public function invalidateApplicationResources(array $uris, SecurityToken $token)
{
foreach ($uris as $uri) {
$request = new RemoteContentRequest($uri);
$this->cache->invalidate($request->toHash());
// GET
$request = new RemoteContentRequest($uri);
$request->createRemoteContentRequestWithUri($uri);
$this->cache->invalidate($request->toHash());
// GET & SIGNED
$request = new RemoteContentRequest($uri);
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request->setNotSignedUri($uri);
$this->cache->invalidate($request->toHash());
}
}
public function invalidateApplicationResources(array $uris, SecurityToken $token)
{
foreach ($uris as $uri) {
$request = new RemoteContentRequest($uri);
$this->cache->invalidate($request->toHash());
// GET
$request = new RemoteContentRequest($uri);
$request->createRemoteContentRequestWithUri($uri);
$this->cache->invalidate($request->toHash());
// GET & SIGNED
$request = new RemoteContentRequest($uri);
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request->setNotSignedUri($uri);
$this->cache->invalidate($request->toHash());
}
if (Doctrine::getTable('SnsConfig')->get('is_use_outer_shindig', false) && Doctrine::getTable('SnsConfig')->get('is_relay_invalidation_notice', true)) {
require_once 'OAuth.php';
$shindigUrl = Doctrine::getTable('SnsConfig')->get('shindig_url');
if (substr($shindigUrl, -1) !== '/') {
$shindigUrl .= '/';
}
$invalidateUrl = $shindigUrl . 'gadgets/api/rest/cache';
$key = Doctrine::getTable('SnsConfig')->get('shindig_backend_key');
$secret = Doctrine::getTable('SnsConfig')->get('shindig_backend_secret');
$consumer = new OAuthConsumer($key, $secret);
$oauthRequest = OAuthRequest::from_consumer_and_token($consumer, null, 'POST', $invalidateUrl);
$oauthRequest->set_parameter('xoauth_requestor_id', 1);
$oauthRequest->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $consumer, null);
$request = new RemoteContentRequest($invalidateUrl . '?xoauth_requestor_id=1');
$request->setMethod('POST');
$request->setContentType('application/json');
$request->setPostBody(json_encode(array('invalidationKeys' => $uris)));
$request->setHeaders($oauthRequest->to_header());
$request->getOptions()->ignoreCache = true;
$remoteContent = Shindig_Config::get('remote_content');
$fetcher = new $remoteContent();
$fetcher->fetch($request);
}
}
/**
* Fetches all remote resources simultaniously using a multiFetchRequest to optimize rendering time.
*
* The preloads will be json_encoded to their gadget document injection format, and the locales will
* be reduced to only the GadgetContext->getLocale matching entries.
*
* @param Gadget $gadget
* @param GadgetContext $context
*/
protected function fetchResources(Gadget &$gadget)
{
$contextLocale = $this->context->getLocale();
$unsignedRequests = $signedRequests = array();
foreach ($gadget->gadgetSpec->locales as $key => $locale) {
// Only fetch the locales that match the current context's language and country
if ($locale['country'] == 'all' && $locale['lang'] == 'all' || $locale['lang'] == $contextLocale['lang'] && $locale['country'] == 'all' || $locale['lang'] == $contextLocale['lang'] && $locale['country'] == $contextLocale['country']) {
if (!empty($locale['messages'])) {
$transformedUrl = RemoteContentRequest::transformRelativeUrl($locale['messages'], $this->context->getUrl());
if (!$transformedUrl) {
// remove any locales that are not applicable to this context
unset($gadget->gadgetSpec->locales[$key]);
continue;
} else {
$gadget->gadgetSpec->locales[$key]['messages'] = $transformedUrl;
}
// locale matches the current context, add it to the requests queue
$request = new RemoteContentRequest($gadget->gadgetSpec->locales[$key]['messages']);
$request->createRemoteContentRequestWithUri($gadget->gadgetSpec->locales[$key]['messages']);
$request->getOptions()->ignoreCache = $this->context->getIgnoreCache();
$unsignedRequests[] = $request;
}
} else {
// remove any locales that are not applicable to this context
unset($gadget->gadgetSpec->locales[$key]);
}
}
if (!$gadget->gadgetContext instanceof MetadataGadgetContext) {
// Add preloads to the request queue
foreach ($gadget->getPreloads() as $preload) {
if (!empty($preload['href'])) {
$request = new RemoteContentRequest($preload['href']);
if (!empty($preload['authz']) && $preload['authz'] == 'SIGNED') {
if ($this->token == '') {
throw new GadgetException("Signed preloading requested, but no valid security token set");
}
$request = new RemoteContentRequest($preload['href']);
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request->setNotSignedUri($preload['href']);
$request->setToken($this->token);
$request->getOptions()->ignoreCache = $this->context->getIgnoreCache();
if (strcasecmp($preload['signViewer'], 'false') == 0) {
$request->getOptions()->viewerSigned = false;
}
if (strcasecmp($preload['signOwner'], 'false') == 0) {
$request->getOptions()->ownerSigned = false;
}
$signedRequests[] = $request;
} else {
$request->createRemoteContentRequestWithUri($preload['href']);
$request->getOptions()->ignoreCache = $this->context->getIgnoreCache();
$unsignedRequests[] = $request;
}
}
}
// Add template libraries to the request queue
if ($gadget->gadgetSpec->templatesRequireLibraries) {
foreach ($gadget->gadgetSpec->templatesRequireLibraries as $key => $libraryUrl) {
$request = new RemoteContentRequest($libraryUrl);
$transformedUrl = RemoteContentRequest::transformRelativeUrl($libraryUrl, $this->context->getUrl());
if (!$transformedUrl) {
continue;
} else {
$gadget->gadgetSpec->templatesRequireLibraries[$key] = $transformedUrl;
}
$request->createRemoteContentRequestWithUri($gadget->gadgetSpec->templatesRequireLibraries[$key]);
$request->getOptions()->ignoreCache = $this->context->getIgnoreCache();
$unsignedRequests[] = $request;
}
}
}
// Perform the non-signed requests
$responses = array();
if (count($unsignedRequests)) {
$brc = new BasicRemoteContent();
$resps = $brc->multiFetch($unsignedRequests);
foreach ($resps as $response) {
$responses[$response->getUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
}
// Perform the signed requests
if (count($signedRequests)) {
$signingFetcherFactory = new SigningFetcherFactory(Config::get("private_key_file"));
$remoteFetcherClass = Config::get('remote_content_fetcher');
$remoteFetcher = new $remoteFetcherClass();
$remoteContent = new BasicRemoteContent($remoteFetcher, $signingFetcherFactory);
$resps = $remoteContent->multiFetch($signedRequests);
foreach ($resps as $response) {
$responses[$response->getNotSignedUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
}
// assign the results to the gadget locales and preloads (using the url as the key)
foreach ($gadget->gadgetSpec->locales as $key => $locale) {
if (!empty($locale['messages']) && isset($responses[$locale['messages']]) && $responses[$locale['messages']]['rc'] == 200) {
$gadget->gadgetSpec->locales[$key]['messageBundle'] = $this->parseMessageBundle($responses[$locale['messages']]['body']);
}
}
if (!$gadget->gadgetContext instanceof MetadataGadgetContext) {
$preloads = array();
foreach ($gadget->gadgetSpec->preloads as $key => $preload) {
if (!empty($preload['href']) && isset($responses[$preload['href']]) && $responses[$preload['href']]['rc'] == 200) {
$preloads[] = array_merge(array('id' => $preload['href']), $responses[$preload['href']]);
}
}
$gadget->gadgetSpec->preloads = $preloads;
if ($gadget->gadgetSpec->templatesRequireLibraries) {
$requiredLibraries = array();
foreach ($gadget->gadgetSpec->templatesRequireLibraries as $key => $libraryUrl) {
if (isset($responses[$libraryUrl]) && $responses[$libraryUrl]['rc'] == 200) {
$requiredLibraries[$libraryUrl] = $responses[$libraryUrl]['body'];
}
}
$gadget->gadgetSpec->templatesRequireLibraries = $requiredLibraries;
}
}
}
/**
* Builds a request to retrieve the actual content.
*
* @param GadgetContext $context The rendering context.
* @param MakeRequestOptions $params Options for crafting the request.
* @param SecurityTokenDecoder $signer A signer needed for signed requests.
* @return RemoteContentRequest An initialized request object.
*/
public function buildRequest(GadgetContext $context, MakeRequestOptions $params, SecurityTokenDecoder $signer = null)
{
// Check the protocol requested - curl doesn't really support file://
// requests but the 'error' should be handled properly
$protocolSplit = explode('://', $params->getHref(), 2);
if (count($protocolSplit) < 2) {
throw new Exception("Invalid protocol specified");
}
$protocol = strtoupper($protocolSplit[0]);
if ($protocol != "HTTP" && $protocol != "HTTPS") {
throw new Exception("Invalid protocol specified in url: " . htmlentities($protocol));
}
$method = $params->getHttpMethod();
if ($method == 'POST' || $method == 'PUT') {
// even if postData is an empty string, it will still post
// (since RemoteContentRquest checks if its false)
// so the request to POST is still honored
$request = new RemoteContentRequest($params->getHref(), null, $params->getRequestBody());
} else {
if ($method == 'DELETE' || $method == 'GET' || $method == 'HEAD') {
$request = new RemoteContentRequest($params->getHref());
} else {
throw new Exception("Invalid HTTP method.");
}
}
$request->setMethod($method);
if ($signer) {
switch ($params->getAuthz()) {
case 'SIGNED':
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
break;
case 'OAUTH':
$request->setAuthType(RemoteContentRequest::$AUTH_OAUTH);
$request->setOAuthRequestParams($params->getOAuthRequestParameters());
break;
}
$st = $params->getSecurityTokenString();
if ($st === false) {
throw new Exception("A security token is required for signed requests");
}
$token = $context->validateToken($st, $signer);
$request->setToken($token);
}
// Strip invalid request headers. This limits the utility of the
// MakeRequest class a little bit, but ensures that none of the invalid
// headers are present in any request going through this class.
$headers = $params->getRequestHeadersArray();
if ($headers !== false) {
$headers = $this->stripInvalidArrayKeys($headers, MakeRequest::$BAD_REQUEST_HEADERS);
$params->setRequestHeaders($headers);
}
// The request expects headers to be stored as a normal header text blob.
// ex: Content-Type: application/atom+xml
// Accept-Language: en-us
$formattedHeaders = $params->getFormattedRequestHeaders();
if ($formattedHeaders !== false) {
$request->setHeaders($formattedHeaders);
}
return $request;
}
public function testInvalidateUserResourcesWithEmptyAppId()
{
$token = BasicSecurityToken::createFromValues('owner', 'viewer', null, 'domain', 'appUrl', '1', 'default');
$token->setAuthenticationMode(AuthenticationMode::$OAUTH_CONSUMER_REQUEST);
$request = new RemoteContentRequest('http://url');
$request->setToken($token);
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$this->service->markResponse($request);
$opensocialIds = array('owner');
$this->service->invalidateUserResources($opensocialIds, $token);
$this->assertFalse($this->service->isValid($request));
$this->service->markResponse($request);
$this->assertTrue($this->service->isValid($request));
}
/**
* Tests through SigningFetcher
*/
public function testSigningFetch()
{
$request1 = new RemoteContentRequest('http://test.chabotc.com/signing.html');
$token = BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default');
$request1->setToken($token);
$request1->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request2 = new RemoteContentRequest('http://test.chabotc.com/ok.html');
$this->basicRemoteContent->invalidate($request1);
$this->basicRemoteContent->invalidate($request2);
$requests = array($request1, $request2);
$this->basicRemoteContent->multiFetch($requests);
$content = $request1->getResponseContent();
$this->assertEquals("OK", trim($content));
$content = $request2->getResponseContent();
$this->assertEquals("OK", trim($content));
}
/**
* Renders a 'proxied content' view, for reference see:
* http://opensocial-resources.googlecode.com/svn/spec/draft/OpenSocial-Data-Pipelining.xml
*
* @param Gadget $gadget
* @param array $view
*/
public function renderGadget(Shindig_Gadget $gadget, $view)
{
$this->setGadget($gadget);
if (Shindig_Config::get('P3P') != '') {
header("P3P: " . Shindig_Config::get('P3P'));
}
/* TODO
* We should really re-add OAuth fetching support some day, uses these view atributes:
* $view['oauthServiceName'], $view['oauthTokenName'], $view['oauthRequestToken'], $view['oauthRequestTokenSecret'];
*/
$authz = $this->getAuthz($view);
$refreshInterval = $this->getRefreshInterval($view);
$href = $this->buildHref($view, $authz);
if (count($view['dataPipelining'])) {
$request = new RemoteContentRequest($href, "Content-type: application/json\n");
$request->setMethod('POST');
$request->getOptions()->ignoreCache = $gadget->gadgetContext->getIgnoreCache();
} else {
// no data-pipelining set, use GET and set cache/refresh interval options
$request = new RemoteContentRequest($href);
$request->setMethod('GET');
$request->setRefreshInterval($refreshInterval);
$request->getOptions()->ignoreCache = $gadget->gadgetContext->getIgnoreCache();
}
$signingFetcherFactory = $gadgetSigner = false;
if ($authz != 'none') {
$gadgetSigner = Shindig_Config::get('security_token_signer');
$gadgetSigner = new $gadgetSigner();
$token = $gadget->gadgetContext->extractAndValidateToken($gadgetSigner);
$request->setToken($token);
$request->setAuthType($authz);
$request->getOptions()->ownerSigned = $this->getSignOwner($view);
$request->getOptions()->viewerSigned = $this->getSignViewer($view);
$signingFetcherFactory = new SigningFetcherFactory(Shindig_Config::get("private_key_file"));
}
$remoteFetcherClass = Shindig_Config::get('remote_content_fetcher');
$remoteFetcher = new $remoteFetcherClass();
$basicRemoteContent = new BasicRemoteContent($remoteFetcher, $signingFetcherFactory, $gadgetSigner);
// Cache POST's as if they were GET's, since we don't want to re-fetch and repost the social data for each view
$basicRemoteContent->setCachePostRequest(true);
if (($response = $basicRemoteContent->getCachedRequest($request)) == false) {
// Don't fetch the data-pipelining social data unless we don't have a cached version of the gadget's content
$dataPipeliningResults = DataPipelining::fetch($view['dataPipelining'], $this->context);
// spec stats that the proxied content data-pipelinging data is *not* available to templates (to avoid duplicate posting
// of the data to the gadget dev's server and once to js space), so we don't assign it to the data context, and just
// post the json encoded results to the remote url.
$request->setPostBody(json_encode($dataPipeliningResults));
$response = $basicRemoteContent->fetch($request);
}
if ($response->getHttpCode() != '200') {
// an error occured fetching the proxied content's gadget content
$content = '<html><body><h1>An error occured fetching the gadget content</h1><p>http error code: ' . $response->getHttpCode() . '</p><p>' . $response->getResponseContent() . '</body></html>';
} else {
// fetched ok, build the response document and output it
$content = $response->getResponseContent();
$content = $this->parseTemplates($content);
$content = $this->rewriteContent($content);
$content = $this->addTemplates($content);
}
echo $content;
}
/**
* Tests SigningFetcher->fetchRequest
*/
public function testFetchRequestWithEmptyPath()
{
$request = new RemoteContentRequest('http://example.org');
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
$request->setToken(BasicSecurityToken::createFromValues('owner', 'viewer', 'app', 'domain', 'appUrl', '1', 'default'));
$request->setPostBody('key=value&anotherkey=value');
$this->signingFetcher->fetchRequest($request);
$this->verifySignedRequest($request);
}
