diff options
Diffstat (limited to 'p/api/greader.php')
| -rw-r--r-- | p/api/greader.php | 62 |
1 files changed, 36 insertions, 26 deletions
diff --git a/p/api/greader.php b/p/api/greader.php index 5a6fdad7d..ab1a02244 100644 --- a/p/api/greader.php +++ b/p/api/greader.php @@ -77,7 +77,7 @@ class MyPDO extends Minz_ModelPdo { } function logMe($text) { - file_put_contents(LOG_PATH . '/api.log', $text, FILE_APPEND); + file_put_contents(join_path(USERS_PATH, '_', 'log_api.txt'), $text, FILE_APPEND); } function debugInfo() { @@ -143,24 +143,24 @@ function checkCompatibility() { exit(); } -function authorizationToUserConf() { +function authorizationToUser() { $headerAuth = headerVariable('Authorization', 'GoogleLogin_auth'); //Input is 'GoogleLogin auth', but PHP replaces spaces by '_' http://php.net/language.variables.external if ($headerAuth != '') { $headerAuthX = explode('/', $headerAuth, 2); if (count($headerAuthX) === 2) { $user = $headerAuthX[0]; if (ctype_alnum($user)) { - try { - $conf = new FreshRSS_Configuration($user); - } catch (Exception $e) { - logMe($e->getMessage() . "\n"); + $conf = get_user_configuration($user); + if (is_null($conf)) { + Minz_Log::warning('Invalid API user ' . $user . ': configuration cannot be found.'); unauthorized(); } - if ($headerAuthX[1] === sha1(Minz_Configuration::salt() . $conf->user . $conf->apiPasswordHash)) { - return $conf; + $system_conf = Minz_Configuration::get('system'); + if ($headerAuthX[1] === sha1($system_conf->salt . $user . $conf->apiPasswordHash)) { + return $user; } else { logMe('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1] . "\n"); - Minz_Log::record('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1], Minz_Log::WARNING); + Minz_Log::warning('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1]); unauthorized(); } } else { @@ -168,7 +168,7 @@ function authorizationToUserConf() { } } } - return null; + return ''; } function clientLogin($email, $pass) { //http://web.archive.org/web/20130604091042/http://undoc.in/clientLogin.html @@ -177,21 +177,22 @@ function clientLogin($email, $pass) { //http://web.archive.org/web/2013060409104 if (!function_exists('password_verify')) { include_once(LIB_PATH . '/password_compat.php'); } - try { - $conf = new FreshRSS_Configuration($email); - } catch (Exception $e) { - logMe($e->getMessage() . "\n"); - Minz_Log::record('Invalid API user ' . $email, Minz_Log::WARNING); + + $conf = get_user_configuration($email); + if (is_null($conf)) { + Minz_Log::warning('Invalid API user ' . $email . ': configuration cannot be found.'); unauthorized(); } + if ($conf->apiPasswordHash != '' && password_verify($pass, $conf->apiPasswordHash)) { header('Content-Type: text/plain; charset=UTF-8'); - $auth = $email . '/' . sha1(Minz_Configuration::salt() . $conf->user . $conf->apiPasswordHash); + $system_conf = Minz_Configuration::get('system'); + $auth = $email . '/' . sha1($system_conf->salt . $email . $conf->apiPasswordHash); echo 'SID=', $auth, "\n", 'Auth=', $auth, "\n"; exit(); } else { - Minz_Log::record('Password API mismatch for user ' . $email, Minz_Log::WARNING); + Minz_Log::warning('Password API mismatch for user ' . $email); unauthorized(); } } else { @@ -203,16 +204,20 @@ function clientLogin($email, $pass) { //http://web.archive.org/web/2013060409104 function token($conf) { //http://blog.martindoms.com/2009/08/15/using-the-google-reader-api-part-1/ //https://github.com/ericmann/gReader-Library/blob/master/greader.class.php - logMe('token('. $conf->user . ")\n"); //TODO: Implement real token that expires - $token = str_pad(sha1(Minz_Configuration::salt() . $conf->user . $conf->apiPasswordHash), 57, 'Z'); //Must have 57 characters + $user = Minz_Session::param('currentUser', '_'); + logMe('token('. $user . ")\n"); //TODO: Implement real token that expires + $system_conf = Minz_Configuration::get('system'); + $token = str_pad(sha1($system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z'); //Must have 57 characters echo $token, "\n"; exit(); } function checkToken($conf, $token) { //http://code.google.com/p/google-reader-api/wiki/ActionToken + $user = Minz_Session::param('currentUser', '_'); logMe('checkToken(' . $token . ")\n"); - if ($token === str_pad(sha1(Minz_Configuration::salt() . $conf->user . $conf->apiPasswordHash), 57, 'Z')) { + $system_conf = Minz_Configuration::get('system'); + if ($token === str_pad(sha1($system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z')) { return true; } unauthorized(); @@ -536,16 +541,21 @@ logMe('----------------------------------------------------------------'."\n"); $pathInfo = empty($_SERVER['PATH_INFO']) ? '/Error' : urldecode($_SERVER['PATH_INFO']); $pathInfos = explode('/', $pathInfo); -Minz_Configuration::init(); - -if (!Minz_Configuration::apiEnabled()) { +Minz_Configuration::register('system', + DATA_PATH . '/config.php', + DATA_PATH . '/config.default.php'); +$system_conf = Minz_Configuration::get('system'); +if (!$system_conf->api_enabled) { serviceUnavailable(); } Minz_Session::init('FreshRSS'); -$conf = authorizationToUserConf(); -$user = $conf == null ? '' : $conf->user; +$user = authorizationToUser(); +$conf = null; +if ($user !== '') { + $conf = get_user_configuration($user); +} logMe('User => ' . $user . "\n"); @@ -639,7 +649,7 @@ elseif ($pathInfos[1] === 'reader' && $pathInfos[2] === 'api' && isset($pathInfo markAllAsRead($streamId, $ts); break; case 'token': - Token($conf); + token($conf); break; } } elseif ($pathInfos[1] === 'check' && $pathInfos[2] === 'compatibility') { |