/**
* generates the library string (core:caja:etc.js) including a checksum of all the
* javascript content (?v=<md5 of js>) for cache busting
*
* @param array $features
* @return string the list of libraries in core:caja:etc.js?v=checksum> format
*/
protected function getJsUrl($features)
{
if (!is_array($features) || !count($features)) {
return 'null';
}
$registry = $this->context->getRegistry();
// Given the JsServlet automatically expends the js library, we just need
// to include the "leaf" nodes of the features.
$ret = $features;
foreach ($features as $feature) {
$depFeatures = $registry->features[$feature]['deps'];
$ret = array_diff($ret, $depFeatures);
}
$ret = implode(':', $ret);
$cache = Cache::createCache(Config::get('feature_cache'), 'FeatureCache');
if (($md5 = $cache->get(md5('getJsUrlMD5'))) === false) {
$features = $registry->features;
// Build a version string from the md5() checksum of all included javascript
// to ensure the client always has the right version
$inlineJs = '';
foreach ($features as $feature => $content) {
$inlineJs .= $registry->getFeatureContent($feature, $this->context, true);
}
$md5 = md5($inlineJs);
$cache->set(md5('getJsUrlMD5'), $md5);
}
$ret .= ".js?v=" . $md5;
return $ret;
}
public static function invalidateGadgetCache(GadgetContext $context)
{
$request = new RemoteContentRequest($context->getUrl());
$cache = Cache::createCache(Shindig_Config::get('data_cache'), 'RemoteContent');
$cacheData = $cache->get($request->toHash());
if ($cacheData) {
$uris = array();
$xml = $cacheData->getResponseContent();
$parserClass = Shindig_Config::get('gadget_spec_parser');
$parser = new $parserClass();
$gadgetSpec = $parser->parse($xml, $context);
if ($gadgetSpec->locales) {
foreach ($gadgetSpec->locales as $locale) {
if (!empty($locale['messages'])) {
$uris[] = RemoteContentRequest::transformRelativeUrl($locale['messages'], $context->getUrl());
}
}
}
if (is_array($gadgetSpec->preloads)) {
foreach ($gadgetSpec->preloads as $preload) {
if (!empty($preload['href'])) {
$uris[] = RemoteContentRequest::transformRelativeUrl($preload['href'], $context->getUrl());
}
}
}
if (is_array($gadgetSpec->templatesRequireLibraries)) {
foreach ($gadgetSpec->templatesRequireLibraries as $libraryUrl) {
$uris[] = RemoteContentRequest::transformRelativeUrl($locale['messages'], $context->getUrl());
}
}
$uris[] = $request->getUrl();
self::invalidateRemoteContents($uris);
}
}
protected function fetch($postParam, $token)
{
$context = new GadgetContext('GADGET');
$context->setIgnoreCache(true);
$url = OpenPNEServiceConfig::SNSURL . OpenPNEServiceConfig::ACTION;
$postData = json_encode($postParam);
$headers = 'Content-Type: application/json; charaset=utf-8';
$request = new RemoteContentRequest($url . '?st=' . $token->toSerialForm(), $headers, $postData);
return $this->getResponseData($context->getHttpFetcher()->fetch($request, $context));
}
/**
* Prepares the environment before running a test.
*/
protected function setUp()
{
parent::setUp();
$this->gadgetContext = new GadgetContext('GADGET');
$gadgetSpecFactory = new MockRewriterGadgetFactory($this->gadgetContext, null);
$gadgetSpecFactory->fetchGadget = null;
$this->gadget = $gadgetSpecFactory->createGadget();
$this->gadgetRewriter = new GadgetRewriter($this->gadgetContext);
$this->view = $this->gadget->getView($this->gadgetContext->getView());
}
/**
* Prepares the environment before running a test.
*/
protected function setUp()
{
parent::setUp();
$this->GadgetServer = new GadgetServer();
// prevent polution from other test cases + make sure we're not testing
// a cached result
$_GET = array('nocache' => 1);
$_POST = array();
$GadgetContext = new GadgetContext('GADGET');
$GadgetContext->setUrl('http://test.chabotc.com/testGadget.xml');
$this->gadget = $this->GadgetServer->processGadget($GadgetContext);
}
public function getSupportedFields($parameters)
{
$context = new GadgetContext('GADGET');
$container = $context->getContainer();
$containerConfig = new ContainerConfig(Config::get('container_path'));
$config = $containerConfig->getConfig($container, 'gadgets.features');
$version = $this->getOpenSocialVersion($config);
$supportedFields = $config[$version]['supportedFields'];
if (in_array('people', $parameters)) {
$ret = $supportedFields['person'];
} else {
$ret = $supportedFields['activity'];
}
return new ResponseItem(null, null, $ret);
}
public function getFeatureContent($feature, GadgetContext $context, $isGadgetContext)
{
if (empty($feature)) {
return '';
}
if (!isset($this->features[$feature])) {
throw new GadgetException("Invalid feature: " . htmlentities($feature));
}
$featureName = $feature;
$feature = $this->features[$feature];
$filesContext = $isGadgetContext ? 'gadgetJs' : 'containerJs';
if (!isset($feature[$filesContext])) {
// no javascript specified for this context
return '';
}
$ret = '';
if (Config::get('compress_javascript')) {
$featureCache = Cache::createCache(Config::get('feature_cache'), 'FeatureCache');
if ($featureContent = $featureCache->get(md5('features:' . $featureName . $isGadgetContext))) {
return $featureContent;
}
}
foreach ($feature[$filesContext] as $entry) {
switch ($entry['type']) {
case 'URL':
$request = new RemoteContentRequest($entry['content']);
$request->getOptions()->ignoreCache = $context->getIgnoreCache();
$response = $context->getHttpFetcher()->fetch($request);
if ($response->getHttpCode() == '200') {
$ret .= $response->getResponseContent() . "\n";
}
break;
case 'FILE':
$file = $feature['basePath'] . '/' . $entry['content'];
$ret .= file_get_contents($file) . "\n";
break;
case 'INLINE':
$ret .= $entry['content'] . "\n";
break;
}
}
if (Config::get('compress_javascript')) {
$ret = JsMin::minify($ret);
$featureCache->set(md5('features:' . $featureName . $isGadgetContext), $ret);
}
return $ret;
}
/**
*
* @param object $jsonContext
* @param string $url
*/
public function __construct($jsonContext, $url)
{
parent::__construct('GADGET');
$this->url = $url;
$this->view = $jsonContext->view;
$this->locale = array('lang' => $jsonContext->language, 'country' => $jsonContext->country);
$this->container = $jsonContext->container;
}
/**
* Sets the caching (Cache-Control & Expires) with a cache age of $lastModified
* or if $lastModified === false, sets Pragma: no-cache & Cache-Control: no-cache
*/
protected function setCachingHeaders($lastModified = false)
{
$maxAge = $this->context->getIgnoreCache() ? false : $this->context->getRefreshInterval();
if ($maxAge) {
if ($lastModified) {
header("Last-Modified: {$lastModified}");
}
// time() is a kernel call, so lets avoid it and use the request time instead
$time = $_SERVER['REQUEST_TIME'];
$expires = $maxAge !== false ? $time + $maxAge : $time - 3000;
$public = $maxAge ? 'public' : 'private';
$maxAge = $maxAge === false ? '0' : $maxAge;
header("Cache-Control: {$public}; max-age={$maxAge}", true);
header("Expires: " . gmdate("D, d M Y H:i:s", $expires) . " GMT", true);
} else {
header("Cache-Control: no-cache", true);
header("Pragma: no-cache", true);
}
}
private function getIframeURL(Gadget $gadget, GadgetContext $context)
{
$v = $gadget->getChecksum();
$view = $gadget->getView($context->getView());
$up = '';
foreach ($gadget->gadgetSpec->userPrefs as $pref) {
$up .= '&up_' . urlencode($pref['name']) . '=' . urlencode($pref['value']);
}
$locale = $context->getLocale();
//Note: putting the URL last, else some browsers seem to get confused (reported by hi5)
return Config::get('default_iframe_prefix') . 'container=' . $context->getContainer() . ($context->getIgnoreCache() ? '&nocache=1' : '&v=' . $v) . ($context->getModuleId() != 0 ? '&mid=' . $context->getModuleId() : '') . '&lang=' . $locale['lang'] . '&country=' . $locale['country'] . '&view=' . $view['view'] . $up . '&url=' . urlencode($context->getUrl());
}
/**
* Fetches the gadget xml for the requested URL using the http fetcher
*
* @param unknown_type $gadgetUrl
* @return string gadget's xml content
*/
protected function fetchGadget($gadgetUrl)
{
$request = new RemoteContentRequest($gadgetUrl);
$request->setToken($this->token);
$request->getOptions()->ignoreCache = $this->context->getIgnoreCache();
$xml = $this->context->getHttpFetcher()->fetch($request);
if ($xml->getHttpCode() != '200') {
throw new GadgetException("Failed to retrieve gadget content (recieved http code " . $xml->getHttpCode() . ")");
}
return $xml->getResponseContent();
}
/**
*
*/
protected function setCachingHeaders()
{
$this->setContentType("text/html; charset=UTF-8");
if ($this->context->getIgnoreCache()) {
// no cache was requested, set non-caching-headers
$this->setNoCache(true);
} elseif (isset($_GET['v'])) {
// version was given, cache for a long long time (a year)
$this->setCacheTime(365 * 24 * 60 * 60);
} else {
// no version was given, cache for 5 minutes
$this->setCacheTime(5 * 60);
}
}
private function loadOsmlLibrary()
{
$container = $this->gadgetContext->getContainer();
$containerConfig = $this->gadgetContext->getContainerConfig();
$gadgetsFeatures = $containerConfig->getConfig($container, 'gadgets.features');
if (!isset($gadgetsFeatures['osml'])) {
throw new ExpressionException("Missing OSML configuration key in config/config.js");
} elseif (!isset($gadgetsFeatures['osml']['library'])) {
throw new ExpressionException("Missing OSML.Library configuration key in config/config.js");
}
$osmlLibrary = Config::get('container_path') . str_replace('config/', '', $gadgetsFeatures['osml']['library']);
if (!File::exists($osmlLibrary)) {
throw new ExpressionException("Missing OSML Library ({$osmlLibrary})");
}
$this->addTemplateLibrary(file_get_contents($osmlLibrary));
$this->osmlLoaded = true;
}
/**
* Tests GadgetHtmlRenderer->addHeadTags()
*/
public function testAddHeadTags()
{
ob_start();
$this->GadgetHtmlRenderer->renderGadget($this->gadget, $this->view);
ob_end_clean();
$this->GadgetHtmlRenderer->addHeadTags($this->domElement, $this->domDocument);
$tmpNodeList = $this->domElement->getElementsByTagName("style");
$tmpNodeList = $this->domElement->getElementsByTagName("script");
$script = '';
foreach ($this->GadgetHtmlRenderer->gadget->features as $feature) {
$script .= $this->gadgetContext->getRegistry()->getFeatureContent($feature, $this->gadgetContext, true);
}
foreach ($tmpNodeList as $tmpNode) {
$this->assertEquals('text/javascript', $tmpNode->getAttribute('type'));
$nodeValue = substr($tmpNode->nodeValue, 0, strpos($tmpNode->nodeValue, 'gadgets.config.init('));
$this->assertEquals(trim($script), trim($nodeValue));
}
}
/**
* Peforms the actual http fetching of the data-pipelining requests, all social requests
* are made to $_SERVER['HTTP_HOST'] (the virtual host name of this server) / (optional) web_prefix / social / rpc, and
* the httpRequest's are made to $_SERVER['HTTP_HOST'] (the virtual host name of this server) / (optional) web_prefix / gadgets / makeRequest
* both request types use the current security token ($_GET['st']) when performing the requests so they happen in the correct context
*
* @param array $requests
* @param GadgetContext $context
* @return array response
*/
private static function performRequests($requests, GadgetContext $context)
{
$jsonRequests = array();
$httpRequests = array();
$decodedResponse = array();
// Using the same gadget security token for all social & http requests so everything happens in the right context
if (!BasicSecurityToken::getTokenStringFromRequest()) {
throw new ExpressionException("No security token set, required for data-pipeling");
}
$securityToken = $_GET['st'];
foreach ($requests as $request) {
switch ($request['type']) {
case 'os:DataRequest':
// Add to the social request batch
$id = $request['key'];
$method = $request['method'];
// remove our internal fields so we can use the remainder as params
unset($request['key']);
unset($request['method']);
unset($request['type']);
if (isset($request['fields'])) {
$request['fields'] = explode(',', $request['fields']);
}
$jsonRequests[] = array('method' => $method, 'id' => $id, 'params' => $request);
break;
case 'os:HttpRequest':
$id = $request['key'];
$url = $request['href'];
$format = isset($request['format']) ? $request['format'] : 'json';
unset($request['key']);
unset($request['type']);
unset($request['href']);
$httpRequests[$url] = array('id' => $id, 'url' => $url, 'format' => $format, 'queryStr' => implode('&', $request));
break;
}
}
if (count($jsonRequests)) {
// perform social api requests
$request = new RemoteContentRequest('http://' . $_SERVER['HTTP_HOST'] . Config::get('web_prefix') . '/rpc?st=' . urlencode($securityToken) . '&format=json', "Content-Type: application/json\n", json_encode($jsonRequests));
$request->setMethod('POST');
$remoteFetcherClass = Config::get('remote_content_fetcher');
$remoteFetcher = new $remoteFetcherClass();
$basicRemoteContent = new BasicRemoteContent($remoteFetcher);
$response = $basicRemoteContent->fetch($request);
$decodedResponse = json_decode($response->getResponseContent(), true);
}
if (count($httpRequests)) {
$requestQueue = array();
foreach ($httpRequests as $request) {
$req = new RemoteContentRequest($_SERVER['HTTP_HOST'] . Config::get('web_prefix') . '/gadgets/makeRequest?url=' . urlencode($request['url']) . '&st=' . urlencode($securityToken) . (!empty($request['queryStr']) ? '&' . $request['queryStr'] : ''));
$req->getOptions()->ignoreCache = $context->getIgnoreCache();
$req->setNotSignedUri($request['url']);
$requestQueue[] = $req;
}
$basicRemoteContent = new BasicRemoteContent();
$resps = $basicRemoteContent->multiFetch($requestQueue);
foreach ($resps as $response) {
//FIXME: this isn't completely correct yet since this picks up the status code and headers
// as they are returned by the makeRequest handler and not the ones from the original request
$url = $response->getNotSignedUrl();
$id = $httpRequests[$url]['id'];
// strip out the UNPARSEABLE_CRUFT (see makeRequestHandler.php) on assigning the body
$resp = json_decode(str_replace("throw 1; < don't be evil' >", '', $response->getResponseContent()), true);
if (is_array($resp)) {
$statusCode = $response->getHttpCode();
$statusCodeMessage = $response->getHttpCodeMsg();
$headers = $response->getHeaders();
if (intval($statusCode) == 200) {
$content = $httpRequests[$url]['format'] == 'json' ? json_decode($resp[$url]['body'], true) : $resp[$url]['body'];
$toAdd = array('result' => array('content' => $content, 'status' => $statusCode, 'headers' => $headers));
} else {
$content = $resp[$url]['body'];
$toAdd = array('error' => array('code' => $statusCode, 'message' => $statusCodeMessage, 'result' => array('content' => $content, 'headers' => $headers)));
}
//$toAdd[$id] = array('id' => $id, 'result' => $httpRequests[$url]['format'] == 'json' ? json_decode($resp[$url]['body'], true) : $resp[$url]['body']);
$decodedResponse[] = array('id' => $id, 'result' => $toAdd);
}
}
}
return $decodedResponse;
}
/**
* Builds a request to retrieve the actual content.
*
* @param GadgetContext $context The rendering context.
* @param MakeRequestOptions $params Options for crafting the request.
* @param SecurityTokenDecoder $signer A signer needed for signed requests.
* @return RemoteContentRequest An initialized request object.
*/
public function buildRequest(GadgetContext $context, MakeRequestOptions $params, SecurityTokenDecoder $signer = null)
{
// Check the protocol requested - curl doesn't really support file://
// requests but the 'error' should be handled properly
$protocolSplit = explode('://', $params->getHref(), 2);
if (count($protocolSplit) < 2) {
throw new Exception("Invalid protocol specified");
}
$protocol = strtoupper($protocolSplit[0]);
if ($protocol != "HTTP" && $protocol != "HTTPS") {
throw new Exception("Invalid protocol specified in url: " . htmlentities($protocol));
}
$method = $params->getHttpMethod();
if ($method == 'POST' || $method == 'PUT') {
// even if postData is an empty string, it will still post
// (since RemoteContentRquest checks if its false)
// so the request to POST is still honored
$request = new RemoteContentRequest($params->getHref(), null, $params->getRequestBody());
} else {
if ($method == 'DELETE' || $method == 'GET' || $method == 'HEAD') {
$request = new RemoteContentRequest($params->getHref());
} else {
throw new Exception("Invalid HTTP method.");
}
}
$request->setMethod($method);
if ($signer) {
switch ($params->getAuthz()) {
case 'SIGNED':
$request->setAuthType(RemoteContentRequest::$AUTH_SIGNED);
break;
case 'OAUTH':
$request->setAuthType(RemoteContentRequest::$AUTH_OAUTH);
$request->setOAuthRequestParams($params->getOAuthRequestParameters());
break;
}
$st = $params->getSecurityTokenString();
if ($st === false) {
throw new Exception("A security token is required for signed requests");
}
$token = $context->validateToken($st, $signer);
$request->setToken($token);
}
// Strip invalid request headers. This limits the utility of the
// MakeRequest class a little bit, but ensures that none of the invalid
// headers are present in any request going through this class.
$headers = $params->getRequestHeadersArray();
if ($headers !== false) {
$headers = $this->stripInvalidArrayKeys($headers, MakeRequest::$BAD_REQUEST_HEADERS);
$params->setRequestHeaders($headers);
}
// The request expects headers to be stored as a normal header text blob.
// ex: Content-Type: application/atom+xml
// Accept-Language: en-us
$formattedHeaders = $params->getFormattedRequestHeaders();
if ($formattedHeaders !== false) {
$request->setHeaders($formattedHeaders);
}
return $request;
}
/**
* Tests GadgetContext->setView()
*/
public function testSetView()
{
$view = 'Dummie_view';
$this->GadgetContext->setView($view);
$this->assertEquals($view, $this->GadgetContext->getView());
}
/**
* Appends data from <Preload> elements to make them available to
* gadgets.io.
*
* @param gadget
*/
private function appendPreloads(Gadget $gadget, GadgetContext $context)
{
$resp = array();
$gadgetSigner = Config::get('security_token_signer');
$gadgetSigner = new $gadgetSigner();
$token = '';
try {
$token = $context->extractAndValidateToken($gadgetSigner);
} catch (Exception $e) {
$token = '';
// no token given, safe to ignore
}
$unsignedRequests = $unsignedContexts = array();
$signedRequests = array();
foreach ($gadget->getPreloads() as $preload) {
try {
if (($preload->getAuth() == Auth::$NONE || $token != null) && (count($preload->getViews()) == 0 || in_array($context->getView(), $preload->getViews()))) {
$request = new RemoteContentRequest($preload->getHref());
$request->createRemoteContentRequestWithUri($preload->getHref());
$request->getOptions()->ownerSigned = $preload->isSignOwner();
$request->getOptions()->viewerSigned = $preload->isSignViewer();
switch (strtoupper(trim($preload->getAuth()))) {
case "NONE":
// Unify all unsigned requests to one single multi request
$unsignedRequests[] = $request;
$unsignedContexts[] = $context;
break;
case "SIGNED":
// Unify all signed requests to one single multi request
$signingFetcherFactory = new SigningFetcherFactory(Config::get("private_key_file"));
$fetcher = $signingFetcherFactory->getSigningFetcher(new BasicRemoteContentFetcher(), $token);
$req = $fetcher->signRequest($preload->getHref(), $request->getMethod());
$req->setNotSignedUri($preload->getHref());
$signedRequests[] = $req;
break;
default:
@ob_end_clean();
header("HTTP/1.0 500 Internal Server Error", true);
echo "<html><body><h1>" . "500 - Internal Server Error" . "</h1></body></html>";
die;
}
}
} catch (Exception $e) {
throw new Exception($e);
}
}
if (count($unsignedRequests)) {
try {
$brc = new BasicRemoteContent();
$responses = $brc->multiFetch($unsignedRequests, $unsignedContexts);
foreach ($responses as $response) {
$resp[$response->getUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
} catch (Exception $e) {
throw new Exception($e);
}
}
if (count($signedRequests)) {
try {
$fetcher = $signingFetcherFactory->getSigningFetcher(new BasicRemoteContentFetcher(), $token);
$responses = $fetcher->multiFetchRequest($signedRequests);
foreach ($responses as $response) {
$resp[$response->getNotSignedUrl()] = array('body' => $response->getResponseContent(), 'rc' => $response->getHttpCode());
}
} catch (Exception $e) {
throw new Exception($e);
}
}
$resp = count($resp) ? json_encode($resp) : "{}";
return "gadgets.io.preloaded_ = " . $resp . ";\n";
}
/**
* Outputs a html content type gadget.
* It creates a html page, with the javascripts from the features inline into the page, plus
* calls to 'gadgets.config.init' with the container configuration (config/container.js) and
* 'gadgets.Prefs.setMessages_' with all the substitutions. For external javascripts it adds
* a <script> tag.
*
* @param Gadget $gadget
* @param GadgetContext $context
*/
private function outputHtmlGadget($gadget, $context)
{
$this->setContentType("text/html; charset=UTF-8");
$output = '';
$output .= "<html>\n<head>\n";
// TODO: This is so wrong. (todo copied from java shindig, but i would agree with it :))
$output .= "<style type=\"text/css\">body,td,div,span,p{font-family:arial,sans-serif;} a {color:#0000cc;}a:visited {color:#551a8b;}a:active {color:#ff0000;}body{margin: 0px;padding: 0px;background-color:white;}</style>\n";
$output .= "</head>\n<body>\n";
$externJs = "";
$inlineJs = "";
$externFmt = "<script src=\"%s\"></script>";
$forcedLibs = $context->getForcedJsLibs();
foreach ($gadget->getJsLibraries() as $library) {
$type = $library->getType();
if ($type == 'URL') {
// TODO: This case needs to be handled more gracefully by the js
// servlet. We should probably inline external JS as well.
$externJs .= sprintf($externFmt, $library->getContent()) . "\n";
} else {
if ($type == 'INLINE') {
$inlineJs .= $library->getContent() . "\n";
} else {
// FILE or RESOURCE
if ($forcedLibs == null) {
$inlineJs .= $library->getContent() . "\n";
}
// otherwise it was already included by config.forceJsLibs.
}
}
}
// Forced libs first.
if (!empty($forcedLibs)) {
$libs = explode(':', $forcedLibs);
$output .= sprintf($externFmt, $this->getJsUrl($libs)) . "\n";
}
if (strlen($inlineJs) > 0) {
$output .= "<script><!--\n" . $inlineJs . "\n-->\n</script>\n";
}
if (strlen($externJs) > 0) {
$output .= $externJs;
}
$output .= "<script><!--\n";
$output .= $this->appendJsConfig($context, $gadget);
$output .= $this->appendMessages($gadget);
$output .= "-->\n</script>\n";
$gadgetExceptions = array();
$content = $gadget->getContentData($context->getView());
if (empty($content)) {
// unknown view
$gadgetExceptions[] = "View: '" . $context->getView() . "' invalid for gadget: " . $gadget->getId()->getKey();
}
if (count($gadgetExceptions)) {
throw new GadgetException(print_r($gadgetExceptions, true));
}
$output .= $content . "\n";
$output .= "<script>gadgets.util.runOnLoadHandlers();</script>\n";
$output .= "</body>\n</html>";
if (Config::get('P3P') != '') {
header("P3P: " . Config::get('P3P'));
}
echo $output;
}
public function getGadgetSpec(GadgetContext $context)
{
return $this->getGadgetSpecUri($context->getUrl(), $context->getIgnoreCache());
}
/**
* Tests GadgetContext->setView()
*/
public function testSetView()
{
$view = 'Dummie_view';
$this->GadgetContext->setView($view);
$this->assertAttributeEquals($view, 'view', $this->GadgetContext);
}
public function __construct($url)
{
parent::__construct('GADGET');
$this->url = $url;
}
