4 files changed, 340 insertions, 0 deletions
diff --git a/mod/apitest/index.php b/mod/apitest/index.php
new file mode 100644
index 000000000..16a7794df
--- /dev/null
+++ b/mod/apitest/index.php
@@ -0,0 +1,68 @@
+<?php
+	require_once("../../engine/start.php");
+	
+	global $CONFIG, $API_CLIENT;
+	
+	
+	// Get some variables
+	$apikey = get_input("apikey");
+	$secret = get_input("secret");
+	$endpoint = get_input("endpoint");
+	
+	
+	if ($_REQUEST['action'] == "configure")
+   		apitest_configure($apikey, $secret, $endpoint);
+   		
+	// Get a list of commands
+	if ($API_CLIENT->configured == true)
+	{
+		$commands = apitest_call(
+	                array (
+	                        'method' => 'system.api.list'
+	                )
+	    );
+	    $commands = $commands->result;
+	}
+
+	/* See if we are executing a method - This is a quick demo, obviously use functions as they are much easier!*/
+	if (isset($_REQUEST['method']))
+	{
+	
+		$command_details = $commands[$_REQUEST['method']];
+		$auth_req = $command_details['require_auth'] == 1 ? true : false;
+		
+		$params = array();
+		$params['method'] = $_REQUEST['method'];
+		if ($auth_req) 
+			$params['auth_token'] = $_REQUEST['auth_token'];
+		
+		foreach ($command_details['parameters'] as $k => $v)
+		{
+			$params[$k] = $_REQUEST[$k];
+		}
+		
+		$result = apitest_call($params, $_REQUEST['post_data']);
+		
+		
+		if ($result->status == 0)
+			system_message("<div id=\"result\"><pre>".print_r($result->result, true)."</pre></div>");
+		else 
+			register_error($result->message);
+					
+		if (!is_object($result)) echo $LAST_CALL_RAW;
+		
+		
+		
+	}
+
+	// Draw command form
+	$list = "";
+	foreach ($commands as $command => $details)
+		$list .= apitest_draw_command_form($command, $details);
+		
+	$body = elgg_view("apitest/main", array(
+		"config" => apitest_draw_config_panel(),
+		"commandlist" => $list
+	));
+	page_draw("API Commands",$body);
+?>
+\ No newline at end of file
diff --git a/mod/apitest/start.php b/mod/apitest/start.php
new file mode 100644
index 000000000..f197b3e78
--- /dev/null
+++ b/mod/apitest/start.php
@@ -0,0 +1,242 @@
+<?php
+
+	$API_CLIENT = new stdClass;
+	
+	// Status variables we can query later
+	$LAST_CALL = null; 
+	$LAST_CALL_RAW = "";
+	$LAST_ERROR = null;
+	
+
+	function apitest_init($event, $object_type, $object = null) {
+		
+		global $CONFIG;
+			
+		add_menu("API Test",$CONFIG->wwwroot . "mod/apitest/",array(
+				menu_item("The API Tester plugin",$CONFIG->wwwroot."mod/apitest/"),
+		));
+	}
+	
+	/**
+	 * Generate our HMAC.
+	 */
+	function apitest_calculate_hmac($algo, $time, $api_key, $secret_key, $get_variables, $post_hash = "")
+	{
+		$ctx = hash_init($algo, HASH_HMAC, $secret_key);
+
+		hash_update($ctx, trim($time));
+		hash_update($ctx, trim($api_key));
+		hash_update($ctx, trim($get_variables));
+		if (trim($post_hash)!="") hash_update($ctx, trim($post_hash));
+
+		return hash_final($ctx);
+	}
+
+	/**
+	 * Generate our POST hash.
+	 */
+	function apitest_calculate_posthash($postdata, $algo)
+	{
+		$ctx = hash_init($algo);
+
+		hash_update($ctx, $postdata);
+
+		return hash_final($ctx);
+	}
+
+	/**
+	 * Serialise HTTP headers.
+	 */
+	function apitest_serialise_headers(array $headers)
+	{
+		$headers_str = "";
+
+		foreach ($headers as $k => $v)
+			$headers_str .= trim($k) . ": " . trim($v) . "\r\n";
+
+		return trim($headers_str);		
+	}
+
+	/**
+	 * Make a raw call.
+	 * @param array $method Method call parameters.
+	 * @param string $postdata Optional POST data.
+	 * @param string $content_type The content type.
+	 * @return stdClass 
+	 */
+	function apitest_call(array $method, $postdata = "", $content_type = 'application/octet-stream')
+	{
+		// Get the config
+		global $API_CLIENT, $LAST_CALL, $LAST_CALL_RAW, $LAST_ERROR; 
+
+		$headers = array();
+		$encoded_params = array();
+
+		$time = microtime(true); // Get the current time in microseconds
+		$request = ($postdata!="" ? "POST" : "GET"); // Get the request method, either post or get
+		
+		// Hard code the format - we're using PHP, so lets use PHP serialisation.
+		$method['format'] = "php";
+
+		// URL encode all the parameters
+		foreach ($method as $k => $v){
+			if (is_array($v))
+			{
+				foreach ($v as $v2)
+				{
+					 $encoded_params[] = urlencode($k).'[]='.urlencode($v2);
+				}
+			}
+			else
+				$encoded_params[] = urlencode($k).'='.urlencode($v);
+		}
+
+		$params = implode('&', $encoded_params);
+		
+		// Put together the query string
+		$url = $API_CLIENT->api_endpoint."?". $params;
+
+		// Construct headers
+		$posthash = "";
+		if ($request=='POST')
+		{		
+			$posthash = apitest_calculate_posthash($postdata, $API_CLIENT->postdata_hash_algo);
+
+			$headers['X-Elgg-posthash'] = $posthash;
+			$headers['X-Elgg-posthash-algo'] = $API_CLIENT->postdata_hash_algo;
+			$headers['Content-type'] = $content_type;
+			$headers['Content-Length'] = strlen($postdata);
+		}
+
+		$headers['X-Elgg-apikey'] = $API_CLIENT->api_key;
+		$headers['X-Elgg-time'] = $time;
+		$headers['X-Elgg-hmac-algo'] = $API_CLIENT->hmac_algo;
+		$headers['X-Elgg-hmac'] = apitest_calculate_hmac($API_CLIENT->hmac_algo, 
+									$time,
+									$API_CLIENT->api_key,
+									$API_CLIENT->secret,
+									$params,
+									$posthash
+		);
+
+		// Configure stream options
+		$opts = array(
+  			'http'=>array(
+    				'method'=> $request,
+    				'header'=> apitest_serialise_headers($headers)
+			)
+		);
+
+		// If this is a post request then set the content
+		if ($request=='POST')
+			$opts['http']['content'] = $postdata; 
+
+		// Set stream options
+		$context = stream_context_create($opts);
+
+		// Send the query and get the result and decode.
+		$LAST_CALL_RAW = file_get_contents($url, false, $context);
+		$LAST_CALL = unserialize($LAST_CALL_RAW);
+		
+		if (($LAST_CALL) && ($LAST_CALL->status!=0)) // Check to see if this was an error
+			$LAST_ERROR = $LAST_CALL;
+		
+		return $LAST_CALL; // Return a stdClass containing the API result
+	}
+	
+	function apitest_configure($apikey, $secret, $endpoint = "")
+	{
+		global $CONFIG;
+		global $API_CLIENT;
+		
+		$apikey = sanitise_string($apikey);
+		$secret = sanitise_string($secret);
+		$endpoint = sanitise_string($endpoint);
+		
+		if ($endpoint=="")
+			$endpoint = $CONFIG->wwwroot . "endpoints/rest.php";
+			
+		$API_CLIENT->api_key = $apikey;
+		$API_CLIENT->secret = $secret;
+		$API_CLIENT->api_endpoint = $endpoint;
+		$API_CLIENT->hmac_algo = 'sha1';
+		$API_CLIENT->postdata_hash_algo = 'md5';
+		$API_CLIENT->configured = true;
+	}
+	
+	function apitest_draw_command_form($command, $details)
+	{
+		global $API_CLIENT;
+		
+		$params = array();
+		
+		// If authentication is required then ensure this is prompted for
+		if ($details->require_auth == true)
+			$params['auth_token'] = $_REQUEST['auth_token'];
+					
+		
+		// Compile a list of parameters
+		foreach ($details['parameters'] as $k => $v)
+		{
+			$params[$k] = $_REQUEST[$k];
+		}
+		
+		// Construct list of variables
+		$variables = "";
+		foreach ($params as $k => $v)
+		{
+			$variables .= $k;
+			$variables .= "<input type='text' name='$k' value='$v' />";
+			
+			if (isset($details['parameters'][$k]['required']) && ($details['parameters'][$k]['required']!=0))
+				$variables .= " (optional)";
+							
+			$variables .= ", ";
+		}
+		
+		// Do we need to provide post data?
+		$postdata = "";
+		if ($details->call_method == 'POST')
+			$postdata = "<span onClick=\"showhide('$command')\"><a href=\"#\">add post data...</a></span>";
+				
+		$body = <<< END
+			<form method='post'>
+				<p>
+					<input type="hidden" name="action" value="configure" />
+					<input type="hidden" name="apikey" value="{$API_CLIENT->api_key}" /></p>
+					<input type="hidden" name="secret" value="{$API_CLIENT->secret}" /></p>
+					<input type="hidden" name="endpoint" value="{$API_CLIENT->api_endpoint}" /></p>
+
+					<input type='hidden' name='method' value='$command' />
+					<b>$command (<span onClick="showhide('{$command}_desc')"><a href="#">desc</a></span>):</b>
+					
+					$variables
+
+					$postdata
+					
+					<input type='submit' name='>>' value='>>' />
+					<div id="{$command}_desc" style="display:none">{$details['description']}</div>
+					<div id="$command" style="display:none"><textarea name="post_data" cols="50" rows="10"></textarea></div>
+
+				</p>
+			</form>
+END;
+
+		return $body;
+	}
+	
+	
+	function apitest_draw_config_panel()
+	{	
+		global $API_CLIENT;
+		
+		return elgg_view("apitest/configform", array(
+			"apikey" => $API_CLIENT->api_key,
+			"secret" => $API_CLIENT->secret,
+			"endpoint" => $API_CLIENT->api_endpoint
+		));
+	}
+	
+	// Make sure test_init is called on initialisation
+	register_event_handler('init','system','apitest_init');
+?>
+\ No newline at end of file
diff --git a/mod/apitest/views/default/apitest/configform.php b/mod/apitest/views/default/apitest/configform.php
new file mode 100644
index 000000000..c637ae7b6
--- /dev/null
+++ b/mod/apitest/views/default/apitest/configform.php
@@ -0,0 +1,7 @@
+<form method="post">
+	<input type="hidden" name="action" value="configure" />
+	<p>API Key: <input type="text" name="apikey" value="<?php echo $vars['apikey'];?>" /></p>
+	<p>Secret Key: <input type="password" name="secret" value="<?php echo $vars['secret'];?>" /></p>
+	<p>Endpoint: <input type="text" name="endpoint" value="<?php echo $vars['endpoint'];?>" /></p>
+	<input type="submit" name="submit" value="Set.." />
+</form>
+\ No newline at end of file
diff --git a/mod/apitest/views/default/apitest/main.php b/mod/apitest/views/default/apitest/main.php
new file mode 100644
index 000000000..dfdbd482b
--- /dev/null
+++ b/mod/apitest/views/default/apitest/main.php
@@ -0,0 +1,23 @@
+<script type="text/javascript" language="javascript">
+<!--
+function showhide(oid)
+{
+	var e = document.getElementById(oid);
+	if(e.style.display == 'none') {
+		e.style.display = 'block';
+	} else {
+		e.style.display = 'none';
+	}
+}
+// -->
+</script>
+
+<div id="config">
+		<?php echo $vars['config']; ?>
+</div>
+
+<hr />
+
+<div id="list">
+	<?php echo $vars['commandlist']; ?>
+</div>
+\ No newline at end of file