/** * Decode an HTTP Response. * @static * @throws apiServiceException * @param apiHttpRequest $response The http response to be decoded. * @return mixed|null */ static function decodeHttpResponse($response) { $code = $response->getResponseHttpCode(); $body = $response->getResponseBody(); $decoded = null; if ($code != '200' && $code != '201' && $code != '204') { $decoded = json_decode($body, true); $err = 'Error calling ' . $response->getMethod() . ' ' . $response->getUrl(); if ($decoded != null && isset($decoded['error']['message']) && isset($decoded['error']['code'])) { // if we're getting a json encoded error definition, use that instead of the raw response // body for improved readability $err .= ": ({$decoded['error']['code']}) " . $decoded['error']['message']; } else { $err .= ": ({$code}) {$body}"; } throw new apiServiceException($err); } // Only attempt to decode the response, if the response code wasn't (204) 'no content' if ($code != '204') { $decoded = json_decode($body, true); if ($decoded == null) { throw new apiServiceException("Invalid json in service response: {$body}"); } } return $decoded; }
/** * Sign the request using OAuth. This uses the consumer token and key * * @param string $method the method (get/put/delete/post) * @param string $url the url to sign (http://site/social/rest/people/1/@me) * @param array $params the params that should be appended to the url (count=20 fields=foo, etc) * @param string $postBody for POST/PUT requests, the postBody is included in the signature * @return string the signed url */ public function sign(apiHttpRequest $request) { // add the developer key to the request before signing it if ($this->developerKey) { $request->setUrl($request->getUrl() . (strpos($request->getUrl(), '?') === false ? '?' : '&') . 'key=' . urlencode($this->developerKey)); } // and sign the request $oauthRequest = apiClientOAuthRequest::from_request($request->getMethod(), $request->getBaseUrl(), $request->getQueryParams()); $params = $this->mergeParameters($request->getQueryParams()); foreach ($params as $key => $val) { if (is_array($val)) { $val = implode(',', $val); } $oauthRequest->set_parameter($key, $val); } $oauthRequest->sign_request($this->signatureMethod, $this->consumerToken, $this->accessToken); $authHeaders = $oauthRequest->to_header(); $headers = $request->getHeaders(); $headers[] = $authHeaders; $request->setHeaders($headers); // and add the access token key to it (since it doesn't include the secret, it's still secure to store this in cache) $request->accessKey = $this->accessToken->key; return $request; }
/** * Sign the request using OAuth. This uses the consumer token and key * * @param string $method the method (get/put/delete/post) * @param string $url the url to sign (http://site/social/rest/people/1/@me) * @param array $params the params that should be appended to the url (count=20 fields=foo, etc) * @param string $postBody for POST/PUT requests, the postBody is included in the signature * @return string the signed url */ public function sign(apiHttpRequest $request) { // add the developer key to the request before signing it if ($this->developerKey) { $url = $request->getUrl(); $url .= (strpos($url, '?') === false ? '?' : '&') . 'key=' . urlencode($this->developerKey); } // and sign the request $oauthRequest = OAuthRequest::from_request($request->getMethod(), $request->getBaseUrl(), $request->getQueryParams()); $params = $this->mergeParameters($request->getQueryParams()); foreach ($params as $key => $val) { if (is_array($val)) { $val = implode(',', $val); } $oauthRequest->set_parameter($key, $val); } $oauthRequest->sign_request($this->signatureMethod, $this->consumerToken, $this->accessToken); $signedUrl = $oauthRequest->to_url(); // Set an originalUrl property that can be used to cache the resource $request->originalUrl = $request->getUrl(); // and add the access token key to it (since it doesn't include the secret, it's still secure to store this in cache) $request->accessKey = $this->accessToken->key; $request->setUrl($signedUrl); return $request; }
private function setCachedRequest(apiHttpRequest $request) { // Only cache GET requests if ($request->getMethod() != 'GET') { return false; } // Analyze the request headers to see if there is a valid caching strategy. $headers = $this->getNormalizedHeaders($request); // And parse all the bits that are required for the can-cache evaluation $etag = isset($headers['etag']) ? $headers['etag'] : false; $expires = isset($headers['expires']) ? strtotime($headers['expires']) : false; $date = isset($headers['date']) ? strtotime($headers['date']) : time(); $cacheControl = array(); if (isset($headers['cache-control'])) { $cacheControl = explode(', ', $headers['cache-control']); foreach ($cacheControl as $key => $val) { $cacheControl[$key] = strtolower($val); } } $pragmaNoCache = isset($headers['pragma']) ? strtolower($headers['pragma']) == 'no-cache' : false; // evaluate if the request can be cached $canCache = !in_array('no-store', $cacheControl) && ($etag || $expires > $date || !$etag && !$expires && !$pragmaNoCache && !in_array('no-cache', $cacheControl)); // or if there is no etag, and no expiration set, but also no pragma: no-cache and no cache-control: no-cache, we can cache (but we'll set our own expires header to make sure it's refreshed frequently) if ($canCache) { // Set an 1 hour expiration header if non exists, and no do-not-cache directives exist if (!$etag && !$expires && !$pragmaNoCache && !in_array('no-cache', $cacheControl)) { // Add Expires and Date headers to simplify the cache retrieval code path $request->setResponseHeaders(array_merge(array('Expires' => date('r', time() + 60 * 60), 'Date' => date('r', time())), $request->getHeaders())); } apiClient::$cache->set($this->getRequestKey($request), $request); } }