath('config'), getenv('HTTP_HOST'));
}
$config = $configObj->getString($configFile);
// Backwards compatibility
// TODO remove in 2.0
if (strstr($config, 'lastCodeVersion="') !== false) {
$config = preg_replace('/lastCodeVersion="\\d+\\.\\d+\\.\\d+"/', sprintf('lastCodeVersion="%s"', getUpgrade()->getCurrentVersion()), $config);
} else {
// Before the upgrade code the lastCodeVersion was not in the config template
$config = sprintf("[site]\nlastCodeVersion=\"%s\"\n\n", getUpgrade()->getCurrentVersion()) . $config;
}
$configObj->write($configFile, $config);
$this->route->redirect('/');
}
/**
* Form for batch editing
*
* @return string Standard JSON envelope
*/
public function updateBatchForm()
{
getAuthentication()->requireAuthentication();
$params = $_GET;
if ($params['action'] == 'albums') {
$albumsResp = $this->api->invoke('/albums/list.json', EpiRoute::httpGet, array('_GET' => array('pageSize' => 0)));
if ($albumsResp['code'] === 200) {
$params['albums'] = $albumsResp['result'];
}
}
$markup = $this->theme->get('partials/batch-update-form.php', $params);
return $this->success('Batch update form', array('markup' => $markup));
}
/**
* Retrieve a list of the user's webhooks from the remote datasource.
*
* @return string Standard JSON envelope
*/
public function list_($topic = null)
{
getAuthentication()->requireAuthentication();
$webhooks = $this->webhook->getAll($topic);
if ($webhooks) {
return $this->success("Successfully retrieved webhooks", $webhooks);
} else {
return $this->error("Error getting webhooks", false);
}
}
public function update($id)
{
getAuthentication()->requireAuthentication();
getAuthentication()->requireCrumb();
$status = $this->album->update($id, $_POST);
if (!$status) {
return $this->error('Could not update album', false);
}
$albumResp = $this->api->invoke("/{$this->apiVersion}/album/{$id}/view.json", EpiRoute::httpGet);
return $this->success('Album {$id} updated', $albumResp['result']);
}
public function view($plugin)
{
getAuthentication()->requireAuthentication();
$siteConfig = getUserConfig()->getSiteSettings();
$plugins = (array) explode(',', $siteConfig['plugins']['activePlugins']);
if (!in_array($plugin, $plugins)) {
$this->logger->warn(sprintf('Tried to call /plugin/%s/view.json on an inactive or non existant plugin', $plugin));
return $this->error('Could not load plugin', false);
}
$pluginObj = getPlugin();
$conf = $pluginObj->loadConf($plugin);
$bodyTemplate = sprintf('%s/plugin-form.php', $this->config->paths->templates);
$body = $this->template->get($bodyTemplate, array('plugin' => $plugin, 'conf' => $conf, 'crumb' => $this->session->get('crumb')));
return $this->success(sprintf('Form for %s plugin', $plugin), array('markup' => $body));
}
public function profilePost()
{
getAuthentication()->requireAuthentication(true);
getAuthentication()->requireCrumb();
$params = array();
if (isset($_POST['photoId'])) {
$photoAttribute = $this->user->getAttributeName('profilePhoto');
if ($_POST['photoId'] == '') {
$params[$photoAttribute] = null;
} else {
$apiResp = $this->api->invoke(sprintf('/photo/%s/view.json', $_POST['photoId']), EpiRoute::httpGet, array('_GET' => array('returnSizes' => '100x100xCR', 'generate' => 'true')));
if ($apiResp['code'] !== 200) {
return $this->error('Could not fetch profile photo', false);
}
$params[$photoAttribute] = $apiResp['result']['path100x100xCR'];
}
}
if (isset($_POST['name'])) {
$params[$this->user->getAttributeName('profileName')] = strip_tags($_POST['name']);
}
if (!empty($params)) {
if (!$this->user->update($params)) {
return $this->error('Could not update profile', false);
}
}
$apiUserResp = $this->api->invoke('/user/profile.json', EpiRoute::httpGet);
if ($apiUserResp['code'] !== 200) {
return $this->error('Profile updated but could not retrieve', false);
}
return $this->success('Profile updated', $apiUserResp['result']);
}
/**
* Update the data associated with the photo in the remote data store.
* Parameters to be updated are in _POST
* This method also manages updating tag counts
*
* @return string Standard JSON envelope
*/
public function updateBatch()
{
getAuthentication()->requireAuthentication();
getAuthentication()->requireCrumb();
if (!isset($_POST['ids']) || empty($_POST['ids'])) {
return $this->error('This API requires an ids parameter.', false);
}
$ids = (array) explode(',', $_POST['ids']);
$params = $_POST;
unset($params['ids']);
$retval = true;
foreach ($ids as $id) {
$response = $this->api->invoke("/{$this->apiVersion}/photo/{$id}/update.json", EpiRoute::httpPost, array('_POST' => $params));
$retval = $retval && $response['result'] !== false;
}
if ($retval) {
return $this->success(sprintf('%d photos updated', count($ids)), true);
} else {
return $this->error('Error updating one or more photos', false);
}
}
public function routeHandler($route)
{
// require authentication for all route urls
getAuthentication()->requireAuthentication();
}
/**
* Get the owner's group as specified by the groupId
*
* @param string $id The id of the group
* @return string Standard JSON envelope
*/
public function view($id)
{
getAuthentication()->requireAuthentication();
$group = $this->group->getGroup($id);
if ($group === false) {
return $this->error('An error occurred trying to get your group', false);
}
return $this->success('Your group', (array) $group);
}
/**
* Call the parent constructor
*
* @return void
*/
public function __construct()
{
parent::__construct();
$this->authentication = getAuthentication();
}
