2019-12-05 13:12:59 +00:00
< ? php
2020-02-09 14:45:36 +00:00
/**
2021-03-29 06:40:20 +00:00
* @ copyright Copyright ( C ) 2010 - 2021 , the Friendica project
2020-02-09 14:45:36 +00:00
*
* @ license GNU AGPL version 3 or any later version
*
* This program is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation , either version 3 of the
* License , or ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License
* along with this program . If not , see < https :// www . gnu . org / licenses />.
*
*/
2019-12-05 13:12:59 +00:00
2020-01-28 02:18:42 +00:00
namespace Friendica\Module ;
2019-12-05 13:12:59 +00:00
2021-11-21 20:52:36 +00:00
use Friendica\App ;
2021-11-28 13:10:40 +00:00
use Friendica\App\Router ;
2019-12-05 13:12:59 +00:00
use Friendica\BaseModule ;
2021-11-21 20:52:36 +00:00
use Friendica\Core\L10n ;
2021-05-08 09:14:19 +00:00
use Friendica\Core\Logger ;
use Friendica\Core\System ;
2019-12-15 21:34:11 +00:00
use Friendica\DI ;
2021-11-18 22:20:19 +00:00
use Friendica\Model\Contact ;
2021-07-08 13:47:46 +00:00
use Friendica\Model\Post ;
2021-11-20 09:36:17 +00:00
use Friendica\Model\User ;
2021-11-21 20:52:36 +00:00
use Friendica\Module\Api\ApiResponse ;
2019-12-05 13:12:59 +00:00
use Friendica\Network\HTTPException ;
2021-06-08 06:32:24 +00:00
use Friendica\Security\BasicAuth ;
use Friendica\Security\OAuth ;
2021-07-08 13:47:46 +00:00
use Friendica\Util\DateTimeFormat ;
2021-11-21 20:52:36 +00:00
use Friendica\Util\Profiler ;
2021-11-28 13:10:40 +00:00
use Psr\Http\Message\ResponseInterface ;
2021-11-21 20:52:36 +00:00
use Psr\Log\LoggerInterface ;
2019-12-05 13:12:59 +00:00
2020-01-28 02:18:42 +00:00
class BaseApi extends BaseModule
2019-12-05 13:12:59 +00:00
{
2021-11-26 07:55:02 +00:00
const LOG_PREFIX = 'API {action} - ' ;
2021-05-16 07:37:11 +00:00
const SCOPE_READ = 'read' ;
const SCOPE_WRITE = 'write' ;
const SCOPE_FOLLOW = 'follow' ;
const SCOPE_PUSH = 'push' ;
2021-06-16 15:02:33 +00:00
/**
* @ var array
*/
protected static $boundaries = [];
/**
* @ var array
*/
protected static $request = [];
2021-11-21 20:52:36 +00:00
/** @var App */
protected $app ;
/** @var ApiResponse */
protected $response ;
public function __construct ( App $app , L10n $l10n , App\BaseURL $baseUrl , App\Arguments $args , LoggerInterface $logger , Profiler $profiler , ApiResponse $response , array $server , array $parameters = [])
{
parent :: __construct ( $l10n , $baseUrl , $args , $logger , $profiler , $response , $server , $parameters );
2021-11-28 12:11:12 +00:00
$this -> app = $app ;
2021-11-21 20:52:36 +00:00
}
2021-11-28 13:10:40 +00:00
/**
* Additionally checks , if the caller is permitted to do this action
*
* { @ inheritDoc }
*
* @ throws HTTPException\ForbiddenException
*/
public function run ( array $request = []) : ResponseInterface
2019-12-05 13:12:59 +00:00
{
2021-11-28 13:10:40 +00:00
switch ( $this -> server [ 'REQUEST_METHOD' ] ? ? Router :: GET ) {
case Router :: DELETE :
case Router :: PATCH :
case Router :: POST :
case Router :: PUT :
self :: checkAllowedScope ( self :: SCOPE_WRITE );
2021-12-04 04:30:46 +00:00
if ( ! self :: getCurrentUserID ()) {
2021-11-28 13:10:40 +00:00
throw new HTTPException\ForbiddenException ( $this -> t ( 'Permission denied.' ));
}
break ;
2019-12-05 13:12:59 +00:00
}
2021-05-08 09:14:19 +00:00
2021-11-28 13:10:40 +00:00
return parent :: run ( $request );
2021-05-08 09:14:19 +00:00
}
2021-05-18 06:31:22 +00:00
/**
* Processes data from GET requests and sets defaults
*
2021-11-27 23:30:41 +00:00
* @ param array $defaults Associative array of expected request keys and their default typed value . A null
* value will remove the request key from the resulting value array .
2021-11-28 12:44:42 +00:00
* @ param array $request Custom REQUEST array , superglobal instead
2021-05-18 06:31:22 +00:00
* @ return array request data
2021-11-27 23:30:41 +00:00
* @ throws \Exception
2021-05-18 06:31:22 +00:00
*/
2021-11-28 12:44:42 +00:00
public function getRequest ( array $defaults , array $request ) : array
2021-05-29 10:40:47 +00:00
{
2021-11-28 12:44:42 +00:00
self :: $request = $request ;
2021-06-16 15:02:33 +00:00
self :: $boundaries = [];
unset ( self :: $request [ 'pagename' ]);
2021-11-28 12:44:42 +00:00
return $this -> checkDefaults ( $defaults , $request );
2021-05-18 06:31:22 +00:00
}
2021-06-16 15:02:33 +00:00
/**
* Set boundaries for the " link " header
* @ param array $boundaries
* @ param int $id
*/
protected static function setBoundaries ( int $id )
{
if ( ! isset ( self :: $boundaries [ 'min' ])) {
self :: $boundaries [ 'min' ] = $id ;
}
if ( ! isset ( self :: $boundaries [ 'max' ])) {
self :: $boundaries [ 'max' ] = $id ;
}
self :: $boundaries [ 'min' ] = min ( self :: $boundaries [ 'min' ], $id );
self :: $boundaries [ 'max' ] = max ( self :: $boundaries [ 'max' ], $id );
}
/**
* Set the " link " header with " next " and " prev " links
* @ return void
*/
protected static function setLinkHeader ()
{
if ( empty ( self :: $boundaries )) {
return ;
}
$request = self :: $request ;
unset ( $request [ 'min_id' ]);
unset ( $request [ 'max_id' ]);
unset ( $request [ 'since_id' ]);
$prev_request = $next_request = $request ;
2021-06-16 17:57:01 +00:00
$prev_request [ 'min_id' ] = self :: $boundaries [ 'max' ];
$next_request [ 'max_id' ] = self :: $boundaries [ 'min' ];
2021-06-16 15:02:33 +00:00
$command = DI :: baseUrl () . '/' . DI :: args () -> getCommand ();
$prev = $command . '?' . http_build_query ( $prev_request );
$next = $command . '?' . http_build_query ( $next_request );
header ( 'Link: <' . $next . '>; rel="next", <' . $prev . '>; rel="prev"' );
}
2021-05-15 22:40:57 +00:00
/**
2021-06-08 06:32:24 +00:00
* Get current application token
2021-05-15 22:40:57 +00:00
*
* @ return array token
*/
2021-11-24 06:44:25 +00:00
public static function getCurrentApplication ()
2021-05-15 22:40:57 +00:00
{
2021-06-08 06:32:24 +00:00
$token = OAuth :: getCurrentApplicationToken ();
2021-05-11 06:30:20 +00:00
2021-06-08 06:32:24 +00:00
if ( empty ( $token )) {
$token = BasicAuth :: getCurrentApplicationToken ();
2021-05-11 19:15:05 +00:00
}
2021-05-15 22:40:57 +00:00
return $token ;
2021-05-11 06:30:20 +00:00
}
2021-05-12 12:08:30 +00:00
/**
2021-06-08 06:32:24 +00:00
* Get current user id , returns 0 if not logged in
2021-05-12 12:08:30 +00:00
*
2021-06-08 06:32:24 +00:00
* @ return int User ID
2021-05-12 12:08:30 +00:00
*/
2021-11-09 21:41:37 +00:00
public static function getCurrentUserID ()
2021-05-11 06:30:20 +00:00
{
2021-06-08 06:32:24 +00:00
$uid = OAuth :: getCurrentUserID ();
2021-05-28 06:10:32 +00:00
2021-06-08 06:32:24 +00:00
if ( empty ( $uid )) {
$uid = BasicAuth :: getCurrentUserID ( false );
2021-05-11 06:30:20 +00:00
}
2021-06-08 06:32:24 +00:00
return ( int ) $uid ;
2021-05-11 06:30:20 +00:00
}
2021-05-12 06:50:27 +00:00
2021-06-08 09:11:56 +00:00
/**
* Check if the provided scope does exist .
* halts execution on missing scope or when not logged in .
*
* @ param string $scope the requested scope ( read , write , follow , push )
*/
public static function checkAllowedScope ( string $scope )
{
$token = self :: getCurrentApplication ();
if ( empty ( $token )) {
Logger :: notice ( 'Empty application token' );
DI :: mstdnError () -> Forbidden ();
}
if ( ! isset ( $token [ $scope ])) {
Logger :: warning ( 'The requested scope does not exist' , [ 'scope' => $scope , 'application' => $token ]);
DI :: mstdnError () -> Forbidden ();
}
if ( empty ( $token [ $scope ])) {
Logger :: warning ( 'The requested scope is not allowed' , [ 'scope' => $scope , 'application' => $token ]);
DI :: mstdnError () -> Forbidden ();
}
}
2021-07-08 13:47:46 +00:00
public static function checkThrottleLimit ()
{
$uid = self :: getCurrentUserID ();
// Check for throttling (maximum posts per day, week and month)
$throttle_day = DI :: config () -> get ( 'system' , 'throttle_limit_day' );
if ( $throttle_day > 0 ) {
$datefrom = date ( DateTimeFormat :: MYSQL , time () - 24 * 60 * 60 );
$condition = [ " `gravity` = ? AND `uid` = ? AND `wall` AND `received` > ? " , GRAVITY_PARENT , $uid , $datefrom ];
2021-07-08 17:32:41 +00:00
$posts_day = Post :: countThread ( $condition );
2021-07-08 13:47:46 +00:00
if ( $posts_day > $throttle_day ) {
Logger :: info ( 'Daily posting limit reached' , [ 'uid' => $uid , 'posts' => $posts_day , 'limit' => $throttle_day ]);
$error = DI :: l10n () -> t ( 'Too Many Requests' );
$error_description = DI :: l10n () -> tt ( " Daily posting limit of %d post reached. The post was rejected. " , " Daily posting limit of %d posts reached. The post was rejected. " , $throttle_day );
$errorobj = new \Friendica\Object\Api\Mastodon\Error ( $error , $error_description );
System :: jsonError ( 429 , $errorobj -> toArray ());
}
}
$throttle_week = DI :: config () -> get ( 'system' , 'throttle_limit_week' );
if ( $throttle_week > 0 ) {
$datefrom = date ( DateTimeFormat :: MYSQL , time () - 24 * 60 * 60 * 7 );
$condition = [ " `gravity` = ? AND `uid` = ? AND `wall` AND `received` > ? " , GRAVITY_PARENT , $uid , $datefrom ];
2021-07-08 17:32:41 +00:00
$posts_week = Post :: countThread ( $condition );
2021-07-08 13:47:46 +00:00
if ( $posts_week > $throttle_week ) {
Logger :: info ( 'Weekly posting limit reached' , [ 'uid' => $uid , 'posts' => $posts_week , 'limit' => $throttle_week ]);
$error = DI :: l10n () -> t ( 'Too Many Requests' );
$error_description = DI :: l10n () -> tt ( " Weekly posting limit of %d post reached. The post was rejected. " , " Weekly posting limit of %d posts reached. The post was rejected. " , $throttle_week );
$errorobj = new \Friendica\Object\Api\Mastodon\Error ( $error , $error_description );
System :: jsonError ( 429 , $errorobj -> toArray ());
}
}
$throttle_month = DI :: config () -> get ( 'system' , 'throttle_limit_month' );
if ( $throttle_month > 0 ) {
$datefrom = date ( DateTimeFormat :: MYSQL , time () - 24 * 60 * 60 * 30 );
$condition = [ " `gravity` = ? AND `uid` = ? AND `wall` AND `received` > ? " , GRAVITY_PARENT , $uid , $datefrom ];
2021-07-08 17:32:41 +00:00
$posts_month = Post :: countThread ( $condition );
2021-07-08 13:47:46 +00:00
if ( $posts_month > $throttle_month ) {
Logger :: info ( 'Monthly posting limit reached' , [ 'uid' => $uid , 'posts' => $posts_month , 'limit' => $throttle_month ]);
$error = DI :: l10n () -> t ( 'Too Many Requests' );
$error_description = DI :: l10n () -> t ( " Monthly posting limit of %d post reached. The post was rejected. " , " Monthly posting limit of %d posts reached. The post was rejected. " , $throttle_month );
$errorobj = new \Friendica\Object\Api\Mastodon\Error ( $error , $error_description );
System :: jsonError ( 429 , $errorobj -> toArray ());
}
}
}
2021-11-18 22:20:19 +00:00
2021-11-26 08:16:06 +00:00
public static function getContactIDForSearchterm ( string $screen_name = null , string $profileurl = null , int $cid = null , int $uid )
2021-11-18 22:20:19 +00:00
{
2021-11-20 09:36:17 +00:00
if ( ! empty ( $cid )) {
return $cid ;
}
2021-11-26 07:55:02 +00:00
if ( ! empty ( $profileurl )) {
return Contact :: getIdForURL ( $profileurl );
}
if ( empty ( $cid ) && ! empty ( $screen_name )) {
if ( strpos ( $screen_name , '@' ) !== false ) {
return Contact :: getIdForURL ( $screen_name , 0 , false );
}
2021-11-20 09:36:17 +00:00
$user = User :: getByNickname ( $screen_name , [ 'uid' ]);
if ( ! empty ( $user [ 'uid' ])) {
2021-11-26 07:55:02 +00:00
return Contact :: getPublicIdByUserId ( $user [ 'uid' ]);
2021-11-20 09:36:17 +00:00
}
}
2021-11-26 07:55:02 +00:00
if ( $uid != 0 ) {
return Contact :: getPublicIdByUserId ( $uid );
2021-11-18 22:20:19 +00:00
}
2021-11-26 07:55:02 +00:00
return null ;
2021-11-18 22:20:19 +00:00
}
2019-12-05 13:12:59 +00:00
}