all repos — nasg @ 35679e8fd8a81ecaebd4fdbeb184eba8c685d8d5

templates/Micropub.j2.php (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 
<?php

function _syslog($msg) {
    $trace = debug_backtrace();
    $caller = $trace[1];
    $parent = $caller['function'];
    if (isset($caller['class']))
        $parent = $caller['class'] . '::' . $parent;

    return error_log( "{$parent}: {$msg}" );
}

function unauthorized($text) {
    header('HTTP/1.1 401 Unauthorized');
    die($text);
}

function badrequest($text) {
    header('HTTP/1.1 400 Bad Request');
    die($text);
}

function httpok($text) {
    header('HTTP/1.1 200 OK');
    echo($text);
    exit(0);
}

function accepted() {
    header('HTTP/1.1 202 Accepted');
    #header('Location: {{ site.url }}');
    exit(0);
}

if (!empty($_GET)) {
    if ( ! isset($_GET['q']) ) {
        badrequest('please POST a micropub request');
    }

    if ( isset($_GET['q']['config']) ) {
        httpok(json_encode(array('tags' => array())));
    }

    if(isset($_GET['q']['syndicate-to'])) {
        httpok(json_encode(array('syndicate-to' => array())));
    }

    badrequest('please POST a micropub request');
}

$raw = file_get_contents("php://input");
print_r($raw);
try {
    $decoded = json_decode($raw, true);
} catch (Exception $e) {
    _syslog('failed to decode JSON, trying decoding form data');
    try {
        parse_str($raw, $decoded);
    }
    catch (Exception $e) {
        _syslog('failed to decoding form data as well');
        badrequest('invalid POST contents');
    }
}
print_r($decoded);

$token = '';
if ( isset($decoded['access_token']) ) {
    $token = $decoded['access_token'];
    unset($decoded['access_token']);
}
elseif ( isset($_SERVER['HTTP_AUTHORIZATION']) ) {
    $token = trim(str_replace('Bearer', '', $_SERVER['HTTP_AUTHORIZATION']));
}

if (empty($token)) {
    unauthorized('missing token');
}

$request = curl_init();
curl_setopt($request, CURLOPT_URL, 'https://tokens.indieauth.com/token');
curl_setopt($request, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/x-www-form-urlencoded',
    sprintf('Authorization: Bearer %s', $token)
));
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($request);
curl_close($request);
parse_str(urldecode($response), $verification);
if (! isset($verification['scope']) ) {
    unauthorized('missing "scope"');
}
if (! isset($verification['me']) ) {
    unauthorized('missing "me"');
}
if ( ! stristr($verification['me'], '{{ site.url }}') ) {
    unauthorized('wrong domain');
}
if ( ! stristr($verification['scope'], 'create') ) {
    unauthorized('invalid scope');
}

$user = posix_getpwuid(posix_getuid());
$now = time();
$decoded['mtime'] = $now;
$fname = sprintf(
    '%s/%s/%s.json',
    $user['dir'],
    '{{ paths.remotequeue }}',
    microtime(true)
);

file_put_contents($fname, json_encode($decoded, JSON_PRETTY_PRINT));
accepted();