search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
aurjson: Allow underscores in JSONP callback names
[aur.git] / web / lib / aurjson.class.php
blob9097035fcb8dfab8d2e1b42e39dc563d55c3e08f
1 <?php
2
3 include_once("aur.inc.php");
4
5 /*
6 * This class defines a remote interface for fetching data from the AUR using
7 * JSON formatted elements.
8 *
9 * @package rpc
10 * @subpackage classes
11 */
12 class AurJSON {
13 private $dbh = false;
14 private $version = 1;
15 private static $exposed_methods = array(
16 'search', 'info', 'multiinfo', 'msearch', 'suggest',
17 'suggest-pkgbase', 'get-comment-form'
18 );
19 private static $exposed_fields = array(
20 'name', 'name-desc', 'maintainer'
21 );
22 private static $fields_v1 = array(
23 'Packages.ID', 'Packages.Name',
24 'PackageBases.ID AS PackageBaseID',
25 'PackageBases.Name AS PackageBase', 'Version',
26 'Description', 'URL', 'NumVotes', 'OutOfDateTS AS OutOfDate',
27 'Users.UserName AS Maintainer',
28 'SubmittedTS AS FirstSubmitted', 'ModifiedTS AS LastModified',
29 'Licenses.Name AS License'
30 );
31 private static $fields_v2 = array(
32 'Packages.ID', 'Packages.Name',
33 'PackageBases.ID AS PackageBaseID',
34 'PackageBases.Name AS PackageBase', 'Version',
35 'Description', 'URL', 'NumVotes', 'OutOfDateTS AS OutOfDate',
36 'Users.UserName AS Maintainer',
37 'SubmittedTS AS FirstSubmitted', 'ModifiedTS AS LastModified'
38 );
39 private static $fields_v4 = array(
40 'Packages.ID', 'Packages.Name',
41 'PackageBases.ID AS PackageBaseID',
42 'PackageBases.Name AS PackageBase', 'Version',
43 'Description', 'URL', 'NumVotes', 'Popularity',
44 'OutOfDateTS AS OutOfDate', 'Users.UserName AS Maintainer',
45 'SubmittedTS AS FirstSubmitted', 'ModifiedTS AS LastModified'
46 );
47 private static $numeric_fields = array(
48 'ID', 'PackageBaseID', 'NumVotes', 'OutOfDate',
49 'FirstSubmitted', 'LastModified'
50 );
51 private static $decimal_fields = array(
52 'Popularity'
53 );
54
55 /*
56 * Handles post data, and routes the request.
57 *
58 * @param string $post_data The post data to parse and handle.
59 *
60 * @return string The JSON formatted response data.
61 */
62 public function handle($http_data) {
63 /*
64 * Unset global aur.inc.php Pragma header. We want to allow
65 * caching of data in proxies, but require validation of data
66 * (if-none-match) if possible.
67 */
68 header_remove('Pragma');
69 /*
70 * Overwrite cache-control header set in aur.inc.php to allow
71 * caching, but require validation.
72 */
73 header('Cache-Control: public, must-revalidate, max-age=0');
74 header('Content-Type: application/json, charset=utf-8');
75
76 if (isset($http_data['v'])) {
77 $this->version = intval($http_data['v']);
78 }
79 if ($this->version < 1 || $this->version > 5) {
80 return $this->json_error('Invalid version specified.');
81 }
82
83 if (!isset($http_data['type']) || !isset($http_data['arg'])) {
84 return $this->json_error('No request type/data specified.');
85 }
86 if (!in_array($http_data['type'], self::$exposed_methods)) {
87 return $this->json_error('Incorrect request type specified.');
88 }
89
90 if (isset($http_data['search_by']) && !isset($http_data['by'])) {
91 $http_data['by'] = $http_data['search_by'];
92 }
93 if (isset($http_data['by']) && !in_array($http_data['by'], self::$exposed_fields)) {
94 return $this->json_error('Incorrect by field specified.');
95 }
96
97 $this->dbh = DB::connect();
98
99 $type = str_replace('-', '_', $http_data['type']);
100 if ($type == 'info' && $this->version >= 5) {
101 $type = 'multiinfo';
102 }
103 $json = call_user_func(array(&$this, $type), $http_data);
104
105 $etag = md5($json);
106 header("Etag: \"$etag\"");
107 /*
108 * Make sure to strip a few things off the
109 * if-none-match header. Stripping whitespace may not
110 * be required, but removing the quote on the incoming
111 * header is required to make the equality test.
112 */
113 $if_none_match = isset($_SERVER['HTTP_IF_NONE_MATCH']) ?
114 trim($_SERVER['HTTP_IF_NONE_MATCH'], "\t\n\r\" ") : false;
115 if ($if_none_match && $if_none_match == $etag) {
116 header('HTTP/1.1 304 Not Modified');
117 return;
118 }
119
120 if (isset($http_data['callback'])) {
121 $callback = $http_data['callback'];
122 if (!preg_match('/^[a-zA-Z0-9()_.]{1,128}$/D', $callback)) {
123 return $this->json_error('Invalid callback name.');
124 }
125 header('content-type: text/javascript');
126 return '/**/' . $callback . '(' . $json . ')';
127 } else {
128 header('content-type: application/json');
129 return $json;
130 }
131 }
132
133 /*
134 * Returns a JSON formatted error string.
135 *
136 * @param $msg The error string to return
137 *
138 * @return mixed A json formatted error response.
139 */
140 private function json_error($msg) {
141 header('content-type: application/json');
142 if ($this->version < 3) {
143 return $this->json_results('error', 0, $msg, NULL);
144 } elseif ($this->version >= 3) {
145 return $this->json_results('error', 0, array(), $msg);
146 }
147 }
148
149 /*
150 * Returns a JSON formatted result data.
151 *
152 * @param $type The response method type.
153 * @param $count The number of results to return
154 * @param $data The result data to return
155 * @param $error An error message to include in the response
156 *
157 * @return mixed A json formatted result response.
158 */
159 private function json_results($type, $count, $data, $error) {
160 $json_array = array(
161 'version' => $this->version,
162 'type' => $type,
163 'resultcount' => $count,
164 'results' => $data
165 );
166
167 if ($error) {
168 $json_array['error'] = $error;
169 }
170
171 return json_encode($json_array);
172 }
173
174 /*
175 * Get extended package details (for info and multiinfo queries).
176 *
177 * @param $pkgid The ID of the package to retrieve details for.
178 *
179 * @return array An array containing package details.
180 */
181 private function get_extended_fields($pkgid) {
182 $query = "SELECT DependencyTypes.Name AS Type, " .
183 "PackageDepends.DepName AS Name, " .
184 "PackageDepends.DepCondition AS Cond " .
185 "FROM PackageDepends " .
186 "LEFT JOIN DependencyTypes " .
187 "ON DependencyTypes.ID = PackageDepends.DepTypeID " .
188 "WHERE PackageDepends.PackageID = " . $pkgid . " " .
189 "UNION SELECT RelationTypes.Name AS Type, " .
190 "PackageRelations.RelName AS Name, " .
191 "PackageRelations.RelCondition AS Cond " .
192 "FROM PackageRelations " .
193 "LEFT JOIN RelationTypes " .
194 "ON RelationTypes.ID = PackageRelations.RelTypeID " .
195 "WHERE PackageRelations.PackageID = " . $pkgid . " " .
196 "UNION SELECT 'groups' AS Type, Groups.Name, '' AS Cond " .
197 "FROM Groups INNER JOIN PackageGroups " .
198 "ON PackageGroups.PackageID = " . $pkgid . " " .
199 "AND PackageGroups.GroupID = Groups.ID " .
200 "UNION SELECT 'license' AS Type, Licenses.Name, '' AS Cond " .
201 "FROM Licenses INNER JOIN PackageLicenses " .
202 "ON PackageLicenses.PackageID = " . $pkgid . " " .
203 "AND PackageLicenses.LicenseID = Licenses.ID";
204 $result = $this->dbh->query($query);
205
206 if (!$result) {
207 return null;
208 }
209
210 $type_map = array(
211 'depends' => 'Depends',
212 'makedepends' => 'MakeDepends',
213 'checkdepends' => 'CheckDepends',
214 'optdepends' => 'OptDepends',
215 'conflicts' => 'Conflicts',
216 'provides' => 'Provides',
217 'replaces' => 'Replaces',
218 'groups' => 'Groups',
219 'license' => 'License',
220 );
221 $data = array();
222 while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
223 $type = $type_map[$row['Type']];
224 $data[$type][] = $row['Name'] . $row['Cond'];
225 }
226
227 return $data;
228 }
229
230 /*
231 * Retrieve package information (used in info, multiinfo, search and
232 * msearch requests).
233 *
234 * @param $type The request type.
235 * @param $where_condition An SQL WHERE-condition to filter packages.
236 *
237 * @return mixed Returns an array of package matches.
238 */
239 private function process_query($type, $where_condition) {
240 $max_results = config_get_int('options', 'max_rpc_results');
241
242 if ($this->version == 1) {
243 $fields = implode(',', self::$fields_v1);
244 $query = "SELECT {$fields} " .
245 "FROM Packages LEFT JOIN PackageBases " .
246 "ON PackageBases.ID = Packages.PackageBaseID " .
247 "LEFT JOIN Users " .
248 "ON PackageBases.MaintainerUID = Users.ID " .
249 "LEFT JOIN PackageLicenses " .
250 "ON PackageLicenses.PackageID = Packages.ID " .
251 "LEFT JOIN Licenses " .
252 "ON Licenses.ID = PackageLicenses.LicenseID " .
253 "WHERE ${where_condition} " .
254 "AND PackageBases.PackagerUID IS NOT NULL " .
255 "GROUP BY Packages.ID " .
256 "LIMIT $max_results";
257 } elseif ($this->version >= 2) {
258 if ($this->version == 2 || $this->version == 3) {
259 $fields = implode(',', self::$fields_v2);
260 } else if ($this->version == 4 || $this->version == 5) {
261 $fields = implode(',', self::$fields_v4);
262 }
263 $query = "SELECT {$fields} " .
264 "FROM Packages LEFT JOIN PackageBases " .
265 "ON PackageBases.ID = Packages.PackageBaseID " .
266 "LEFT JOIN Users " .
267 "ON PackageBases.MaintainerUID = Users.ID " .
268 "WHERE ${where_condition} " .
269 "AND PackageBases.PackagerUID IS NOT NULL " .
270 "LIMIT $max_results";
271 }
272 $result = $this->dbh->query($query);
273
274 if ($result) {
275 $resultcount = 0;
276 $search_data = array();
277 while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
278 $resultcount++;
279 $row['URLPath'] = sprintf(config_get('options', 'snapshot_uri'), urlencode($row['PackageBase']));
280 if ($this->version < 4) {
281 $row['CategoryID'] = 1;
282 }
283
284 /*
285 * Unfortunately, mysql_fetch_assoc() returns
286 * all fields as strings. We need to coerce
287 * numeric values into integers to provide
288 * proper data types in the JSON response.
289 */
290 foreach (self::$numeric_fields as $field) {
291 if (isset($row[$field])) {
292 $row[$field] = intval($row[$field]);
293 }
294 }
295
296 foreach (self::$decimal_fields as $field) {
297 if (isset($row[$field])) {
298 $row[$field] = floatval($row[$field]);
299 }
300 }
301
302 if ($this->version >= 2 && ($type == 'info' || $type == 'multiinfo')) {
303 $row = array_merge($row, $this->get_extended_fields($row['ID']));
304 }
305
306 if ($this->version < 3) {
307 if ($type == 'info') {
308 $search_data = $row;
309 break;
310 } else {
311 array_push($search_data, $row);
312 }
313 } elseif ($this->version >= 3) {
314 array_push($search_data, $row);
315 }
316 }
317
318 if ($resultcount === $max_results) {
319 return $this->json_error('Too many package results.');
320 }
321
322 return $this->json_results($type, $resultcount, $search_data, NULL);
323 } else {
324 return $this->json_results($type, 0, array(), NULL);
325 }
326 }
327
328 /*
329 * Parse the args to the multiinfo function. We may have a string or an
330 * array, so do the appropriate thing. Within the elements, both * package
331 * IDs and package names are valid; sort them into the relevant arrays and
332 * escape/quote the names.
333 *
334 * @param array $args Query parameters.
335 *
336 * @return mixed An array containing 'ids' and 'names'.
337 */
338 private function parse_multiinfo_args($args) {
339 if (!is_array($args)) {
340 $args = array($args);
341 }
342
343 $id_args = array();
344 $name_args = array();
345 foreach ($args as $arg) {
346 if (!$arg) {
347 continue;
348 }
349 if (is_numeric($arg)) {
350 $id_args[] = intval($arg);
351 } else {
352 $name_args[] = $this->dbh->quote($arg);
353 }
354 }
355
356 return array('ids' => $id_args, 'names' => $name_args);
357 }
358
359 /*
360 * Performs a fulltext mysql search of the package database.
361 *
362 * @param array $http_data Query parameters.
363 *
364 * @return mixed Returns an array of package matches.
365 */
366 private function search($http_data) {
367 $keyword_string = $http_data['arg'];
368
369 if (isset($http_data['by'])) {
370 $search_by = $http_data['by'];
371 } else {
372 $search_by = 'name-desc';
373 }
374
375 if ($search_by === 'name' || $search_by === 'name-desc') {
376 if (strlen($keyword_string) < 2) {
377 return $this->json_error('Query arg too small');
378 }
379 $keyword_string = $this->dbh->quote("%" . addcslashes($keyword_string, '%_') . "%");
380
381 if ($search_by === 'name') {
382 $where_condition = "(Packages.Name LIKE $keyword_string)";
383 } else if ($search_by === 'name-desc') {
384 $where_condition = "(Packages.Name LIKE $keyword_string OR ";
385 $where_condition .= "Description LIKE $keyword_string)";
386 }
387 } else if ($search_by === 'maintainer') {
388 if (empty($keyword_string)) {
389 $where_condition = "Users.ID is NULL";
390 } else {
391 $keyword_string = $this->dbh->quote($keyword_string);
392 $where_condition = "Users.Username = $keyword_string ";
393 }
394 }
395
396 return $this->process_query('search', $where_condition);
397 }
398
399 /*
400 * Returns the info on a specific package.
401 *
402 * @param array $http_data Query parameters.
403 *
404 * @return mixed Returns an array of value data containing the package data
405 */
406 private function info($http_data) {
407 $pqdata = $http_data['arg'];
408 if (is_numeric($pqdata)) {
409 $where_condition = "Packages.ID = $pqdata";
410 } else {
411 $where_condition = "Packages.Name = " . $this->dbh->quote($pqdata);
412 }
413
414 return $this->process_query('info', $where_condition);
415 }
416
417 /*
418 * Returns the info on multiple packages.
419 *
420 * @param array $http_data Query parameters.
421 *
422 * @return mixed Returns an array of results containing the package data
423 */
424 private function multiinfo($http_data) {
425 $pqdata = $http_data['arg'];
426 $args = $this->parse_multiinfo_args($pqdata);
427 $ids = $args['ids'];
428 $names = $args['names'];
429
430 if (!$ids && !$names) {
431 return $this->json_error('Invalid query arguments');
432 }
433
434 $where_condition = "";
435 if ($ids) {
436 $ids_value = implode(',', $args['ids']);
437 $where_condition .= "Packages.ID IN ($ids_value) ";
438 }
439 if ($ids && $names) {
440 $where_condition .= "OR ";
441 }
442 if ($names) {
443 /*
444 * Individual names were quoted in
445 * parse_multiinfo_args().
446 */
447 $names_value = implode(',', $args['names']);
448 $where_condition .= "Packages.Name IN ($names_value) ";
449 }
450
451 return $this->process_query('multiinfo', $where_condition);
452 }
453
454 /*
455 * Returns all the packages for a specific maintainer.
456 *
457 * @param array $http_data Query parameters.
458 *
459 * @return mixed Returns an array of value data containing the package data
460 */
461 private function msearch($http_data) {
462 $http_data['by'] = 'maintainer';
463 return $this->search($http_data);
464 }
465
466 /*
467 * Get all package names that start with $search.
468 *
469 * @param array $http_data Query parameters.
470 *
471 * @return string The JSON formatted response data.
472 */
473 private function suggest($http_data) {
474 $search = $http_data['arg'];
475 $query = "SELECT Packages.Name FROM Packages ";
476 $query.= "LEFT JOIN PackageBases ";
477 $query.= "ON PackageBases.ID = Packages.PackageBaseID ";
478 $query.= "WHERE Packages.Name LIKE ";
479 $query.= $this->dbh->quote(addcslashes($search, '%_') . '%');
480 $query.= " AND PackageBases.PackagerUID IS NOT NULL ";
481 $query.= "ORDER BY Name ASC LIMIT 20";
482
483 $result = $this->dbh->query($query);
484 $result_array = array();
485
486 if ($result) {
487 $result_array = $result->fetchAll(PDO::FETCH_COLUMN, 0);
488 }
489
490 return json_encode($result_array);
491 }
492
493 /*
494 * Get all package base names that start with $search.
495 *
496 * @param array $http_data Query parameters.
497 *
498 * @return string The JSON formatted response data.
499 */
500 private function suggest_pkgbase($http_data) {
501 $search = $http_data['arg'];
502 $query = "SELECT Name FROM PackageBases WHERE Name LIKE ";
503 $query.= $this->dbh->quote(addcslashes($search, '%_') . '%');
504 $query.= " AND PackageBases.PackagerUID IS NOT NULL ";
505 $query.= "ORDER BY Name ASC LIMIT 20";
506
507 $result = $this->dbh->query($query);
508 $result_array = array();
509
510 if ($result) {
511 $result_array = $result->fetchAll(PDO::FETCH_COLUMN, 0);
512 }
513
514 return json_encode($result_array);
515 }
516
517 /**
518 * Get the HTML markup of the comment form.
519 *
520 * @param array $http_data Query parameters.
521 *
522 * @return string The JSON formatted response data.
523 */
524 private function get_comment_form($http_data) {
525 if (!isset($http_data['base_id']) || !isset($http_data['pkgbase_name'])) {
526 $output = array(
527 'success' => 0,
528 'error' => __('Package base ID or package base name missing.')
529 );
530 return json_encode($output);
531 }
532
533 $comment_id = intval($http_data['arg']);
534 $base_id = intval($http_data['base_id']);
535 $pkgbase_name = $http_data['pkgbase_name'];
536
537 list($user_id, $comment) = comment_by_id($comment_id);
538
539 if (!has_credential(CRED_COMMENT_EDIT, array($user_id))) {
540 $output = array(
541 'success' => 0,
542 'error' => __('You are not allowed to edit this comment.')
543 );
544 return json_encode($output);
545 } elseif (is_null($comment)) {
546 $output = array(
547 'success' => 0,
548 'error' => __('Comment does not exist.')
549 );
550 return json_encode($output);
551 }
552
553 ob_start();
554 include('pkg_comment_form.php');
555 $html = ob_get_clean();
556 $output = array(
557 'success' => 1,
558 'form' => $html
559 );
560
561 return json_encode($output);
562 }
563 }
564
Arch User-Community Repository (AUR)