diff --git a/src/App/Module.php b/src/App/Module.php index 4771ecf58..7ad4261aa 100644 --- a/src/App/Module.php +++ b/src/App/Module.php @@ -276,11 +276,23 @@ class Module $profiler->set(microtime(true) - $timestamp, 'init'); - if ($server['REQUEST_METHOD'] === 'POST') { + if ($server['REQUEST_METHOD'] === Router::DELETE) { + call_user_func([$this->module_class, 'delete'], $this->module_parameters); + } + + if ($server['REQUEST_METHOD'] === Router::PATCH) { + call_user_func([$this->module_class, 'patch'], $this->module_parameters); + } + + if ($server['REQUEST_METHOD'] === Router::POST) { Core\Hook::callAll($this->module . '_mod_post', $post); call_user_func([$this->module_class, 'post'], $this->module_parameters); } + if ($server['REQUEST_METHOD'] === Router::PUT) { + call_user_func([$this->module_class, 'put'], $this->module_parameters); + } + Core\Hook::callAll($this->module . '_mod_afterpost', $placeholder); call_user_func([$this->module_class, 'afterpost'], $this->module_parameters); diff --git a/src/BaseModule.php b/src/BaseModule.php index 19b58ad06..cb8f8c790 100644 --- a/src/BaseModule.php +++ b/src/BaseModule.php @@ -72,6 +72,26 @@ abstract class BaseModule return $o; } + /** + * Module DELETE method to process submitted data + * + * Extend this method if the module is supposed to process DELETE requests. + * Doesn't display any content + */ + public static function delete(array $parameters = []) + { + } + + /** + * Module PATCH method to process submitted data + * + * Extend this method if the module is supposed to process PATCH requests. + * Doesn't display any content + */ + public static function patch(array $parameters = []) + { + } + /** * Module POST method to process submitted data * @@ -92,6 +112,16 @@ abstract class BaseModule { } + /** + * Module PUT method to process submitted data + * + * Extend this method if the module is supposed to process PUT requests. + * Doesn't display any content + */ + public static function put(array $parameters = []) + { + } + /* * Functions used to protect against Cross-Site Request Forgery * The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key. diff --git a/src/Module/Api/Mastodon/Statuses.php b/src/Module/Api/Mastodon/Statuses.php index ee64329bc..d14ba1a06 100644 --- a/src/Module/Api/Mastodon/Statuses.php +++ b/src/Module/Api/Mastodon/Statuses.php @@ -21,6 +21,7 @@ namespace Friendica\Module\Api\Mastodon; +use Friendica\Core\Logger; use Friendica\Core\System; use Friendica\DI; use Friendica\Module\BaseApi; @@ -30,6 +31,11 @@ use Friendica\Module\BaseApi; */ class Statuses extends BaseApi { + public static function delete(array $parameters = []) + { + self::unsupported('delete'); + } + /** * @param array $parameters * @throws \Friendica\Network\HTTPException\InternalServerErrorException diff --git a/src/Module/Api/Mastodon/Unimplemented.php b/src/Module/Api/Mastodon/Unimplemented.php index 082bd38f0..fa9618818 100644 --- a/src/Module/Api/Mastodon/Unimplemented.php +++ b/src/Module/Api/Mastodon/Unimplemented.php @@ -21,9 +21,6 @@ namespace Friendica\Module\Api\Mastodon; -use Friendica\Core\Logger; -use Friendica\Core\System; -use Friendica\DI; use Friendica\Module\BaseApi; /** @@ -31,17 +28,48 @@ use Friendica\Module\BaseApi; */ class Unimplemented extends BaseApi { + /** + * @param array $parameters + * @throws \Friendica\Network\HTTPException\InternalServerErrorException + */ + public static function delete(array $parameters = []) + { + self::unsupported('delete'); + } + + /** + * @param array $parameters + * @throws \Friendica\Network\HTTPException\InternalServerErrorException + */ + public static function patch(array $parameters = []) + { + self::unsupported('patch'); + } + + /** + * @param array $parameters + * @throws \Friendica\Network\HTTPException\InternalServerErrorException + */ + public static function post(array $parameters = []) + { + self::unsupported('post'); + } + + /** + * @param array $parameters + * @throws \Friendica\Network\HTTPException\InternalServerErrorException + */ + public static function put(array $parameters = []) + { + self::unsupported('put'); + } + /** * @param array $parameters * @throws \Friendica\Network\HTTPException\InternalServerErrorException */ public static function rawContent(array $parameters = []) { - $path = DI::args()->getQueryString(); - Logger::info('Unimplemented API call', ['path' => $path]); - $error = DI::l10n()->t('API endpoint "%s" is not implemented', $path); - $error_description = DI::l10n()->t('The API endpoint is currently not implemented but might be in the future.');; - $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); - System::jsonError(501, $errorobj->toArray()); + self::unsupported('get'); } } diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index c161159e2..f6146ac56 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -22,6 +22,8 @@ namespace Friendica\Module; use Friendica\BaseModule; +use Friendica\Core\Logger; +use Friendica\Core\System; use Friendica\DI; use Friendica\Network\HTTPException; @@ -53,6 +55,32 @@ class BaseApi extends BaseModule } } + public static function delete(array $parameters = []) + { + if (!api_user()) { + throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.')); + } + + $a = DI::app(); + + if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) { + throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); + } + } + + public static function patch(array $parameters = []) + { + if (!api_user()) { + throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.')); + } + + $a = DI::app(); + + if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) { + throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); + } + } + public static function post(array $parameters = []) { if (!api_user()) { @@ -66,6 +94,29 @@ class BaseApi extends BaseModule } } + public static function put(array $parameters = []) + { + if (!api_user()) { + throw new HTTPException\UnauthorizedException(DI::l10n()->t('Permission denied.')); + } + + $a = DI::app(); + + if (!empty($a->user['uid']) && $a->user['uid'] != api_user()) { + throw new HTTPException\ForbiddenException(DI::l10n()->t('Permission denied.')); + } + } + + public static function unsupported(string $method = 'all') + { + $path = DI::args()->getQueryString(); + Logger::info('Unimplemented API call', ['path' => $path, 'method' => $method]); + $error = DI::l10n()->t('API endpoint %s "%s" is not implemented', $method, $path); + $error_description = DI::l10n()->t('The API endpoint is currently not implemented but might be in the future.');; + $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); + System::jsonError(501, $errorobj->toArray()); + } + /** * Log in user via OAuth1 or Simple HTTP Auth. *