mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
77f3aa56b7
Add etag and if-none-match conditional get support. This will allow 'smart client' to save network bandwidth, as they can save the etag hash value for queries and test it later. Still an http request because this patch specifically sets a cache lifetime of zero, and must-revalidate. The benefit here is bandwidth savings. Caching based on expires headers would likely be counter productive, as the api data can change rather quickly...but etag is a nice compromise, and could be quite beneficial for bandwidth recution in some scenarios. Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
258 lines
8.8 KiB
PHP
258 lines
8.8 KiB
PHP
<?php
|
|
/**
|
|
* AurJSON
|
|
*
|
|
* This file contains the AurRPC remote handling class
|
|
**/
|
|
include_once("aur.inc");
|
|
|
|
/**
|
|
* This class defines a remote interface for fetching data
|
|
* from the AUR using JSON formatted elements.
|
|
* @package rpc
|
|
* @subpackage classes
|
|
**/
|
|
class AurJSON {
|
|
private $dbh = false;
|
|
private static $exposed_methods = array(
|
|
'search', 'info', 'multiinfo', 'msearch'
|
|
);
|
|
private static $fields = array(
|
|
'Packages.ID', 'Name', 'Version', 'CategoryID',
|
|
'Description', 'URL', 'License',
|
|
'NumVotes', '(OutOfDateTS IS NOT NULL) AS OutOfDate'
|
|
);
|
|
|
|
/**
|
|
* Handles post data, and routes the request.
|
|
* @param string $post_data The post data to parse and handle.
|
|
* @return string The JSON formatted response data.
|
|
**/
|
|
public function handle($http_data) {
|
|
// unset global aur headers from aur.inc
|
|
// leave expires header to enforce validation
|
|
// header_remove('Expires');
|
|
// unset global aur.inc pragma header. We want to allow caching of data
|
|
// in proxies, but require validation of data (if-none-match) if
|
|
// possible
|
|
header_remove('Pragma');
|
|
// overwrite cache-control header set in aur.inc to allow caching, but
|
|
// require validation
|
|
header('Cache-Control: public, must-revalidate, max-age=0');
|
|
|
|
// handle error states
|
|
if ( !isset($http_data['type']) || !isset($http_data['arg']) ) {
|
|
return $this->json_error('No request type/data specified.');
|
|
}
|
|
|
|
// do the routing
|
|
if ( in_array($http_data['type'], self::$exposed_methods) ) {
|
|
// set up db connection.
|
|
$this->dbh = db_connect();
|
|
|
|
// ugh. this works. I hate you php.
|
|
$json = call_user_func(array(&$this, $http_data['type']),
|
|
$http_data['arg']);
|
|
|
|
// calculate etag as an md5 based on the json result
|
|
// this could be optimized by calculating the etag on the
|
|
// query result object before converting to json (step into
|
|
// the above function call) and adding the 'type' to the response,
|
|
// but having all this code here is cleaner and 'good enough'
|
|
$etag = md5($json);
|
|
header("Etag: \"$etag\"");
|
|
// make sure to strip a few things off the if-none-match
|
|
// header. stripping whitespace may not be required, but
|
|
// removing the quote on the incoming header is required
|
|
// to make the equality test
|
|
$if_none_match = isset($_SERVER['HTTP_IF_NONE_MATCH']) ?
|
|
trim($_SERVER['HTTP_IF_NONE_MATCH'], "\t\n\r\" ") : false;
|
|
if ($if_none_match && $if_none_match == $etag) {
|
|
header('HTTP/1.1 304 Not Modified');
|
|
return;
|
|
}
|
|
|
|
// allow rpc callback for XDomainAjax
|
|
if ( isset($http_data['callback']) ) {
|
|
// it is more correct to send text/javascript
|
|
// content-type for jsonp-callback
|
|
header('content-type: text/javascript');
|
|
return $http_data['callback'] . "({$json})";
|
|
}
|
|
else {
|
|
// set content type header to app/json
|
|
header('content-type: application/json');
|
|
return $json;
|
|
}
|
|
}
|
|
else {
|
|
return $this->json_error('Incorrect request type specified.');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns a JSON formatted error string.
|
|
*
|
|
* @param $msg The error string to return
|
|
* @return mixed A json formatted error response.
|
|
**/
|
|
private function json_error($msg) {
|
|
// set content type header to app/json
|
|
header('content-type: application/json');
|
|
return $this->json_results('error', $msg);
|
|
}
|
|
|
|
/**
|
|
* Returns a JSON formatted result data.
|
|
* @param $type The response method type.
|
|
* @param $data The result data to return
|
|
* @return mixed A json formatted result response.
|
|
**/
|
|
private function json_results($type, $data) {
|
|
return json_encode( array('type' => $type, 'results' => $data) );
|
|
}
|
|
|
|
private function process_query($type, $where_condition) {
|
|
$fields = implode(',', self::$fields);
|
|
$query = "SELECT Users.Username as Maintainer, {$fields} " .
|
|
"FROM Packages LEFT JOIN Users " .
|
|
"ON Packages.MaintainerUID = Users.ID " .
|
|
"WHERE ${where_condition}";
|
|
$result = db_query($query, $this->dbh);
|
|
|
|
if ( $result && (mysql_num_rows($result) > 0) ) {
|
|
$search_data = array();
|
|
while ( $row = mysql_fetch_assoc($result) ) {
|
|
$name = $row['Name'];
|
|
$row['URLPath'] = URL_DIR . $name . "/" . $name . ".tar.gz";
|
|
|
|
if ($type == 'info') {
|
|
$search_data = $row;
|
|
break;
|
|
}
|
|
else {
|
|
array_push($search_data, $row);
|
|
}
|
|
}
|
|
|
|
mysql_free_result($result);
|
|
return $this->json_results($type, $search_data);
|
|
}
|
|
else {
|
|
return $this->json_error('No results found');
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Parse the args to the multiinfo function. We may have a string or an
|
|
* array, so do the appropriate thing. Within the elements, both * package
|
|
* IDs and package names are valid; sort them into the relevant arrays and
|
|
* escape/quote the names.
|
|
* @param $args the arg string or array to parse.
|
|
* @return mixed An array containing 'ids' and 'names'.
|
|
**/
|
|
private function parse_multiinfo_args($args) {
|
|
if (!is_array($args)) {
|
|
$args = array($args);
|
|
}
|
|
|
|
$id_args = array();
|
|
$name_args = array();
|
|
foreach ($args as $arg) {
|
|
if (!$arg) {
|
|
continue;
|
|
}
|
|
if (is_numeric($arg)) {
|
|
$id_args[] = intval($arg);
|
|
} else {
|
|
$escaped = mysql_real_escape_string($arg, $this->dbh);
|
|
$name_args[] = "'" . $escaped . "'";
|
|
}
|
|
}
|
|
|
|
return array('ids' => $id_args, 'names' => $name_args);
|
|
}
|
|
|
|
/**
|
|
* Performs a fulltext mysql search of the package database.
|
|
* @param $keyword_string A string of keywords to search with.
|
|
* @return mixed Returns an array of package matches.
|
|
**/
|
|
private function search($keyword_string) {
|
|
if (strlen($keyword_string) < 2) {
|
|
return $this->json_error('Query arg too small');
|
|
}
|
|
|
|
$keyword_string = mysql_real_escape_string($keyword_string, $this->dbh);
|
|
$keyword_string = addcslashes($keyword_string, '%_');
|
|
|
|
$where_condition = "( Name LIKE '%{$keyword_string}%' OR " .
|
|
"Description LIKE '%{$keyword_string}%' )";
|
|
|
|
return $this->process_query('search', $where_condition);
|
|
}
|
|
|
|
/**
|
|
* Returns the info on a specific package.
|
|
* @param $pqdata The ID or name of the package. Package Query Data.
|
|
* @return mixed Returns an array of value data containing the package data
|
|
**/
|
|
private function info($pqdata) {
|
|
if ( is_numeric($pqdata) ) {
|
|
// just using sprintf to coerce the pqd to an int
|
|
// should handle sql injection issues, since sprintf will
|
|
// bork if not an int, or convert the string to a number 0
|
|
$where_condition = "ID={$pqdata}";
|
|
}
|
|
else {
|
|
$where_condition = sprintf("Name=\"%s\"",
|
|
mysql_real_escape_string($pqdata, $this->dbh));
|
|
}
|
|
return $this->process_query('info', $where_condition);
|
|
}
|
|
|
|
/**
|
|
* Returns the info on multiple packages.
|
|
* @param $pqdata A comma-separated list of IDs or names of the packages.
|
|
* @return mixed Returns an array of results containing the package data
|
|
**/
|
|
private function multiinfo($pqdata) {
|
|
$args = $this->parse_multiinfo_args($pqdata);
|
|
$ids = $args['ids'];
|
|
$names = $args['names'];
|
|
|
|
if (!$ids && !$names) {
|
|
return $this->json_error('Invalid query arguments');
|
|
}
|
|
|
|
$where_condition = "";
|
|
if ($ids) {
|
|
$ids_value = implode(',', $args['ids']);
|
|
$where_condition .= "ID IN ({$ids_value})";
|
|
}
|
|
if ($ids && $names) {
|
|
$where_condition .= " OR ";
|
|
}
|
|
if ($names) {
|
|
// individual names were quoted in parse_multiinfo_args()
|
|
$names_value = implode(',', $args['names']);
|
|
$where_condition .= "Name IN ({$names_value})";
|
|
}
|
|
|
|
return $this->process_query('multiinfo', $where_condition);
|
|
}
|
|
|
|
/**
|
|
* Returns all the packages for a specific maintainer.
|
|
* @param $maintainer The name of the maintainer.
|
|
* @return mixed Returns an array of value data containing the package data
|
|
**/
|
|
private function msearch($maintainer) {
|
|
$maintainer = mysql_real_escape_string($maintainer, $this->dbh);
|
|
|
|
$where_condition = "Users.Username = '{$maintainer}'";
|
|
|
|
return $this->process_query('msearch', $where_condition);
|
|
}
|
|
}
|
|
|