Commit ab175a15 authored by Malcolm Blaney's avatar Malcolm Blaney

Added a media endpoint. Micropub endpoint now checks for q=config

and will return the media endpoint. When the Browser module is used
to upload files from micropub it will now overwrite files with the
same name rather than returning an error.
parent 7427f0b3
Pipeline #38001770 passed with stage
in 1 minute and 11 seconds
......@@ -254,7 +254,8 @@ class Browser extends Base {
return ['error' => 'Filename does not have correct format.'];
}
$path = $this->PublicDirectory($filename);
if (file_exists($path)) {
if ($return !== 'location' && file_exists($path)) {
// Allow overriding files from micropub.
return ['error' => 'A file with that name already exists.'];
}
$name = $match[1];
......
<?php
// Dobrado Content Management System
// Copyright (C) 2018 Malcolm Blaney
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as
// published by the Free Software Foundation, either version 3 of the
// License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
function header_value($headers, $name) {
foreach ($headers as $key => $value) {
if (strtolower($key) === strtolower($name)) return $value;
}
return '';
}
$us_token = '';
$headers = apache_request_headers();
$authorization = header_value($headers, 'Authorization');
if ($authorization !== '') {
// Remove the prefix 'Bearer ' from the Authorization header.
$us_token = substr($authorization, 7);
}
else if (isset($_POST['access_token'])) {
$us_token = urldecode($_POST['access_token']);
}
if ($us_token === '') {
header('HTTP/1.1 401 Unauthorised');
exit;
}
include 'functions/db.php';
$me = '';
$mysqli = connect_db();
$token = $mysqli->escape_string($us_token);
$query = 'SELECT me FROM access_tokens WHERE token = "' . $token . '"';
if ($result = $mysqli->query($query)) {
if ($access_tokens = $result->fetch_assoc()) {
$me = $access_tokens['me'];
}
$result->close();
}
else {
log_db('media_endpoint.php 1: ' . $mysqli->error);
}
$mysqli->close();
if (!preg_match('/^https?:\/\/' . $_SERVER['SERVER_NAME'] . '/', $me)) {
log_db('media_endpoint.php 2: Couldn\'t match ' . $_SERVER['SERVER_NAME'] .
' in: ' . $me);
header('HTTP/1.1 403 Forbidden');
exit;
}
if (!isset($_FILES['file'])) {
log_db('media_endpoint.php 3: File not found.');
header('HTTP/1.1 400 Bad Request');
exit;
}
include 'functions/page_owner.php';
include 'functions/permission.php';
include 'config.php';
include 'module.php';
include 'user.php';
list($page, $owner) = page_owner($me);
$user = new User($owner);
$user->page = $page;
$browser = new Module($user, $owner, 'browser');
if (!$browser->IsInstalled()) {
header('HTTP/1.1 500 Internal Server Error');
log_db('media_endpoint.php 4: Browser module is not installed.');
exit;
}
$result = $browser->Factory('Upload', 'file');
if (isset($result['error'])) {
log_db('media_endpoint.php 5: ' . $result['error']);
header('HTTP/1.1 400 Bad Request');
header('Content-Type: application/json');
echo json_encode(['error' => 'Bad Request',
'error_description' => $result['error']]);
exit;
}
header('HTTP/1.1 201 Created');
header('Location: ' . $result);
......@@ -69,13 +69,8 @@ function photo_html($photo_list) {
return $html . '<br><b>' . $count . ' photos</b></p>';
}
include 'functions/db.php';
$us_token = '';
$headers = apache_request_headers();
$content_type = header_value($headers, 'Content-Type');
$data = $content_type === 'application/json' ?
json_decode(file_get_contents('php://input'), true) : [];
$authorization = header_value($headers, 'Authorization');
if ($authorization !== '') {
// Remove the prefix 'Bearer ' from the Authorization header.
......@@ -89,28 +84,7 @@ if ($us_token === '') {
exit;
}
// TODO: type is not currently used as Post module only supports h-entry.
$type = '';
if ($content_type === 'application/json') {
if (isset($data['type']) &&
in_array($data['type'][0], ['h-entry', 'h-card', 'h-event', 'h-cite'])) {
$type = $data['type'][0];
}
else {
log_db('micropub.php 1: JSON data type not found.');
header('HTTP/1.1 400 Bad Request');
exit;
}
}
else if (isset($_POST['h']) &&
in_array($_POST['h'], ['entry', 'card', 'event', 'cite'])) {
$type = 'h-' . $_POST['h'];
}
else {
log_db('micropub.php 2: POST data type not found.');
header('HTTP/1.1 400 Bad Request');
exit;
}
include 'functions/db.php';
$me = '';
$mysqli = connect_db();
......@@ -146,12 +120,51 @@ include 'config.php';
include 'module.php';
include 'user.php';
// This provides the owner and their home page, because url is from rel=me.
list($page, $owner) = page_owner($me);
$user = new User($owner);
$user->page = $page;
// First check if this is a config request rather than creating a post.
if (isset($_GET['q'])) {
header('Content-Type: application/json');
if ($_GET['q'] === 'config') {
$media_endpoint = $this->user->config->Secure() ? 'https://' : 'http://';
$media_endpoint .= $this->user->config->ServerName();
$media_endpoint .= '/php/media_endpoint.php';
echo json_encode(['media-endpoint' => $media_endpoint]);
}
else {
echo json_encode((object)[]);
}
exit;
}
$content_type = header_value($headers, 'Content-Type');
$data = $content_type === 'application/json' ?
json_decode(file_get_contents('php://input'), true) : [];
// TODO: type is not currently used as Post module only supports h-entry.
$type = '';
if ($content_type === 'application/json') {
if (isset($data['type']) &&
in_array($data['type'][0], ['h-entry', 'h-card', 'h-event', 'h-cite'])) {
$type = $data['type'][0];
}
else {
log_db('micropub.php 1: JSON data type not found.');
header('HTTP/1.1 400 Bad Request');
exit;
}
}
else if (isset($_POST['h']) &&
in_array($_POST['h'], ['entry', 'card', 'event', 'cite'])) {
$type = 'h-' . $_POST['h'];
}
else {
log_db('micropub.php 2: POST data type not found.');
header('HTTP/1.1 400 Bad Request');
exit;
}
$post = new Module($user, $owner, 'post');
if (!$post->IsInstalled()) {
header('HTTP/1.1 500 Internal Server Error');
......@@ -282,7 +295,7 @@ else {
log_db('micropub.php 7: ' . $result['error']);
}
else if (is_string($result)) {
if (!in_array($location, $photo_list)) $photo_list[] = $result;
if (!in_array($result, $photo_list)) $photo_list[] = $result;
}
else {
foreach ($result as $location) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment