all repos — nasg @ 79af56af9b253601d87f6b8c3c6c18643a004e1f

templates/Micropub.j2.php (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 
<?php

function _syslog($msg) {
    $trace = debug_backtrace();
    $caller = $trace[1];
    $parent = $caller['function'];
    if (isset($caller['class'])) {
        $parent = $caller['class'] . '::' . $parent;
    }
    return error_log( "{$parent}: {$msg}" );
}

function notimplemented() {
    header('HTTP/1.1 501 Not Implemented');
    die("This functionality is yet to be implemented");
}

function unauthorized($text) {
    header('HTTP/1.1 401 Unauthorized');
    _syslog("unauth:" . $text);
    die($text);
}

function badrequest($text) {
    header('HTTP/1.1 400 Bad Request');
    _syslog("badreq:" . $text);
    die($text);
}

function remoteerror($text) {
    header('HTTP/1.1 421 Misdirected Request');
    _syslog("remote_err:" . $text);
    die($text);
}

function httpok($text) {
    header('HTTP/1.1 200 OK');
    _syslog("ok:" . $text);
    echo($text);
    exit(0);
}

function accepted() {
    header('HTTP/1.1 202 Accepted');
    _syslog("accepted:");
    exit(0);
}

function verify_token($token) {
    $request = curl_init();
    curl_setopt($request, CURLOPT_URL, 'https://tokens.indieauth.com/token');
    curl_setopt($request, CURLOPT_HTTPHEADER, array(
        'Content-Type: application/x-www-form-urlencoded',
        "Authorization: Bearer {$token}"
    ));
    curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
    $response = curl_exec($request);
    curl_close($request);
    parse_str(urldecode($response), $verification);

    if (! isset($verification['scope']) ) {
        unauthorized('missing "scope"');
    }
    if (! isset($verification['me']) ) {
        unauthorized('missing "me"');
    }
    if ( ! stristr($verification['me'], '{{ site.name }}') ) {
        unauthorized('wrong domain');
    }
}

function save_to_wallabag($url) {
    $wallabag_url = "{{ wallabag["url"] }}";
    $data = array(
        "client_id" => "{{ wallabag["client_id"] }}",
        "client_secret" => "{{ wallabag["client_secret"] }}",
        "username" => "{{ wallabag["username"] }}",
        "password" => "{{ wallabag["password"] }}",
        "grant_type" => "password"
    );

    $request = curl_init();
    curl_setopt($request, CURLOPT_URL, "{$wallabag_url}/oauth/v2/token");
    curl_setopt($request, CURLOPT_POST, 1);
    curl_setopt($request, CURLOPT_POSTFIELDS,http_build_query($data));
    curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
    $response = curl_exec($request);
    curl_close($request);

    try {
        $wallabag_token = json_decode($response, true);
    } catch (Exception $e) {
        remoteerror("failed to parse response from wallabag: " . $response);
    }

    if (! isset($wallabag_token['access_token']) ) {
        remoteerror("failed to obtain access token from wallabag: " . $response);
    }

    $data = array(
        "url" => $url,
        "archive" => 1
    );
    $headers = array(
        'Content-Type: application/x-www-form-urlencoded',
        "Authorization: Bearer ". $wallabag_token["access_token"]
    );
    $request = curl_init();
    curl_setopt($request, CURLOPT_URL, "{$wallabag_url}/api/entries");
    curl_setopt($request, CURLOPT_POST, 1);
    curl_setopt($request, CURLOPT_POSTFIELDS,http_build_query($data));
    curl_setopt($request, CURLOPT_HTTPHEADER, $headers);
    curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
    $response = curl_exec($request);
    curl_close($request);
    try {
        $is_saved = json_decode($response, true);
        accepted();
    } catch (Exception $e) {
        remoteerror("failed to parse response to save from wallabag: " . $response);
    }
}

if (!empty($_GET)) {
    if ( ! isset($_GET['q']) ) {
        badrequest('please POST a micropub request');
    }
    if ( isset($_GET['q']['config']) ) {
        httpok(json_encode(array('tags' => array())));
    }
    if(isset($_GET['q']['syndicate-to'])) {
        httpok(json_encode(array('syndicate-to' => array())));
    }
    badrequest('please POST a micropub request');
}


$raw = file_get_contents("php://input");
try {
    $decoded = json_decode($raw, true);
} catch (Exception $e) {
    _syslog('failed to decode JSON, trying decoding form data');
    try {
        parse_str($raw, $decoded);
    }
    catch (Exception $e) {
        _syslog('failed to decoding form data as well');
        badrequest('invalid POST contents');
    }
}

$token = '';
if (isset($decoded['access_token'])) {
    $token = $decoded['access_token'];
    unset($decoded['access_token']);
}
elseif (isset($_SERVER['HTTP_AUTHORIZATION'])) {
    $token = trim(str_replace('Bearer', '', $_SERVER['HTTP_AUTHORIZATION']));
}

if (empty($token)) {
    unauthorized('missing token');
}
else {
    verify_token($token);
}

$source_url = '';
if(isset($decoded["properties"]) && isset($decoded["properties"]["like-of"])) {
    $source_url = $decoded["properties"]["like-of"];
}
elseif(isset($decoded["like-of"])) {
    $source_url = $decoded["like-of"];
}

/* deal with like: forward it to wallabag */
if(!empty($source_url)) {
    save_to_wallabag($source_url);
}

notimplemented();