-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Api #705
base: master
Are you sure you want to change the base?
Api #705
Changes from 8 commits
d8c6de0
b3e4b63
4e28150
0812201
a785707
c7964c3
47e62ed
0a9e858
5f2c7ad
038ac58
7b497ca
7e67521
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,86 +1,211 @@ | ||
<?php | ||
require_once('lib/header_ajax.php'); | ||
require_once('lib/lib_annot.php'); | ||
require_once('lib/lib_books.php'); | ||
require_once('lib/lib_users.php'); | ||
require_once('lib/lib_morph_pools.php'); | ||
header('Content-type: application/json'); | ||
|
||
define('API_VERSION', '0.31'); | ||
$action = $_GET['action']; | ||
$user_id = 0; | ||
|
||
$answer = array( | ||
'api_version' => API_VERSION, | ||
'answer' => null, | ||
'error' => null | ||
); | ||
|
||
function json_encode_readable($arr) | ||
|
||
require_once('lib/common.php'); | ||
require_once("lib/lib_users.php"); | ||
require_once("lib/lib_achievements.php"); | ||
require_once("lib/lib_annot.php"); | ||
|
||
function json($data) { | ||
header('Content-type: application/json'); | ||
echo json_encode($data); | ||
die(); | ||
} | ||
|
||
function requireFields($data, $fields) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. код стайл: названия функций -- в_такой_нотации There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fix |
||
{ | ||
//convmap since 0x80 char codes so it takes all multibyte codes (above ASCII 127). So such characters are being "hidden" from normal json_encoding | ||
array_walk_recursive($arr, function (&$item, $key) { if (is_string($item)) $item = mb_encode_numericentity($item, array (0x80, 0xffff, 0, 0xffff), 'UTF-8'); }); | ||
return mb_decode_numericentity(json_encode($arr), array (0x80, 0xffff, 0, 0xffff), 'UTF-8'); | ||
foreach ($fields as $field) { | ||
if(!isset($data[$field])){ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. код стайл: пробел после There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fix |
||
throw new Exception("Action require '$field' field", 1); | ||
} | ||
} | ||
} | ||
|
||
$config = parse_ini_file(__DIR__ . '/config.ini', true); | ||
$pdo_db = new PDO(sprintf('mysql:host=%s;dbname=%s;charset=utf8', $config['mysql']['host'], $config['mysql']['dbname']), $config['mysql']['user'], $config['mysql']['passwd']); | ||
$pdo_db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); | ||
$pdo_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_SILENT); | ||
$pdo_db->query("SET NAMES utf8"); | ||
|
||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. зачем это здесь? есть же There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. header_ajax.php слишком много разного делает. стартует сессию, добавляет хидер, подключает ненужные тут либы, инстанцирует пдо. Нужно только последнее. Сделал так только для того, чтобы не было внезапных побочных эффектов для апи. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Копипаст зло. Тогда уж выделять инстанциирование pdo в отдельный файл и подключать его здесь и в header_ajax.php (и в header.php) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ок There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Тут самое большое зло это отсутствие продуманной архитектуры. Если я вынесу pdo отдельно, то и подключение конфига тоже нужно перетаскивать туда,однако библиотеки подключаемые в header_ajax.php также требуют конфигов, но конфиги перенести оттуда я не могу так как не уверен что они не потребуются во всех тех местах где может быть подключен header_ajax.php... Выходит я должен оставить подключение конфигов и там и в pdo, что снова ведёт к копипасту... А может у меня к утру уже голова не варит. Вообщем, тут действительно сложно разобраться без глубокого знания кода. |
||
// check token for most action types | ||
if (!in_array($action, array('search', 'login'))) { | ||
$user_id = check_auth_token($_POST['user_id'], $_POST['token']); | ||
if (!$user_id) | ||
throw new Exception('Incorrect token'); | ||
} | ||
$anonActions = ['search', 'welcome', 'login', 'register', 'all_stat']; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. cc @grandsbor There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Касательно этого видел такую практику: обновлять синтаксис по мере обновления кода. Предлагаю при всех будущих правках придерживаться нового синтаксиса. |
||
|
||
try { | ||
switch ($action) { | ||
case 'search': | ||
if (isset($_GET['all_forms'])) | ||
$all_forms = (bool)$_GET['all_forms']; | ||
else | ||
$all_forms = false; | ||
/* | ||
* ACTIONS | ||
*/ | ||
|
||
// return is success | ||
// throw Exception is error | ||
$actions = [ | ||
'welcome' => function($data){ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. код стайл: здесь и ниже пробел перед фигурной скобкой There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fix |
||
return 'Welcome to opencorpora API v1.0!'; | ||
}, | ||
'search' => function($data){ | ||
requireFields($data, ['query']); | ||
|
||
$answer['answer'] = get_search_results($_GET['query'], !$all_forms); | ||
if (isset($data['all_forms'])) { | ||
$all_forms = (bool)$data['all_forms']; | ||
} else { | ||
$all_forms = false; | ||
} | ||
$answer['answer'] = get_search_results($data['query'], !$all_forms); | ||
foreach ($answer['answer']['results'] as &$res) { | ||
$parts = array(); | ||
$parts = []; | ||
foreach (get_book_parents($res['book_id'], true) as $p) { | ||
$parts[] = $p['title']; | ||
} | ||
$res['text_fullname'] = join(': ', array_reverse($parts)); | ||
} | ||
break; | ||
case 'login': | ||
$user_id = user_check_password($_POST['login'], $_POST['password']); | ||
return $answer['answer']; | ||
}, | ||
'login' => function($data){ | ||
requireFields($data, ['login', 'password']); | ||
|
||
$user_id = user_check_password($data['login'], $data['password']); | ||
if ($user_id) { | ||
$token = remember_user($user_id, false, false); | ||
$answer['answer'] = array('user_id' => $user_id, 'token' => $token); | ||
return [ | ||
'token' => (string)$token, | ||
'user_id' => (int)$user_id, | ||
]; | ||
} else { | ||
throw new Exception("Incorrect login or password", 1); | ||
} | ||
}, | ||
'register' => function($data){ | ||
requireFields($data, ['login', 'passwd', 'passwd_re', 'email']); | ||
|
||
$reg_status = user_register($data); | ||
if ($reg_status == 1) { | ||
return 'User created'; | ||
} | ||
throw new \Exception("User don't create: invalid data. Status:$reg_status", 1); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Registration failed due to invalid data There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fix |
||
}, | ||
'all_stat' => function($data){ | ||
return get_user_stats(true, false); | ||
}, | ||
|
||
// require token | ||
'get_available_morph_tasks' => function($data){ | ||
requireFields($data, ['user_id']); | ||
|
||
return get_available_tasks($data['user_id'], true); | ||
}, | ||
'get_morph_task' => function($data){ | ||
requireFields($data, ['user_id', 'pool_id', 'size']); | ||
|
||
return get_annotation_packet($data['pool_id'], $data['size'], $data['user_id']); | ||
}, | ||
'save_morph_task' => function($data){ | ||
requireFields($data, ['user_id', 'answers']); | ||
|
||
update_annot_instances($data['user_id'], $data['answers']); | ||
return 'save task success'; | ||
}, | ||
|
||
'get_user' => function($data){ | ||
requireFields($data, ['user_id']); | ||
|
||
$mgr = new UserOptionsManager(); | ||
return [ | ||
'options' => $mgr->get_all_options(true), | ||
'current_email' => get_user_email($data['user_id']), | ||
'current_name' => get_user_shown_name($data['user_id']), | ||
'user_team' => get_user_team($data['user_id']), | ||
]; | ||
|
||
}, | ||
'save_user' => function($data){ | ||
// update: | ||
// shown_name OR email (+ passwd user_id) OR passwd (+old_passwd user_id) | ||
if(isset($data['shown_name'])) { | ||
if(user_change_shown_name($data['shown_name']) !== 1){ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. пробел перед фигурной скобкой There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fix |
||
throw new Exception("Error update 'shown_name' field", 1); | ||
} | ||
} | ||
|
||
if(isset($data['email']) && isset($data['passwd']) && isset($data['user_id'])) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. isset принимает произвольное кол-во параметров:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. не знал =) fix |
||
// NOTE: hotpatch | ||
$r = sql_fetch_array(sql_query("SELECT user_name FROM users WHERE user_id = ".$data['user_id']." LIMIT 1")); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. это, конечно, надо исправить There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. апи не юзает сессию, в sql_fetch_array.. использовался $_SESSION There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. может я чтото не так понял, можно подробнее, что нужно сделать? |
||
$login = $r['user_name']; | ||
$email = strtolower(trim($data['email'])); | ||
if (is_user_openid($data['user_id']) || user_check_password($login, $data['passwd'])) { | ||
if (is_valid_email($email)) { | ||
$res = sql_pe("SELECT user_id FROM users WHERE user_email=? LIMIT 1", array($email)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. всю такую логику надо вынести из этого файла в библиотеки There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. выше писал про hotpatch, это изза хардкода глобальных переменных |
||
if (sizeof($res) > 0) { | ||
throw new Exception("Error update 'email' field", 1); | ||
} | ||
sql_pe("UPDATE `users` SET `user_email`=? WHERE `user_id`=? LIMIT 1", array($email, $data['user_id'])); | ||
} else { | ||
throw new Exception("Error update 'email' field", 1); | ||
} | ||
} else { | ||
throw new Exception("Error update 'email' field", 1); | ||
} | ||
} | ||
else | ||
$answer['error'] = 'Incorrect login or password'; | ||
break; | ||
case 'get_available_morph_tasks': | ||
$answer['answer'] = array('tasks' => get_available_tasks($user_id, true)); | ||
break; | ||
case 'get_morph_task': | ||
if (empty($_POST['pool_id']) || empty($_POST['size'])) | ||
throw new UnexpectedValueException("Wrong args"); | ||
// timeout is in seconds | ||
$answer['answer'] = get_annotation_packet($_POST['pool_id'], $_POST['size'], $user_id, $_POST['timeout']); | ||
break; | ||
case 'update_morph_task': | ||
throw new Exception("Not implemented"); | ||
// currently no backend | ||
break; | ||
case 'save_morph_task': | ||
// answers is expected to be an array(array(id, answer), array(id, answer), ...) | ||
update_annot_instances($user_id, $_POST['answers']); | ||
break; | ||
default: | ||
throw new Exception('Unknown action'); | ||
|
||
if(isset($data['user_id']) && isset($data['passwd']) && isset($data['old_passwd'])) { | ||
// NOTE: hotpatch | ||
$r = sql_fetch_array(sql_query("SELECT user_name FROM users WHERE user_id = ".$data['user_id']." LIMIT 1")); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. надо будет убрать / вынести в библиотеки There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Писал об этом выше |
||
$login = $r['user_name']; | ||
if (user_check_password($login, $data['old_passwd'])) { | ||
if (!is_valid_password($data['passwd'])){ | ||
throw new Exception("Error update 'passwd' field", 1); | ||
} | ||
$passwd = md5(md5($data['passwd']).substr($login, 0, 2)); | ||
sql_query("UPDATE `users` SET `user_passwd`='$passwd' WHERE `user_id`=".$data['user_id']." LIMIT 1"); | ||
} else { | ||
throw new Exception("Error update 'passwd' field", 1); | ||
} | ||
} | ||
return 'update user success'; | ||
}, | ||
|
||
'user_stat' => function($data){ | ||
requireFields($data, ['user_id']); | ||
|
||
return get_user_info($data['user_id']); | ||
}, | ||
'grab_badges' => function($data){ | ||
requireFields($data, ['user_id']); | ||
|
||
$am2 = new AchievementsManager($data['user_id']); | ||
return $am2->pull_all(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. тут точно будет json-сериализуемый массив? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. уверен на 98% |
||
}, | ||
]; | ||
|
||
// action list | ||
// var_dump(array_keys($actions)); die(); | ||
|
||
|
||
|
||
/* | ||
* COMMON API CHECKS | ||
*/ | ||
|
||
if (!isset($_POST['action'])) { | ||
json(['error' => 'API required "action" field']); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. "action" field is required There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. fix |
||
} | ||
} catch (Exception $e) { | ||
$answer['error'] = $e->getMessage(); | ||
if (!in_array($_POST['action'], $anonActions)) { | ||
$token = isset($_POST['token']) ? $_POST['token'] : false; | ||
if (!$token) { | ||
json(['error' => 'this API action require "token" field']); | ||
} | ||
$user_id = check_auth_token($token); | ||
if (!$user_id) { | ||
json(['error' => 'Incorrect token']); | ||
} | ||
} | ||
|
||
log_timing(); | ||
die(json_encode_readable($answer)); | ||
?> | ||
// action REQUIRE, data OPTIONAL | ||
$action = $_POST['action']; | ||
$data = isset($_POST['data']) ? json_decode($_POST['data'], true) : null; | ||
|
||
if (isset($actions[$action])) { | ||
try { | ||
$answer = ['result' => $actions[$action]($data)]; | ||
} catch (\Exception $e) { | ||
$answer = ['error' => $e->getMessage()]; | ||
} | ||
} else { | ||
$answer = ['error' => 'Unknown action']; | ||
} | ||
json($answer); |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -8,6 +8,13 @@ | |
return; | ||
} | ||
|
||
// crutch for api | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. А можно пояснить, зачем это на index.php? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. можно. Хочется соответствовать стандартам написания апи и завязать его на url вида /v1.0 (а не /api.php или /?page=api). Например, на facebook так. В идеале, конечно, хотелось бы чтобы у всего сайта была единая точка входа вместо кучи скриптов, best practices типа =) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. А, например, на Википедии так: https://ru.wikipedia.org/api/rest_v1 :) |
||
if ($_SERVER['REQUEST_URI'] == '/v1.0') { | ||
require_once('api.php'); | ||
log_timing(); | ||
die(); | ||
} | ||
|
||
if (isset($_GET['page'])) { | ||
$page = $_GET['page']; | ||
switch ($page) { | ||
|
@@ -100,4 +107,3 @@ | |
$smarty->display('index.tpl'); | ||
} | ||
log_timing(); | ||
?> |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -326,4 +326,3 @@ public function dispatch($args) { | |
$this->push(); | ||
} | ||
} | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -53,8 +53,8 @@ function is_valid_email($string) { | |
return preg_match('/^[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,4}$/i', $string); | ||
//we took the regexp from regular-expressions.info | ||
} | ||
function check_auth_token($user_id, $token) { | ||
$res = sql_pe("SELECT user_id FROM user_tokens WHERE user_id=? AND token=? LIMIT 1", array($user_id, $token)); | ||
function check_auth_token($token) { | ||
$res = sql_pe("SELECT user_id FROM user_tokens WHERE token=? LIMIT 1", [$token]); | ||
if (sizeof($res) > 0) { | ||
return $res[0]['user_id']; | ||
} | ||
|
@@ -112,7 +112,8 @@ function remember_user($user_id, $auth_token=false, $set_cookie=true) { | |
return $token; | ||
} | ||
function make_new_user($login, $passwd, $email, $shown_name) { | ||
sql_pe("INSERT INTO `users` VALUES(NULL, ?, ?, ?, ?, ?, 0, 1, 1, 0)", | ||
// fix: add show_game = 0 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. сс @grandsbor There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Могу сказать только одно - если в VALUES не будет последнего значения, make_new_user отработает некорректно. Да, сейчас у вас этого нет There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. В базе вообще нет поля show_game, раскатано же на всех. У ребят старый девелоперский дамп, где это поле ещё есть. Так что эта правка не нужна. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ок, сейчас верну как было |
||
sql_pe("INSERT INTO `users` VALUES(NULL, ?, ?, ?, ?, ?, 0, 1, 1, 0, 0)", | ||
array($login, $passwd, $email, time(), $shown_name)); | ||
$user_id = sql_insert_id(); | ||
|
||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,5 @@ | ||
<?php | ||
|
||
function log_timing($is_ajax=false) { | ||
global $config; | ||
global $total_time; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Не понимаю, чем помешал ровно такой же headdr в header_ajax.php
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
так нагляднее