X-Git-Url: https://git.cweiske.de/anoweco.git/blobdiff_plain/25f2495d96988b976857be6a035ff8b90d4ee100..ca522c29a1cc10f665130d21d45ede99ddaa8ac7:/www/micropub.php diff --git a/www/micropub.php b/www/micropub.php index 54cdee0..e028782 100644 --- a/www/micropub.php +++ b/www/micropub.php @@ -37,6 +37,7 @@ function validateToken($token) 'header' => array( 'Authorization: Bearer ' . $token ), + 'ignore_errors' => true, ), ) ); @@ -47,7 +48,7 @@ function validateToken($token) mpError( 'HTTP/1.0 403 Forbidden', 'forbidden', - 'Error verifying bearer token: ' . $res + 'Error verifying bearer token: ' . trim($res) ); } @@ -81,37 +82,47 @@ function handleCreate($json, $token) ); } - if (!isset($json->properties->{'in-reply-to'})) { - mpError( - 'HTTP/1.0 400 Bad Request', - 'invalid_request', - 'Only replies accepted' - ); - } - $storage = new Storage(); + $lb = new Linkback(); try { $id = $storage->addComment($json, $userId); + $lb->ping($id); header('HTTP/1.0 201 Created'); header('Location: ' . Urls::full(Urls::comment($id))); exit(); } catch (\Exception $e) { - //FIXME: return correct status code - header('HTTP/1.0 500 Internal Server Error'); + if ($e->getCode() == 400) { + mpError( + 'HTTP/1.0 400 Bad Request', + 'invalid_request', + $e->getMessage() + ); + } + + mpError( + 'HTTP/1.0 500 Internal Server Error', + 'this_violates_the_spec', + $e->getMessage() + ); exit(); } } function getTokenFromHeader() { - if (!isset($_SERVER['HTTP_AUTHORIZATION'])) { + if (isset($_SERVER['HTTP_AUTHORIZATION'])) { + $auth = $_SERVER['HTTP_AUTHORIZATION']; + } else if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) { + //php-cgi has it there + $auth = $_SERVER['REDIRECT_HTTP_AUTHORIZATION']; + } else { mpError( 'HTTP/1.0 403 Forbidden', 'forbidden', 'Authorization HTTP header missing' ); } - list($bearer, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2); + list($bearer, $token) = explode(' ', $auth, 2); if ($bearer !== 'Bearer') { mpError( 'HTTP/1.0 403 Forbidden', 'forbidden',