public static function invalidateGadgetCache(GadgetContext $context)
{
$request = new RemoteContentRequest($context->getUrl());
$cache = Cache::createCache(Shindig_Config::get('data_cache'), 'RemoteContent');
$cacheData = $cache->get($request->toHash());
if ($cacheData) {
$uris = array();
$xml = $cacheData->getResponseContent();
$parserClass = Shindig_Config::get('gadget_spec_parser');
$parser = new $parserClass();
$gadgetSpec = $parser->parse($xml, $context);
if ($gadgetSpec->locales) {
foreach ($gadgetSpec->locales as $locale) {
if (!empty($locale['messages'])) {
$uris[] = RemoteContentRequest::transformRelativeUrl($locale['messages'], $context->getUrl());
}
}
}
if (is_array($gadgetSpec->preloads)) {
foreach ($gadgetSpec->preloads as $preload) {
if (!empty($preload['href'])) {
$uris[] = RemoteContentRequest::transformRelativeUrl($preload['href'], $context->getUrl());
}
}
}
if (is_array($gadgetSpec->templatesRequireLibraries)) {
foreach ($gadgetSpec->templatesRequireLibraries as $libraryUrl) {
$uris[] = RemoteContentRequest::transformRelativeUrl($locale['messages'], $context->getUrl());
}
}
$uris[] = $request->getUrl();
self::invalidateRemoteContents($uris);
}
}
public function fetchRequest(RemoteContentRequest $request)
{
$outHeaders = array();
if ($request->hasHeaders()) {
$headers = explode("\n", $request->getHeaders());
foreach ($headers as $header) {
if (strpos($header, ':')) {
$key = trim(substr($header, 0, strpos($header, ':')));
$val = trim(substr($header, strpos($header, ':') + 1));
if (strcmp($key, "User-Agent") != 0 && strcasecmp($key, "Transfer-Encoding") != 0 && strcasecmp($key, "Cache-Control") != 0 && strcasecmp($key, "Expries") != 0 && strcasecmp($key, "Content-Length") != 0) {
$outHeaders[$key] = $val;
}
}
}
}
$outHeaders['User-Agent'] = "Shindig PHP";
$options = array();
$options['timeout'] = Shindig_Config::get('curl_connection_timeout');
// configure proxy
$proxyUrl = Shindig_Config::get('proxy');
if (!empty($proxyUrl)) {
$options['adapter'] = 'Zend_Http_Client_Adapter_Proxy';
$proxy = parse_url($proxyUrl);
if (isset($proxy['host'])) {
$options['proxy_host'] = $proxy['host'];
}
if (isset($proxy['port'])) {
$options['proxy_port'] = $proxy['port'];
}
if (isset($proxy['user'])) {
$options['proxy_user'] = $proxy['user'];
}
if (isset($proxy['pass'])) {
$options['proxy_pass'] = $proxy['pass'];
}
}
$client = new Zend_Http_Client();
$client->setConfig($options);
$client->setUri($request->getUrl());
$client->setHeaders($outHeaders);
if ($request->getContentType()) {
$client->setHeaders(Zend_Http_Client::CONTENT_TYPE, $request->getContentType());
}
if ($request->isPost()) {
$client->setMethod(Zend_Http_Client::POST);
$client->setRawData($request->getPostBody());
} else {
$client->setMethod(Zend_Http_Client::GET);
}
$response = $client->request();
$request->setHttpCode($response->getStatus());
$request->setContentType($response->getHeader('Content-Type'));
$request->setResponseHeaders($response->getHeaders());
$request->setResponseContent($response->getBody());
$request->setResponseSize(strlen($response->getBody()));
return $request;
}
/**
* Performs a single (RemoteContentRequest) request and fills in the response
* in the $request object
*
* @param RemoteContentRequest $request
* @return RemoteContentRequest $request
*/
public function fetchRequest(RemoteContentRequest $request)
{
$request->handle = $this->initCurlHandle($request->getUrl());
$this->setHeaders($request);
// Execute the request
$content = @curl_exec($request->handle);
$this->parseResult($request, $content);
curl_close($request->handle);
unset($request->handle);
return $request;
}
/**
* Get honest-to-goodness user data.
*/
private function fetchData()
{
try {
// TODO: it'd be better using $this->realRequest->getContentType(), but not set before hand. Temporary hack.
$postBody = $this->realRequest->getPostBody();
$url = $this->realRequest->getUrl();
$msgParams = array();
if (ShindigOAuthUtil::isFormEncoded($this->realRequest->getHeader("Content-Type")) && strlen($postBody) > 0) {
$entries = explode('&', $postBody);
foreach ($entries as $entry) {
$parts = explode('=', $entry);
if (count($parts) == 2) {
$msgParams[ShindigOAuthUtil::urldecode_rfc3986($parts[0])] = ShindigOAuthUtil::urldecode_rfc3986($parts[1]);
}
}
}
$method = $this->realRequest->getMethod();
$msgParams[self::$XOAUTH_APP_URL] = $this->authToken->getAppUrl();
// Build and sign the message.
$oauthRequest = $this->newRequestMessageMethod($method, $url, $msgParams);
$oauthParams = $this->filterOAuthParams($oauthRequest);
$newHeaders = array();
switch ($method) {
case 'POST':
if (empty($postBody) || count($postBody) == 0) {
$postBody = ShindigOAuthUtil::getPostBodyString($oauthParams);
} else {
$postBody = $postBody . "&" . ShindigOAuthUtil::getPostBodyString($oauthParams);
}
// To avoid 417 Response from server, adding empty "Expect" header
$newHeaders['Expect'] = '';
break;
case 'GET':
$url = ShindigOAuthUtil::addParameters($url, $oauthParams);
break;
}
// To choose HTTP method client requested, we don't use $this->createRemoteContentRequest() here.
$rcr = new RemoteContentRequest($url);
$rcr->createRemoteContentRequest($method, $url, $newHeaders, null, $this->realRequest->getOptions());
$rcr->setPostBody($postBody);
$remoteFetcherClass = Config::get('remote_content_fetcher');
$fetcher = new $remoteFetcherClass();
$content = $fetcher->fetchRequest($rcr);
$statusCode = $content->getHttpCode();
//TODO is there a better way to detect an SP error? For example: http://wiki.oauth.net/ProblemReporting
if ($statusCode == 401) {
$tokenKey = $this->buildTokenKey();
$this->tokenStore->removeTokenAndSecret($tokenKey);
} else {
if ($statusCode >= 400 && $statusCode < 500) {
$message = $this->parseAuthHeader(null, $content);
if ($message->get_parameter(ShindigOAuth::$OAUTH_PROBLEM) != null) {
throw new ShindigOAuthProtocolException($message);
}
}
}
// Track metadata on the response
$this->addResponseMetadata($content);
return $content;
} catch (Exception $e) {
throw new GadgetException("INTERNAL SERVER ERROR: " . $e);
}
}
private function fetch(RemoteContentRequest $request)
{
if ($request->getUrl() == 'http://test.chabotc.com/ok.html') {
$request->setHttpCode(200);
$request->setContentType('text/html; charset=UTF-8');
$request->setResponseContent('OK');
} else {
if ($request->getUrl() == 'http://test.chabotc.com/fail.html') {
$request->setHttpCode(404);
} else {
if (preg_match('/http:\\/\\/test\\.chabotc\\.com\\/valid(\\d)\\.html/', $request->getUrl(), $matches) > 0) {
if ($this->valid[intval($matches[1])]) {
$this->valid[intval($matches[1])] = false;
$request->setHttpCode(200);
$request->setContentType('text/html; charset=UTF-8');
$request->setResponseContent('OK');
} else {
$request->setHttpCode(404);
}
} else {
if (strpos($request->getUrl(), 'http://test.chabotc.com/signing.html') == 0) {
$url = parse_url($request->getUrl());
$query = array();
parse_str($url['query'], $query);
$request->setHttpCode(200);
$request->setContentType('text/html; charset=UTF-8');
if ($query['xoauth_signature_publickey'] && $query['oauth_signature']) {
$request->setResponseContent('OK');
} else {
$request->setResponseContent('FAILED');
}
}
}
}
}
}
/**
* Get honest-to-goodness user data.
*/
private function fetchData()
{
try {
$msgParams = OAuthUtil::isFormEncoded($this->realRequest->getContentType()) ? OAuthUtil::urldecodeRFC3986($this->realRequest->getPostBody()) : array();
$method = $this->realRequest->getMethod();
$msgParams[self::$XOAUTH_APP_URL] = $this->authToken->getAppUrl();
// Build and sign the message.
$oauthRequest = $this->newRequestMessageMethod($method, $this->realRequest->getUrl(), $msgParams);
$rcr = $this->createRemoteContentRequest($this->filterOAuthParams($oauthRequest), $this->realRequest->getMethod(), $this->realRequest->getUrl(), $this->realRequest->getHeaders(), $this->realRequest->getContentType(), $this->realRequest->getPostBody(), $this->realRequest->getOptions());
//TODO is there a better way to detect an SP error?
$remoteFetcherClass = Shindig_Config::get('remote_content_fetcher');
$fetcher = new $remoteFetcherClass();
$content = $fetcher->fetchRequest($rcr);
$statusCode = $content->getHttpCode();
if ($statusCode >= 400 && $statusCode < 500) {
$message = $this->parseAuthHeader(null, $content);
if ($message->get_parameter(OAuth::$OAUTH_PROBLEM) != null) {
throw new OAuthProtocolException($message);
}
}
// Track metadata on the response
$this->addResponseMetadata($content);
return $content;
} catch (Exception $e) {
throw new GadgetException("INTERNAL SERVER ERROR: " . $e);
}
}
private function signRequest(RemoteContentRequest $request)
{
$url = $request->getUrl();
$method = $request->getMethod();
try {
// Parse the request into parameters for OAuth signing, stripping out
// any OAuth or OpenSocial parameters injected by the client
$parsedUri = parse_url($url);
$resource = $url;
$contentType = $request->getHeader('Content-Type');
$signBody = stripos($contentType, 'application/x-www-form-urlencoded') !== false || $contentType == null;
$msgParams = array();
$postParams = array();
if ($request->getPostBody()) {
if ($signBody) {
// on normal application/x-www-form-urlencoded type post's encode and parse the post vars
parse_str($request->getPostBody(), $postParams);
$postParams = $this->sanitize($postParams);
} else {
// on any other content-type of post (application/{json,xml,xml+atom}) use the body signing hash
// see http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html for details
$msgParams['oauth_body_hash'] = base64_encode(sha1($request->getPostBody(), true));
}
}
if ($signBody && isset($postParams)) {
$msgParams = array_merge($msgParams, $postParams);
}
$this->addOpenSocialParams($msgParams, $request->getToken(), $request->getOptions()->ownerSigned, $request->getOptions()->viewerSigned);
$this->addOAuthParams($msgParams, $request->getToken());
$consumer = new OAuthConsumer(NULL, NULL, NULL);
$signatureMethod = new ShindigRsaSha1SignatureMethod($this->privateKeyObject, null);
$req_req = OAuthRequest::from_consumer_and_token($consumer, NULL, $method, $resource, $msgParams);
$req_req->sign_request($signatureMethod, $consumer, NULL);
// Rebuild the query string, including all of the parameters we added.
// We have to be careful not to copy POST parameters into the query.
// If post and query parameters share a name, they end up being removed
// from the query.
$forPost = array();
$postData = false;
if ($method == 'POST' && $signBody) {
foreach ($postParams as $key => $param) {
$forPost[$key] = $param;
if ($postData === false) {
$postData = array();
}
$postData[] = OAuthUtil::urlencode_rfc3986($key) . "=" . OAuthUtil::urlencode_rfc3986($param);
}
if ($postData !== false) {
$postData = implode("&", $postData);
}
}
$newQueryParts = array();
foreach ($req_req->get_parameters() as $key => $param) {
if (!isset($forPost[$key])) {
if (!is_array($param)) {
$newQueryParts[] = urlencode($key) . '=' . urlencode($param);
} else {
foreach ($param as $elem) {
$newQueryParts[] = urlencode($key) . '=' . urlencode($elem);
}
}
}
$newQuery = implode('&', $newQueryParts);
}
// Careful here; the OAuth form encoding scheme is slightly different than
// the normal form encoding scheme, so we have to use the OAuth library
// formEncode method.
$url = $parsedUri['scheme'] . '://' . $parsedUri['host'] . (isset($parsedUri['port']) ? ':' . $parsedUri['port'] : '') . (isset($parsedUri['path']) ? $parsedUri['path'] : '') . '?' . $newQuery;
$request->setUri($url);
if ($signBody) {
$request->setPostBody($postData);
}
} catch (Exception $e) {
throw new GadgetException($e);
}
}
private function verifySignedRequest(RemoteContentRequest $request)
{
$url = parse_url($request->getUrl());
$query = array();
parse_str($url['query'], $query);
$post = array();
$contentType = $request->getHeader('Content-Type');
if (stripos($contentType, 'application/x-www-form-urlencoded') !== false || $contentType == null) {
parse_str($request->getPostBody(), $post);
} else {
$this->assertEquals(base64_encode(sha1($request->getPostBody(), true)), $query['oauth_body_hash']);
}
$oauthRequest = OAuthRequest::from_request($request->getMethod(), $request->getUrl(), array_merge($query, $post));
$signature_method = new MockSignatureMethod();
$signature_valid = $signature_method->check_signature($oauthRequest, null, null, $query['oauth_signature']);
$this->assertTrue($signature_valid);
}
