Exemplo n.º 1
0
 /**
  * The main entry point for V1 of the API engine
  * 
  * @return string The JSON encoded string for the loader to parse
  */
 public function action_index()
 {
     // Set up our APIRequest object
     if (is_array($setup = \V1\APIRequest::setup())) {
         return $this->response_format();
     }
     // Validate the request
     if (is_array($validate_request = \V1\ValidateRequest::run())) {
         return $this->response_format($validate_request);
     }
     // Validate a Data Call
     if (\V1\APIRequest::get('data-call', false) !== false) {
         if (is_array($data_call = \V1\Call\DataCall::run()) || is_string($data_call)) {
             // HTML only Data Calls
             if (\Session::get('response_format', false) === 'html' && is_string($data_call)) {
                 return $data_call;
             }
             // Non-HTML Data Calls
             return $this->response_format($data_call);
         }
     }
     // Are we processing an API call?
     if (\V1\APIRequest::get('api', false) !== false) {
         $runcall = new \V1\RunCall();
         if (is_array($response = $runcall->ignite())) {
             return $this->response_format($response);
         }
     }
     // Nothing happened, so return an error.
     return $this->response_format(\Utility::format_error(500));
 }
Exemplo n.º 2
0
 public function test_format_error()
 {
     $custom_response = array('errors' => array('code' => 500, 'type' => 'server error', 'message' => 'Test server error'));
     $default_response = array('errors' => array('code' => 500, 'type' => 'server error', 'message' => 'Internal Server Error'));
     // Custom
     $this->assertSame($custom_response, \Utility::format_error(500, \Err::SERVER_ERROR, 'Test server error'));
     // Default
     $this->assertSame($default_response, \Utility::format_error(500));
 }
 /**
  * Configure a dynamic call
  *
  * @return mixed The \V1\APICall object or the error array on fail
  */
 public static function configure_call()
 {
     // Dynamic calls don't work through JS.
     if (\Session::get('public', true) === true) {
         return \Utility::format_error(400, \V1\Err::NO_JS_CALLS, \Lang::get('v1::errors.no_js_calls'));
     }
     // We need API configuration data.
     if (!is_array(\V1\APIRequest::get('configure', false))) {
         return \Utility::format_error(400, \V1\Err::MISSING_CONFIGURE, \Lang::get('v1::errors.missing_configure'));
     }
     // For some reason we can't parse the RAML, so we throw a 500 error.
     if (($api_def = \V1\RAML::parse()) === false) {
         return \Utility::format_error(500);
     } elseif (is_array($api_def)) {
         // Specific error
         return $api_def;
     }
     if (is_string($uri = \V1\APIRequest::get('configure.uri')) && is_string($method = \V1\APIRequest::get('configure.method'))) {
         $api_call = null;
         // Custom calls
         if (\V1\APIRequest::get('api') === 'custom') {
             if (is_string($url = \V1\APIRequest::get('configure.url')) && !empty($url)) {
                 $api_call = \V1\APICall::forge($api_def, $method, $uri, null, true, $url);
             }
             return \Utility::format_error(400, \V1\Err::NO_URL, \Lang::get('v1::errors.no_url'));
         }
         $api_data = \V1\Model\APIs::get_api();
         try {
             // Is it a valid resource?
             $api_def->getResourceByUri($uri)->getMethod($method);
             // We'll validate the call unless both the API provider and calling script deny that protection.
             $custom_dynamic = false;
             if ($api_data['force_validation'] === 0 && \V1\APIRequest::get('no-validate', false) === true) {
                 $custom_dynamic = true;
             }
             $api_call = \V1\APICall::forge($api_def, $method, $uri, null, $custom_dynamic);
         } catch (\Raml\Exception\BadParameter\ResourceNotFoundException $e) {
             // Does the API Provider allow for unconfigured static calls on their server?
             if ($api_data['allow_custom_dynamic'] === 1) {
                 $api_call = \V1\APICall::forge($api_def, $method, $uri, null, true);
             }
         }
         if (is_object($api_call)) {
             if (!empty($api_call->get_errors())) {
                 // Errors from \APICall
                 return $api_call->get_errors();
             } else {
                 // Return the \APICall object
                 return $api_call;
             }
         }
     }
     // Not found
     return \Utility::format_error(400, \V1\Err::BAD_DYNAMIC, \Lang::get('v1::errors.bad_dynamic'));
 }
Exemplo n.º 4
0
 /**
  *  Load every call to the API with this method.
  *  
  *  @return void
  *  @access public
  */
 public function action_index()
 {
     // Profile the loader
     \Profiler::mark('Start of loader\'s action_index() function');
     \Profiler::mark_memory($this, 'Start of loader\'s action_index() function');
     // Make sure we aren't processing crap.
     if (in_array($this->format, array('csv', 'php', 'serialize'))) {
         $this->format = 'json';
     }
     // For some reason this value is quoted when set to html.
     if (\Input::post('format') === '"html"') {
         $this->format = 'html';
     }
     // Cleanse the session to keep things stable.
     \Session::destroy();
     // For error handling
     \Session::set('response_format', $this->format);
     // External error processing through Apache
     if (\Uri::segment(1) === 'error' && is_numeric(\Uri::segment(2)) && strlen(\Uri::segment(2)) === 3) {
         return $this->response(\Utility::format_error(\Uri::segment(2)));
     }
     // /loader/index/error/404 style (Due to routing)
     if (substr_count(\Uri::current(), 'loader/index/error') === 1 && is_numeric(\Uri::segment(4)) && strlen(\Uri::segment(4)) === 3) {
         return $this->response(\Utility::format_error(\Uri::segment(4)));
     }
     // We need a version number
     if (empty(\Uri::segment(1)) || \Module::exists(\Uri::segment(1)) === false) {
         $error_data = \Utility::format_error(400, \Err::BAD_OR_NO_VERSION, \Lang::get('errors.bad_version'));
         return $this->response($error_data, 400);
     }
     // We need a request.
     if (empty(\Input::post()) || \Input::method() !== 'POST') {
         $error_data = \Utility::format_error(405, null, \Lang::get('errors.no_request'));
         return $this->response($error_data, 405);
     }
     // Pass the request to the proper API version request handler. (Module)
     if (!empty(\Input::post())) {
         \Module::load(\Uri::segment(1));
         $response = \Request::forge(\Uri::segment(1) . '/index', false)->execute()->response->body;
         // HTML only Data Calls
         if (is_string($response)) {
             return $this->response($response, 200);
         }
         return $this->response($response[0], $response[1]);
     }
 }
 /**
  * Validate the request to make sure we have trusted and sufficient data.
  * 
  * @return mixed True on success, or an array of error data on fail
  */
 public static function run()
 {
     /**
      * Verify that we have at least an "api" or "data-call" token.
      */
     if (\V1\APIRequest::get('api', false) === false && \V1\APIRequest::get('data-call', false) === false) {
         return \Utility::format_error(400, \V1\Err::BAD_BODY, \Lang::get('v1::errors.bad_body'));
     }
     /**
      * Easter egg processing plant
      */
     if (\V1\APIRequest::get('api') === 'I\'m a teapot') {
         return \Utility::format_error(418, \V1\Err::IM_A_TEAPOT, str_replace("\t", '', \Lang::get('v1::errors.im_a_teapot')));
     }
     /**
      * AUTHORIZATION
      */
     // Once we've authenticated to start running calls from one Data Call, we don't authenticate again.
     if (\Session::get('data_call', false) === false) {
         // If they failed to authenticate, then issue a 401 unauthorized error.
         if (\V1\Account::authenticate() === false) {
             // Log the failure.
             \Log::logger('INFO', 'AUTHORIZE:FAIL', \Lang::get('log.authorize_fail'), __METHOD__, array('consumer_key' => \Session::get('consumer_key', 'NOT SET'), 'public_mode' => \Session::get('public', 'NOT SET')));
             return \Utility::format_error(401);
         }
         // Log the success.
         \Log::logger('INFO', 'AUTHORIZE:SUCCESS', \Lang::get('log.authorize_success'), __METHOD__, array('consumer_key' => \Session::get('consumer_key', 'NOT SET'), 'public_mode' => \Session::get('public', 'NOT SET')));
         /**
          * DOWNGRADE PROCESSING
          */
         \V1\Account::downgrade();
     }
     /**
      * GLOBAL LIMITS
      */
     if (static::check_global_limits() === false) {
         return \Utility::format_error(429, \V1\Err::MAXED_OUT_LIMITS, \Lang::get('v1::errors.maxed_out_limits'));
     }
     return true;
 }
Exemplo n.º 6
0
 /**
  * Parse a RAML file
  * 
  * @param string $raml_string	The RAML string to parse
  * @param string $root_dir		The root directory to parse !include files (Defaults to the "raml"
  * 								directory for the module.)
  * @param bool $parse_schemas	True to parse included RAML files, or false not to (Defaults to true)
  * 
  * @return mixed The \Raml\APIDefinition object, or false if the RAML string didn't exist
  */
 public static function parse($raml_string = null, $root_dir = null, $parse_schemas = true)
 {
     // Find the RAML string.
     if (empty($raml_string) && ($raml_string = static::get_raml_string()) === false) {
         return false;
     }
     // Use the default root directory for RAML files.
     if (empty($root_dir)) {
         $root_dir = __DIR__ . DS . '..' . DS . 'raml';
     }
     // Build the settings object.
     $parser_config_obj = new \Raml\ParseConfiguration();
     if ($parse_schemas === true) {
         $parser_config_obj->enableSchemaParsing();
     } else {
         $parser_config_obj->disableSchemaParsing();
     }
     /*
      * Don't create security settings parser objects. They restrict settings to only those the parsers
      * specify.
      */
     $parser_config_obj->disableSecuritySchemeParsing();
     $parser = new \Raml\Parser(null, null, null, $parser_config_obj);
     /**
      * Prevent the parser from automatically merging security scheme data with the method.
      * 
      * @link https://github.com/alecsammon/php-raml-parser/issues/68
      */
     //$parser->setMergeSecurity();
     try {
         $api_def = $parser->parseFromString($raml_string, $root_dir);
     } catch (\Raml\Exception\InvalidSchemaTypeException $e) {
         return \Utility::format_error(500, \V1\Err::INVALID_SCHEMA_TYPE, \Lang::get('v1::errors.invalid_schema_type'));
     }
     return $api_def;
 }
Exemplo n.º 7
0
 /**
  * Call the remote API server
  * 
  * @param \V1\APICall $apicall_obj The APICall object we're using to make calls
  * @return array The array of data ready for display (Response array or error array)
  */
 public function make_the_call(\V1\APICall $apicall_obj)
 {
     /**
      * RUNCLE RICK'S RAD RUN CALL :)
      */
     $api = \V1\Model\APIs::get_api();
     $account = \V1\Model\Account::get_account();
     /*
      * When we make a call from the local server, we'll get the localhost IP. If that's the case,
      * we'll set our public IP. DO NOT use X-Forwarded-For in the request headers to us. It's unreliable.
      * We'll still set our X-Forwarded-For in case the API provider wishes to use it.
      */
     $forwarded_for = \Input::real_ip('0.0.0.0', true);
     if ($internal_call = \Utility::is_internal_call()) {
         $forwarded_for = \Config::get('engine.call_test_ip');
     }
     /*
      * Add our own headers to allow for authenticating our server and customers. We overwrite any
      * of these headers that were specified by the API Provider through RAML, or by the developer
      * through thier configuration.
      */
     $headers = static::get_headers($apicall_obj->get_headers());
     $call = array('url' => $apicall_obj->get_url(), 'method' => $apicall_obj->get_method(), 'headers' => $headers, 'body' => $apicall_obj->get_method_params(), 'body-type' => $apicall_obj->get_body_type());
     if (\Fuel::$env !== 'production' && \Config::get('engine.dev_disable_live_calls', false) === true) {
         /**
          * In dev mode we can disable calls to the remote server. Feel free to change the
          * dummy response to whatever you'd like to.
          */
         $response = array('status' => 200, 'headers' => array('X-Dev-Mode' => 'Dummy header'), 'body' => array('dummy_key' => 'dummy_val'));
         return \Utility::format_response(200, $response);
     } else {
         /*
          * We'll see if anyone got a cached entry into our system while we were configuring stuff.
          * That way we'll save time.
          */
         if (\V1\APIRequest::is_static() && is_array($cached_data = \V1\Call\StaticCall::get_call_cache())) {
             // Return the response-formatted data from the cached entry.
             return $cached_data;
         }
         $queued = \V1\Socket::forge()->queue_call(\V1\APIRequest::get('api'), $call, $apicall_obj);
     }
     // Non-Data Calls grab the request right away.
     if (\Session::get('data_call', false) === false) {
         if ($queued === false) {
             // Server unavailable
             return \Utility::format_error(503, \Err::SERVER_ERROR, \Lang::get('v1::errors.remote_unavailable'));
         }
         // Pull the results.
         $result = \V1\Socket::forge()->get_results();
         if (is_array($result)) {
             // We only have one call.
             return $result[\V1\APIRequest::get('api')][0];
         } else {
             // If the request failed with false, it means that all streams timed out.
             return \Utility::format_error(500);
         }
     }
     $dc_response = array('status' => 200, 'headers' => array(), 'body' => \V1\Constant::QUEUED_CALL);
     // In Data Call mode we just signify that we've queued the call.
     return \Utility::format_response(200, $dc_response);
 }
 /**
  * Check the speed limits of an API to make sure that the account isn't calling the API more than it's
  * allowed to in the specified time frame.
  * 
  * @return mixed True if the call is within the speed limits, or the error array if it isn't
  */
 private static function check_usage_limits()
 {
     $api_data = \V1\Model\APIs::get_api(\V1\APIRequest::get('api'));
     $account_data = \V1\Model\Account::get_account();
     $package_limits = \V1\RAML::parse_package_limits();
     /*
      * Are there any limits on the API for our package level? API limits are imposed
      * by Bit API Hub, not the API provider. It helps to limit the amount of bandwidth
      * we allot for each call. The heavier the call, the less calls people can make.
      */
     if (is_array($package_limits) && array_key_exists('level' . $account_data['access_level'], $package_limits) && !empty($usage = \V1\Usage::get_usage(\V1\APIRequest::get('api')))) {
         // Loop the allotments of API calls per time period
         foreach ($package_limits['level' . $account_data['access_level']] as $time_period => $allotment) {
             // If we have a valid log for the time period, and it's already maxed out, fail the check.
             if (isset($usage[$time_period]) && $usage[$time_period]['count'] == $allotment && \Utility::subtract_seconds($time_period) <= $usage[$time_period]['ts'] && $usage[$time_period]['ts'] <= time()) {
                 return \Utility::format_error(429, \V1\Err::TOO_MANY_REQUESTS, \Lang::get('v1::errors.too_many_requests', array('allotment' => number_format($allotment), 'period' => $time_period)));
             }
         }
     }
     // We're not breaking the speed limit, so shush.
     return true;
 }
 /**
  * Populate the settings data.
  * 
  * @return mixed The error array if we submitted serialized data, or void if everything went as planned.
  */
 public static function setup()
 {
     $post_data = \Session::get('data_call', false) === false ? \Input::post() : \Session::get('posted_data', array());
     $settings_array = array();
     foreach ($post_data as $input_key => $input_val) {
         $decoded = is_string($input_val) ? json_decode($input_val, true) : $input_val;
         $input_val = empty($decoded) ? $input_val : $decoded;
         // No serialized input due to security issues
         if (static::is_serialized_recursive($input_val)) {
             return \Utility::format_error(400);
         }
         $settings_array[$input_key] = $input_val;
     }
     if (isset($post_data['data-call'])) {
         static::instance()->data_call = $settings_array;
     }
     static::instance()->settings = $settings_array;
     static::instance()->post_data = $post_data;
     return true;
 }
Exemplo n.º 10
0
 /**
  * Prevent CRLF attacks
  * 
  * @param array $header_array The array of headers
  * @return boolean True if we're safe, false if not
  */
 protected function check_crlf(array $header_array)
 {
     foreach ($header_array as $header_name => $header_val) {
         if (substr_count($header_val, "\n") > 0 || substr_count($header_val, "\r") > 0 || substr_count($header_val, '\\n') > 0 || substr_count($header_val, '\\r') > 0) {
             $this->errors = \Utility::format_error(400, \V1\Err::NEW_LINE_HEADER, \Lang::get('v1::errors.new_line_header'));
             return false;
         }
     }
     return true;
 }
 /**
  * Try to get an \APICall object
  *
  * @param string $call The static call name, or null if we're making a dynamic call.
  * @return mixed The \APICall object on success, or false if an error occurred.
  */
 protected static function apicall_object($call = null)
 {
     // For some reason we can't parse the RAML, so we throw a 500 error.
     if (($api_def = \V1\RAML::parse()) === false) {
         return \Utility::format_error(500);
     } elseif (is_array($api_def)) {
         // Specific error
         return $api_def;
     }
     $all_calls = (array) $api_def->getResourcesAsUri();
     $all_calls = reset($all_calls);
     $api_call = null;
     // Loop through every possible URI on the API
     foreach ($all_calls as $uri => $call_data) {
         // GET /res/name
         $uri_explode = explode(' ', $uri);
         // Is it the static call we need?
         if (($call_uri = str_replace('/{{static-calls}}' . $call, '', $uri_explode[1])) !== $uri_explode[1]) {
             /*
              * Static calls only have one method, so since it matches the resource, we'll pass along
              * the method it uses.
              */
             $api_call = \V1\APICall::forge($api_def, $uri_explode[0], $call_uri, $uri_explode[1]);
             break;
         }
     }
     if (is_object($api_call)) {
         if (!empty($api_call->get_errors())) {
             // Errors from \APICall
             return $api_call->get_errors();
         } else {
             // Return the \APICall object
             return $api_call;
         }
     }
     return false;
 }
Exemplo n.º 12
0
 /**
  * Run the Data Call
  * 
  * @return mixed The array of responses and template data, or the HTML template if the format is "html"
  */
 public static function run()
 {
     if (\Session::get('public', true) === true) {
         return \Utility::format_error(400, \V1\Err::NO_JS_CALLS, \Lang::get('v1::errors.no_js_calls'));
     }
     // Make sure the Data Call exists, and is part of their account.
     if (empty($data_call_data = \V1\Model\DataCalls::get_data_call())) {
         return \Utility::format_error(404, \V1\Err::BAD_DATA_CALL, \Lang::get('v1::errors.bad_data_call'));
     }
     $account_data = \V1\Model\Account::get_account();
     // Make sure they are allowed to access it.
     if ($account_data['access_level'] < $data_call_data['min_access_level']) {
         return \Utility::format_error(402, \V1\Err::UPGRADE_REQUIRED, \Lang::get('v1::errors.upgrade_required'));
     }
     // Make sure that the Data Call is enabled or callable.
     if ($data_call_data['active_level'] === 0 && ($account_data['can_run_inactive'] === 0 && $account_data['id'] !== $data_call_data['account_id'])) {
         return \Utility::format_error(403, \V1\Err::DISABLED_DATA_CALL, \Lang::get('v1::errors.disabled_data_call'));
     }
     // Custom Data Calls allow the user to send us their workload (call script) and we'll process it for them.
     if (\V1\APIRequest::get('data-call', false) === 'custom') {
         $call_script = \V1\APIRequest::get('call-script', false);
     } else {
         $call_script = json_decode($data_call_data['call_script'], true);
     }
     // Make sure we have a call script.
     if (empty($call_script) || !is_array($call_script)) {
         return \Utility::format_error(503, \V1\Err::DATA_CALL_MISCONFIG, \Lang::get('v1::errors.data_call_misconfig'));
     }
     // Free accounts may not change their Data Calls, as they may only use public data calls.
     if ($account_data['access_level'] > 1 && is_array($call_options = \V1\APIRequest::data_call('call-options', false))) {
         $call_script = array_replace_recursive($call_script, $call_options);
     }
     /*
      * Set the Data Call flag to bypass things that no longer pertain to further calls, such as
      * authentication to Bit API Hub.
      */
     \Session::set('data_call', true);
     $response = array();
     $template_data = null;
     foreach ($call_script as $key => $call) {
         // If we have template data for widgets, gadgets, graphs, and charts, oh my, then we'll use it later.
         if ($key === 'template') {
             $template_data = $call;
             continue;
         }
         // We need a name. Even custom calls use the "custom" API.
         if (empty($call['api'])) {
             continue;
         }
         // Set the post data as defined in our script.
         \Session::set('posted_data', $call);
         // Make the call.
         $api_call = \Request::forge('v1/index', false)->execute()->response->body;
         // Bad decode
         if (empty($api_call)) {
             $response[$call['api']][] = \Utility::format_error(500);
         }
         // The response cometh forth, not stuck in zein queue.
         if (!empty($api_call[0]['response']['body']) && $api_call[0]['response']['body'] === \V1\Constant::QUEUED_CALL) {
             // Keep the order of calls right proper. :P
             $response[$call['api']][] = \V1\Constant::QUEUED_CALL;
         } else {
             // We have our response, so we set that now.
             $response[$call['api']][] = $api_call[0];
         }
     }
     // If the customer doesn't need any response data, then we don't make them wait while we retrieve the results.
     if (\V1\APIRequest::data_call('no-response', false) === true) {
         $response = array('status' => 200, 'headers' => array(), 'body' => \Lang::get('v1::response.done'));
         return \Utility::format_response(200, $response);
     }
     // Check for responses.
     $call_queue = \V1\Socket::forge()->get_results();
     // If we have queued responses, and possibly place holders, then we'll loop.
     if (!empty($call_queue) && !empty($response)) {
         // Let's loop. :)
         foreach ($call_queue as $api_name => $call_number_data) {
             /*
              * Somehow we don't need the response. Odd... I don't know why they bother giving me this stuff
              * if they don't want me to use it.
              */
             if (empty($response[$api_name])) {
                 continue;
             }
             // Find the next queued placeholder.
             $queued_placeholder = array_search(\V1\Constant::QUEUED_CALL, $response[$api_name]);
             // If we have a placeholder, then put it's value in place.
             if ($queued_placeholder !== false) {
                 $response[$api_name][$queued_placeholder] = $call_number_data[(int) key($call_number_data)];
             }
         }
     }
     // If we have template data to display, then format that now.
     if (!empty($template_data)) {
         // We only want the template we just compiled, so return that.
         if (\Session::get('response_format') === 'html') {
             return static::process_template($template_data, $response, true);
         }
         // Set the template to the array of template data.
         $response['template'] = static::process_template($template_data, $response);
         return \Utility::format_response(200, $response);
     } else {
         // No template data, so just return the responses.
         return \Utility::format_response(200, $response);
     }
 }
Exemplo n.º 13
0
 /**
  * Grab the API access token and key, and return the array of credentials
  * 
  * @param \OAuth $oauth			The OAuth object we're using for authentication
  * @param array $settings		The array of RAML settings
  * @param array $credentials	The array of credentials for our call
  * 
  * @return array The array of credentials, or an error array when the customer must manually
  * 					validate for the second leg, or false on fail
  */
 private function get_access_tokens(\OAuth $oauth, array $settings, array $credentials)
 {
     $callback_url = \Config::get('engine.oauth_10a_callback_url', null);
     if (!empty($settings['callback'])) {
         $callback_url = $settings['callback'];
     }
     // Grab the request token if we didn't just authorize the request.
     if (empty($credentials['OAUTH_REQUEST_TOKEN']) && empty($credentials['OAUTH_REQUEST_TOKEN_SECRET'])) {
         try {
             $request_token_info = $oauth->getRequestToken($settings['requestTokenUri'], $callback_url, $settings['requestTokenMethod']);
         } catch (\OAuthException $e) {
             // Something went wrong, so destroy the cache, and return false so it can get fixed.
             $this->delete_cache();
             return false;
         }
         $credentials['OAUTH_REQUEST_TOKEN'] = $request_token_info['oauth_token'];
         $credentials['OAUTH_REQUEST_TOKEN_SECRET'] = $request_token_info['oauth_token_secret'];
     }
     if (empty($credentials['OAUTH_VERIFIER'])) {
         $credentials['OAUTH_VERIFIER'] = null;
     }
     // Three legged auth requires manual validation.
     if ($settings['legs'] === 3) {
         if (empty($credentials['OAUTH_REQUEST_TOKEN']) || empty($credentials['OAUTH_REQUEST_TOKEN_SECRET']) || empty($credentials['OAUTH_VERIFIER'])) {
             if (strpos($settings['authorizationUri'], '?') === false) {
                 $settings['authorizationUri'] .= '?';
             } else {
                 $settings['authorizationUri'] .= '&';
             }
             // Save the request tokens.
             $this->set_cache($credentials);
             /*
              * Only non-static calls may show the authorization URL so as to not mislead people into
              * authorizing their accounts for everyone connected to the API hub.
              */
             if (\V1\APIRequest::is_static() === false) {
                 // Tell them were to go.
                 return \Utility::format_error(401, \V1\Err::OAUTH1_AUTHORIZE, \Lang::get('v1::errors.oauth1_authorize', array('url' => $settings['authorizationUri'] . 'oauth_token=' . $request_token_info['oauth_token'])));
             } else {
                 return false;
             }
         }
     }
     $oauth->setToken($credentials['OAUTH_REQUEST_TOKEN'], $credentials['OAUTH_REQUEST_TOKEN_SECRET']);
     try {
         $access_token_info = $oauth->getAccessToken($settings['tokenCredentialsUri'], null, $credentials['OAUTH_VERIFIER'], $settings['tokenCredentialsMethod']);
     } catch (\OAuthException $e) {
         // Something went wrong, so destroy the cache, and return false so it can get fixed.
         $this->delete_cache();
         return false;
     }
     // Clean up our data, and set the access key and secret in the DB.
     unset($credentials['OAUTH_REQUEST_TOKEN']);
     unset($credentials['OAUTH_REQUEST_TOKEN_SECRET']);
     unset($credentials['OAUTH_VERIFIER']);
     $credentials['OAUTH_ACCESS_TOKEN'] = $access_token_info['oauth_token'];
     $credentials['OAUTH_ACCESS_TOKEN_SECRET'] = $access_token_info['oauth_token_secret'];
     // Keep the credentials cached
     $this->set_cache($credentials);
     return $credentials;
 }
 public function response()
 {
     return new \Response(\Utility::prepare_response(\Utility::format_error(400)), 400);
 }
Exemplo n.º 15
0
 /**
  * Get the results from all of our API calls.
  * 
  * @return mixed The array of response data, or false on fail
  */
 public function get_results()
 {
     /**
      * NOTE: Do not use \V1\APIRequest from this point on, as Data Calls will only call this method
      * once, thus leaving us with the data from the last API call the Data Call ran. Instead, use
      * $this->api_request[$api][$api_call_number]
      */
     $responses = array();
     $sockets_array = array();
     foreach ($this->streams as $api => $sockets) {
         // Make sure we only have resources
         foreach ($sockets as $socket_id => $socket_to_me_baby) {
             // May be an error
             if (!is_resource($socket_to_me_baby)) {
                 $responses[$api][$socket_id] = false;
                 continue;
             }
             $sockets_array[$socket_id] =& $this->streams[$api][$socket_id];
         }
         $read =& $sockets_array;
         $write = null;
         $exception = null;
         // Nothing to process
         if (empty($sockets_array)) {
             $this->streams = array();
             return false;
             break;
         }
         /**
          * NOTE: stream_select() will continually update the read stream! As the data comes in, it's made
          * available. That means that when you try to access data from the stream, the stream may not have
          * finished yet, so not all data will be present. Use the Content-Length header to figure out how
          * much data there is.
          */
         stream_select($read, $write, $exception, \Config::get('v1::socket.timeout', 5));
         if (count($read)) {
             foreach ($read as &$read_stream) {
                 $id = array_search($read_stream, $sockets_array);
                 $response = explode("\r\n\r\n", fread($read_stream, 8192));
                 // Make sure that we have all of the headers.
                 while (empty($response[1])) {
                     $response = $response[0] . fread($read_stream, 8192);
                     $response = explode("\r\n\r\n", $response);
                 }
                 $headers = static::build_headers(explode("\r\n", $response[0]));
                 unset($response[0]);
                 $response[1] = implode("\r\n\r\n", $response);
                 $status_code = $headers['BAH-STATUS'];
                 unset($headers['BAH-STATUS']);
                 // We need to know the length before we can start pulling.
                 if (!empty($headers['Content-Length'])) {
                     while (strlen($response[1]) < (int) $headers['Content-Length']) {
                         $response[1] .= fread($read_stream, 8192);
                     }
                     // Decode the body
                     if (!empty($headers['Content-Encoding'])) {
                         $response[1] = static::decode_body($response[1], $headers);
                     }
                 } elseif (!empty($headers['Transfer-Encoding']) && $headers['Transfer-Encoding'] === 'chunked') {
                     $lines = array_reverse(explode("\r\n", $response[1]));
                     // Check if we've already finished pulling data.
                     if (count($lines) < 3 || !(count($lines) >= 3 && strlen($lines[0]) === 0 && strlen($lines[1]) === 0 && strlen($lines[2]) === 1 && is_numeric($lines[2]) && (int) $lines[2] === 0)) {
                         /**
                          * @TODO If the chunking is corrupt, then the loop won't break, and fread will
                          * try to pull data that it can't, and it'll make the script hang. Perhaps
                          * there's a better way around the fact that we can't tell if a live socket is
                          * at the end for some reason?
                          */
                         while (1) {
                             $response[1] .= fread($read_stream, 8192);
                             // Check if we've finished the chunking.
                             $lines = array_reverse(explode("\r\n", $response[1]));
                             if (count($lines) >= 3 && strlen($lines[0]) === 0 && strlen($lines[1]) === 0 && strlen($lines[2]) === 1 && is_numeric($lines[2]) && (int) $lines[2] === 0) {
                                 break;
                             }
                         }
                     }
                     // Decode the body
                     $response[1] = static::decode_body($response[1], $headers);
                 } else {
                     $response[1] = false;
                 }
                 // We won't allow remote APIs to send us a serialized response for security reasons.
                 if ($response[1] === false || \Utility::is_serialized($response[1]) === true) {
                     $responses[$api][$id] = \Utility::format_error(500, \V1\Err::BAD_RESPONSE, \Lang::get('v1::errors.bad_response'));
                     continue;
                 }
                 $response_data = array('status' => $status_code, 'headers' => $headers, 'body' => $response[1]);
                 /**
                  * CALLBACKS
                  */
                 $apicall_obj = $this->api_call[$api][$socket_id];
                 if (!empty($security_calls = $apicall_obj->get_security_calls())) {
                     foreach ($security_calls as $security_call) {
                         // Process the response data as needed.
                         $response_data = $security_call->after_response($response_data);
                     }
                 }
                 // Prepare the response to show the customer.
                 $responses[$api][$id] = static::prepare_response($response_data, $this->api_request[$api][$id], $this->is_static[$api][$id]);
                 fclose($read_stream);
             }
             // Avoid pointer location issues.
             unset($read_stream);
         } else {
             // A time-out means that *all* streams have failed to receive a response.
             $this->streams = array();
             return false;
             break;
         }
     }
     // Return the responses after we reset the stack.
     $this->streams = array();
     return $responses;
 }