require_once ('ApiBase.php');
}
+/**
+ * @defgroup API API
+ */
+
/**
* This is the main API class, used for both external and internal processing.
* When executed, it will create the requested formatter object,
*
* To use API from another application, run it using FauxRequest object, in which
* case any internal exceptions will not be handled but passed up to the caller.
- * After successful execution, use getResult() for the resulting data.
- *
- * @addtogroup API
+ * After successful execution, use getResult() for the resulting data.
+ *
+ * @ingroup API
*/
class ApiMain extends ApiBase {
*/
private static $Modules = array (
'login' => 'ApiLogin',
+ 'logout' => 'ApiLogout',
'query' => 'ApiQuery',
+ 'expandtemplates' => 'ApiExpandTemplates',
+ 'parse' => 'ApiParse',
'opensearch' => 'ApiOpenSearch',
'feedwatchlist' => 'ApiFeedWatchlist',
'help' => 'ApiHelp',
+ 'paraminfo' => 'ApiParamInfo',
+
+ // Write modules
+ 'purge' => 'ApiPurge',
+ 'rollback' => 'ApiRollback',
+ 'delete' => 'ApiDelete',
+ 'undelete' => 'ApiUndelete',
+ 'protect' => 'ApiProtect',
+ 'block' => 'ApiBlock',
+ 'unblock' => 'ApiUnblock',
+ 'move' => 'ApiMove',
+ 'edit' => 'ApiEditPage',
+ 'emailuser' => 'ApiEmailUser',
+ 'watch' => 'ApiWatch',
+ 'patrol' => 'ApiPatrol',
+ 'import' => 'ApiImport',
);
/**
'xmlfm' => 'ApiFormatXml',
'yaml' => 'ApiFormatYaml',
'yamlfm' => 'ApiFormatYaml',
- 'rawfm' => 'ApiFormatJson'
+ 'rawfm' => 'ApiFormatJson',
+ 'txt' => 'ApiFormatTxt',
+ 'txtfm' => 'ApiFormatTxt',
+ 'dbg' => 'ApiFormatDbg',
+ 'dbgfm' => 'ApiFormatDbg'
+ );
+
+ /**
+ * List of user roles that are specifically relevant to the API.
+ * array( 'right' => array ( 'msg' => 'Some message with a $1',
+ * 'params' => array ( $someVarToSubst ) ),
+ * );
+ */
+ private static $mRights = array('writeapi' => array(
+ 'msg' => 'Use of the write API',
+ 'params' => array()
+ ),
+ 'apihighlimits' => array(
+ 'msg' => 'Use higher limits in API queries (Slow queries: $1 results; Fast queries: $2 results). The limits for slow queries also apply to multivalue parameters.',
+ 'params' => array (ApiMain::LIMIT_SML2, ApiMain::LIMIT_BIG2)
+ )
);
+
private $mPrinter, $mModules, $mModuleNames, $mFormats, $mFormatNames;
- private $mResult, $mAction, $mShowVersions, $mEnableWrite, $mRequest, $mInternalMode, $mSquidMaxage;
+ private $mResult, $mAction, $mShowVersions, $mEnableWrite, $mRequest, $mInternalMode;
+ private $mCacheMode = 'private';
+ private $mCacheControl = array();
/**
* Constructs an instance of ApiMain that utilizes the module and format specified by $request.
parent :: __construct($this, $this->mInternalMode ? 'main_int' : 'main');
if (!$this->mInternalMode) {
-
+
// Impose module restrictions.
- // If the current user cannot read,
+ // If the current user cannot read,
// Remove all modules other than login
global $wgUser;
- if (!$wgUser->isAllowed('read')) {
- self::$Modules = array(
- 'login' => self::$Modules['login'],
- 'help' => self::$Modules['help']
- );
+
+ if( $request->getVal( 'callback' ) !== null ) {
+ // JSON callback allows cross-site reads.
+ // For safety, strip user credentials.
+ wfDebug( "API: stripping user credentials for JSON callback\n" );
+ $wgUser = new User();
}
}
global $wgAPIModules; // extension modules
$this->mModules = $wgAPIModules + self :: $Modules;
- $this->mModuleNames = array_keys($this->mModules); // todo: optimize
+ $this->mModuleNames = array_keys($this->mModules);
$this->mFormats = self :: $Formats;
- $this->mFormatNames = array_keys($this->mFormats); // todo: optimize
+ $this->mFormatNames = array_keys($this->mFormats);
$this->mResult = new ApiResult($this);
$this->mShowVersions = false;
$this->mRequest = & $request;
- $this->mSquidMaxage = 0;
+ $this->mCommit = false;
}
/**
}
/**
- * This method will simply cause an error if the write mode was disabled for this api.
+ * Only kept for backwards compatibility
+ * @deprecated Use isWriteMode() instead
*/
public function requestWriteMode() {
if (!$this->mEnableWrite)
- $this->dieUsage('Editing of this site is disabled. Make sure the $wgEnableWriteAPI=true; ' .
- 'statement is included in the site\'s LocalSettings.php file', 'readonly');
+ $this->dieUsageMsg(array('writedisabled'));
+ if (wfReadOnly())
+ $this->dieUsageMsg(array('readonlytext'));
}
/**
* Set how long the response should be cached.
*/
public function setCacheMaxAge($maxage) {
- $this->mSquidMaxage = $maxage;
+ $this->setCacheControl( array(
+ 'max-age' => $maxage,
+ 's-maxage' => $maxage
+ ) );
+ }
+
+ /**
+ * Set the type of caching headers which will be sent.
+ *
+ * @param $mode One of:
+ * - 'public': Cache this object in public caches, if the maxage or smaxage
+ * parameter is set, or if setCacheMaxAge() was called. If a maximum age is
+ * not provided by any of these means, the object will be private.
+ * - 'private': Cache this object only in private client-side caches.
+ * - 'anon-public-user-private': Make this object cacheable for logged-out
+ * users, but private for logged-in users. IMPORTANT: If this is set, it must be
+ * set consistently for a given URL, it cannot be set differently depending on
+ * things like the contents of the database, or whether the user is logged in.
+ *
+ * If the wiki does not allow anonymous users to read it, the mode set here
+ * will be ignored, and private caching headers will always be sent. In other words,
+ * the "public" mode is equivalent to saying that the data sent is as public as a page
+ * view.
+ *
+ * For user-dependent data, the private mode should generally be used. The
+ * anon-public-user-private mode should only be used where there is a particularly
+ * good performance reason for caching the anonymous response, but where the
+ * response to logged-in users may differ, or may contain private data.
+ *
+ * If this function is never called, then the default will be the private mode.
+ */
+ public function setCacheMode( $mode ) {
+ if ( !in_array( $mode, array( 'private', 'public', 'anon-public-user-private' ) ) ) {
+ wfDebug( __METHOD__.": unrecognised cache mode \"$mode\"\n" );
+ // Ignore for forwards-compatibility
+ return;
+ }
+
+ if ( !in_array( 'read', User::getGroupPermissions( array( '*' ) ), true ) ) {
+ // Private wiki, only private headers
+ if ( $mode !== 'private' ) {
+ wfDebug( __METHOD__.": ignoring request for $mode cache mode, private wiki\n" );
+ return;
+ }
+ }
+
+ wfDebug( __METHOD__.": setting cache mode $mode\n" );
+ $this->mCacheMode = $mode;
+ }
+
+ /**
+ * @deprecated Private caching is now the default, so there is usually no
+ * need to call this function. If there is a need, you can use
+ * $this->setCacheMode('private')
+ */
+ public function setCachePrivate() {
+ $this->setCacheMode( 'private' );
+ }
+
+ /**
+ * Set directives (key/value pairs) for the Cache-Control header.
+ * Boolean values will be formatted as such, by including or omitting
+ * without an equals sign.
+ *
+ * Cache control values set here will only be used if the cache mode is not
+ * private, see setCacheMode().
+ */
+ public function setCacheControl( $directives ) {
+ $this->mCacheControl = $directives + $this->mCacheControl;
+ }
+
+ /**
+ * Make sure Vary: Cookie and friends are set. Use this when the output of a request
+ * may be cached for anons but may not be cached for logged-in users.
+ *
+ * WARNING: This function must be called CONSISTENTLY for a given URL. This means that a
+ * given URL must either always or never call this function; if it sometimes does and
+ * sometimes doesn't, stuff will break.
+ *
+ * @deprecated Use setCacheMode( 'anon-public-user-private' )
+ */
+ public function setVaryCookie() {
+ $this->setCacheMode( 'anon-public-user-private' );
}
/**
* Create an instance of an output formatter by its name
*/
public function createPrinterByName($format) {
+ if( !isset( $this->mFormats[$format] ) )
+ $this->dieUsage( "Unrecognized format: {$format}", 'unknown_format' );
return new $this->mFormats[$format] ($this, $format);
}
/**
- * Execute api request. Any errors will be handled if the API was called by the remote client.
+ * Execute api request. Any errors will be handled if the API was called by the remote client.
*/
public function execute() {
$this->profileIn();
$this->executeAction();
else
$this->executeActionWithErrorHandling();
+
$this->profileOut();
}
try {
$this->executeAction();
} catch (Exception $e) {
+ // Log it
+ if ( $e instanceof MWException ) {
+ wfDebugLog( 'exception', $e->getLogMessage() );
+ }
+
//
// Handle any kind of exception by outputing properly formatted error message.
// If this fails, an unhandled exception should be thrown so that global error
$errCode = $this->substituteResultWithError($e);
// Error results should not be cached
- $this->setCacheMaxAge(0);
+ $this->setCacheMode( 'private' );
$headerStr = 'MediaWiki-API-Error: ' . $errCode;
if ($e->getCode() === 0)
- header($headerStr, true);
+ header($headerStr);
else
header($headerStr, true, $e->getCode());
$this->printResult(true);
}
- // Set the cache expiration at the last moment, as any errors may change the expiration.
- // if $this->mSquidMaxage == 0, the expiry time is set to the first second of unix epoch
- $expires = $this->mSquidMaxage == 0 ? 1 : time() + $this->mSquidMaxage;
- header('Expires: ' . wfTimestamp(TS_RFC2822, $expires));
- header('Cache-Control: s-maxage=' . $this->mSquidMaxage . ', must-revalidate, max-age=0');
+ // Send cache headers after any code which might generate an error, to
+ // avoid sending public cache headers for errors.
+ $this->sendCacheHeaders();
if($this->mPrinter->getIsHtml())
echo wfReportTime();
ob_end_flush();
}
+ protected function sendCacheHeaders() {
+ if ( $this->mCacheMode == 'private' ) {
+ header( 'Cache-Control: private' );
+ return;
+ }
+
+ if ( $this->mCacheMode == 'anon-public-user-private' ) {
+ global $wgOut;
+ header( 'Vary: Accept-Encoding, Cookie' );
+ header( $wgOut->getXVO() );
+ if ( session_id() != '' || $wgOut->haveCacheVaryCookies() ) {
+ // Logged in, mark this request private
+ header( 'Cache-Control: private' );
+ return;
+ }
+ // Logged out, send normal public headers below
+ } else /* if public */ {
+ // Give a debugging message if the user object is unstubbed on a public request
+ global $wgUser;
+ if ( !( $wgUser instanceof StubUser ) ) {
+ wfDebug( __METHOD__." \$wgUser is unstubbed on a public request!\n" );
+ }
+ }
+
+ // If nobody called setCacheMaxAge(), use the (s)maxage parameters
+ if ( !isset( $this->mCacheControl['s-maxage'] ) ) {
+ $this->mCacheControl['s-maxage'] = $this->getParameter( 'smaxage' );
+ }
+ if ( !isset( $this->mCacheControl['max-age'] ) ) {
+ $this->mCacheControl['max-age'] = $this->getParameter( 'maxage' );
+ }
+
+ if ( !$this->mCacheControl['s-maxage'] && !$this->mCacheControl['max-age'] ) {
+ // Public cache not requested
+ // Sending a Vary header in this case is harmless, and protects us
+ // against conditional calls of setCacheMaxAge().
+ header( 'Cache-Control: private' );
+ return;
+ }
+
+ $this->mCacheControl['public'] = true;
+
+ // Send an Expires header
+ $maxAge = min( $this->mCacheControl['s-maxage'], $this->mCacheControl['max-age'] );
+ $expiryUnixTime = ( $maxAge == 0 ? 1 : time() + $maxAge );
+ header( 'Expires: ' . wfTimestamp( TS_RFC2822, $expiryUnixTime ) );
+
+ // Construct the Cache-Control header
+ $ccHeader = '';
+ $separator = '';
+ foreach ( $this->mCacheControl as $name => $value ) {
+ if ( is_bool( $value ) ) {
+ if ( $value ) {
+ $ccHeader .= $separator . $name;
+ $separator = ', ';
+ }
+ } else {
+ $ccHeader .= $separator . "$name=$value";
+ $separator = ', ';
+ }
+ }
+
+ header( "Cache-Control: $ccHeader" );
+ }
+
/**
* Replace the result data with the information about an exception.
- * Returns the error code
+ * Returns the error code
*/
protected function substituteResultWithError($e) {
-
+
// Printer may not be initialized if the extractRequestParams() fails for the main module
if (!isset ($this->mPrinter)) {
// The printer has not been created yet. Try to manually get formatter value.
$errMessage = array (
'code' => $e->getCodeString(),
'info' => $e->getMessage());
-
+
// Only print the help message when this is for the developer, not runtime
if ($this->mPrinter->getIsHtml() || $this->mAction == 'help')
ApiResult :: setContent($errMessage, $this->makeHelpMsg());
} else {
+ global $wgShowSQLErrors, $wgShowExceptionDetails;
//
// Something is seriously wrong
//
+ if ( ( $e instanceof DBQueryError ) && !$wgShowSQLErrors ) {
+ $info = "Database query error";
+ } else {
+ $info = "Exception Caught: {$e->getMessage()}";
+ }
+
$errMessage = array (
- 'code' => 'internal_api_error',
- 'info' => "Exception Caught: {$e->getMessage()}"
+ 'code' => 'internal_api_error_'. get_class($e),
+ 'info' => $info,
);
- ApiResult :: setContent($errMessage, "\n\n{$e->getTraceAsString()}\n\n");
+ ApiResult :: setContent($errMessage, $wgShowExceptionDetails ? "\n\n{$e->getTraceAsString()}\n\n" : "" );
}
$this->getResult()->reset();
+ $this->getResult()->disableSizeCheck();
+ // Re-add the id
+ $requestid = $this->getParameter('requestid');
+ if(!is_null($requestid))
+ $this->getResult()->addValue(null, 'requestid', $requestid);
$this->getResult()->addValue(null, 'error', $errMessage);
return $errMessage['code'];
* Execute the actual module, without any error handling
*/
protected function executeAction() {
-
+ // First add the id to the top element
+ $requestid = $this->getParameter('requestid');
+ if(!is_null($requestid))
+ $this->getResult()->addValue(null, 'requestid', $requestid);
+
$params = $this->extractRequestParams();
-
+
$this->mShowVersions = $params['version'];
$this->mAction = $params['action'];
+ if( !is_string( $this->mAction ) ) {
+ $this->dieUsage( "The API requires a valid action parameter", 'unknown_action' );
+ }
+
// Instantiate the module requested by the user
$module = new $this->mModules[$this->mAction] ($this, $this->mAction);
+ if( $module->shouldCheckMaxlag() && isset( $params['maxlag'] ) ) {
+ // Check for maxlag
+ global $wgShowHostnames;
+ $maxLag = $params['maxlag'];
+ list( $host, $lag ) = wfGetLB()->getMaxLag();
+ if ( $lag > $maxLag ) {
+ header( 'Retry-After: ' . max( intval( $maxLag ), 5 ) );
+ header( 'X-Database-Lag: ' . intval( $lag ) );
+ // XXX: should we return a 503 HTTP error code like wfMaxlagError() does?
+ if( $wgShowHostnames ) {
+ $this->dieUsage( "Waiting for $host: $lag seconds lagged", 'maxlag' );
+ } else {
+ $this->dieUsage( "Waiting for a database server: $lag seconds lagged", 'maxlag' );
+ }
+ return;
+ }
+ }
+
+ global $wgUser;
+ if ($module->isReadMode() && !$wgUser->isAllowed('read'))
+ $this->dieUsageMsg(array('readrequired'));
+ if ($module->isWriteMode()) {
+ if (!$this->mEnableWrite)
+ $this->dieUsageMsg(array('writedisabled'));
+ if (!$wgUser->isAllowed('writeapi'))
+ $this->dieUsageMsg(array('writerequired'));
+ if (wfReadOnly())
+ $this->dieUsageMsg(array('readonlytext'));
+ }
+
if (!$this->mInternalMode) {
+ // Ignore mustBePosted() for internal calls
+ if($module->mustBePosted() && !$this->mRequest->wasPosted())
+ $this->dieUsage("The {$this->mAction} module requires a POST request", 'mustbeposted');
// See if custom printer is used
$this->mPrinter = $module->getCustomPrinter();
// Execute
$module->profileIn();
$module->execute();
+ wfRunHooks('APIAfterExecute', array(&$module));
$module->profileOut();
if (!$this->mInternalMode) {
* Print results using the current printer
*/
protected function printResult($isError) {
+ $this->getResult()->cleanUpUTF8();
$printer = $this->mPrinter;
$printer->profileIn();
+
+ /* If the help message is requested in the default (xmlfm) format,
+ * tell the printer not to escape ampersands so that our links do
+ * not break. */
+ $printer->setUnescapeAmps ( ( $this->mAction == 'help' || $isError )
+ && $printer->getFormat() == 'XML' && $printer->getIsHtml() );
+
$printer->initPrinter($isError);
+
$printer->execute();
$printer->closePrinter();
$printer->profileOut();
}
+
+ public function isReadMode() {
+ return false;
+ }
/**
* See ApiBase for description.
*/
- protected function getAllowedParams() {
+ public function getAllowedParams() {
return array (
'format' => array (
ApiBase :: PARAM_DFLT => ApiMain :: API_DEFAULT_FORMAT,
ApiBase :: PARAM_DFLT => 'help',
ApiBase :: PARAM_TYPE => $this->mModuleNames
),
- 'version' => false
+ 'version' => false,
+ 'maxlag' => array (
+ ApiBase :: PARAM_TYPE => 'integer'
+ ),
+ 'smaxage' => array (
+ ApiBase :: PARAM_TYPE => 'integer',
+ ApiBase :: PARAM_DFLT => 0
+ ),
+ 'maxage' => array (
+ ApiBase :: PARAM_TYPE => 'integer',
+ ApiBase :: PARAM_DFLT => 0
+ ),
+ 'requestid' => null,
);
}
/**
* See ApiBase for description.
*/
- protected function getParamDescription() {
+ public function getParamDescription() {
return array (
'format' => 'The format of the output',
'action' => 'What action you would like to perform',
- 'version' => 'When showing help, include version for each module'
+ 'version' => 'When showing help, include version for each module',
+ 'maxlag' => 'Maximum lag',
+ 'smaxage' => 'Set the s-maxage header to this many seconds. Errors are never cached',
+ 'maxage' => 'Set the max-age header to this many seconds. Errors are never cached',
+ 'requestid' => 'Request ID to distinguish requests. This will just be output back to you',
);
}
/**
* See ApiBase for description.
*/
- protected function getDescription() {
+ public function getDescription() {
return array (
'',
'',
'',
);
}
-
+
/**
* Returns an array of strings with credits for the API
*/
protected function getCredits() {
return array(
- 'This API is being implemented by Yuri Astrakhan [[User:Yurik]] / <Firstname><Lastname>@gmail.com',
- 'Please leave your comments and suggestions at http://www.mediawiki.org/wiki/API'
+ 'API developers:',
+ ' Roan Kattouw <Firstname>.<Lastname>@home.nl (lead developer Sep 2007-present)',
+ ' Victor Vasiliev - vasilvv at gee mail dot com',
+ ' Bryan Tong Minh - bryan . tongminh @ gmail . com',
+ ' Yuri Astrakhan <Firstname><Lastname>@gmail.com (creator, lead developer Sep 2006-Sep 2007)',
+ '',
+ 'Please send your comments, suggestions and questions to mediawiki-api@lists.wikimedia.org',
+ 'or file a bug report at http://bugzilla.wikimedia.org/'
);
}
*/
public function makeHelpMsg() {
+ $this->mPrinter->setHelp();
+
// Use parent to make default message for the main module
$msg = parent :: makeHelpMsg();
$msg .= "\n";
}
+ $msg .= "\n$astriks Permissions $astriks\n\n";
+ foreach ( self :: $mRights as $right => $rightMsg ) {
+ $groups = User::getGroupsWithPermission( $right );
+ $msg .= "* " . $right . " *\n " . wfMsgReplaceArgs( $rightMsg[ 'msg' ], $rightMsg[ 'params' ] ) .
+ "\nGranted to:\n " . str_replace( "*", "all", implode( ", ", $groups ) ) . "\n";
+
+ }
+
$msg .= "\n$astriks Formats $astriks\n\n";
foreach( $this->mFormats as $formatName => $unused ) {
$module = $this->createPrinterByName($formatName);
$msg .= $msg2;
$msg .= "\n";
}
-
+
$msg .= "\n*** Credits: ***\n " . implode("\n ", $this->getCredits()) . "\n";
-
+
return $msg;
}
public static function makeHelpMsgHeader($module, $paramName) {
$modulePrefix = $module->getModulePrefix();
- if (!empty($modulePrefix))
- $modulePrefix = "($modulePrefix) ";
-
+ if (strval($modulePrefix) !== '')
+ $modulePrefix = "($modulePrefix) ";
+
return "* $paramName={$module->getModuleName()} $modulePrefix*";
- }
+ }
private $mIsBot = null;
-
private $mIsSysop = null;
-
+ private $mCanApiHighLimits = null;
+
/**
* Returns true if the currently logged in user is a bot, false otherwise
+ * OBSOLETE, use canApiHighLimits() instead
*/
public function isBot() {
if (!isset ($this->mIsBot)) {
}
return $this->mIsBot;
}
-
+
/**
* Similar to isBot(), this method returns true if the logged in user is
* a sysop, and false if not.
+ * OBSOLETE, use canApiHighLimits() instead
*/
public function isSysop() {
if (!isset ($this->mIsSysop)) {
return $this->mIsSysop;
}
+ /**
+ * Check whether the current user is allowed to use high limits
+ * @return bool
+ */
+ public function canApiHighLimits() {
+ if (!isset($this->mCanApiHighLimits)) {
+ global $wgUser;
+ $this->mCanApiHighLimits = $wgUser->isAllowed('apihighlimits');
+ }
+
+ return $this->mCanApiHighLimits;
+ }
+
+ /**
+ * Check whether the user wants us to show version information in the API help
+ * @return bool
+ */
public function getShowVersions() {
return $this->mShowVersions;
}
*/
public function getVersion() {
$vers = array ();
- $vers[] = 'MediaWiki ' . SpecialVersion::getVersion();
- $vers[] = __CLASS__ . ': $Id: ApiMain.php 25364 2007-08-31 15:23:48Z tstarling $';
+ $vers[] = 'MediaWiki: ' . SpecialVersion::getVersion() . "\n http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/";
+ $vers[] = __CLASS__ . ': $Id: ApiMain.php 69990 2010-07-27 08:44:08Z tstarling $';
$vers[] = ApiBase :: getBaseVersion();
$vers[] = ApiFormatBase :: getBaseVersion();
$vers[] = ApiQueryBase :: getBaseVersion();
/**
* Add or overwrite a module in this ApiMain instance. Intended for use by extending
- * classes who wish to add their own modules to their lexicon or override the
+ * classes who wish to add their own modules to their lexicon or override the
* behavior of inherent ones.
*
* @access protected
protected function addFormat( $fmtName, $fmtClass ) {
$this->mFormats[$fmtName] = $fmtClass;
}
+
+ /**
+ * Get the array mapping module names to class names
+ */
+ function getModules() {
+ return $this->mModules;
+ }
}
/**
* This exception will be thrown when dieUsage is called to stop module execution.
* The exception handling code will print a help screen explaining how this API may be used.
- *
- * @addtogroup API
+ *
+ * @ingroup API
*/
class UsageException extends Exception {
return "{$this->getCodeString()}: {$this->getMessage()}";
}
}
-
scripts.mit.edu / autoinstallsdev / mediawiki.git / blobdiff