public function view($type = null) { getAuthentication()->requireAuthentication(); $note = $this->notification->get($type); if (empty($note)) { return $this->notFound('No notifications found', null); } return $this->success('Notification', $note); }
/** * Retrieve a single action * * @param string $id The ID of the action to be retrieved. * @return string Standard JSON envelope */ public function view($id) { getAuthentication()->requireAuthentication(false); $action = $this->action->view($id); if ($action) { return $this->success("Action {$id}", $action); } return $this->error("Could not retrieve action {$id}", false); }
/** * Subscribe to a topic (creates a webhook). * * @return void */ public function subscribe() { getAuthentication()->requireAuthentication(); $params = $_POST; $params['verify'] = 'sync'; if (isset($params['callback']) && isset($params['mode']) && isset($params['topic'])) { $urlParts = parse_url($params['callback']); if (isset($urlParts['scheme']) && isset($urlParts['host'])) { if (!isset($urlParts['port'])) { $port = ''; } if (!isset($urlParts['path'])) { $path = ''; } extract($urlParts); $challenge = uniqid(); $queryParams = array(); if (isset($urlParts['query']) && !empty($urlParts['query'])) { parse_str($urlParts['query'], $queryParams); } $queryParams['mode'] = $params['mode']; $queryParams['topic'] = $params['topic']; $queryParams['challenge'] = $challenge; if (isset($params['verifyToken'])) { $queryParams['verifyToken'] = $params['verifyToken']; } $queryString = ''; if (!empty($queryParams)) { $queryString = sprintf('?%s', http_build_query($queryParams)); } $url = sprintf('%s://%s%s%s%s', $scheme, $host, $port, $path, $queryString); $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $handle = getCurl()->addCurl($ch); // verify a 2xx response and that the body is equal to the challenge if ($handle->code >= 200 && $handle->code < 300 && $handle->data == $challenge) { $apiWebhook = $this->api->invoke('/webhook/create.json', EpiRoute::httpPost, array('_POST' => $params)); if ($apiWebhook['code'] === 200) { header('HTTP/1.1 204 No Content'); getLogger()->info(sprintf('Webhook successfully created: %s', json_encode($params))); return; } } $message = sprintf('The verification call failed to meet requirements. Code: %d, Response: %s, Expected: %s, URL: %s', $handle->code, $handle->data, $challenge, $url); getLogger()->warn($message); } else { $message = sprintf('Callback url was invalid: %s', $params['callback']); getLogger()->warn($message); } } else { $message = sprintf('Not all required parameters were passed in to webhook subscribe: %s', json_encode($params)); getLogger()->warn($message); } header('HTTP/1.1 400 Bad Request'); echo $message; }
public function delete($id) { getAuthentication()->requireAuthentication(); getAuthentication()->requireCrumb(); $res = $this->token->delete($id); if ($res === false) { return $this->error('Could not delete share token', false); } return $this->noContent('Successfully deleted share token', true); }
public function list_() { getAuthentication()->requireAuthentication(); $res = getDb()->getCredentials(); if ($res !== false) { return $this->success('Oauth Credentials', $res); } else { return $this->error('Could not retrieve credentials', false); } }
/** * Call the parent constructor * * @return void */ public function __construct() { parent::__construct(); $this->photo = new Photo(); $this->theme->setTheme(); // defaults if (stristr($_SERVER['REQUEST_URI'], '/manage/apps/callback') === false) { getAuthentication()->requireAuthentication(); } }
/** * API to get versions of the source, filesystem and database * * @return string Standard JSON envelope */ public function version() { getAuthentication()->requireAuthentication(); $apiVersion = Request::getLatestApiVersion(); $systemVersion = getConfig()->get('site')->lastCodeVersion; $databaseVersion = getDb()->version(); $databaseType = getDb()->identity(); $filesystemVersion = '0.0.0'; $filesystemType = getFs()->identity(); return $this->success('System versions', array('api' => $apiVersion, 'system' => $systemVersion, 'database' => $databaseVersion, 'databaseType' => $databaseType, 'filesystem' => $filesystemVersion, 'filesystemType' => $filesystemType)); }
public function purge() { getAuthentication()->requireAuthentication(); getAuthentication()->requireCrumb(); $status = $this->activity->purge(); if ($status !== false) { return $this->success('Purged user activities', true); } else { return $this->error('Purged user activities', false); } }
public function routeHandler($route) { parent::routeHandler($route); switch ($route) { case '/update.json': getAuthentication()->requireAuthentication(); $user = new User(); $user->setAttribute($_POST['section'], $_POST['key']); return array('message' => sprintf('Updated tutorial for %s', $_POST['section']), 'code' => 200, 'result' => true); break; } }
/** * Update a group * * @param string $id id of the group to update * @return string Standard JSON envelope */ public function postGroup($id = null) { getAuthentication()->requireAuthentication(); if (!$id) { $id = $this->user->getNextId('group'); } $res = getDb()->postGroup($id, $_POST); if ($res) { return $this->success("Group {$id} was updated", array_merge(array('id' => $id), $_POST)); } else { return $this->error("Could not updated group {$id}", false); } }
public function create() { getAuthentication()->requireAuthentication(); $id = $this->resourceMap->create($_POST); if (!$id) { return $this->error('Could not generate resource map.', false); } $resourceResp = $this->api->invoke("/s/{$id}/view.json"); if ($resourceResp['code'] !== 200) { return $this->error('Could not retrieve resource map after creating it', false); } return $this->created("Resource map {$id} successfully created", $resourceResp['result']); }
/** * Update a tag in the tag database. * * @return string Standard JSON envelope */ public function update($tag) { getAuthentication()->requireAuthentication(); $tag = Tag::sanitize($tag); $params = Tag::validateParams($_POST); $res = getDb()->postTag($tag, $params); if ($res) { $tag = $this->api->invoke("/{$this->apiVersion}/tag/{$tag}/view.json", EpiRoute::httpGet); return $this->success('Tag created/updated successfully', $tag['result']); } else { return $this->error('Tag could not be created/updated', false); } }
public function create($attributes) { getAuthentication()->requireAuthentication(); $attributes = array_merge($this->getDefaultAttributes(), $attributes); $attributes = $this->whitelistParams($attributes); if (!$this->validateParams($attributes)) { $this->logger->warn('Not all required paramaters were passed to create an activity'); return false; } $id = $this->user->getNextId('activity'); if ($id === false) { $this->logger->warn('Could not fetch the next activity id'); return false; } return $this->db->putActivity($id, $attributes); }
/** * User's settings page * * @return void */ public function settings() { getAuthentication()->requireAuthentication(); $userObj = new User(); $credentials = $this->api->invoke('/oauth/list.json', EpiRoute::httpGet); $groups = $this->api->invoke('/groups/list.json', EpiRoute::httpGet); $webhooks = $this->api->invoke('/webhooks/list.json', EpiRoute::httpGet); $plugins = $this->api->invoke('/plugins/list.json', EpiRoute::httpGet); $mobilePassphrase = $userObj->getMobilePassphrase(); if (!empty($mobilePassphrase)) { $mobilePassphrase['minutes'] = ceil(($mobilePassphrase['expiresAt'] - time()) / 60); } $template = sprintf('%s/settings.php', $this->config->paths->templates); $body = $this->template->get($template, array('crumb' => getSession()->get('crumb'), 'plugins' => $plugins['result'], 'credentials' => $credentials['result'], 'webhooks' => $webhooks['result'], 'groups' => $groups['result'], 'mobilePassphrase' => $mobilePassphrase)); $this->theme->display('template.php', array('body' => $body, 'page' => 'settings')); }
public function upgradePost() { getAuthentication()->requireAuthentication(); getUpgrade()->performUpgrade(); $configObj = getConfig(); // Backwards compatibility // TODO remove in 2.0 $basePath = dirname(Epi::getPath('config')); $configFile = sprintf('%s/userdata/configs/%s.ini', $basePath, getenv('HTTP_HOST')); if (!file_exists($configFile)) { $configFile = sprintf('%s/generated/%s.ini', Epi::getPath('config'), getenv('HTTP_HOST')); } $config = $configObj->getString($configFile); $config = preg_replace('/lastCodeVersion *= *"\\d+\\.\\d+\\.\\d+"/', sprintf('lastCodeVersion="%s"', getUpgrade()->getCurrentVersion()), $config); $configObj->write($configFile, $config); $this->route->redirect('/'); }
public function send($type, $data) { getAuthentication()->requireAuthentication(); getAuthentication()->requireCrumb(); $email = $this->session->get('email'); if (empty($email) || empty($_POST['message']) || empty($_POST['recipients'])) { return $this->error('Not all parameters were passed in', false); } $emailer = new Emailer($email); $emailer->setRecipients(array_merge(array($email), (array) explode(',', $_POST['recipients']))); if ($type === 'photo') { $status = $this->sendPhotoEmail($data, $emailer); } else { $status = $this->sendAlbumEmail($data, $emailer); } if (!$status) { return $this->error('Could not complete request', false); } return $this->success('yes', array('data' => $data, 'post' => $_POST)); }
/** * Upload a video. * * @return string standard json envelope */ public function upload() { getAuthentication()->requireAuthentication(); getAuthentication()->requireCrumb(); $httpObj = new Http(); $attributes = $_REQUEST; $this->plugin->invoke('onVideoUpload'); // this determines where to get the photo from and populates $localFile and $name extract($this->parseVideoFromRequest()); // TODO put this in a whitelist function (see replace()) if (isset($attributes['__route__'])) { unset($attributes['__route__']); } if (isset($attributes['photo'])) { unset($attributes['photo']); } if (isset($attributes['crumb'])) { unset($attributes['crumb']); } $videoId = false; $attributes['video'] = true; $attributes['hash'] = sha1_file($localFile); $attributes['width'] = $this->config->photos->baseSize; $attributes['height'] = $this->config->photos->baseSize; $videoId = $this->video->upload($localFile, $name, $attributes); if ($videoId) { $apiResp = $this->api->invoke("/{$this->apiVersion}/photo/{$videoId}/view.json", EpiRoute::httpGet, array('_GET' => array())); $video = $apiResp['result']; $permission = isset($attributes['permission']) ? $attributes['permission'] : 0; // TODO webhooks and things if ($video) { } $this->plugin->setData('video', $video); $this->plugin->setData('videoId', $videoId); $this->plugin->invoke('onVideoUploaded'); $this->user->setAttribute('stickyPermission', $permission); $this->user->setAttribute('stickyLicense', $video['license']); return $this->created("Video {$videoId} uploaded successfully", $video); } return $this->error("File upload failure", false); }
public function update($plugin) { getAuthentication()->requireAuthentication(); $params = $_POST; $pluginObj = getPlugin(); $conf = $pluginObj->loadConf($plugin); if (!$conf) { return $this->error('Cannot update settings for a deactivated plugin, try activating first.', false); } foreach ($conf as $name => $value) { if (isset($_POST[$name])) { $conf[$name] = $_POST[$name]; } } $status = $pluginObj->writeConf($plugin, $this->utility->generateIniString($conf)); if ($status) { return $this->success('Plugin updated successfully', $conf); } else { return $this->error('Could not update plugin', false); } }
public function updateIndex($albumId, $type, $action) { getAuthentication()->requireAuthentication(); getAuthentication()->requireCrumb(); if (!isset($_POST['ids']) || empty($_POST['ids'])) { return $this->error('Please provide ids', false); } $cnt = array('success' => 0, 'failure' => 0); switch ($action) { case 'add': $resp = $this->album->addElement($albumId, $type, $_POST['ids']); break; case 'remove': $resp = $this->album->removeElement($albumId, $type, $_POST['ids']); break; } if (!$resp) { return $this->error('All items were not updated', false); } return $this->success('All items updated', true); }
/** * Upload new media. * * @return string standard json envelope */ public function upload() { $httpObj = new Http(); $attributes = $_REQUEST; $albums = array(); if (isset($attributes['albums']) && !empty($attributes['albums'])) { $albums = (array) explode(',', $attributes['albums']); } $token = null; if (isset($attributes['token']) && !empty($attributes['token'])) { $shareTokenObj = new ShareToken(); $tokenArr = $shareTokenObj->get($attributes['token']); if (empty($tokenArr) || $tokenArr['type'] != 'upload') { return $this->forbidden('No permissions with the passed in token', false); } $attributes['albums'] = $tokenArr['data']; $token = $tokenArr['id']; $attributes['permission'] = '0'; } else { getAuthentication()->requireAuthentication(array(Permission::create), $albums); getAuthentication()->requireCrumb(); } // determine localFile extract($this->parseMediaFromRequest()); // Get file mimetype by instantiating a photo object // getMediaType is defined in parent abstract class Media $photoObj = new Photo(); $mediaType = $photoObj->getMediaType($localFile); // Invoke type-specific switch ($mediaType) { case Media::typePhoto: return $this->api->invoke("/{$this->apiVersion}/photo/upload.json", EpiRoute::httpPost); case Media::typeVideo: return $this->api->invoke("/{$this->apiVersion}/video/upload.json", EpiRoute::httpPost); } return $this->error('Unsupported media type', false); }
public function upgradePost() { getAuthentication()->requireAuthentication(); getUpgrade()->performUpgrade(); $configObj = getConfig(); // Backwards compatibility // TODO remove in 2.0 $basePath = dirname(Epi::getPath('config')); $configFile = sprintf('%s/userdata/configs/%s.ini', $basePath, getenv('HTTP_HOST')); if (!file_exists($configFile)) { $configFile = sprintf('%s/generated/%s.ini', Epi::getPath('config'), getenv('HTTP_HOST')); } $config = $configObj->getString($configFile); // Backwards compatibility // TODO remove in 2.0 if (strstr($config, 'lastCodeVersion="') !== false) { $config = preg_replace('/lastCodeVersion="\\d+\\.\\d+\\.\\d+"/', sprintf('lastCodeVersion="%s"', getUpgrade()->getCurrentVersion()), $config); } else { // Before the upgrade code the lastCodeVersion was not in the config template $config = sprintf("[site]\nlastCodeVersion=\"%s\"\n\n", getUpgrade()->getCurrentVersion()) . $config; } $configObj->write($configFile, $config); $this->route->redirect('/'); }
/** * Form for batch editing * * @return string Standard JSON envelope */ public function updateBatchForm() { getAuthentication()->requireAuthentication(); $params = $_GET; if ($params['action'] == 'albums') { $albumsResp = $this->api->invoke('/albums/list.json', EpiRoute::httpGet, array('_GET' => array('pageSize' => 0))); if ($albumsResp['code'] === 200) { $params['albums'] = $albumsResp['result']; } } $markup = $this->theme->get('partials/batch-update-form.php', $params); return $this->success('Batch update form', array('markup' => $markup)); }
/** * Retrieve a list of the user's webhooks from the remote datasource. * * @return string Standard JSON envelope */ public function list_($topic = null) { getAuthentication()->requireAuthentication(); $webhooks = $this->webhook->getAll($topic); if ($webhooks) { return $this->success("Successfully retrieved webhooks", $webhooks); } else { return $this->error("Error getting webhooks", false); } }
public function update($id) { getAuthentication()->requireAuthentication(); getAuthentication()->requireCrumb(); $status = $this->album->update($id, $_POST); if (!$status) { return $this->error('Could not update album', false); } $albumResp = $this->api->invoke("/{$this->apiVersion}/album/{$id}/view.json", EpiRoute::httpGet); return $this->success('Album {$id} updated', $albumResp['result']); }
public function view($plugin) { getAuthentication()->requireAuthentication(); $siteConfig = getUserConfig()->getSiteSettings(); $plugins = (array) explode(',', $siteConfig['plugins']['activePlugins']); if (!in_array($plugin, $plugins)) { $this->logger->warn(sprintf('Tried to call /plugin/%s/view.json on an inactive or non existant plugin', $plugin)); return $this->error('Could not load plugin', false); } $pluginObj = getPlugin(); $conf = $pluginObj->loadConf($plugin); $bodyTemplate = sprintf('%s/plugin-form.php', $this->config->paths->templates); $body = $this->template->get($bodyTemplate, array('plugin' => $plugin, 'conf' => $conf, 'crumb' => $this->session->get('crumb'))); return $this->success(sprintf('Form for %s plugin', $plugin), array('markup' => $body)); }
public function profilePost() { getAuthentication()->requireAuthentication(true); getAuthentication()->requireCrumb(); $params = array(); if (isset($_POST['photoId'])) { $photoAttribute = $this->user->getAttributeName('profilePhoto'); if ($_POST['photoId'] == '') { $params[$photoAttribute] = null; } else { $apiResp = $this->api->invoke(sprintf('/photo/%s/view.json', $_POST['photoId']), EpiRoute::httpGet, array('_GET' => array('returnSizes' => '100x100xCR', 'generate' => 'true'))); if ($apiResp['code'] !== 200) { return $this->error('Could not fetch profile photo', false); } $params[$photoAttribute] = $apiResp['result']['path100x100xCR']; } } if (isset($_POST['name'])) { $params[$this->user->getAttributeName('profileName')] = strip_tags($_POST['name']); } if (!empty($params)) { if (!$this->user->update($params)) { return $this->error('Could not update profile', false); } } $apiUserResp = $this->api->invoke('/user/profile.json', EpiRoute::httpGet); if ($apiUserResp['code'] !== 200) { return $this->error('Profile updated but could not retrieve', false); } return $this->success('Profile updated', $apiUserResp['result']); }
/** * Update the data associated with the photo in the remote data store. * Parameters to be updated are in _POST * This method also manages updating tag counts * * @return string Standard JSON envelope */ public function updateBatch() { getAuthentication()->requireAuthentication(); getAuthentication()->requireCrumb(); if (!isset($_POST['ids']) || empty($_POST['ids'])) { return $this->error('This API requires an ids parameter.', false); } $ids = (array) explode(',', $_POST['ids']); $params = $_POST; unset($params['ids']); $retval = true; foreach ($ids as $id) { $response = $this->api->invoke("/{$this->apiVersion}/photo/{$id}/update.json", EpiRoute::httpPost, array('_POST' => $params)); $retval = $retval && $response['result'] !== false; } if ($retval) { return $this->success(sprintf('%d photos updated', count($ids)), true); } else { return $this->error('Error updating one or more photos', false); } }
public function routeHandler($route) { // require authentication for all route urls getAuthentication()->requireAuthentication(); }
/** * Get the owner's group as specified by the groupId * * @param string $id The id of the group * @return string Standard JSON envelope */ public function view($id) { getAuthentication()->requireAuthentication(); $group = $this->group->getGroup($id); if ($group === false) { return $this->error('An error occurred trying to get your group', false); } return $this->success('Your group', (array) $group); }
/** * Call the parent constructor * * @return void */ public function __construct() { parent::__construct(); $this->authentication = getAuthentication(); }