Instantly share code, notes, and snippets.

Embed
What would you like to do?
USOS API proxy
<?php
/* USOS API Base URL, trailing slash included. */
$usosapi_base_url = '';
/* Consumer Key to use. */
$consumer_key = '';
$consumer_secret = '';
/*
* This is a simple proxy application. It receives a request, signs it
* with the Consumer Key (and optionally - with a given Token), queries
* given USOS API method and returns the results. It MUST be used in
* a SECURE environment - you must be SURE that only trusted parties
* are able to make requests to this proxy (like an IP check). Otherwise,
* the attacker will be able to access USOS API on your behalf!
*
* Following $_GET arguments have a special meaning:
*
* - proxy_method - required, USOS API method to call, starts with "services/".
* - proxy_secure - optional, '0' or '1' (default '0') - whether USOS API call
* should be secure (https) or not. Usually you will want to leave it at '0'.
* - proxy_token - optional, a Token (will be used as oauth_token),
* - proxy_token_secret - optional, Token Secret (will affect the signature).
*
* All other arguments (which do NOT start with "proxy_") will be passed as
* arguments to the USOS API method.
*/
error_reporting(E_ALL);
ini_set("display_errors", 1);
if (!isset($_GET['proxy_method'])) {
header("HTTP/1.1 400 BAD REQUEST");
print "Read instructions in the comments!";
exit;
}
$proxy_method = $_GET['proxy_method'];
$proxy_secure = isset($_GET['proxy_secure']) ? ($_GET['proxy_secure'] == '1') : false;
$proxy_token = isset($_GET['proxy_token']) ? $_GET['proxy_token'] : null;
if ($proxy_token != null) {
if (!isset($_GET['proxy_token_secret'])) {
header("HTTP/1.1 400 BAD REQUEST");
print "You supplied Token, but forgot about the Token Secret.";
exit;
}
$proxy_token_secret = $_GET['proxy_token_secret'];
}
$vars = array();
foreach ($_GET as $key => $value)
if (strpos($key, "proxy_") !== 0)
$vars[$key] = $value;
try {
$oauth = new OAuth($consumer_key, $consumer_secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
if ($proxy_token) {
$oauth->setToken($proxy_token, $proxy_token_secret);
}
$url = $proxy_secure ? str_replace("http://", "https://", $usosapi_base_url) : $usosapi_base_url;
$url .= $proxy_method;
$var_chunks = array();
foreach ($vars as $key => $value)
$var_chunks[] = $key."=".rawurlencode($value);
if (count($var_chunks) > 0)
$url .= "?".implode("&", $var_chunks);
$oauth->fetch($url);
$response_info = $oauth->getLastResponseInfo();
header("Content-Type: {$response_info["content_type"]}");
print $oauth->getLastResponse();
exit;
} catch(OAuthException $E) {
header("HTTP/1.1 400 BAD REQUEST");
print $E->lastResponse;
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment