public function execute($filterChain) { // execute this filter only once if ($this->isFirstCall()) { $user = sfContext::getInstance()->getUser(); if (!$user->isAuthenticated()) { $cookie = $this->getContext()->getRequest()->getCookie('rayku'); if ($cookie) { $value = unserialize(base64_decode($cookie)); $c = new Criteria(); $c->add(UserPeer::COOKIE_KEY, $value[0]); $c->add(UserPeer::USERNAME, $value[1]); $raykuUser = UserPeer::doSelectOne($c); if ($raykuUser instanceof User) { // sign in StatsD::increment("login.remember_me_success"); $user->signIn($raykuUser); } else { StatsD::increment("login.remember_me_failure"); } } } } // Execute next filter $filterChain->execute(); }
/** * @param string $query * @param array $parameters * @param int $duration */ public function logQuery($query, $parameters = array(), $duration = 0) { $this->statsd->increment('website_queryCount'); // Don't log queries taking less than 10 seconds. if ($duration < 10000) { return; } $baseAddr = ''; foreach ($parameters as $k => $v) { $query = str_replace($k, "'" . $v . "'", $query); } $uri = isset($_SERVER['REQUEST_URI']) ? "Query page: https://{$baseAddr}" . $_SERVER['REQUEST_URI'] . "\n" : ''; $this->app->Logging->log('INFO', ($duration != 0 ? number_format($duration / 1000, 3) . 's ' : '') . " Query: \n{$query};\n{$uri}"); }
public function login() { $this->assign('columns', Table::factory('Users')->getColumns()); if ($this->request->isPost()) { $user = Table::factory('Users')->login($this->request->getVar('email'), $this->request->getVar('password')); if ($user) { $user->addToSession(); StatsD::increment("login.success"); return $this->redirectAction("index"); } // tut tut StatsD::increment("login.failure"); Log::warn("Invalid admin login attempt from IP [" . $this->request->getIp() . "] for email [" . $this->request->getVar('email') . "]"); $this->addError('Invalid login details'); } }
/** * Converts a Zotero_Item object to a SimpleXMLElement Atom object * * Note: Increment Z_CONFIG::$CACHE_VERSION_ATOM_ENTRY when changing * the response. * * @param object $item Zotero_Item object * @param string $content * @return SimpleXMLElement Item data as SimpleXML element */ public static function convertItemToAtom(Zotero_Item $item, $queryParams, $permissions, $sharedData = null) { $t = microtime(true); // Uncached stuff or parts of the cache key $version = $item->version; $parent = $item->getSource(); $isRegularItem = !$parent && $item->isRegularItem(); $downloadDetails = $permissions->canAccess($item->libraryID, 'files') ? Zotero_Storage::getDownloadDetails($item) : false; if ($isRegularItem) { $numChildren = $permissions->canAccess($item->libraryID, 'notes') ? $item->numChildren() : $item->numAttachments(); } // <id> changes based on group visibility in v1 if ($queryParams['v'] < 2) { $id = Zotero_URI::getItemURI($item, false, true); } else { $id = Zotero_URI::getItemURI($item); } $libraryType = Zotero_Libraries::getType($item->libraryID); // Any query parameters that have an effect on the output // need to be added here $allowedParams = array('content', 'style', 'css', 'linkwrap'); $cachedParams = Z_Array::filterKeys($queryParams, $allowedParams); $cacheVersion = 2; $cacheKey = "atomEntry_" . $item->libraryID . "/" . $item->id . "_" . md5($version . json_encode($cachedParams) . ($downloadDetails ? 'hasFile' : '') . ($libraryType == 'group' ? 'id' . $id : '')) . "_" . $queryParams['v'] . "_" . $cacheVersion . (isset(Z_CONFIG::$CACHE_VERSION_ATOM_ENTRY) ? "_" . Z_CONFIG::$CACHE_VERSION_ATOM_ENTRY : "") . (in_array('bib', $queryParams['content']) && isset(Z_CONFIG::$CACHE_VERSION_BIB) ? "_" . Z_CONFIG::$CACHE_VERSION_BIB : ""); $xmlstr = Z_Core::$MC->get($cacheKey); if ($xmlstr) { try { // TEMP: Strip control characters $xmlstr = Zotero_Utilities::cleanString($xmlstr, true); $doc = new DOMDocument(); $doc->loadXML($xmlstr); $xpath = new DOMXpath($doc); $xpath->registerNamespace('atom', Zotero_Atom::$nsAtom); $xpath->registerNamespace('zapi', Zotero_Atom::$nsZoteroAPI); $xpath->registerNamespace('xhtml', Zotero_Atom::$nsXHTML); // Make sure numChildren reflects the current permissions if ($isRegularItem) { $xpath->query('/atom:entry/zapi:numChildren')->item(0)->nodeValue = $numChildren; } // To prevent PHP from messing with namespace declarations, // we have to extract, remove, and then add back <content> // subelements. Otherwise the subelements become, say, // <default:span xmlns="http://www.w3.org/1999/xhtml"> instead // of just <span xmlns="http://www.w3.org/1999/xhtml">, and // xmlns:default="http://www.w3.org/1999/xhtml" gets added to // the parent <entry>. While you might reasonably think that // // echo $xml->saveXML(); // // and // // $xml = new SimpleXMLElement($xml->saveXML()); // echo $xml->saveXML(); // // would be identical, you would be wrong. $multiFormat = !!$xpath->query('/atom:entry/atom:content/zapi:subcontent')->length; $contentNodes = array(); if ($multiFormat) { $contentNodes = $xpath->query('/atom:entry/atom:content/zapi:subcontent'); } else { $contentNodes = $xpath->query('/atom:entry/atom:content'); } foreach ($contentNodes as $contentNode) { $contentParts = array(); while ($contentNode->hasChildNodes()) { $contentParts[] = $doc->saveXML($contentNode->firstChild); $contentNode->removeChild($contentNode->firstChild); } foreach ($contentParts as $part) { if (!trim($part)) { continue; } // Strip the namespace and add it back via SimpleXMLElement, // which keeps it from being changed later if (preg_match('%^<[^>]+xmlns="http://www.w3.org/1999/xhtml"%', $part)) { $part = preg_replace('%^(<[^>]+)xmlns="http://www.w3.org/1999/xhtml"%', '$1', $part); $html = new SimpleXMLElement($part); $html['xmlns'] = "http://www.w3.org/1999/xhtml"; $subNode = dom_import_simplexml($html); $importedNode = $doc->importNode($subNode, true); $contentNode->appendChild($importedNode); } else { if (preg_match('%^<[^>]+xmlns="http://zotero.org/ns/transfer"%', $part)) { $part = preg_replace('%^(<[^>]+)xmlns="http://zotero.org/ns/transfer"%', '$1', $part); $html = new SimpleXMLElement($part); $html['xmlns'] = "http://zotero.org/ns/transfer"; $subNode = dom_import_simplexml($html); $importedNode = $doc->importNode($subNode, true); $contentNode->appendChild($importedNode); } else { $docFrag = $doc->createDocumentFragment(); $docFrag->appendXML($part); $contentNode->appendChild($docFrag); } } } } $xml = simplexml_import_dom($doc); StatsD::timing("api.items.itemToAtom.cached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.items.itemToAtom.hit"); // Skip the cache every 10 times for now, to ensure cache sanity if (Z_Core::probability(10)) { $xmlstr = $xml->saveXML(); } else { return $xml; } } catch (Exception $e) { error_log($xmlstr); error_log("WARNING: " . $e); } } $content = $queryParams['content']; $contentIsHTML = sizeOf($content) == 1 && $content[0] == 'html'; $contentParamString = urlencode(implode(',', $content)); $style = $queryParams['style']; $entry = '<?xml version="1.0" encoding="UTF-8"?>' . '<entry xmlns="' . Zotero_Atom::$nsAtom . '" xmlns:zapi="' . Zotero_Atom::$nsZoteroAPI . '"/>'; $xml = new SimpleXMLElement($entry); $title = $item->getDisplayTitle(true); $title = $title ? $title : '[Untitled]'; $xml->title = $title; $author = $xml->addChild('author'); $createdByUserID = null; $lastModifiedByUserID = null; switch (Zotero_Libraries::getType($item->libraryID)) { case 'group': $createdByUserID = $item->createdByUserID; // Used for zapi:lastModifiedByUser below $lastModifiedByUserID = $item->lastModifiedByUserID; break; } if ($createdByUserID) { $author->name = Zotero_Users::getUsername($createdByUserID); $author->uri = Zotero_URI::getUserURI($createdByUserID); } else { $author->name = Zotero_Libraries::getName($item->libraryID); $author->uri = Zotero_URI::getLibraryURI($item->libraryID); } $xml->id = $id; $xml->published = Zotero_Date::sqlToISO8601($item->dateAdded); $xml->updated = Zotero_Date::sqlToISO8601($item->dateModified); $link = $xml->addChild("link"); $link['rel'] = "self"; $link['type'] = "application/atom+xml"; $href = Zotero_API::getItemURI($item); if (!$contentIsHTML) { $href .= "?content={$contentParamString}"; } $link['href'] = $href; if ($parent) { // TODO: handle group items? $parentItem = Zotero_Items::get($item->libraryID, $parent); $link = $xml->addChild("link"); $link['rel'] = "up"; $link['type'] = "application/atom+xml"; $href = Zotero_API::getItemURI($parentItem); if (!$contentIsHTML) { $href .= "?content={$contentParamString}"; } $link['href'] = $href; } $link = $xml->addChild('link'); $link['rel'] = 'alternate'; $link['type'] = 'text/html'; $link['href'] = Zotero_URI::getItemURI($item, true); // If appropriate permissions and the file is stored in ZFS, get file request link if ($downloadDetails) { $details = $downloadDetails; $link = $xml->addChild('link'); $link['rel'] = 'enclosure'; $type = $item->attachmentMIMEType; if ($type) { $link['type'] = $type; } $link['href'] = $details['url']; if (!empty($details['filename'])) { $link['title'] = $details['filename']; } if (isset($details['size'])) { $link['length'] = $details['size']; } } $xml->addChild('zapi:key', $item->key, Zotero_Atom::$nsZoteroAPI); $xml->addChild('zapi:version', $item->version, Zotero_Atom::$nsZoteroAPI); if ($lastModifiedByUserID) { $xml->addChild('zapi:lastModifiedByUser', Zotero_Users::getUsername($lastModifiedByUserID), Zotero_Atom::$nsZoteroAPI); } $xml->addChild('zapi:itemType', Zotero_ItemTypes::getName($item->itemTypeID), Zotero_Atom::$nsZoteroAPI); if ($isRegularItem) { $val = $item->creatorSummary; if ($val !== '') { $xml->addChild('zapi:creatorSummary', htmlspecialchars($val), Zotero_Atom::$nsZoteroAPI); } $val = $item->getField('date', true, true, true); if ($val !== '') { if ($queryParams['v'] < 3) { $val = substr($val, 0, 4); if ($val !== '0000') { $xml->addChild('zapi:year', $val, Zotero_Atom::$nsZoteroAPI); } } else { $sqlDate = Zotero_Date::multipartToSQL($val); if (substr($sqlDate, 0, 4) !== '0000') { $xml->addChild('zapi:parsedDate', Zotero_Date::sqlToISO8601($sqlDate), Zotero_Atom::$nsZoteroAPI); } } } $xml->addChild('zapi:numChildren', $numChildren, Zotero_Atom::$nsZoteroAPI); } if ($queryParams['v'] < 3) { $xml->addChild('zapi:numTags', $item->numTags(), Zotero_Atom::$nsZoteroAPI); } $xml->content = ''; // // DOM XML from here on out // $contentNode = dom_import_simplexml($xml->content); $domDoc = $contentNode->ownerDocument; $multiFormat = sizeOf($content) > 1; // Create a root XML document for multi-format responses if ($multiFormat) { $contentNode->setAttribute('type', 'application/xml'); /*$multicontent = $domDoc->createElementNS( Zotero_Atom::$nsZoteroAPI, 'multicontent' ); $contentNode->appendChild($multicontent);*/ } foreach ($content as $type) { // Set the target to either the main <content> // or a <multicontent> <content> if (!$multiFormat) { $target = $contentNode; } else { $target = $domDoc->createElementNS(Zotero_Atom::$nsZoteroAPI, 'subcontent'); $contentNode->appendChild($target); } $target->setAttributeNS(Zotero_Atom::$nsZoteroAPI, "zapi:type", $type); if ($type == 'html') { if (!$multiFormat) { $target->setAttribute('type', 'xhtml'); } $div = $domDoc->createElementNS(Zotero_Atom::$nsXHTML, 'div'); $target->appendChild($div); $html = $item->toHTML(true); $subNode = dom_import_simplexml($html); $importedNode = $domDoc->importNode($subNode, true); $div->appendChild($importedNode); } else { if ($type == 'citation') { if (!$multiFormat) { $target->setAttribute('type', 'xhtml'); } if (isset($sharedData[$type][$item->libraryID . "/" . $item->key])) { $html = $sharedData[$type][$item->libraryID . "/" . $item->key]; } else { if ($sharedData !== null) { //error_log("Citation not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getCitationFromCiteServer($item, $queryParams); } $html = new SimpleXMLElement($html); $html['xmlns'] = Zotero_Atom::$nsXHTML; $subNode = dom_import_simplexml($html); $importedNode = $domDoc->importNode($subNode, true); $target->appendChild($importedNode); } else { if ($type == 'bib') { if (!$multiFormat) { $target->setAttribute('type', 'xhtml'); } if (isset($sharedData[$type][$item->libraryID . "/" . $item->key])) { $html = $sharedData[$type][$item->libraryID . "/" . $item->key]; } else { if ($sharedData !== null) { //error_log("Bibliography not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getBibliographyFromCitationServer(array($item), $queryParams); } $html = new SimpleXMLElement($html); $html['xmlns'] = Zotero_Atom::$nsXHTML; $subNode = dom_import_simplexml($html); $importedNode = $domDoc->importNode($subNode, true); $target->appendChild($importedNode); } else { if ($type == 'json') { if ($queryParams['v'] < 2) { $target->setAttributeNS(Zotero_Atom::$nsZoteroAPI, "zapi:etag", $item->etag); } $textNode = $domDoc->createTextNode($item->toJSON(false, $queryParams, true)); $target->appendChild($textNode); } else { if ($type == 'csljson') { $arr = $item->toCSLItem(); $json = Zotero_Utilities::formatJSON($arr); $textNode = $domDoc->createTextNode($json); $target->appendChild($textNode); } else { if (in_array($type, Zotero_Translate::$exportFormats)) { $export = Zotero_Translate::doExport(array($item), $type); $target->setAttribute('type', $export['mimeType']); // Insert XML into document if (preg_match('/\\+xml$/', $export['mimeType'])) { // Strip prolog $body = preg_replace('/^<\\?xml.+\\n/', "", $export['body']); $subNode = $domDoc->createDocumentFragment(); $subNode->appendXML($body); $target->appendChild($subNode); } else { $textNode = $domDoc->createTextNode($export['body']); $target->appendChild($textNode); } } } } } } } } // TEMP if ($xmlstr) { $uncached = $xml->saveXML(); if ($xmlstr != $uncached) { $uncached = str_replace('<zapi:year></zapi:year>', '<zapi:year/>', $uncached); $uncached = str_replace('<content zapi:type="none"></content>', '<content zapi:type="none"/>', $uncached); $uncached = str_replace('<zapi:subcontent zapi:type="coins" type="text/html"></zapi:subcontent>', '<zapi:subcontent zapi:type="coins" type="text/html"/>', $uncached); $uncached = str_replace('<title></title>', '<title/>', $uncached); $uncached = str_replace('<note></note>', '<note/>', $uncached); $uncached = str_replace('<path></path>', '<path/>', $uncached); $uncached = str_replace('<td></td>', '<td/>', $uncached); if ($xmlstr != $uncached) { error_log("Cached Atom item entry does not match"); error_log(" Cached: " . $xmlstr); error_log("Uncached: " . $uncached); Z_Core::$MC->set($cacheKey, $uncached, 3600); // 1 hour for now } } } else { $xmlstr = $xml->saveXML(); Z_Core::$MC->set($cacheKey, $xmlstr, 3600); // 1 hour for now StatsD::timing("api.items.itemToAtom.uncached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.items.itemToAtom.miss"); } return $xml; }
public function init($extra) { $this->startTime = microtime(true); if (!Z_CONFIG::$API_ENABLED) { $this->e503(Z_CONFIG::$MAINTENANCE_MESSAGE); } set_exception_handler(array($this, 'handleException')); // TODO: Throw error on some notices but allow DB/Memcached/etc. failures? //set_error_handler(array($this, 'handleError'), E_ALL | E_USER_ERROR | E_RECOVERABLE_ERROR); set_error_handler(array($this, 'handleError'), E_USER_ERROR | E_RECOVERABLE_ERROR); require_once '../model/Error.inc.php'; // On testing sites, include notifications in headers if (Z_CONFIG::$TESTING_SITE) { Zotero_NotifierObserver::addMessageReceiver(function ($topic, $msg) { $header = "Zotero-Debug-Notifications"; if (!empty($this->headers[$header])) { $notifications = json_decode(base64_decode($this->headers[$header])); } else { $notifications = []; } $notifications[] = $msg; $this->headers[$header] = base64_encode(json_encode($notifications)); }); } register_shutdown_function(array($this, 'checkDBTransactionState')); register_shutdown_function(array($this, 'logTotalRequestTime')); register_shutdown_function(array($this, 'checkForFatalError')); register_shutdown_function(array($this, 'addHeaders')); $this->method = $_SERVER['REQUEST_METHOD']; if (!in_array($this->method, array('HEAD', 'OPTIONS', 'GET', 'PUT', 'POST', 'DELETE', 'PATCH'))) { $this->e501(); } StatsD::increment("api.request.method." . strtolower($this->method), 0.25); // There doesn't seem to be a way for PHP to start processing the request // before the entire body is sent, so an Expect: 100 Continue will, // depending on the client, either fail or cause a delay while the client // waits for the 100 response. To make this explicit, we return an error. if (!empty($_SERVER['HTTP_EXPECT'])) { header("HTTP/1.1 417 Expectation Failed"); die("Expect header is not supported"); } // CORS if (isset($_SERVER['HTTP_ORIGIN'])) { header("Access-Control-Allow-Origin: *"); header("Access-Control-Allow-Methods: HEAD, GET, POST, PUT, PATCH, DELETE"); header("Access-Control-Allow-Headers: Content-Type, If-Match, If-None-Match, If-Modified-Since-Version, If-Unmodified-Since-Version, Zotero-API-Version, Zotero-Write-Token"); header("Access-Control-Expose-Headers: Backoff, ETag, Last-Modified-Version, Link, Retry-After, Total-Results, Zotero-API-Version"); } if ($this->method == 'OPTIONS') { $this->end(); } if (in_array($this->method, array('POST', 'PUT', 'PATCH'))) { $this->ifUnmodifiedSince = isset($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) ? strtotime($_SERVER['HTTP_IF_UNMODIFIED_SINCE']) : false; $this->body = file_get_contents("php://input"); if ($this->body == "" && !in_array($this->action, array('clear', 'laststoragesync', 'removestoragefiles', 'itemContent'))) { $this->e400("{$this->method} data not provided"); } } if ($this->profile) { Zotero_DB::profileStart(); } // If HTTP Basic Auth credentials provided, authenticate if (isset($_SERVER['PHP_AUTH_USER'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; if ($username == Z_CONFIG::$API_SUPER_USERNAME && $password == Z_CONFIG::$API_SUPER_PASSWORD) { $this->userID = 0; $this->permissions = new Zotero_Permissions(); $this->permissions->setSuper(); } else { if (!empty($extra['allowHTTP']) || !empty($extra['auth'])) { $userID = Zotero_Users::authenticate('password', array('username' => $username, 'password' => $password)); if (!$userID) { $this->e401('Invalid login'); } $this->httpAuth = true; $this->userID = $userID; $this->grantUserPermissions($userID); } } } if (!isset($this->userID)) { $key = false; // Allow Zotero-API-Key header if (!empty($_SERVER['HTTP_ZOTERO_API_KEY'])) { $key = $_SERVER['HTTP_ZOTERO_API_KEY']; } // Allow ?key=<apikey> if (isset($_GET['key'])) { if (!$key) { $key = $_GET['key']; } else { if ($_GET['key'] !== $key) { $this->e400("Zotero-API-Key header and 'key' parameter differ"); } } } // If neither of the above passed, allow "Authorization: Bearer <apikey>" // // Apache/mod_php doesn't seem to make Authorization available for auth schemes // other than Basic/Digest, so use an Apache-specific method to get the header if (!$key && function_exists('apache_request_headers')) { $headers = apache_request_headers(); if (isset($headers['Authorization'])) { // Look for "Authorization: Bearer" from OAuth 2.0, and ignore everything else if (preg_match('/^bearer/i', $headers['Authorization'], $matches)) { if (preg_match('/^bearer +([a-z0-9]+)$/i', $headers['Authorization'], $matches)) { $key = $matches[1]; } else { $this->e400("Invalid Authorization header format"); } } } } if ($key) { $keyObj = Zotero_Keys::authenticate($key); if (!$keyObj) { $this->e403('Invalid key'); } $this->apiKey = $key; $this->userID = $keyObj->userID; $this->permissions = $keyObj->getPermissions(); // Check Zotero-Write-Token if it exists to make sure // this isn't a duplicate request if ($this->isWriteMethod()) { if ($cacheKey = $this->getWriteTokenCacheKey()) { if (Z_Core::$MC->get($cacheKey)) { $this->e412("Write token already used"); } } } } else { if (!empty($_GET['session']) && ($this->userID = Zotero_Users::getUserIDFromSessionID($_GET['session']))) { // Users who haven't synced may not exist in our DB if (!Zotero_Users::exists($this->userID)) { Zotero_Users::add($this->userID); } $this->grantUserPermissions($this->userID); $this->cookieAuth = true; } else { if (!empty($_GET['auth']) || !empty($extra['auth'])) { $this->e401(); } // Explicit auth request or not a GET request // // /users/<id>/keys is an exception, since the key is embedded in the URL if ($this->method != "GET" && $this->action != 'keys') { $this->e403('An API key is required for write requests.'); } // Anonymous request $this->permissions = new Zotero_Permissions(); $this->permissions->setAnonymous(); } } } $this->uri = Z_CONFIG::$API_BASE_URI . substr($_SERVER["REQUEST_URI"], 1); // Get object user if (isset($this->objectUserID)) { if (!$this->objectUserID) { $this->e400("Invalid user ID", Z_ERROR_INVALID_INPUT); } try { $this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID); } catch (Exception $e) { if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) { try { Zotero_Users::addFromWWW($this->objectUserID); } catch (Exception $e) { if ($e->getCode() == Z_ERROR_USER_NOT_FOUND) { $this->e404("User {$this->objectUserID} not found"); } throw $e; } $this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID); } else { throw $e; } } // Make sure user isn't banned if (!Zotero_Users::isValidUser($this->objectUserID)) { $this->e404(); } } else { if (isset($this->objectGroupID)) { if (!$this->objectGroupID) { $this->e400("Invalid group ID", Z_ERROR_INVALID_INPUT); } // Make sure group exists $group = Zotero_Groups::get($this->objectGroupID); if (!$group) { $this->e404(); } // Don't show groups owned by banned users if (!Zotero_Users::isValidUser($group->ownerUserID)) { $this->e404(); } $this->objectLibraryID = Zotero_Groups::getLibraryIDFromGroupID($this->objectGroupID); } } $apiVersion = !empty($_SERVER['HTTP_ZOTERO_API_VERSION']) ? (int) $_SERVER['HTTP_ZOTERO_API_VERSION'] : false; // Serve v1 to ZotPad 1.x, at Mikko's request if (!$apiVersion && !empty($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], 'ZotPad 1') === 0) { $apiVersion = 1; } // For publications URLs (e.g., /users/:userID/publications/items), swap in // objectLibraryID of user's publications library if (!empty($extra['publications'])) { // Query parameters not yet parsed, so check version parameter if ($apiVersion && $apiVersion < 3 || !empty($_REQUEST['v']) && $_REQUEST['v'] < 3 || !empty($_REQUEST['version']) && $_REQUEST['version'] == 1) { $this->e404(); } $userLibraryID = $this->objectLibraryID; $this->objectLibraryID = Zotero_Users::getLibraryIDFromUserID($this->objectUserID, 'publications'); // If one doesn't exist, for write requests create a library if the key // has write permission to the user library. For read requests, just // return a 404. if (!$this->objectLibraryID) { if ($this->isWriteMethod()) { if (!$this->permissions->canAccess($userLibraryID) || !$this->permissions->canWrite($userLibraryID)) { $this->e403(); } $this->objectLibraryID = Zotero_Publications::add($this->objectUserID); } else { $this->objectLibraryID = 0; } } } // Return 409 if target library is locked switch ($this->method) { case 'POST': case 'PUT': case 'DELETE': switch ($this->action) { // Library lock doesn't matter for some admin requests case 'keys': case 'storageadmin': break; default: if ($this->objectLibraryID && Zotero_Libraries::isLocked($this->objectLibraryID)) { $this->e409("Target library is locked"); } break; } } $this->scopeObject = !empty($extra['scopeObject']) ? $extra['scopeObject'] : $this->scopeObject; $this->subset = !empty($extra['subset']) ? $extra['subset'] : $this->subset; $this->fileMode = !empty($extra['file']) ? !empty($_GET['info']) ? 'info' : 'download' : false; $this->fileView = !empty($extra['view']); $this->singleObject = $this->objectKey && !$this->subset; $this->checkLibraryIfModifiedSinceVersion($this->action); // If Accept header includes application/atom+xml, send Atom, as long as there's no 'format' $atomAccepted = false; if (!empty($_SERVER['HTTP_ACCEPT'])) { $accept = preg_split('/\\s*,\\s*/', $_SERVER['HTTP_ACCEPT']); $atomAccepted = in_array('application/atom+xml', $accept); } $this->queryParams = Zotero_API::parseQueryParams($_SERVER['QUERY_STRING'], $this->action, $this->singleObject, $apiVersion, $atomAccepted); // Sorting by Item Type or Added By currently require writing to shard tables, so don't // send those to the read replicas if ($this->queryParams['sort'] == 'itemType' || $this->queryParams['sort'] == 'addedBy') { Zotero_DB::readOnly(false); } $this->apiVersion = $version = $this->queryParams['v']; header("Zotero-API-Version: " . $version); StatsD::increment("api.request.version.v" . $version, 0.25); }
public function toResponseJSON($requestParams = [], Zotero_Permissions $permissions, $sharedData = null) { $t = microtime(true); if (!$this->loaded['primaryData']) { $this->loadPrimaryData(); } if (!$this->loaded['itemData']) { $this->loadItemData(); } // Uncached stuff or parts of the cache key $version = $this->version; $parent = $this->getSource(); $isRegularItem = !$parent && $this->isRegularItem(); $downloadDetails = $permissions->canAccess($this->libraryID, 'files') ? Zotero_Storage::getDownloadDetails($this) : false; if ($isRegularItem) { $numChildren = $permissions->canAccess($this->libraryID, 'notes') ? $this->numChildren() : $this->numAttachments(); } $libraryType = Zotero_Libraries::getType($this->libraryID); // Any query parameters that have an effect on the output // need to be added here $allowedParams = ['include', 'style', 'css', 'linkwrap']; $cachedParams = Z_Array::filterKeys($requestParams, $allowedParams); $cacheVersion = 1; $cacheKey = "jsonEntry_" . $this->libraryID . "/" . $this->id . "_" . md5($version . json_encode($cachedParams) . ($downloadDetails ? 'hasFile' : '') . ($libraryType == 'group' ? Zotero_URI::getItemURI($this, true) : '')) . "_" . $requestParams['v'] . "_" . $cacheVersion . (isset(Z_CONFIG::$CACHE_VERSION_RESPONSE_JSON_ITEM) ? "_" . Z_CONFIG::$CACHE_VERSION_RESPONSE_JSON_ITEM : "") . (in_array('bib', $requestParams['include']) && isset(Z_CONFIG::$CACHE_VERSION_BIB) ? "_" . Z_CONFIG::$CACHE_VERSION_BIB : ""); $cached = Z_Core::$MC->get($cacheKey); if (false && $cached) { // Make sure numChildren reflects the current permissions if ($isRegularItem) { $cached['meta']->numChildren = $numChildren; } StatsD::timing("api.items.itemToResponseJSON.cached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.items.itemToResponseJSON.hit"); // Skip the cache every 10 times for now, to ensure cache sanity if (!Z_Core::probability(10)) { return $cached; } } $json = ['key' => $this->key, 'version' => $version, 'library' => Zotero_Libraries::toJSON($this->libraryID)]; $json['links'] = ['self' => ['href' => Zotero_API::getItemURI($this), 'type' => 'application/json'], 'alternate' => ['href' => Zotero_URI::getItemURI($this, true), 'type' => 'text/html']]; if ($parent) { $parentItem = Zotero_Items::get($this->libraryID, $parent); $json['links']['up'] = ['href' => Zotero_API::getItemURI($parentItem), 'type' => 'application/json']; } // If appropriate permissions and the file is stored in ZFS, get file request link if ($downloadDetails) { $details = $downloadDetails; $type = $this->attachmentMIMEType; if ($type) { $json['links']['enclosure'] = ['type' => $type]; } $json['links']['enclosure']['href'] = $details['url']; if (!empty($details['filename'])) { $json['links']['enclosure']['title'] = $details['filename']; } if (isset($details['size'])) { $json['links']['enclosure']['length'] = $details['size']; } } // 'meta' $json['meta'] = new stdClass(); if (Zotero_Libraries::getType($this->libraryID) == 'group') { $createdByUserID = $this->createdByUserID; $lastModifiedByUserID = $this->lastModifiedByUserID; if ($createdByUserID) { $json['meta']->createdByUser = Zotero_Users::toJSON($createdByUserID); } if ($lastModifiedByUserID && $lastModifiedByUserID != $createdByUserID) { $json['meta']->lastModifiedByUser = Zotero_Users::toJSON($lastModifiedByUserID); } } if ($isRegularItem) { $val = $this->getCreatorSummary(); if ($val !== '') { $json['meta']->creatorSummary = $val; } $val = $this->getField('date', true, true, true); if ($val !== '') { $sqlDate = Zotero_Date::multipartToSQL($val); if (substr($sqlDate, 0, 4) !== '0000') { $json['meta']->parsedDate = Zotero_Date::sqlToISO8601($sqlDate); } } $json['meta']->numChildren = $numChildren; } // 'include' $include = $requestParams['include']; foreach ($include as $type) { if ($type == 'html') { $json[$type] = trim($this->toHTML()); } else { if ($type == 'citation') { if (isset($sharedData[$type][$this->libraryID . "/" . $this->key])) { $html = $sharedData[$type][$this->libraryID . "/" . $this->key]; } else { if ($sharedData !== null) { //error_log("Citation not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getCitationFromCiteServer($this, $requestParams); } $json[$type] = $html; } else { if ($type == 'bib') { if (isset($sharedData[$type][$this->libraryID . "/" . $this->key])) { $html = $sharedData[$type][$this->libraryID . "/" . $this->key]; } else { if ($sharedData !== null) { //error_log("Bibliography not found in sharedData -- retrieving individually"); } $html = Zotero_Cite::getBibliographyFromCitationServer([$this], $requestParams); // Strip prolog $html = preg_replace('/^<\\?xml.+\\n/', "", $html); $html = trim($html); } $json[$type] = $html; } else { if ($type == 'data') { $json[$type] = $this->toJSON(true, $requestParams, true); } else { if ($type == 'csljson') { $json[$type] = $this->toCSLItem(); } else { if (in_array($type, Zotero_Translate::$exportFormats)) { $export = Zotero_Translate::doExport([$this], $type); $json[$type] = $export['body']; unset($export); } } } } } } } // TEMP if ($cached) { $cachedStr = Zotero_Utilities::formatJSON($cached); $uncachedStr = Zotero_Utilities::formatJSON($json); if ($cachedStr != $uncachedStr) { error_log("Cached JSON item entry does not match"); error_log(" Cached: " . $cachedStr); error_log("Uncached: " . $uncachedStr); //Z_Core::$MC->set($cacheKey, $uncached, 3600); // 1 hour for now } } else { /*Z_Core::$MC->set($cacheKey, $json, 10); StatsD::timing("api.items.itemToResponseJSON.uncached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.items.itemToResponseJSON.miss");*/ } return $json; }
private static function processDownloadInternal($userID, $lastsync, DOMDocument $doc, $syncDownloadQueueID = null, $syncDownloadProcessID = null, $params = []) { $apiVersion = (int) $doc->documentElement->getAttribute('version'); if ($lastsync == 1) { StatsD::increment("sync.process.download.full"); } // TEMP $cacheKeyExtra = (!empty($params['ft']) ? json_encode($params['ft']) : "") . (!empty($params['ftkeys']) ? json_encode($params['ftkeys']) : ""); try { $cached = Zotero_Sync::getCachedDownload($userID, $lastsync, $apiVersion, $cacheKeyExtra); if ($cached) { $doc->loadXML($cached); StatsD::increment("sync.process.download.cache.hit"); return; } } catch (Exception $e) { $msg = $e->getMessage(); if (strpos($msg, "Too many connections") !== false) { $msg = "'Too many connections' from MySQL"; } else { $msg = "'{$msg}'"; } Z_Core::logError("Warning: {$msg} getting cached download"); StatsD::increment("sync.process.download.cache.error"); } set_time_limit(1800); $profile = false; if ($profile) { $shardID = Zotero_Shards::getByUserID($userID); Zotero_DB::profileStart(0); } if ($syncDownloadQueueID) { self::addDownloadProcess($syncDownloadQueueID, $syncDownloadProcessID); } $updatedNode = $doc->createElement('updated'); $doc->documentElement->appendChild($updatedNode); $userLibraryID = Zotero_Users::getLibraryIDFromUserID($userID); $updatedCreators = array(); try { Zotero_DB::beginTransaction(); // Blocks until any upload processes are done $updateTimes = Zotero_Libraries::getUserLibraryUpdateTimes($userID); $timestamp = Zotero_DB::getTransactionTimestampUnix(); $doc->documentElement->setAttribute('timestamp', $timestamp); $doc->documentElement->setAttribute('userID', $userID); $doc->documentElement->setAttribute('defaultLibraryID', $userLibraryID); $updateKey = Zotero_Users::getUpdateKey($userID); $doc->documentElement->setAttribute('updateKey', $updateKey); // Get libraries with update times >= $timestamp $updatedLibraryIDs = array(); foreach ($updateTimes as $libraryID => $timestamp) { if ($timestamp >= $lastsync) { $updatedLibraryIDs[] = $libraryID; } } // Add new and updated groups $joinedGroups = Zotero_Groups::getJoined($userID, (int) $lastsync); $updatedIDs = array_unique(array_merge($joinedGroups, Zotero_Groups::getUpdated($userID, (int) $lastsync))); if ($updatedIDs) { $node = $doc->createElement('groups'); $showGroups = false; foreach ($updatedIDs as $id) { $group = new Zotero_Group(); $group->id = $id; $xmlElement = $group->toXML($userID); $newNode = dom_import_simplexml($xmlElement); $newNode = $doc->importNode($newNode, true); $node->appendChild($newNode); $showGroups = true; } if ($showGroups) { $updatedNode->appendChild($node); } } // If there's updated data in any library or // there are any new groups (in which case we need all their data) $hasData = $updatedLibraryIDs || $joinedGroups; if ($hasData) { foreach (Zotero_DataObjects::$classicObjectTypes as $syncObject) { $Name = $syncObject['singular']; // 'Item' $Names = $syncObject['plural']; // 'Items' $name = strtolower($Name); // 'item' $names = strtolower($Names); // 'items' $className = 'Zotero_' . $Names; $updatedIDsByLibraryID = call_user_func(array($className, 'getUpdated'), $userID, $lastsync, $updatedLibraryIDs); if ($updatedIDsByLibraryID) { $node = $doc->createElement($names); foreach ($updatedIDsByLibraryID as $libraryID => $ids) { if ($name == 'creator') { $updatedCreators[$libraryID] = $ids; } foreach ($ids as $id) { if ($name == 'item') { $obj = call_user_func(array($className, 'get'), $libraryID, $id); $data = array('updatedCreators' => isset($updatedCreators[$libraryID]) ? $updatedCreators[$libraryID] : array()); $xmlElement = Zotero_Items::convertItemToXML($obj, $data, $apiVersion); } else { $instanceClass = 'Zotero_' . $Name; $obj = new $instanceClass(); if (method_exists($instanceClass, '__construct')) { $obj->__construct(); } $obj->libraryID = $libraryID; if ($name == 'setting') { $obj->name = $id; } else { $obj->id = $id; } if ($name == 'tag') { $xmlElement = call_user_func(array($className, "convert{$Name}ToXML"), $obj, true); } else { if ($name == 'creator') { $xmlElement = call_user_func(array($className, "convert{$Name}ToXML"), $obj, $doc); if ($xmlElement->getAttribute('libraryID') == $userLibraryID) { $xmlElement->removeAttribute('libraryID'); } $node->appendChild($xmlElement); } else { if ($name == 'relation') { // Skip new-style related items if ($obj->predicate == 'dc:relation') { continue; } $xmlElement = call_user_func(array($className, "convert{$Name}ToXML"), $obj); if ($apiVersion <= 8) { unset($xmlElement['libraryID']); } } else { if ($name == 'setting') { $xmlElement = call_user_func(array($className, "convert{$Name}ToXML"), $obj, $doc); $node->appendChild($xmlElement); } else { $xmlElement = call_user_func(array($className, "convert{$Name}ToXML"), $obj); } } } } } if ($xmlElement instanceof SimpleXMLElement) { if ($xmlElement['libraryID'] == $userLibraryID) { unset($xmlElement['libraryID']); } $newNode = dom_import_simplexml($xmlElement); $newNode = $doc->importNode($newNode, true); $node->appendChild($newNode); } } } if ($node->hasChildNodes()) { $updatedNode->appendChild($node); } } } } // Add full-text content if the client supports it if (isset($params['ft'])) { $libraries = Zotero_Libraries::getUserLibraries($userID); $fulltextNode = false; foreach ($libraries as $libraryID) { if (!empty($params['ftkeys']) && $params['ftkeys'] === 'all') { $ftlastsync = 1; } else { $ftlastsync = $lastsync; } if (!empty($params['ftkeys'][$libraryID])) { $keys = $params['ftkeys'][$libraryID]; } else { $keys = []; } $data = Zotero_FullText::getNewerInLibraryByTime($libraryID, $ftlastsync, $keys); if ($data) { if (!$fulltextNode) { $fulltextNode = $doc->createElement('fulltexts'); } foreach ($data as $itemData) { if ($params['ft']) { $empty = $itemData['empty']; } else { $empty = true; } $first = false; $node = Zotero_FullText::itemDataToXML($itemData, $doc, $empty); $fulltextNode->appendChild($node); } } } if ($fulltextNode) { $updatedNode->appendChild($fulltextNode); } } // Get earliest timestamp $earliestModTime = Zotero_Users::getEarliestDataTimestamp($userID); $doc->documentElement->setAttribute('earliest', $earliestModTime ? $earliestModTime : 0); // Deleted objects $deletedKeys = $hasData ? self::getDeletedObjectKeys($userID, $lastsync, true) : false; $deletedIDs = self::getDeletedObjectIDs($userID, $lastsync, true); if ($deletedKeys || $deletedIDs) { $deletedNode = $doc->createElement('deleted'); // Add deleted data objects if ($deletedKeys) { foreach (Zotero_DataObjects::$classicObjectTypes as $syncObject) { $Name = $syncObject['singular']; // 'Item' $Names = $syncObject['plural']; // 'Items' $name = strtolower($Name); // 'item' $names = strtolower($Names); // 'items' if (empty($deletedKeys[$names])) { continue; } $typeNode = $doc->createElement($names); foreach ($deletedKeys[$names] as $row) { $node = $doc->createElement($name); if ($row['libraryID'] != $userLibraryID || $name == 'setting') { $node->setAttribute('libraryID', $row['libraryID']); } $node->setAttribute('key', $row['key']); $typeNode->appendChild($node); } $deletedNode->appendChild($typeNode); } } // Add deleted groups if ($deletedIDs) { $name = "group"; $names = "groups"; $typeNode = $doc->createElement($names); $ids = $doc->createTextNode(implode(' ', $deletedIDs[$names])); $typeNode->appendChild($ids); $deletedNode->appendChild($typeNode); } $updatedNode->appendChild($deletedNode); } Zotero_DB::commit(); } catch (Exception $e) { Zotero_DB::rollback(true); if ($syncDownloadQueueID) { self::removeDownloadProcess($syncDownloadProcessID); } throw $e; } function relaxNGErrorHandler($errno, $errstr) { Zotero_Sync::$validationError = $errstr; } set_error_handler('relaxNGErrorHandler'); $valid = $doc->relaxNGValidate(Z_ENV_MODEL_PATH . 'relax-ng/updated.rng'); restore_error_handler(); if (!$valid) { if ($syncDownloadQueueID) { self::removeDownloadProcess($syncDownloadProcessID); } throw new Exception(self::$validationError . "\n\nXML:\n\n" . $doc->saveXML()); } // Cache response if response isn't empty try { if ($doc->documentElement->firstChild->hasChildNodes()) { self::cacheDownload($userID, $updateKey, $lastsync, $apiVersion, $doc->saveXML(), $cacheKeyExtra); } } catch (Exception $e) { Z_Core::logError("WARNING: " . $e); } if ($syncDownloadQueueID) { self::removeDownloadProcess($syncDownloadProcessID); } if ($profile) { $shardID = Zotero_Shards::getByUserID($userID); Zotero_DB::profileEnd(0); } }
/** * Action to check login credentials */ public function executeLoginCheck() { $connection = RaykuCommon::getDatabaseConnection(); $sEmail = trim($this->getRequestParameter('name')); $sPassword = trim($this->getRequestParameter('pass')); if ($sEmail == '' && $sPassword == '') { StatsD::increment("login.failure"); $this->redirect('login/index'); } //Check the user credentials $this->user = UserPeer::checkLogin($sEmail, $sPassword); if (!$this->user) { StatsD::increment("login.failure"); $_SESSION['loginErrorMsg'] = 'Your username or password was incorrect.'; } else { StatsD::increment("login.success"); } /** * @todo - check if we ever got a chance to hit this place with recaptch - it looks like no so either lets remove it or make it working */ if (isset($_SESSION['loginWrongPass']) && $_SESSION['loginWrongPass'] >= 5) { require_once $_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php'; // Get a key from https://www.google.com/recaptcha/admin/create $publickey = "6Lc_mscSAAAAAE0Bxon37XRl56V_l3Ba0sqib2Zm"; $privatekey = "6Lc_mscSAAAAAKG3YnU2l3uHYqcBDB6R31XlVTW8"; # the response from reCAPTCHA $resp = null; # the error code from reCAPTCHA, if any $error = null; # was there a reCAPTCHA response? $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($resp->is_valid) { $_SESSION['loginWrongPass'] = 0; $_SESSION['recaptchaError'] = ''; } else { # set the error code so that we can display it $_SESSION['recaptchaError'] = $resp->error; $this->user = false; } } if (!$this->user) { $this->msg = 'Your username or password was incorrect.'; /////incrementing session value plus one if the password is wrong $_SESSION['loginWrongPass'] = @$_SESSION['loginWrongPass'] + 1; if ($_SESSION['loginWrongPass'] >= 5) { $this->redirect("/login"); } return sfView::ERROR; } //If the user hasn't confirmed their account, display a message if ($this->user->isTypeUnconfirmed()) { $this->msg = 'You have not confirmed your account yet. Please go to your email inbox and click on the link in the confirmation email.'; return sfView::ERROR; } //If the user is banned, display a message if ($this->user->getHidden()) { $this->msg = 'You are currently banned.'; return sfView::ERROR; } $this->getUser()->signIn($this->user, $this->getRequestParameter('remember', false)); /** * Invisible in practice means "invisible until next login" * On each login this flag is set either to 0 or 1 * There is no possibility to change invisible status while being logged in */ $this->user->setInvisible($this->getRequestParameter('invisible', false)); $_SESSION[$this->user->getUsername()] = time(); $this->user->save(); $currentUser = $this->getUser()->getRaykuUser(); $userId = $currentUser->getId(); if (!empty($userId)) { mysql_query("delete from popup_close where user_id=" . $userId, $connection) or die(mysql_error()); mysql_query("delete from sendmessage where asker_id =" . $userId, $connection) or die(mysql_error()); mysql_query("delete from user_expert where checked_id=" . $userId, $connection) or die(mysql_error()); } if (isset($_SESSION['modelPopupOpen'])) { unset($_SESSION['modelPopupOpen']); if ($_SESSION['popup_session']) { unset($_SESSION['popup_session']); } } if ($this->getRequestParameter('referer') != 'http://' . RaykuCommon::getCurrentHttpDomain() . '/login') { if ($this->getRequestParameter('referer') != NULL) { return $this->redirect($this->getRequestParameter('referer')); } } else { return sfView::SUCCESS; } }
public function toResponseJSON($requestParams = []) { $t = microtime(true); // Child collections and items can't be cached (easily) $numCollections = $this->numCollections(); $numItems = $this->numItems(); if (!$requestParams['uncached']) { $cacheKey = $this->getCacheKey($requestParams); $cached = Z_Core::$MC->get($cacheKey); if ($cached) { Z_Core::debug("Using cached JSON for {$this->libraryKey}"); $cached['meta']->numCollections = $numCollections; $cached['meta']->numItems = $numItems; StatsD::timing("api.collections.toResponseJSON.cached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.collections.toResponseJSON.hit"); return $cached; } } $json = ['key' => $this->key, 'version' => $this->version, 'library' => Zotero_Libraries::toJSON($this->libraryID)]; // 'links' $json['links'] = ['self' => ['href' => Zotero_API::getCollectionURI($this), 'type' => 'application/json'], 'alternate' => ['href' => Zotero_URI::getCollectionURI($this, true), 'type' => 'text/html']]; $parentID = $this->getParentID(); if ($parentID) { $parentCol = Zotero_Collections::get($this->libraryID, $parentID); $json['links']['up'] = ['href' => Zotero_API::getCollectionURI($parentCol), 'type' => "application/atom+xml"]; } // 'meta' $json['meta'] = new stdClass(); $json['meta']->numCollections = $numCollections; $json['meta']->numItems = $numItems; // 'include' $include = $requestParams['include']; foreach ($include as $type) { if ($type == 'data') { $json[$type] = $this->toJSON($requestParams); } } if (!$requestParams['uncached']) { Z_Core::$MC->set($cacheKey, $json); StatsD::timing("api.collections.toResponseJSON.uncached", (microtime(true) - $t) * 1000); StatsD::increment("memcached.collections.toResponseJSON.miss"); } return $json; }
public function clear() { $this->sessionCheck(); if (Zotero_Sync::userIsReadLocked($this->userID) || Zotero_Sync::userIsWriteLocked($this->userID)) { $message = "You cannot reset server data while one of your libraries " . "is locked for syncing. Please wait for all related syncs to complete."; $this->error(400, 'SYNC_LOCKED', $message); } StatsD::increment("sync.clear"); Zotero_Users::clearAllData($this->userID); $this->responseXML->addChild('cleared'); $this->end(); }
/** * @todo Implement testIncrement(). */ public function testIncrement() { $this->statsd->updateStats("test.increment", "5", "1"); $this->statsd->increment("test.increment", 12); }
/** * Handle S3 request * * Permission-checking provided by items() */ private function _handleFileRequest($item) { if (!$this->permissions->canAccess($this->objectLibraryID, 'files')) { $this->e403(); } $this->allowMethods(array('HEAD', 'GET', 'POST', 'PATCH')); if (!$item->isAttachment()) { $this->e400("Item is not an attachment"); } // File info for 4.0 client sync // // Use of HEAD method was discontinued after 2.0.8/2.1b1 due to // compatibility problems with proxies and security software if ($this->method == 'GET' && $this->fileMode == 'info') { $info = Zotero_Storage::getLocalFileItemInfo($item); if (!$info) { $this->e404(); } StatsD::increment("storage.info", 1); /* header("Last-Modified: " . gmdate('r', $info['uploaded'])); header("Content-Type: " . $info['type']); */ header("Content-Length: " . $info['size']); header("ETag: " . $info['hash']); header("X-Zotero-Filename: " . $info['filename']); header("X-Zotero-Modification-Time: " . $info['mtime']); header("X-Zotero-Compressed: " . ($info['zip'] ? 'Yes' : 'No')); header_remove("X-Powered-By"); $this->end(); } else { if ($this->method == 'GET') { $info = Zotero_Storage::getLocalFileItemInfo($item); if (!$info) { $this->e404(); } // File viewing if ($this->fileView) { $url = Zotero_Attachments::getTemporaryURL($item, !empty($_GET['int'])); if (!$url) { $this->e500(); } StatsD::increment("storage.view", 1); $this->redirect($url); exit; } // File download $url = Zotero_Storage::getDownloadURL($item, 60); if (!$url) { $this->e404(); } // Provide some headers to let 5.0 client skip download header("Zotero-File-Modification-Time: {$info['mtime']}"); header("Zotero-File-MD5: {$info['hash']}"); header("Zotero-File-Size: {$info['size']}"); header("Zotero-File-Compressed: " . ($info['zip'] ? 'Yes' : 'No')); StatsD::increment("storage.download", 1); Zotero_Storage::logDownload($item, $this->userID, IPAddress::getIP()); $this->redirect($url); exit; } else { if ($this->method == 'POST' || $this->method == 'PATCH') { if (!$item->isImportedAttachment()) { $this->e400("Cannot upload file for linked file/URL attachment item"); } $libraryID = $item->libraryID; $type = Zotero_Libraries::getType($libraryID); if ($type == 'group') { $groupID = Zotero_Groups::getGroupIDFromLibraryID($libraryID); $group = Zotero_Groups::get($groupID); if (!$group->userCanEditFiles($this->userID)) { $this->e403("You do not have file editing access"); } } else { $group = null; } // If not the client, require If-Match or If-None-Match if (!$this->httpAuth) { if (empty($_SERVER['HTTP_IF_MATCH']) && empty($_SERVER['HTTP_IF_NONE_MATCH'])) { $this->e428("If-Match/If-None-Match header not provided"); } if (!empty($_SERVER['HTTP_IF_MATCH'])) { if (!preg_match('/^"?([a-f0-9]{32})"?$/', $_SERVER['HTTP_IF_MATCH'], $matches)) { $this->e400("Invalid ETag in If-Match header"); } if (!$item->attachmentStorageHash) { $this->e412("ETag set but file does not exist"); } if ($item->attachmentStorageHash != $matches[1]) { $this->libraryVersion = $item->version; $this->libraryVersionOnFailure = true; $this->e412("ETag does not match current version of file"); } } else { if ($_SERVER['HTTP_IF_NONE_MATCH'] != "*") { $this->e400("Invalid value for If-None-Match header"); } if (Zotero_Storage::getLocalFileItemInfo($item)) { $this->libraryVersion = $item->version; $this->libraryVersionOnFailure = true; $this->e412("If-None-Match: * set but file exists"); } } } // // Upload authorization // if (!isset($_POST['update']) && !isset($_REQUEST['upload'])) { $info = new Zotero_StorageFileInfo(); // Validate upload metadata if (empty($_REQUEST['md5'])) { $this->e400('MD5 hash not provided'); } if (!preg_match('/[abcdefg0-9]{32}/', $_REQUEST['md5'])) { $this->e400('Invalid MD5 hash'); } if (!isset($_REQUEST['filename']) || $_REQUEST['filename'] === "") { $this->e400('Filename not provided'); } // Multi-file upload // // For ZIP files, the filename and hash of the ZIP file are different from those // of the main file. We use the former for S3, and we store the latter in the // upload log to set the attachment metadata with them on file registration. if (!empty($_REQUEST['zipMD5'])) { if (!preg_match('/[abcdefg0-9]{32}/', $_REQUEST['zipMD5'])) { $this->e400('Invalid ZIP MD5 hash'); } if (empty($_REQUEST['zipFilename'])) { $this->e400('ZIP filename not provided'); } $info->zip = true; $info->hash = $_REQUEST['zipMD5']; $info->filename = $_REQUEST['zipFilename']; $info->itemFilename = $_REQUEST['filename']; $info->itemHash = $_REQUEST['md5']; } else { if (!empty($_REQUEST['zipFilename'])) { $this->e400('ZIP MD5 hash not provided'); } else { $info->zip = !empty($_REQUEST['zip']); $info->filename = $_REQUEST['filename']; $info->hash = $_REQUEST['md5']; } } if (empty($_REQUEST['mtime'])) { $this->e400('File modification time not provided'); } $info->mtime = $_REQUEST['mtime']; if (!isset($_REQUEST['filesize'])) { $this->e400('File size not provided'); } $info->size = $_REQUEST['filesize']; if (!is_numeric($info->size)) { $this->e400("Invalid file size"); } $info->contentType = isset($_REQUEST['contentType']) ? $_REQUEST['contentType'] : null; if (!preg_match("/^[a-zA-Z0-9\\-\\/]+\$/", $info->contentType)) { $info->contentType = null; } $info->charset = isset($_REQUEST['charset']) ? $_REQUEST['charset'] : null; if (!preg_match("/^[a-zA-Z0-9\\-]+\$/", $info->charset)) { $info->charset = null; } $contentTypeHeader = $info->contentType . ($info->contentType && $info->charset ? "; charset=" . $info->charset : ""); // Reject file if it would put account over quota if ($group) { $quota = Zotero_Storage::getEffectiveUserQuota($group->ownerUserID); $usage = Zotero_Storage::getUserUsage($group->ownerUserID); } else { $quota = Zotero_Storage::getEffectiveUserQuota($this->objectUserID); $usage = Zotero_Storage::getUserUsage($this->objectUserID); } $total = $usage['total']; $fileSizeMB = round($info->size / 1024 / 1024, 1); if ($total + $fileSizeMB > $quota) { StatsD::increment("storage.upload.quota", 1); $this->e413("File would exceed quota ({$total} + {$fileSizeMB} > {$quota})"); } Zotero_DB::query("SET TRANSACTION ISOLATION LEVEL SERIALIZABLE"); Zotero_DB::beginTransaction(); // See if file exists with this filename $localInfo = Zotero_Storage::getLocalFileInfo($info); if ($localInfo) { $storageFileID = $localInfo['storageFileID']; // Verify file size if ($localInfo['size'] != $info->size) { throw new Exception("Specified file size incorrect for existing file " . $info->hash . "/" . $info->filename . " ({$localInfo['size']} != {$info->size})"); } } else { $oldStorageFileID = Zotero_Storage::getFileByHash($info->hash, $info->zip); if ($oldStorageFileID) { // Verify file size $localInfo = Zotero_Storage::getFileInfoByID($oldStorageFileID); if ($localInfo['size'] != $info->size) { throw new Exception("Specified file size incorrect for duplicated file " . $info->hash . "/" . $info->filename . " ({$localInfo['size']} != {$info->size})"); } // Create new file on S3 with new name $storageFileID = Zotero_Storage::duplicateFile($oldStorageFileID, $info->filename, $info->zip, $contentTypeHeader); } } // If we already have a file, add/update storageFileItems row and stop if (!empty($storageFileID)) { Zotero_Storage::updateFileItemInfo($item, $storageFileID, $info, $this->httpAuth); Zotero_DB::commit(); StatsD::increment("storage.upload.existing", 1); if ($this->httpAuth) { $this->queryParams['format'] = null; header('Content-Type: application/xml'); echo "<exists/>"; } else { $this->queryParams['format'] = null; header('Content-Type: application/json'); $this->libraryVersion = $item->version; echo json_encode(array('exists' => 1)); } $this->end(); } Zotero_DB::commit(); // Add request to upload queue $uploadKey = Zotero_Storage::queueUpload($this->userID, $info); // User over queue limit if (!$uploadKey) { header('Retry-After: ' . Zotero_Storage::$uploadQueueTimeout); if ($this->httpAuth) { $this->e413("Too many queued uploads"); } else { $this->e429("Too many queued uploads"); } } StatsD::increment("storage.upload.new", 1); // Output XML for client requests (which use HTTP Auth) if ($this->httpAuth) { $params = Zotero_Storage::generateUploadPOSTParams($item, $info, true); $this->queryParams['format'] = null; header('Content-Type: application/xml'); $xml = new SimpleXMLElement('<upload/>'); $xml->url = Zotero_Storage::getUploadBaseURL(); $xml->key = $uploadKey; foreach ($params as $key => $val) { $xml->params->{$key} = $val; } echo $xml->asXML(); } else { if (!empty($_REQUEST['params']) && $_REQUEST['params'] == "1") { $params = array("url" => Zotero_Storage::getUploadBaseURL(), "params" => array()); foreach (Zotero_Storage::generateUploadPOSTParams($item, $info) as $key => $val) { $params['params'][$key] = $val; } } else { $params = Zotero_Storage::getUploadPOSTData($item, $info); } $params['uploadKey'] = $uploadKey; $this->queryParams['format'] = null; header('Content-Type: application/json'); echo json_encode($params); } exit; } // // API partial upload and post-upload file registration // if (isset($_REQUEST['upload'])) { $uploadKey = $_REQUEST['upload']; if (!$uploadKey) { $this->e400("Upload key not provided"); } $info = Zotero_Storage::getUploadInfo($uploadKey); if (!$info) { $this->e400("Upload key not found"); } // Partial upload if ($this->method == 'PATCH') { if (empty($_REQUEST['algorithm'])) { throw new Exception("Algorithm not specified", Z_ERROR_INVALID_INPUT); } $storageFileID = Zotero_Storage::patchFile($item, $info, $_REQUEST['algorithm'], $this->body); } else { $remoteInfo = Zotero_Storage::getRemoteFileInfo($info); if (!$remoteInfo) { error_log("Remote file {$info->hash}/{$info->filename} not found"); $this->e400("Remote file not found"); } if ($remoteInfo->size != $info->size) { error_log("Uploaded file size does not match " . "({$remoteInfo->size} != {$info->size}) " . "for file {$info->hash}/{$info->filename}"); } } // Set an automatic shared lock in getLocalFileInfo() to prevent // two simultaneous transactions from adding a file Zotero_DB::query("SET TRANSACTION ISOLATION LEVEL SERIALIZABLE"); Zotero_DB::beginTransaction(); if (!isset($storageFileID)) { // Check if file already exists, which can happen if two identical // files are uploaded simultaneously $fileInfo = Zotero_Storage::getLocalFileInfo($info); if ($fileInfo) { $storageFileID = $fileInfo['storageFileID']; } else { $storageFileID = Zotero_Storage::addFile($info); } } Zotero_Storage::updateFileItemInfo($item, $storageFileID, $info); Zotero_Storage::logUpload($this->userID, $item, $uploadKey, IPAddress::getIP()); Zotero_DB::commit(); header("HTTP/1.1 204 No Content"); header("Last-Modified-Version: " . $item->version); exit; } // // Client post-upload file registration // if (isset($_POST['update'])) { $this->allowMethods(array('POST')); if (empty($_POST['mtime'])) { throw new Exception('File modification time not provided'); } $uploadKey = $_POST['update']; $info = Zotero_Storage::getUploadInfo($uploadKey); if (!$info) { $this->e400("Upload key not found"); } $remoteInfo = Zotero_Storage::getRemoteFileInfo($info); if (!$remoteInfo) { $this->e400("Remote file not found"); } if (!isset($info->size)) { throw new Exception("Size information not available"); } $info->mtime = $_POST['mtime']; // Set an automatic shared lock in getLocalFileInfo() to prevent // two simultaneous transactions from adding a file Zotero_DB::query("SET TRANSACTION ISOLATION LEVEL SERIALIZABLE"); Zotero_DB::beginTransaction(); // Check if file already exists, which can happen if two identical // files are uploaded simultaneously $fileInfo = Zotero_Storage::getLocalFileInfo($info); if ($fileInfo) { $storageFileID = $fileInfo['storageFileID']; } else { $storageFileID = Zotero_Storage::addFile($info); } Zotero_Storage::updateFileItemInfo($item, $storageFileID, $info, true); Zotero_Storage::logUpload($this->userID, $item, $uploadKey, IPAddress::getIP()); Zotero_DB::commit(); header("HTTP/1.1 204 No Content"); exit; } throw new Exception("Invalid request", Z_ERROR_INVALID_INPUT); } } } exit; }
public static function statsdIncrement($stat, $prefix = false) { $_prefix = $prefix ? $prefix : self::statsdPrefix(false, false); StatsD::increment($_prefix . $stat); }
fwrite($fp, "{$stat}:{$value}"); } $content = fread($fp, "100"); var_dump($content); echo "<hr color='red'/>"; fclose($fp); } catch (Exception $ex) { error_log("StatsD Exception: " . $ex->getMessage()); } } } $hostname = "127.0.0.1"; $port_number = 11109; $statsd = new StatsD($hostname, $port_number); for ($i = 0; $i < 180; $i++) { //<game>.<topic>.<counter_name> $statsd->increment('high_level_topic.test.test_counter'); if ($i % 100 == 0) { printf("#"); sleep(2); } else { if ($i % 101 == 0) { printf("*"); sleep(2); } else { printf("."); sleep(0.8); } } } printf("\n");
public function executeConnect() { $this->count = $this->getRequestParameter('count'); StatsD::increment("whiteboard.session.create"); }
public function executeConnect() { StatsD::increment("whiteboard.session.create"); }