diff options
Diffstat (limited to 'p/api/greader.php')
| -rw-r--r-- | p/api/greader.php | 244 |
1 files changed, 212 insertions, 32 deletions
diff --git a/p/api/greader.php b/p/api/greader.php index 894c2e960..4965ffd3b 100644 --- a/p/api/greader.php +++ b/p/api/greader.php @@ -153,13 +153,12 @@ function authorizationToUser() { if (count($headerAuthX) === 2) { $user = $headerAuthX[0]; if (ctype_alnum($user)) { - $conf = get_user_configuration($user); - if (is_null($conf)) { + FreshRSS_Context::$user_conf = get_user_configuration($user); + if (FreshRSS_Context::$user_conf == null) { Minz_Log::warning('Invalid API user ' . $user . ': configuration cannot be found.'); unauthorized(); } - $system_conf = Minz_Configuration::get('system'); - if ($headerAuthX[1] === sha1($system_conf->salt . $user . $conf->apiPasswordHash)) { + if ($headerAuthX[1] === sha1(FreshRSS_Context::$system_conf->salt . $user . FreshRSS_Context::$user_conf->apiPasswordHash)) { return $user; } else { logMe('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1]); @@ -181,16 +180,15 @@ function clientLogin($email, $pass) { //http://web.archive.org/web/2013060409104 include_once(LIB_PATH . '/password_compat.php'); } - $conf = get_user_configuration($email); - if (is_null($conf)) { + FreshRSS_Context::$user_conf = get_user_configuration($email); + if (FreshRSS_Context::$user_conf == null) { Minz_Log::warning('Invalid API user ' . $email . ': configuration cannot be found.'); unauthorized(); } - if ($conf->apiPasswordHash != '' && password_verify($pass, $conf->apiPasswordHash)) { + if (FreshRSS_Context::$user_conf->apiPasswordHash != '' && password_verify($pass, FreshRSS_Context::$user_conf->apiPasswordHash)) { header('Content-Type: text/plain; charset=UTF-8'); - $system_conf = Minz_Configuration::get('system'); - $auth = $email . '/' . sha1($system_conf->salt . $email . $conf->apiPasswordHash); + $auth = $email . '/' . sha1(FreshRSS_Context::$system_conf->salt . $email . FreshRSS_Context::$user_conf->apiPasswordHash); echo 'SID=', $auth, "\n", 'Auth=', $auth, "\n"; exit(); @@ -209,8 +207,7 @@ function token($conf) { //https://github.com/ericmann/gReader-Library/blob/master/greader.class.php $user = Minz_Session::param('currentUser', '_'); //logMe('token('. $user . ")"); //TODO: Implement real token that expires - $system_conf = Minz_Configuration::get('system'); - $token = str_pad(sha1($system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z'); //Must have 57 characters + $token = str_pad(sha1(FreshRSS_Context::$system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z'); //Must have 57 characters echo $token, "\n"; exit(); } @@ -219,13 +216,23 @@ function checkToken($conf, $token) { //http://code.google.com/p/google-reader-api/wiki/ActionToken $user = Minz_Session::param('currentUser', '_'); //logMe('checkToken(' . $token . ")"); - $system_conf = Minz_Configuration::get('system'); - if ($token === str_pad(sha1($system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z')) { + if ($token === str_pad(sha1(FreshRSS_Context::$system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z')) { return true; } unauthorized(); } +function userInfo() { //https://github.com/theoldreader/api#user-info + //logMe("userInfo()"); + $user = Minz_Session::param('currentUser', '_'); + exit(json_encode(array( + 'userId' => $user, + 'userName' => $user, + 'userProfileId' => $user, + 'userEmail' => FreshRSS_Context::$user_conf->mail_login, + ))); +} + function tagList() { //logMe("tagList()"); header('Content-Type: application/json; charset=UTF-8'); @@ -261,6 +268,7 @@ function subscriptionList() { $stm->execute(); $res = $stm->fetchAll(PDO::FETCH_ASSOC); + $salt = FreshRSS_Context::$system_conf->salt; $subscriptions = array(); foreach ($res as $line) { @@ -277,7 +285,7 @@ function subscriptionList() { //'firstitemmsec' => 0, 'url' => $line['url'], 'htmlUrl' => $line['website'], - //'iconUrl' => '', + 'iconUrl' => Minz_Url::display('/f.php?' . hash('crc32b', $salt . $line['url']), '', true), ); } @@ -285,6 +293,109 @@ function subscriptionList() { exit(); } +function subscriptionEdit($streamNames, $titles, $action, $add = '', $remove = '') { + //logMe("subscriptionEdit()"); + //https://github.com/mihaip/google-reader-api/blob/master/wiki/ApiSubscriptionEdit.wiki + switch ($action) { + case 'subscribe': + case 'unsubscribe': + case 'edit': + break; + default: + badRequest(); + } + $addCatId = 0; + $categoryDAO = null; + if ($add != '' || $remove != '') { + $categoryDAO = new FreshRSS_CategoryDAO(); + } + $c_name = ''; + if ($add != '' && strpos($add, 'user/') === 0) { //user/-/label/Example ; user/username/label/Example + if (strpos($add, 'user/-/label/') === 0) { + $c_name = substr($add, 13); + } else { + $user = Minz_Session::param('currentUser', '_'); + $prefix = 'user/' . $user . '/label/'; + if (strpos($add, $prefix) === 0) { + $c_name = substr($add, strlen($prefix)); + } else { + $c_name = ''; + } + } + $cat = $categoryDAO->searchByName($c_name); + $addCatId = $cat == null ? 0 : $cat->id(); + } else if ($remove != '' && strpos($remove, 'user/-/label/')) { + $addCatId = 1; //Default category + } + $feedDAO = FreshRSS_Factory::createFeedDao(); + for ($i = count($streamNames) - 1; $i >= 0; $i--) { + $streamName = $streamNames[$i]; //feed/http://example.net/sample.xml ; feed/338 + if (strpos($streamName, 'feed/') === 0) { + $streamName = substr($streamName, 5); + $feedId = 0; + if (ctype_digit($streamName)) { + if ($action === 'subscribe') { + continue; + } + $feedId = $streamName; + } else { + $feed = $feedDAO->searchByUrl($streamName); + $feedId = $feed == null ? -1 : $feed->id(); + } + $title = isset($titles[$i]) ? $titles[$i] : ''; + switch ($action) { + case 'subscribe': + if ($feedId <= 0) { + $http_auth = ''; //TODO + try { + $feed = FreshRSS_feed_Controller::addFeed($streamName, $title, $addCatId, $c_name, $http_auth); + continue; + } catch (Exception $e) { + logMe("subscriptionEdit error subscribe: " . $e->getMessage()); + } + } + badRequest(); + break; + case 'unsubscribe': + if (!($feedId > 0 && FreshRSS_feed_Controller::deleteFeed($feedId))) { + badRequest(); + } + break; + case 'edit': + if ($feedId > 0) { + if ($addCatId > 0 || $c_name != '') { + FreshRSS_feed_Controller::moveFeed($feedId, $addCatId, $c_name); + } + if ($title != '') { + FreshRSS_feed_Controller::renameFeed($feedId, $title); + } + } else { + badRequest(); + } + break; + } + } + } + exit('OK'); +} + +function quickadd($url) { + //logMe("quickadd($url)"); + try { + $feed = FreshRSS_feed_Controller::addFeed($url); + exit(json_encode(array( + 'numResults' => 1, + 'streamId' => $feed->id(), + ))); + } catch (Exception $e) { + logMe("subscriptionEdit error subscribe: " . $e->getMessage()); + die(json_encode(array( + 'numResults' => 0, + 'error' => $e->getMessage(), + ))); + } +} + function unreadCount() { //http://blog.martindoms.com/2009/10/16/using-the-google-reader-api-part-2/#unread-count //logMe("unreadCount()"); header('Content-Type: application/json; charset=UTF-8'); @@ -455,7 +566,7 @@ function streamContentsItemsIds($streamId, $start_time, $count, $order, $exclude $id = basename($streamId); } elseif (strpos($streamId, 'user/-/label/') === 0) { $type = 'c'; - $c_name = basename($streamId); + $c_name = substr($streamId, 13); $categoryDAO = new FreshRSS_CategoryDAO(); $cat = $categoryDAO->searchByName($c_name); $id = $cat == null ? -1 : $cat->id(); @@ -521,8 +632,41 @@ function editTag($e_ids, $a, $r) { break; } - echo 'OK'; - exit(); + exit('OK'); +} + +function renameTag($s, $dest) { + //logMe("renameTag()"); + if ($s != '' && strpos($s, 'user/-/label/') === 0 && + $dest != '' && strpos($dest, 'user/-/label/') === 0) { + $s = substr($s, 13); + $categoryDAO = new FreshRSS_CategoryDAO(); + $cat = $categoryDAO->searchByName($s); + if ($cat != null) { + $dest = substr($dest, 13); + $categoryDAO->updateCategory($cat->id(), array('name' => $dest)); + exit('OK'); + } + } + badRequest(); +} + +function disableTag($s) { + //logMe("disableTag($s)"); + if ($s != '' && strpos($s, 'user/-/label/') === 0) { + $s = substr($s, 13); + $categoryDAO = new FreshRSS_CategoryDAO(); + $cat = $categoryDAO->searchByName($s); + if ($cat != null) { + $feedDAO = FreshRSS_Factory::createFeedDao(); + $feedDAO->changeCategory($cat->id(), 0); + if ($cat->id() > 1) { + $categoryDAO->deleteCategory($cat->id()); + } + exit('OK'); + } + } + badRequest(); } function markAllAsRead($streamId, $olderThanId) { @@ -532,7 +676,7 @@ function markAllAsRead($streamId, $olderThanId) { $f_id = basename($streamId); $entryDAO->markReadFeed($f_id, $olderThanId); } elseif (strpos($streamId, 'user/-/label/') === 0) { - $c_name = basename($streamId); + $c_name = substr($streamId, 13); $categoryDAO = new FreshRSS_CategoryDAO(); $cat = $categoryDAO->searchByName($c_name); $entryDAO->markReadCat($cat === null ? -1 : $cat->id(), $olderThanId); @@ -540,8 +684,7 @@ function markAllAsRead($streamId, $olderThanId) { $entryDAO->markReadEntries($olderThanId, false, -1); } - echo 'OK'; - exit(); + exit('OK'); } //logMe('----------------------------------------------------------------'); @@ -553,17 +696,17 @@ $pathInfos = explode('/', $pathInfo); Minz_Configuration::register('system', DATA_PATH . '/config.php', DATA_PATH . '/config.default.php'); -$system_conf = Minz_Configuration::get('system'); -if (!$system_conf->api_enabled) { +FreshRSS_Context::$system_conf = Minz_Configuration::get('system'); +if (!FreshRSS_Context::$system_conf->api_enabled) { serviceUnavailable(); } Minz_Session::init('FreshRSS'); $user = authorizationToUser(); -$conf = null; +FreshRSS_Context::$user_conf = null; if ($user !== '') { - $conf = get_user_configuration($user); + FreshRSS_Context::$user_conf = get_user_configuration($user); } //logMe('User => ' . $user); @@ -623,14 +766,33 @@ elseif ($pathInfos[1] === 'reader' && $pathInfos[2] === 'api' && isset($pathInfo if (isset($pathInfos[5]) && $pathInfos[5] === 'list') { $output = isset($_GET['output']) ? $_GET['output'] : ''; if ($output !== 'json') notImplemented(); - tagList($_GET['output']); + tagList($output); } break; case 'subscription': - if (isset($pathInfos[5]) && $pathInfos[5] === 'list') { - $output = isset($_GET['output']) ? $_GET['output'] : ''; - if ($output !== 'json') notImplemented(); - subscriptionList($_GET['output']); + if (isset($pathInfos[5])) { + switch ($pathInfos[5]) { + case 'list': + $output = isset($_GET['output']) ? $_GET['output'] : ''; + if ($output !== 'json') notImplemented(); + subscriptionList($_GET['output']); + break; + case 'edit': + if (isset($_POST['s']) && isset($_POST['ac'])) { + $streamNames = multiplePosts('s'); //StreamId to operate on. The parameter may be repeated to edit multiple subscriptions at once + $titles = multiplePosts('t'); //Title to use for the subscription. For the `subscribe` action, if not specified then the feed's current title will be used. Can be used with the `edit` action to rename a subscription + $action = $_POST['ac']; //Action to perform on the given StreamId. Possible values are `subscribe`, `unsubscribe` and `edit` + $add = isset($_POST['a']) ? $_POST['a'] : ''; //StreamId to add the subscription to (generally a user label) + $remove = isset($_POST['r']) ? $_POST['r'] : ''; //StreamId to remove the subscription from (generally a user label) + subscriptionEdit($streamNames, $titles, $action, $add, $remove); + } + break; + case 'quickadd': //https://github.com/theoldreader/api + if (isset($_GET['quickadd'])) { + quickadd($_GET['quickadd']); + } + break; + } } break; case 'unread-count': @@ -641,15 +803,30 @@ elseif ($pathInfos[1] === 'reader' && $pathInfos[2] === 'api' && isset($pathInfo break; case 'edit-tag': //http://blog.martindoms.com/2010/01/20/using-the-google-reader-api-part-3/ $token = isset($_POST['T']) ? trim($_POST['T']) : ''; - checkToken($conf, $token); + checkToken(FreshRSS_Context::$user_conf, $token); $a = isset($_POST['a']) ? $_POST['a'] : ''; //Add: user/-/state/com.google/read user/-/state/com.google/starred $r = isset($_POST['r']) ? $_POST['r'] : ''; //Remove: user/-/state/com.google/read user/-/state/com.google/starred $e_ids = multiplePosts('i'); //item IDs editTag($e_ids, $a, $r); break; + case 'rename-tag': //https://github.com/theoldreader/api + $token = isset($_POST['T']) ? trim($_POST['T']) : ''; + checkToken(FreshRSS_Context::$user_conf, $token); + $s = isset($_POST['s']) ? $_POST['s'] : ''; //user/-/label/Folder + $dest = isset($_POST['dest']) ? $_POST['dest'] : ''; //user/-/label/NewFolder + renameTag($s, $dest); + break; + case 'disable-tag': //https://github.com/theoldreader/api + $token = isset($_POST['T']) ? trim($_POST['T']) : ''; + checkToken(FreshRSS_Context::$user_conf, $token); + $s_s = multiplePosts('s'); + foreach ($s_s as $s) { + disableTag($s); //user/-/label/Folder + } + break; case 'mark-all-as-read': $token = isset($_POST['T']) ? trim($_POST['T']) : ''; - checkToken($conf, $token); + checkToken(FreshRSS_Context::$user_conf, $token); $streamId = $_POST['s']; //StreamId $ts = isset($_POST['ts']) ? $_POST['ts'] : '0'; //Older than timestamp in nanoseconds if (!ctype_digit($ts)) { @@ -658,7 +835,10 @@ elseif ($pathInfos[1] === 'reader' && $pathInfos[2] === 'api' && isset($pathInfo markAllAsRead($streamId, $ts); break; case 'token': - token($conf); + token(FreshRSS_Context::$user_conf); + break; + case 'user-info': + userInfo(); break; } } elseif ($pathInfos[1] === 'check' && $pathInfos[2] === 'compatibility') { |