Add all required HTTP methods

This commit is contained in:
Michael 2021-05-08 09:14:19 +00:00
parent 8ae2e3caf8
commit 6236870aa4
5 changed files with 137 additions and 10 deletions

View file

@ -276,11 +276,23 @@ class Module
$profiler->set(microtime(true) - $timestamp, 'init');
if ($server['REQUEST_METHOD'] === 'POST') {
if ($server['REQUEST_METHOD'] === Router::DELETE) {
call_user_func([$this->module_class, 'delete'], $this->module_parameters);
}
if ($server['REQUEST_METHOD'] === Router::PATCH) {
call_user_func([$this->module_class, 'patch'], $this->module_parameters);
}
if ($server['REQUEST_METHOD'] === Router::POST) {
Core\Hook::callAll($this->module . '_mod_post', $post);
call_user_func([$this->module_class, 'post'], $this->module_parameters);
}
if ($server['REQUEST_METHOD'] === Router::PUT) {
call_user_func([$this->module_class, 'put'], $this->module_parameters);
}
Core\Hook::callAll($this->module . '_mod_afterpost', $placeholder);
call_user_func([$this->module_class, 'afterpost'], $this->module_parameters);

View file

@ -72,6 +72,26 @@ abstract class BaseModule
return $o;
}
/**
* Module DELETE method to process submitted data
*
* Extend this method if the module is supposed to process DELETE requests.
* Doesn't display any content
*/
public static function delete(array $parameters = [])
{
}
/**
* Module PATCH method to process submitted data
*
* Extend this method if the module is supposed to process PATCH requests.
* Doesn't display any content
*/
public static function patch(array $parameters = [])
{
}
/**
* Module POST method to process submitted data
*
@ -92,6 +112,16 @@ abstract class BaseModule
{
}
/**
* Module PUT method to process submitted data
*
* Extend this method if the module is supposed to process PUT requests.
* Doesn't display any content
*/
public static function put(array $parameters = [])
{
}
/*
* Functions used to protect against Cross-Site Request Forgery
* The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key.

View file

@ -21,6 +21,7 @@
namespace Friendica\Module\Api\Mastodon;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\DI;
use Friendica\Module\BaseApi;
@ -30,6 +31,11 @@ use Friendica\Module\BaseApi;
*/
class Statuses extends BaseApi
{
public static function delete(array $parameters = [])
{
self::unsupported('delete');
}
/**
* @param array $parameters
* @throws \Friendica\Network\HTTPException\InternalServerErrorException

View file

@ -21,9 +21,6 @@
namespace Friendica\Module\Api\Mastodon;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\DI;
use Friendica\Module\BaseApi;
/**
@ -31,17 +28,48 @@ use Friendica\Module\BaseApi;
*/
class Unimplemented extends BaseApi
{
/**
* @param array $parameters
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
public static function delete(array $parameters = [])
{
self::unsupported('delete');
}
/**
* @param array $parameters
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
public static function patch(array $parameters = [])
{
self::unsupported('patch');
}
/**
* @param array $parameters
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
public static function post(array $parameters = [])
{
self::unsupported('post');
}
/**
* @param array $parameters
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
public static function put(array $parameters = [])
{
self::unsupported('put');
}
/**
* @param array $parameters
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
public static function rawContent(array $parameters = [])
{
$path = DI::args()->getQueryString();
Logger::info('Unimplemented API call', ['path' => $path]);
$error = DI::l10n()->t('API endpoint "%s" is not implemented', $path);
$error_description = DI::l10n()->t('The API endpoint is currently not implemented but might be in the future.');;
$errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description);
System::jsonError(501, $errorobj->toArray());
self::unsupported('get');
}
}

View file

@ -22,6 +22,8 @@
namespace Friendica\Module;
use Friendica\BaseModule;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\DI;
use Friendica\Network\HTTPException;
@ -53,6 +55,32 @@ class BaseApi extends BaseModule
}
}
public static function delete(array $parameters = [])
{
if (!api_user()) {
throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
}
$a = DI::app();
if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) {
throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
}
}
public static function patch(array $parameters = [])
{
if (!api_user()) {
throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
}
$a = DI::app();
if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) {
throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
}
}
public static function post(array $parameters = [])
{
if (!api_user()) {
@ -66,6 +94,29 @@ class BaseApi extends BaseModule
}
}
public static function put(array $parameters = [])
{
if (!api_user()) {
throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.'));
}
$a = DI::app();
if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) {
throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.'));
}
}
public static function unsupported(string $method = 'all')
{
$path = DI::args()->getQueryString();
Logger::info('Unimplemented API call', ['path' => $path, 'method' => $method]);
$error = DI::l10n()->t('API endpoint %s "%s" is not implemented', $method, $path);
$error_description = DI::l10n()->t('The API endpoint is currently not implemented but might be in the future.');;
$errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description);
System::jsonError(501, $errorobj->toArray());
}
/**
* Log in user via OAuth1 or Simple HTTP Auth.
*