2019-03-10 03:44:59 +00:00
|
|
|
<?php
|
|
|
|
/** @license MIT
|
|
|
|
* Copyright 2017 J. King, Dustin Wilson et al.
|
|
|
|
* See LICENSE and AUTHORS files for details */
|
|
|
|
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace JKingWeb\Arsse\REST\Fever;
|
|
|
|
|
|
|
|
use JKingWeb\Arsse\Arsse;
|
|
|
|
use JKingWeb\Arsse\Database;
|
|
|
|
use JKingWeb\Arsse\User;
|
|
|
|
use JKingWeb\Arsse\Service;
|
|
|
|
use JKingWeb\Arsse\Context\Context;
|
|
|
|
use JKingWeb\Arsse\Misc\ValueInfo;
|
2019-03-26 12:53:26 +00:00
|
|
|
use JKingWeb\Arsse\Misc\Date;
|
2019-03-10 03:44:59 +00:00
|
|
|
use JKingWeb\Arsse\AbstractException;
|
|
|
|
use JKingWeb\Arsse\Db\ExceptionInput;
|
|
|
|
use JKingWeb\Arsse\REST\Target;
|
|
|
|
use JKingWeb\Arsse\REST\Exception404;
|
|
|
|
use JKingWeb\Arsse\REST\Exception405;
|
|
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
|
|
use Psr\Http\Message\ResponseInterface;
|
2019-03-19 02:49:47 +00:00
|
|
|
use Zend\Diactoros\Response\JsonResponse;
|
2019-03-10 03:44:59 +00:00
|
|
|
use Zend\Diactoros\Response\EmptyResponse;
|
|
|
|
|
|
|
|
class API extends \JKingWeb\Arsse\REST\AbstractHandler {
|
|
|
|
const LEVEL = 3;
|
|
|
|
|
|
|
|
public function __construct() {
|
|
|
|
}
|
|
|
|
|
|
|
|
public function dispatch(ServerRequestInterface $req): ResponseInterface {
|
2019-03-27 19:09:04 +00:00
|
|
|
$inR = $req->getQueryParams() ?? [];
|
|
|
|
$inW = $req->getParsedBody() ?? [];
|
2019-03-19 02:49:47 +00:00
|
|
|
if (!array_key_exists("api", $inR)) {
|
2019-03-10 03:44:59 +00:00
|
|
|
// the original would have shown the Fever UI in the absence of the "api" parameter, but we'll return 404
|
|
|
|
return new EmptyResponse(404);
|
|
|
|
}
|
|
|
|
$xml = $inR['api'] === "xml";
|
|
|
|
switch ($req->getMethod()) {
|
|
|
|
case "OPTIONS":
|
|
|
|
// do stuff
|
|
|
|
break;
|
|
|
|
case "POST":
|
|
|
|
if (strlen($req->getHeaderLine("Content-Type")) && $req->getHeaderLine("Content-Type") !== "application/x-www-form-urlencoded") {
|
|
|
|
return new EmptyResponse(415, ['Accept' => "application/x-www-form-urlencoded"]);
|
|
|
|
}
|
|
|
|
$out = [
|
|
|
|
'api_version' => self::LEVEL,
|
|
|
|
'auth' => 0,
|
|
|
|
];
|
2019-03-20 03:37:08 +00:00
|
|
|
if ($req->getAttribute("authenticated", false)) {
|
|
|
|
// if HTTP authentication was successfully used, set the expected user ID
|
|
|
|
Arsse::$user->id = $req->getAttribute("authenticatedUser");
|
|
|
|
$out['auth'] = 1;
|
|
|
|
} elseif (Arsse::$conf->userHTTPAuthRequired || Arsse::$conf->userPreAuth || $req->getAttribute("authenticationFailed", false)) {
|
|
|
|
// otherwise if HTTP authentication failed or is required, deny access at the HTTP level
|
|
|
|
return new EmptyResponse(401);
|
|
|
|
}
|
2019-03-27 19:09:04 +00:00
|
|
|
// produce a full response if authenticated or a basic response otherwise
|
2019-03-10 03:44:59 +00:00
|
|
|
if ($this->logIn(strtolower($inW['api_key'] ?? ""))) {
|
2019-03-27 19:09:04 +00:00
|
|
|
$out = $this->processRequest($this->baseResponse(true), $inR, $inW);
|
2019-03-10 03:44:59 +00:00
|
|
|
} else {
|
2019-03-27 19:09:04 +00:00
|
|
|
$out = $this->baseResponse(false);
|
2019-03-26 12:53:26 +00:00
|
|
|
}
|
2019-03-27 19:09:04 +00:00
|
|
|
// return the result, possibly formatted as XML
|
2019-03-10 03:44:59 +00:00
|
|
|
return $this->formatResponse($out, $xml);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return new EmptyResponse(405, ['Allow' => "OPTIONS,POST"]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-03-27 15:54:47 +00:00
|
|
|
protected function processRequest(array $out, array $G, array $P): array {
|
|
|
|
if (array_key_exists("feeds", $G) || array_key_exists("groups", $G)) {
|
|
|
|
if (array_key_exists("groups", $G)) {
|
|
|
|
$out['groups'] = $this->getGroups();
|
|
|
|
}
|
|
|
|
if (array_key_exists("feeds", $G)) {
|
|
|
|
$out['feeds'] = $this->getFeeds();
|
|
|
|
}
|
|
|
|
$out['feeds_groups'] = $this->getRelationships();
|
|
|
|
}
|
|
|
|
if (array_key_exists("favicons", $G)) {
|
|
|
|
# deal with favicons
|
|
|
|
}
|
|
|
|
return $out;
|
|
|
|
}
|
|
|
|
|
2019-03-27 19:09:04 +00:00
|
|
|
protected function baseResponse(bool $authenticated): array {
|
|
|
|
$out = [
|
|
|
|
'api_version' => self::LEVEL,
|
|
|
|
'auth' => (int) $authenticated,
|
|
|
|
];
|
|
|
|
if ($authenticated) {
|
|
|
|
// authenticated requests always include the most recent feed refresh
|
|
|
|
$out['last_refreshed_on_time'] = $this->getRefreshTime();
|
|
|
|
}
|
|
|
|
return $out;
|
|
|
|
}
|
|
|
|
|
2019-03-10 03:44:59 +00:00
|
|
|
protected function formatResponse(array $data, bool $xml): ResponseInterface {
|
|
|
|
if ($xml) {
|
|
|
|
throw \Exception("Not implemented yet");
|
|
|
|
} else {
|
|
|
|
return new JsonResponse($data, 200, [], \JSON_UNESCAPED_SLASHES | \JSON_UNESCAPED_UNICODE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
protected function logIn(string $hash): bool {
|
|
|
|
// if HTTP authentication was successful and sessions are not enforced, proceed unconditionally
|
|
|
|
if (isset(Arsse::$user->id) && !Arsse::$conf->userSessionEnforced) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
try {
|
|
|
|
// verify the supplied hash is valid
|
2019-03-19 02:49:47 +00:00
|
|
|
$s = Arsse::$db->TokenLookup("fever.login", $hash);
|
2019-03-10 03:44:59 +00:00
|
|
|
} catch (\JKingWeb\Arsse\Db\ExceptionInput $e) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
// set the user name
|
|
|
|
Arsse::$user->id = $s['user'];
|
|
|
|
return true;
|
|
|
|
}
|
2019-03-26 12:53:26 +00:00
|
|
|
|
2019-03-27 19:09:04 +00:00
|
|
|
protected function getRefreshTime() {
|
|
|
|
return Date::transform(Arsse::$db->subscriptionRefreshed(Arsse::$user->id), "unix");
|
|
|
|
}
|
|
|
|
|
2019-03-26 12:53:26 +00:00
|
|
|
protected function getFeeds(): array {
|
|
|
|
$out = [];
|
|
|
|
foreach (arsse::$db->subscriptionList(Arsse::$user->id) as $sub) {
|
|
|
|
$out[] = [
|
2019-03-27 19:09:04 +00:00
|
|
|
'id' => (int) $sub['id'],
|
|
|
|
'favicon_id' => (int) ($sub['favicon'] ? $sub['feed'] : 0),
|
|
|
|
'title' => (string) $sub['title'],
|
|
|
|
'url' => $sub['url'],
|
|
|
|
'site_url' => $sub['source'],
|
|
|
|
'is_spark' => 0,
|
|
|
|
'last_updated_on_time' => Date::transform($sub['edited'], "unix", "sql"),
|
2019-03-26 12:53:26 +00:00
|
|
|
];
|
|
|
|
}
|
|
|
|
return $out;
|
|
|
|
}
|
|
|
|
|
2019-03-27 15:54:47 +00:00
|
|
|
protected function getGroups(): array {
|
2019-03-26 12:53:26 +00:00
|
|
|
$out = [];
|
2019-03-27 15:54:47 +00:00
|
|
|
foreach (Arsse::$db->tagList(Arsse::$user->id) as $member) {
|
|
|
|
$out[] = [
|
|
|
|
'id' => (int) $member['id'],
|
|
|
|
'title' => $member['name'],
|
|
|
|
];
|
2019-03-26 12:53:26 +00:00
|
|
|
}
|
|
|
|
return $out;
|
|
|
|
}
|
|
|
|
|
2019-03-27 15:54:47 +00:00
|
|
|
protected function getRelationships(): array {
|
2019-03-26 12:53:26 +00:00
|
|
|
$out = [];
|
|
|
|
$sets = [];
|
2019-03-27 15:54:47 +00:00
|
|
|
foreach (Arsse::$db->tagSummarize(Arsse::$user->id) as $member) {
|
2019-03-26 12:53:26 +00:00
|
|
|
if (!isset($sets[$member['id']])) {
|
|
|
|
$sets[$member['id']] = [];
|
|
|
|
}
|
|
|
|
$sets[$member['id']][] = (int) $member['subscription'];
|
|
|
|
}
|
|
|
|
foreach ($sets as $id => $subs) {
|
|
|
|
$out[] = [
|
|
|
|
'group_id' => (int) $id,
|
|
|
|
'feed_ids' => implode(",", $subs),
|
|
|
|
];
|
|
|
|
}
|
|
|
|
return $out;
|
|
|
|
}
|
2019-03-10 03:44:59 +00:00
|
|
|
}
|