aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/apitest/index.php68
-rw-r--r--mod/apitest/start.php242
-rw-r--r--mod/apitest/views/default/apitest/configform.php7
-rw-r--r--mod/apitest/views/default/apitest/main.php23
4 files changed, 340 insertions, 0 deletions
diff --git a/mod/apitest/index.php b/mod/apitest/index.php
new file mode 100644
index 000000000..16a7794df
--- /dev/null
+++ b/mod/apitest/index.php
@@ -0,0 +1,68 @@
+<?php
+ require_once("../../engine/start.php");
+
+ global $CONFIG, $API_CLIENT;
+
+
+ // Get some variables
+ $apikey = get_input("apikey");
+ $secret = get_input("secret");
+ $endpoint = get_input("endpoint");
+
+
+ if ($_REQUEST['action'] == "configure")
+ apitest_configure($apikey, $secret, $endpoint);
+
+ // Get a list of commands
+ if ($API_CLIENT->configured == true)
+ {
+ $commands = apitest_call(
+ array (
+ 'method' => 'system.api.list'
+ )
+ );
+ $commands = $commands->result;
+ }
+
+ /* See if we are executing a method - This is a quick demo, obviously use functions as they are much easier!*/
+ if (isset($_REQUEST['method']))
+ {
+
+ $command_details = $commands[$_REQUEST['method']];
+ $auth_req = $command_details['require_auth'] == 1 ? true : false;
+
+ $params = array();
+ $params['method'] = $_REQUEST['method'];
+ if ($auth_req)
+ $params['auth_token'] = $_REQUEST['auth_token'];
+
+ foreach ($command_details['parameters'] as $k => $v)
+ {
+ $params[$k] = $_REQUEST[$k];
+ }
+
+ $result = apitest_call($params, $_REQUEST['post_data']);
+
+
+ if ($result->status == 0)
+ system_message("<div id=\"result\"><pre>".print_r($result->result, true)."</pre></div>");
+ else
+ register_error($result->message);
+
+ if (!is_object($result)) echo $LAST_CALL_RAW;
+
+
+
+ }
+
+ // Draw command form
+ $list = "";
+ foreach ($commands as $command => $details)
+ $list .= apitest_draw_command_form($command, $details);
+
+ $body = elgg_view("apitest/main", array(
+ "config" => apitest_draw_config_panel(),
+ "commandlist" => $list
+ ));
+ page_draw("API Commands",$body);
+?> \ No newline at end of file
diff --git a/mod/apitest/start.php b/mod/apitest/start.php
new file mode 100644
index 000000000..f197b3e78
--- /dev/null
+++ b/mod/apitest/start.php
@@ -0,0 +1,242 @@
+<?php
+
+ $API_CLIENT = new stdClass;
+
+ // Status variables we can query later
+ $LAST_CALL = null;
+ $LAST_CALL_RAW = "";
+ $LAST_ERROR = null;
+
+
+ function apitest_init($event, $object_type, $object = null) {
+
+ global $CONFIG;
+
+ add_menu("API Test",$CONFIG->wwwroot . "mod/apitest/",array(
+ menu_item("The API Tester plugin",$CONFIG->wwwroot."mod/apitest/"),
+ ));
+ }
+
+ /**
+ * Generate our HMAC.
+ */
+ function apitest_calculate_hmac($algo, $time, $api_key, $secret_key, $get_variables, $post_hash = "")
+ {
+ $ctx = hash_init($algo, HASH_HMAC, $secret_key);
+
+ hash_update($ctx, trim($time));
+ hash_update($ctx, trim($api_key));
+ hash_update($ctx, trim($get_variables));
+ if (trim($post_hash)!="") hash_update($ctx, trim($post_hash));
+
+ return hash_final($ctx);
+ }
+
+ /**
+ * Generate our POST hash.
+ */
+ function apitest_calculate_posthash($postdata, $algo)
+ {
+ $ctx = hash_init($algo);
+
+ hash_update($ctx, $postdata);
+
+ return hash_final($ctx);
+ }
+
+ /**
+ * Serialise HTTP headers.
+ */
+ function apitest_serialise_headers(array $headers)
+ {
+ $headers_str = "";
+
+ foreach ($headers as $k => $v)
+ $headers_str .= trim($k) . ": " . trim($v) . "\r\n";
+
+ return trim($headers_str);
+ }
+
+ /**
+ * Make a raw call.
+ * @param array $method Method call parameters.
+ * @param string $postdata Optional POST data.
+ * @param string $content_type The content type.
+ * @return stdClass
+ */
+ function apitest_call(array $method, $postdata = "", $content_type = 'application/octet-stream')
+ {
+ // Get the config
+ global $API_CLIENT, $LAST_CALL, $LAST_CALL_RAW, $LAST_ERROR;
+
+ $headers = array();
+ $encoded_params = array();
+
+ $time = microtime(true); // Get the current time in microseconds
+ $request = ($postdata!="" ? "POST" : "GET"); // Get the request method, either post or get
+
+ // Hard code the format - we're using PHP, so lets use PHP serialisation.
+ $method['format'] = "php";
+
+ // URL encode all the parameters
+ foreach ($method as $k => $v){
+ if (is_array($v))
+ {
+ foreach ($v as $v2)
+ {
+ $encoded_params[] = urlencode($k).'[]='.urlencode($v2);
+ }
+ }
+ else
+ $encoded_params[] = urlencode($k).'='.urlencode($v);
+ }
+
+ $params = implode('&', $encoded_params);
+
+ // Put together the query string
+ $url = $API_CLIENT->api_endpoint."?". $params;
+
+ // Construct headers
+ $posthash = "";
+ if ($request=='POST')
+ {
+ $posthash = apitest_calculate_posthash($postdata, $API_CLIENT->postdata_hash_algo);
+
+ $headers['X-Elgg-posthash'] = $posthash;
+ $headers['X-Elgg-posthash-algo'] = $API_CLIENT->postdata_hash_algo;
+ $headers['Content-type'] = $content_type;
+ $headers['Content-Length'] = strlen($postdata);
+ }
+
+ $headers['X-Elgg-apikey'] = $API_CLIENT->api_key;
+ $headers['X-Elgg-time'] = $time;
+ $headers['X-Elgg-hmac-algo'] = $API_CLIENT->hmac_algo;
+ $headers['X-Elgg-hmac'] = apitest_calculate_hmac($API_CLIENT->hmac_algo,
+ $time,
+ $API_CLIENT->api_key,
+ $API_CLIENT->secret,
+ $params,
+ $posthash
+ );
+
+ // Configure stream options
+ $opts = array(
+ 'http'=>array(
+ 'method'=> $request,
+ 'header'=> apitest_serialise_headers($headers)
+ )
+ );
+
+ // If this is a post request then set the content
+ if ($request=='POST')
+ $opts['http']['content'] = $postdata;
+
+ // Set stream options
+ $context = stream_context_create($opts);
+
+ // Send the query and get the result and decode.
+ $LAST_CALL_RAW = file_get_contents($url, false, $context);
+ $LAST_CALL = unserialize($LAST_CALL_RAW);
+
+ if (($LAST_CALL) && ($LAST_CALL->status!=0)) // Check to see if this was an error
+ $LAST_ERROR = $LAST_CALL;
+
+ return $LAST_CALL; // Return a stdClass containing the API result
+ }
+
+ function apitest_configure($apikey, $secret, $endpoint = "")
+ {
+ global $CONFIG;
+ global $API_CLIENT;
+
+ $apikey = sanitise_string($apikey);
+ $secret = sanitise_string($secret);
+ $endpoint = sanitise_string($endpoint);
+
+ if ($endpoint=="")
+ $endpoint = $CONFIG->wwwroot . "endpoints/rest.php";
+
+ $API_CLIENT->api_key = $apikey;
+ $API_CLIENT->secret = $secret;
+ $API_CLIENT->api_endpoint = $endpoint;
+ $API_CLIENT->hmac_algo = 'sha1';
+ $API_CLIENT->postdata_hash_algo = 'md5';
+ $API_CLIENT->configured = true;
+ }
+
+ function apitest_draw_command_form($command, $details)
+ {
+ global $API_CLIENT;
+
+ $params = array();
+
+ // If authentication is required then ensure this is prompted for
+ if ($details->require_auth == true)
+ $params['auth_token'] = $_REQUEST['auth_token'];
+
+
+ // Compile a list of parameters
+ foreach ($details['parameters'] as $k => $v)
+ {
+ $params[$k] = $_REQUEST[$k];
+ }
+
+ // Construct list of variables
+ $variables = "";
+ foreach ($params as $k => $v)
+ {
+ $variables .= $k;
+ $variables .= "<input type='text' name='$k' value='$v' />";
+
+ if (isset($details['parameters'][$k]['required']) && ($details['parameters'][$k]['required']!=0))
+ $variables .= " (optional)";
+
+ $variables .= ", ";
+ }
+
+ // Do we need to provide post data?
+ $postdata = "";
+ if ($details->call_method == 'POST')
+ $postdata = "<span onClick=\"showhide('$command')\"><a href=\"#\">add post data...</a></span>";
+
+ $body = <<< END
+ <form method='post'>
+ <p>
+ <input type="hidden" name="action" value="configure" />
+ <input type="hidden" name="apikey" value="{$API_CLIENT->api_key}" /></p>
+ <input type="hidden" name="secret" value="{$API_CLIENT->secret}" /></p>
+ <input type="hidden" name="endpoint" value="{$API_CLIENT->api_endpoint}" /></p>
+
+ <input type='hidden' name='method' value='$command' />
+ <b>$command (<span onClick="showhide('{$command}_desc')"><a href="#">desc</a></span>):</b>
+
+ $variables
+
+ $postdata
+
+ <input type='submit' name='>>' value='>>' />
+ <div id="{$command}_desc" style="display:none">{$details['description']}</div>
+ <div id="$command" style="display:none"><textarea name="post_data" cols="50" rows="10"></textarea></div>
+
+ </p>
+ </form>
+END;
+
+ return $body;
+ }
+
+
+ function apitest_draw_config_panel()
+ {
+ global $API_CLIENT;
+
+ return elgg_view("apitest/configform", array(
+ "apikey" => $API_CLIENT->api_key,
+ "secret" => $API_CLIENT->secret,
+ "endpoint" => $API_CLIENT->api_endpoint
+ ));
+ }
+
+ // Make sure test_init is called on initialisation
+ register_event_handler('init','system','apitest_init');
+?> \ No newline at end of file
diff --git a/mod/apitest/views/default/apitest/configform.php b/mod/apitest/views/default/apitest/configform.php
new file mode 100644
index 000000000..c637ae7b6
--- /dev/null
+++ b/mod/apitest/views/default/apitest/configform.php
@@ -0,0 +1,7 @@
+<form method="post">
+ <input type="hidden" name="action" value="configure" />
+ <p>API Key: <input type="text" name="apikey" value="<?php echo $vars['apikey'];?>" /></p>
+ <p>Secret Key: <input type="password" name="secret" value="<?php echo $vars['secret'];?>" /></p>
+ <p>Endpoint: <input type="text" name="endpoint" value="<?php echo $vars['endpoint'];?>" /></p>
+ <input type="submit" name="submit" value="Set.." />
+</form> \ No newline at end of file
diff --git a/mod/apitest/views/default/apitest/main.php b/mod/apitest/views/default/apitest/main.php
new file mode 100644
index 000000000..dfdbd482b
--- /dev/null
+++ b/mod/apitest/views/default/apitest/main.php
@@ -0,0 +1,23 @@
+<script type="text/javascript" language="javascript">
+<!--
+function showhide(oid)
+{
+ var e = document.getElementById(oid);
+ if(e.style.display == 'none') {
+ e.style.display = 'block';
+ } else {
+ e.style.display = 'none';
+ }
+}
+// -->
+</script>
+
+<div id="config">
+ <?php echo $vars['config']; ?>
+</div>
+
+<hr />
+
+<div id="list">
+ <?php echo $vars['commandlist']; ?>
+</div> \ No newline at end of file