diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/apitest/index.php | 68 | ||||
-rw-r--r-- | mod/apitest/start.php | 242 | ||||
-rw-r--r-- | mod/apitest/views/default/apitest/configform.php | 7 | ||||
-rw-r--r-- | mod/apitest/views/default/apitest/main.php | 23 |
4 files changed, 340 insertions, 0 deletions
diff --git a/mod/apitest/index.php b/mod/apitest/index.php new file mode 100644 index 000000000..16a7794df --- /dev/null +++ b/mod/apitest/index.php @@ -0,0 +1,68 @@ +<?php + require_once("../../engine/start.php"); + + global $CONFIG, $API_CLIENT; + + + // Get some variables + $apikey = get_input("apikey"); + $secret = get_input("secret"); + $endpoint = get_input("endpoint"); + + + if ($_REQUEST['action'] == "configure") + apitest_configure($apikey, $secret, $endpoint); + + // Get a list of commands + if ($API_CLIENT->configured == true) + { + $commands = apitest_call( + array ( + 'method' => 'system.api.list' + ) + ); + $commands = $commands->result; + } + + /* See if we are executing a method - This is a quick demo, obviously use functions as they are much easier!*/ + if (isset($_REQUEST['method'])) + { + + $command_details = $commands[$_REQUEST['method']]; + $auth_req = $command_details['require_auth'] == 1 ? true : false; + + $params = array(); + $params['method'] = $_REQUEST['method']; + if ($auth_req) + $params['auth_token'] = $_REQUEST['auth_token']; + + foreach ($command_details['parameters'] as $k => $v) + { + $params[$k] = $_REQUEST[$k]; + } + + $result = apitest_call($params, $_REQUEST['post_data']); + + + if ($result->status == 0) + system_message("<div id=\"result\"><pre>".print_r($result->result, true)."</pre></div>"); + else + register_error($result->message); + + if (!is_object($result)) echo $LAST_CALL_RAW; + + + + } + + // Draw command form + $list = ""; + foreach ($commands as $command => $details) + $list .= apitest_draw_command_form($command, $details); + + $body = elgg_view("apitest/main", array( + "config" => apitest_draw_config_panel(), + "commandlist" => $list + )); + page_draw("API Commands",$body); +?>
\ No newline at end of file diff --git a/mod/apitest/start.php b/mod/apitest/start.php new file mode 100644 index 000000000..f197b3e78 --- /dev/null +++ b/mod/apitest/start.php @@ -0,0 +1,242 @@ +<?php + + $API_CLIENT = new stdClass; + + // Status variables we can query later + $LAST_CALL = null; + $LAST_CALL_RAW = ""; + $LAST_ERROR = null; + + + function apitest_init($event, $object_type, $object = null) { + + global $CONFIG; + + add_menu("API Test",$CONFIG->wwwroot . "mod/apitest/",array( + menu_item("The API Tester plugin",$CONFIG->wwwroot."mod/apitest/"), + )); + } + + /** + * Generate our HMAC. + */ + function apitest_calculate_hmac($algo, $time, $api_key, $secret_key, $get_variables, $post_hash = "") + { + $ctx = hash_init($algo, HASH_HMAC, $secret_key); + + hash_update($ctx, trim($time)); + hash_update($ctx, trim($api_key)); + hash_update($ctx, trim($get_variables)); + if (trim($post_hash)!="") hash_update($ctx, trim($post_hash)); + + return hash_final($ctx); + } + + /** + * Generate our POST hash. + */ + function apitest_calculate_posthash($postdata, $algo) + { + $ctx = hash_init($algo); + + hash_update($ctx, $postdata); + + return hash_final($ctx); + } + + /** + * Serialise HTTP headers. + */ + function apitest_serialise_headers(array $headers) + { + $headers_str = ""; + + foreach ($headers as $k => $v) + $headers_str .= trim($k) . ": " . trim($v) . "\r\n"; + + return trim($headers_str); + } + + /** + * Make a raw call. + * @param array $method Method call parameters. + * @param string $postdata Optional POST data. + * @param string $content_type The content type. + * @return stdClass + */ + function apitest_call(array $method, $postdata = "", $content_type = 'application/octet-stream') + { + // Get the config + global $API_CLIENT, $LAST_CALL, $LAST_CALL_RAW, $LAST_ERROR; + + $headers = array(); + $encoded_params = array(); + + $time = microtime(true); // Get the current time in microseconds + $request = ($postdata!="" ? "POST" : "GET"); // Get the request method, either post or get + + // Hard code the format - we're using PHP, so lets use PHP serialisation. + $method['format'] = "php"; + + // URL encode all the parameters + foreach ($method as $k => $v){ + if (is_array($v)) + { + foreach ($v as $v2) + { + $encoded_params[] = urlencode($k).'[]='.urlencode($v2); + } + } + else + $encoded_params[] = urlencode($k).'='.urlencode($v); + } + + $params = implode('&', $encoded_params); + + // Put together the query string + $url = $API_CLIENT->api_endpoint."?". $params; + + // Construct headers + $posthash = ""; + if ($request=='POST') + { + $posthash = apitest_calculate_posthash($postdata, $API_CLIENT->postdata_hash_algo); + + $headers['X-Elgg-posthash'] = $posthash; + $headers['X-Elgg-posthash-algo'] = $API_CLIENT->postdata_hash_algo; + $headers['Content-type'] = $content_type; + $headers['Content-Length'] = strlen($postdata); + } + + $headers['X-Elgg-apikey'] = $API_CLIENT->api_key; + $headers['X-Elgg-time'] = $time; + $headers['X-Elgg-hmac-algo'] = $API_CLIENT->hmac_algo; + $headers['X-Elgg-hmac'] = apitest_calculate_hmac($API_CLIENT->hmac_algo, + $time, + $API_CLIENT->api_key, + $API_CLIENT->secret, + $params, + $posthash + ); + + // Configure stream options + $opts = array( + 'http'=>array( + 'method'=> $request, + 'header'=> apitest_serialise_headers($headers) + ) + ); + + // If this is a post request then set the content + if ($request=='POST') + $opts['http']['content'] = $postdata; + + // Set stream options + $context = stream_context_create($opts); + + // Send the query and get the result and decode. + $LAST_CALL_RAW = file_get_contents($url, false, $context); + $LAST_CALL = unserialize($LAST_CALL_RAW); + + if (($LAST_CALL) && ($LAST_CALL->status!=0)) // Check to see if this was an error + $LAST_ERROR = $LAST_CALL; + + return $LAST_CALL; // Return a stdClass containing the API result + } + + function apitest_configure($apikey, $secret, $endpoint = "") + { + global $CONFIG; + global $API_CLIENT; + + $apikey = sanitise_string($apikey); + $secret = sanitise_string($secret); + $endpoint = sanitise_string($endpoint); + + if ($endpoint=="") + $endpoint = $CONFIG->wwwroot . "endpoints/rest.php"; + + $API_CLIENT->api_key = $apikey; + $API_CLIENT->secret = $secret; + $API_CLIENT->api_endpoint = $endpoint; + $API_CLIENT->hmac_algo = 'sha1'; + $API_CLIENT->postdata_hash_algo = 'md5'; + $API_CLIENT->configured = true; + } + + function apitest_draw_command_form($command, $details) + { + global $API_CLIENT; + + $params = array(); + + // If authentication is required then ensure this is prompted for + if ($details->require_auth == true) + $params['auth_token'] = $_REQUEST['auth_token']; + + + // Compile a list of parameters + foreach ($details['parameters'] as $k => $v) + { + $params[$k] = $_REQUEST[$k]; + } + + // Construct list of variables + $variables = ""; + foreach ($params as $k => $v) + { + $variables .= $k; + $variables .= "<input type='text' name='$k' value='$v' />"; + + if (isset($details['parameters'][$k]['required']) && ($details['parameters'][$k]['required']!=0)) + $variables .= " (optional)"; + + $variables .= ", "; + } + + // Do we need to provide post data? + $postdata = ""; + if ($details->call_method == 'POST') + $postdata = "<span onClick=\"showhide('$command')\"><a href=\"#\">add post data...</a></span>"; + + $body = <<< END + <form method='post'> + <p> + <input type="hidden" name="action" value="configure" /> + <input type="hidden" name="apikey" value="{$API_CLIENT->api_key}" /></p> + <input type="hidden" name="secret" value="{$API_CLIENT->secret}" /></p> + <input type="hidden" name="endpoint" value="{$API_CLIENT->api_endpoint}" /></p> + + <input type='hidden' name='method' value='$command' /> + <b>$command (<span onClick="showhide('{$command}_desc')"><a href="#">desc</a></span>):</b> + + $variables + + $postdata + + <input type='submit' name='>>' value='>>' /> + <div id="{$command}_desc" style="display:none">{$details['description']}</div> + <div id="$command" style="display:none"><textarea name="post_data" cols="50" rows="10"></textarea></div> + + </p> + </form> +END; + + return $body; + } + + + function apitest_draw_config_panel() + { + global $API_CLIENT; + + return elgg_view("apitest/configform", array( + "apikey" => $API_CLIENT->api_key, + "secret" => $API_CLIENT->secret, + "endpoint" => $API_CLIENT->api_endpoint + )); + } + + // Make sure test_init is called on initialisation + register_event_handler('init','system','apitest_init'); +?>
\ No newline at end of file diff --git a/mod/apitest/views/default/apitest/configform.php b/mod/apitest/views/default/apitest/configform.php new file mode 100644 index 000000000..c637ae7b6 --- /dev/null +++ b/mod/apitest/views/default/apitest/configform.php @@ -0,0 +1,7 @@ +<form method="post"> + <input type="hidden" name="action" value="configure" /> + <p>API Key: <input type="text" name="apikey" value="<?php echo $vars['apikey'];?>" /></p> + <p>Secret Key: <input type="password" name="secret" value="<?php echo $vars['secret'];?>" /></p> + <p>Endpoint: <input type="text" name="endpoint" value="<?php echo $vars['endpoint'];?>" /></p> + <input type="submit" name="submit" value="Set.." /> +</form>
\ No newline at end of file diff --git a/mod/apitest/views/default/apitest/main.php b/mod/apitest/views/default/apitest/main.php new file mode 100644 index 000000000..dfdbd482b --- /dev/null +++ b/mod/apitest/views/default/apitest/main.php @@ -0,0 +1,23 @@ +<script type="text/javascript" language="javascript"> +<!-- +function showhide(oid) +{ + var e = document.getElementById(oid); + if(e.style.display == 'none') { + e.style.display = 'block'; + } else { + e.style.display = 'none'; + } +} +// --> +</script> + +<div id="config"> + <?php echo $vars['config']; ?> +</div> + +<hr /> + +<div id="list"> + <?php echo $vars['commandlist']; ?> +</div>
\ No newline at end of file |