wrygiel/proxy.php

## proxy.php
<?php

/* USOS API Base URL, trailing slash included. */
$usosapi_base_url = '';

/* Consumer Key to use. */
$consumer_key = '';
$consumer_secret = '';

/*
 * This is a simple proxy application. It receives a request, signs it
 * with the Consumer Key (and optionally - with a given Token), queries
 * given USOS API method and returns the results. It MUST be used in
 * a SECURE environment - you must be SURE that only trusted parties
 * are able to make requests to this proxy (like an IP check). Otherwise,
 * the attacker will be able to access USOS API on your behalf!
 *
 * Following $_GET arguments have a special meaning:
 *
 * - proxy_method - required, USOS API method to call, starts with "services/".
 * - proxy_secure - optional, '0' or '1' (default '0') - whether USOS API call
 *       should be secure (https) or not. Usually you will want to leave it at '0'.
 * - proxy_token - optional, a Token (will be used as oauth_token),
 * - proxy_token_secret - optional, Token Secret (will affect the signature).
 *
 * All other arguments (which do NOT start with "proxy_") will be passed as
 * arguments to the USOS API method.
 */

error_reporting(E_ALL);
ini_set("display_errors", 1);

if (!isset($_GET['proxy_method'])) {
	header("HTTP/1.1 400 BAD REQUEST");
	print "Read instructions in the comments!";
	exit;
}
$proxy_method = $_GET['proxy_method'];
$proxy_secure = isset($_GET['proxy_secure']) ? ($_GET['proxy_secure'] == '1') : false;
$proxy_token = isset($_GET['proxy_token']) ? $_GET['proxy_token'] : null;
if ($proxy_token != null) {
	if (!isset($_GET['proxy_token_secret'])) {
		header("HTTP/1.1 400 BAD REQUEST");
		print "You supplied Token, but forgot about the Token Secret.";
		exit;
	}
	$proxy_token_secret = $_GET['proxy_token_secret'];
}
$vars = array();
foreach ($_GET as $key => $value)
	if (strpos($key, "proxy_") !== 0)
		$vars[$key] = $value;

try {
	$oauth = new OAuth($consumer_key, $consumer_secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
	if ($proxy_token) {
		$oauth->setToken($proxy_token, $proxy_token_secret);
	}
	$url = $proxy_secure ? str_replace("http://", "https://", $usosapi_base_url) : $usosapi_base_url;
	$url .= $proxy_method;
	$var_chunks = array();
	foreach ($vars as $key => $value)
		$var_chunks[] = $key."=".rawurlencode($value);
	if (count($var_chunks) > 0)
		$url .= "?".implode("&", $var_chunks);
	$oauth->fetch($url);
	$response_info = $oauth->getLastResponseInfo();
	header("Content-Type: {$response_info["content_type"]}");
	print $oauth->getLastResponse();
	exit;
} catch(OAuthException $E) {
	header("HTTP/1.1 400 BAD REQUEST");
	print $E->lastResponse;
}

?>
	<?php

	/* USOS API Base URL, trailing slash included. */
	$usosapi_base_url = '';

	/* Consumer Key to use. */
	$consumer_key = '';
	$consumer_secret = '';

	/*
	* This is a simple proxy application. It receives a request, signs it
	* with the Consumer Key (and optionally - with a given Token), queries
	* given USOS API method and returns the results. It MUST be used in
	* a SECURE environment - you must be SURE that only trusted parties
	* are able to make requests to this proxy (like an IP check). Otherwise,
	* the attacker will be able to access USOS API on your behalf!
	*
	* Following $_GET arguments have a special meaning:
	*
	* - proxy_method - required, USOS API method to call, starts with "services/".
	* - proxy_secure - optional, '0' or '1' (default '0') - whether USOS API call
	* should be secure (https) or not. Usually you will want to leave it at '0'.
	* - proxy_token - optional, a Token (will be used as oauth_token),
	* - proxy_token_secret - optional, Token Secret (will affect the signature).
	*
	* All other arguments (which do NOT start with "proxy_") will be passed as
	* arguments to the USOS API method.
	*/

	error_reporting(E_ALL);
	ini_set("display_errors", 1);

	if (!isset($_GET['proxy_method'])) {
	header("HTTP/1.1 400 BAD REQUEST");
	print "Read instructions in the comments!";
	exit;
	}
	$proxy_method = $_GET['proxy_method'];
	$proxy_secure = isset($_GET['proxy_secure']) ? ($_GET['proxy_secure'] == '1') : false;
	$proxy_token = isset($_GET['proxy_token']) ? $_GET['proxy_token'] : null;
	if ($proxy_token != null) {
	if (!isset($_GET['proxy_token_secret'])) {
	header("HTTP/1.1 400 BAD REQUEST");
	print "You supplied Token, but forgot about the Token Secret.";
	exit;
	}
	$proxy_token_secret = $_GET['proxy_token_secret'];
	}
	$vars = array();
	foreach ($_GET as $key => $value)
	if (strpos($key, "proxy_") !== 0)
	$vars[$key] = $value;

	try {
	$oauth = new OAuth($consumer_key, $consumer_secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
	if ($proxy_token) {
	$oauth->setToken($proxy_token, $proxy_token_secret);
	}
	$url = $proxy_secure ? str_replace("http://", "https://", $usosapi_base_url) : $usosapi_base_url;
	$url .= $proxy_method;
	$var_chunks = array();
	foreach ($vars as $key => $value)
	$var_chunks[] = $key."=".rawurlencode($value);
	if (count($var_chunks) > 0)
	$url .= "?".implode("&", $var_chunks);
	$oauth->fetch($url);
	$response_info = $oauth->getLastResponseInfo();
	header("Content-Type: {$response_info["content_type"]}");
	print $oauth->getLastResponse();
	exit;
	} catch(OAuthException $E) {
	header("HTTP/1.1 400 BAD REQUEST");
	print $E->lastResponse;
	}

	?>