require_once ('ApiBase.php');
}
+/**
+ * @defgroup API API
+ */
+
/**
* This is the main API class, used for both external and internal processing.
* When executed, it will create the requested formatter object,
*
* To use API from another application, run it using FauxRequest object, in which
* case any internal exceptions will not be handled but passed up to the caller.
- * After successful execution, use getResult() for the resulting data.
- *
- * @addtogroup API
+ * After successful execution, use getResult() for the resulting data.
+ *
+ * @ingroup API
*/
class ApiMain extends ApiBase {
*/
private static $Modules = array (
'login' => 'ApiLogin',
+ 'logout' => 'ApiLogout',
'query' => 'ApiQuery',
+ 'expandtemplates' => 'ApiExpandTemplates',
+ 'parse' => 'ApiParse',
'opensearch' => 'ApiOpenSearch',
'feedwatchlist' => 'ApiFeedWatchlist',
'help' => 'ApiHelp',
+ 'paraminfo' => 'ApiParamInfo',
+ 'purge' => 'ApiPurge',
+ );
+
+ private static $WriteModules = array (
+ 'rollback' => 'ApiRollback',
+ 'delete' => 'ApiDelete',
+ 'undelete' => 'ApiUndelete',
+ 'protect' => 'ApiProtect',
+ 'block' => 'ApiBlock',
+ 'unblock' => 'ApiUnblock',
+ 'move' => 'ApiMove',
+ 'edit' => 'ApiEditPage',
+ 'emailuser' => 'ApiEmailUser',
+ 'watch' => 'ApiWatch',
+ 'patrol' => 'ApiPatrol',
);
/**
'xmlfm' => 'ApiFormatXml',
'yaml' => 'ApiFormatYaml',
'yamlfm' => 'ApiFormatYaml',
- 'rawfm' => 'ApiFormatJson'
+ 'rawfm' => 'ApiFormatJson',
+ 'txt' => 'ApiFormatTxt',
+ 'txtfm' => 'ApiFormatTxt',
+ 'dbg' => 'ApiFormatDbg',
+ 'dbgfm' => 'ApiFormatDbg'
);
+
+ /**
+ * List of user roles that are specifically relevant to the API.
+ * array( 'right' => array ( 'msg' => 'Some message with a $1',
+ * 'params' => array ( $someVarToSubst ) ),
+ * );
+ */
+ private static $mRights = array('writeapi' => array(
+ 'msg' => 'Use of the write API',
+ 'params' => array()
+ ),
+ 'apihighlimits' => array(
+ 'msg' => 'Use higher limits in API queries (Slow queries: $1 results; Fast queries: $2 results). The limits for slow queries also apply to multivalue parameters.',
+ 'params' => array (ApiMain::LIMIT_SML2, ApiMain::LIMIT_BIG2)
+ )
+ );
+
private $mPrinter, $mModules, $mModuleNames, $mFormats, $mFormatNames;
private $mResult, $mAction, $mShowVersions, $mEnableWrite, $mRequest, $mInternalMode, $mSquidMaxage;
// Special handling for the main module: $parent === $this
parent :: __construct($this, $this->mInternalMode ? 'main_int' : 'main');
- $this->mModules = self :: $Modules;
- $this->mModuleNames = array_keys($this->mModules); // todo: optimize
+ if (!$this->mInternalMode) {
+
+ // Impose module restrictions.
+ // If the current user cannot read,
+ // Remove all modules other than login
+ global $wgUser;
+
+ if( $request->getVal( 'callback' ) !== null ) {
+ // JSON callback allows cross-site reads.
+ // For safety, strip user credentials.
+ wfDebug( "API: stripping user credentials for JSON callback\n" );
+ $wgUser = new User();
+ }
+
+ if (!$wgUser->isAllowed('read')) {
+ self::$Modules = array(
+ 'login' => self::$Modules['login'],
+ 'logout' => self::$Modules['logout'],
+ 'help' => self::$Modules['help'],
+ );
+ }
+ }
+
+ global $wgAPIModules, $wgEnableWriteAPI; // extension modules
+ $this->mModules = $wgAPIModules + self :: $Modules;
+ if($wgEnableWriteAPI)
+ $this->mModules += self::$WriteModules;
+
+ $this->mModuleNames = array_keys($this->mModules);
$this->mFormats = self :: $Formats;
- $this->mFormatNames = array_keys($this->mFormats); // todo: optimize
+ $this->mFormatNames = array_keys($this->mFormats);
$this->mResult = new ApiResult($this);
$this->mShowVersions = false;
$this->mRequest = & $request;
- $this->mSquidMaxage = 0;
+ $this->mSquidMaxage = -1; // flag for executeActionWithErrorHandling()
+ $this->mCommit = false;
+ }
+
+ /**
+ * Return true if the API was started by other PHP code using FauxRequest
+ */
+ public function isInternalMode() {
+ return $this->mInternalMode;
}
/**
}
/**
- * This method will simply cause an error if the write mode was disabled for this api.
+ * This method will simply cause an error if the write mode was disabled
+ * or if the current user doesn't have the right to use it
*/
public function requestWriteMode() {
+ global $wgUser;
if (!$this->mEnableWrite)
- $this->dieUsage('Editing of this site is disabled. Make sure the $wgEnableWriteAPI=true; ' .
- 'statement is included in the site\'s LocalSettings.php file', 'readonly');
+ $this->dieUsage('Editing of this wiki through the API' .
+ ' is disabled. Make sure the $wgEnableWriteAPI=true; ' .
+ 'statement is included in the wiki\'s ' .
+ 'LocalSettings.php file', 'noapiwrite');
+ if (!$wgUser->isAllowed('writeapi'))
+ $this->dieUsage('You\'re not allowed to edit this ' .
+ 'wiki through the API', 'writeapidenied');
+ if (wfReadOnly())
+ $this->dieUsageMsg(array('readonlytext'));
}
/**
}
/**
- * Execute api request. Any errors will be handled if the API was called by the remote client.
+ * Execute api request. Any errors will be handled if the API was called by the remote client.
*/
public function execute() {
$this->profileIn();
$this->executeAction();
else
$this->executeActionWithErrorHandling();
+
$this->profileOut();
}
try {
$this->executeAction();
} catch (Exception $e) {
+ // Log it
+ if ( $e instanceof MWException ) {
+ wfDebugLog( 'exception', $e->getLogMessage() );
+ }
+
//
// Handle any kind of exception by outputing properly formatted error message.
// If this fails, an unhandled exception should be thrown so that global error
// handler will process and log it.
//
+ $errCode = $this->substituteResultWithError($e);
+
// Error results should not be cached
$this->setCacheMaxAge(0);
+ $headerStr = 'MediaWiki-API-Error: ' . $errCode;
+ if ($e->getCode() === 0)
+ header($headerStr);
+ else
+ header($headerStr, true, $e->getCode());
+
+ // Reset and print just the error message
+ ob_clean();
+
+ // If the error occured during printing, do a printer->profileOut()
+ $this->mPrinter->safeProfileOut();
+ $this->printResult(true);
+ }
+
+ if($this->mSquidMaxage == -1)
+ {
+ # Nobody called setCacheMaxAge(), use the (s)maxage parameters
+ $smaxage = $this->getParameter('smaxage');
+ $maxage = $this->getParameter('maxage');
+ }
+ else
+ $smaxage = $maxage = $this->mSquidMaxage;
+
+ // Set the cache expiration at the last moment, as any errors may change the expiration.
+ // if $this->mSquidMaxage == 0, the expiry time is set to the first second of unix epoch
+ $exp = min($smaxage, $maxage);
+ $expires = ($exp == 0 ? 1 : time() + $exp);
+ header('Expires: ' . wfTimestamp(TS_RFC2822, $expires));
+ header('Cache-Control: s-maxage=' . $smaxage . ', must-revalidate, max-age=' . $maxage);
+
+ if($this->mPrinter->getIsHtml())
+ echo wfReportTime();
+
+ ob_end_flush();
+ }
+
+ /**
+ * Replace the result data with the information about an exception.
+ * Returns the error code
+ */
+ protected function substituteResultWithError($e) {
+
// Printer may not be initialized if the extractRequestParams() fails for the main module
if (!isset ($this->mPrinter)) {
// The printer has not been created yet. Try to manually get formatter value.
// User entered incorrect parameters - print usage screen
//
$errMessage = array (
- 'code' => $e->getCodeString(), 'info' => $e->getMessage());
-
+ 'code' => $e->getCodeString(),
+ 'info' => $e->getMessage());
+
// Only print the help message when this is for the developer, not runtime
if ($this->mPrinter->getIsHtml() || $this->mAction == 'help')
ApiResult :: setContent($errMessage, $this->makeHelpMsg());
} else {
+ global $wgShowSQLErrors, $wgShowExceptionDetails;
//
// Something is seriously wrong
//
+ if ( ( $e instanceof DBQueryError ) && !$wgShowSQLErrors ) {
+ $info = "Database query error";
+ } else {
+ $info = "Exception Caught: {$e->getMessage()}";
+ }
+
$errMessage = array (
- 'code' => 'internal_api_error',
- 'info' => "Exception Caught: {$e->getMessage()}"
+ 'code' => 'internal_api_error_'. get_class($e),
+ 'info' => $info,
);
- ApiResult :: setContent($errMessage, "\n\n{$e->getTraceAsString()}\n\n");
+ ApiResult :: setContent($errMessage, $wgShowExceptionDetails ? "\n\n{$e->getTraceAsString()}\n\n" : "" );
}
- $headerStr = 'MediaWiki-API-Error: ' . $errMessage['code'];
- if ($e->getCode() === 0)
- header($headerStr, true);
- else
- header($headerStr, true, $e->getCode());
-
- // Reset and print just the error message
- ob_clean();
$this->getResult()->reset();
+ // Re-add the id
+ if($this->mRequest->getCheck('requestid'))
+ $this->getResult()->addValue(null, 'requestid', $this->mRequest->getVal('requestid'));
$this->getResult()->addValue(null, 'error', $errMessage);
- // If the error occured during printing, do a printer->profileOut()
- $this->mPrinter->safeProfileOut();
- $this->printResult(true);
- }
-
- // Set the cache expiration at the last moment, as any errors may change the expiration.
- // if $this->mSquidMaxage == 0, the expiry time is set to the first second of unix epoch
- $expires = $this->mSquidMaxage == 0 ? 1 : time() + $this->mSquidMaxage;
- header('Expires: ' . wfTimestamp(TS_RFC2822, $expires));
- header('Cache-Control: s-maxage=' . $this->mSquidMaxage . ', must-revalidate, max-age=0');
-
- if($this->mPrinter->getIsHtml())
- echo wfReportTime();
-
- ob_end_flush();
+ return $errMessage['code'];
}
/**
* Execute the actual module, without any error handling
*/
protected function executeAction() {
-
+ // First add the id to the top element
+ if($this->mRequest->getCheck('requestid'))
+ $this->getResult()->addValue(null, 'requestid', $this->mRequest->getVal('requestid'));
+
$params = $this->extractRequestParams();
-
+
$this->mShowVersions = $params['version'];
$this->mAction = $params['action'];
+ if( !is_string( $this->mAction ) ) {
+ $this->dieUsage( "The API requires a valid action parameter", 'unknown_action' );
+ }
+
// Instantiate the module requested by the user
$module = new $this->mModules[$this->mAction] ($this, $this->mAction);
+ if( $module->shouldCheckMaxlag() && isset( $params['maxlag'] ) ) {
+ // Check for maxlag
+ global $wgShowHostnames;
+ $maxLag = $params['maxlag'];
+ list( $host, $lag ) = wfGetLB()->getMaxLag();
+ if ( $lag > $maxLag ) {
+ header( 'Retry-After: ' . max( intval( $maxLag ), 5 ) );
+ header( 'X-Database-Lag: ' . intval( $lag ) );
+ // XXX: should we return a 503 HTTP error code like wfMaxlagError() does?
+ if( $wgShowHostnames ) {
+ ApiBase :: dieUsage( "Waiting for $host: $lag seconds lagged", 'maxlag' );
+ } else {
+ ApiBase :: dieUsage( "Waiting for a database server: $lag seconds lagged", 'maxlag' );
+ }
+ return;
+ }
+ }
+
if (!$this->mInternalMode) {
+ // Ignore mustBePosted() for internal calls
+ if($module->mustBePosted() && !$this->mRequest->wasPosted())
+ $this->dieUsage("The {$this->mAction} module requires a POST request", 'mustbeposted');
// See if custom printer is used
$this->mPrinter = $module->getCustomPrinter();
// Execute
$module->profileIn();
$module->execute();
+ wfRunHooks('APIAfterExecute', array(&$module));
$module->profileOut();
if (!$this->mInternalMode) {
protected function printResult($isError) {
$printer = $this->mPrinter;
$printer->profileIn();
+
+ /* If the help message is requested in the default (xmlfm) format,
+ * tell the printer not to escape ampersands so that our links do
+ * not break. */
+ $printer->setUnescapeAmps ( ( $this->mAction == 'help' || $isError )
+ && $this->getParameter('format') == ApiMain::API_DEFAULT_FORMAT );
+
$printer->initPrinter($isError);
+
$printer->execute();
$printer->closePrinter();
$printer->profileOut();
/**
* See ApiBase for description.
*/
- protected function getAllowedParams() {
+ public function getAllowedParams() {
return array (
'format' => array (
ApiBase :: PARAM_DFLT => ApiMain :: API_DEFAULT_FORMAT,
ApiBase :: PARAM_DFLT => 'help',
ApiBase :: PARAM_TYPE => $this->mModuleNames
),
- 'version' => false
+ 'version' => false,
+ 'maxlag' => array (
+ ApiBase :: PARAM_TYPE => 'integer'
+ ),
+ 'smaxage' => array (
+ ApiBase :: PARAM_TYPE => 'integer',
+ ApiBase :: PARAM_DFLT => 0
+ ),
+ 'maxage' => array (
+ ApiBase :: PARAM_TYPE => 'integer',
+ ApiBase :: PARAM_DFLT => 0
+ ),
+ 'requestid' => null,
);
}
/**
* See ApiBase for description.
*/
- protected function getParamDescription() {
+ public function getParamDescription() {
return array (
'format' => 'The format of the output',
'action' => 'What action you would like to perform',
- 'version' => 'When showing help, include version for each module'
+ 'version' => 'When showing help, include version for each module',
+ 'maxlag' => 'Maximum lag',
+ 'smaxage' => 'Set the s-maxage header to this many seconds. Errors are never cached',
+ 'maxage' => 'Set the max-age header to this many seconds. Errors are never cached',
+ 'requestid' => 'Request ID to distinguish requests. This will just be output back to you',
);
}
/**
* See ApiBase for description.
*/
- protected function getDescription() {
+ public function getDescription() {
return array (
+ '',
'',
'******************************************************************',
'** **',
'** **',
'******************************************************************',
'',
- 'Status: ALPHA -- all features shown on this page should be working,',
- ' but the API is still in active development, and may change at any time.',
- ' Make sure you monitor changes to this page, wikitech-l mailing list,',
- ' or the source code in the includes/api directory for any changes.',
+ 'Status: All features shown on this page should be working, but the API',
+ ' is still in active development, and may change at any time.',
+ ' Make sure to monitor our mailing list for any updates.',
'',
+ 'Documentation: http://www.mediawiki.org/wiki/API',
+ 'Mailing list: http://lists.wikimedia.org/mailman/listinfo/mediawiki-api',
'Bugs & Requests: http://bugzilla.wikimedia.org/buglist.cgi?component=API&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&order=bugs.delta_ts',
'',
'',
'',
+ '',
+ '',
);
}
-
+
/**
* Returns an array of strings with credits for the API
*/
protected function getCredits() {
return array(
- 'This API is being implemented by Yuri Astrakhan [[User:Yurik]] / <Firstname><Lastname>@gmail.com',
- 'Please leave your comments and suggestions at http://www.mediawiki.org/wiki/API'
+ 'API developers:',
+ ' Roan Kattouw <Firstname>.<Lastname>@home.nl (lead developer Sep 2007-present)',
+ ' Victor Vasiliev - vasilvv at gee mail dot com',
+ ' Bryan Tong Minh - bryan . tongminh @ gmail . com',
+ ' Yuri Astrakhan <Firstname><Lastname>@gmail.com (creator, lead developer Sep 2006-Sep 2007)',
+ '',
+ 'Please send your comments, suggestions and questions to mediawiki-api@lists.wikimedia.org',
+ 'or file a bug report at http://bugzilla.wikimedia.org/'
);
}
*/
public function makeHelpMsg() {
+ $this->mPrinter->setHelp();
+
// Use parent to make default message for the main module
$msg = parent :: makeHelpMsg();
$msg .= "\n";
}
+ $msg .= "\n$astriks Permissions $astriks\n\n";
+ foreach ( self :: $mRights as $right => $rightMsg ) {
+ $groups = User::getGroupsWithPermission( $right );
+ $msg .= "* " . $right . " *\n " . wfMsgReplaceArgs( $rightMsg[ 'msg' ], $rightMsg[ 'params' ] ) .
+ "\nGranted to:\n " . str_replace( "*", "all", implode( ", ", $groups ) ) . "\n";
+
+ }
+
$msg .= "\n$astriks Formats $astriks\n\n";
foreach( $this->mFormats as $formatName => $unused ) {
$module = $this->createPrinterByName($formatName);
$msg .= $msg2;
$msg .= "\n";
}
-
+
$msg .= "\n*** Credits: ***\n " . implode("\n ", $this->getCredits()) . "\n";
-
+
return $msg;
}
public static function makeHelpMsgHeader($module, $paramName) {
$modulePrefix = $module->getModulePrefix();
- if (!empty($modulePrefix))
- $modulePrefix = "($modulePrefix) ";
-
+ if (strval($modulePrefix) !== '')
+ $modulePrefix = "($modulePrefix) ";
+
return "* $paramName={$module->getModuleName()} $modulePrefix*";
- }
+ }
private $mIsBot = null;
-
private $mIsSysop = null;
-
+ private $mCanApiHighLimits = null;
+
/**
* Returns true if the currently logged in user is a bot, false otherwise
+ * OBSOLETE, use canApiHighLimits() instead
*/
public function isBot() {
if (!isset ($this->mIsBot)) {
}
return $this->mIsBot;
}
-
+
/**
* Similar to isBot(), this method returns true if the logged in user is
* a sysop, and false if not.
+ * OBSOLETE, use canApiHighLimits() instead
*/
public function isSysop() {
if (!isset ($this->mIsSysop)) {
global $wgUser;
- $this->mIsSysop = in_array( 'sysop',
- $wgUser->getGroups());
+ $this->mIsSysop = in_array( 'sysop', $wgUser->getGroups());
}
return $this->mIsSysop;
}
+ /**
+ * Check whether the current user is allowed to use high limits
+ * @return bool
+ */
+ public function canApiHighLimits() {
+ if (!isset($this->mCanApiHighLimits)) {
+ global $wgUser;
+ $this->mCanApiHighLimits = $wgUser->isAllowed('apihighlimits');
+ }
+
+ return $this->mCanApiHighLimits;
+ }
+
+ /**
+ * Check whether the user wants us to show version information in the API help
+ * @return bool
+ */
public function getShowVersions() {
return $this->mShowVersions;
}
*/
public function getVersion() {
$vers = array ();
- $vers[] = 'MediaWiki ' . SpecialVersion::getVersion();
+ $vers[] = 'MediaWiki: ' . SpecialVersion::getVersion() . "\n http://svn.wikimedia.org/viewvc/mediawiki/trunk/phase3/";
$vers[] = __CLASS__ . ': $Id$';
$vers[] = ApiBase :: getBaseVersion();
$vers[] = ApiFormatBase :: getBaseVersion();
$vers[] = ApiFormatFeedWrapper :: getVersion(); // not accessible with format=xxx
return $vers;
}
+
+ /**
+ * Add or overwrite a module in this ApiMain instance. Intended for use by extending
+ * classes who wish to add their own modules to their lexicon or override the
+ * behavior of inherent ones.
+ *
+ * @access protected
+ * @param $mdlName String The identifier for this module.
+ * @param $mdlClass String The class where this module is implemented.
+ */
+ protected function addModule( $mdlName, $mdlClass ) {
+ $this->mModules[$mdlName] = $mdlClass;
+ }
+
+ /**
+ * Add or overwrite an output format for this ApiMain. Intended for use by extending
+ * classes who wish to add to or modify current formatters.
+ *
+ * @access protected
+ * @param $fmtName The identifier for this format.
+ * @param $fmtClass The class implementing this format.
+ */
+ protected function addFormat( $fmtName, $fmtClass ) {
+ $this->mFormats[$fmtName] = $fmtClass;
+ }
+
+ /**
+ * Get the array mapping module names to class names
+ */
+ function getModules() {
+ return $this->mModules;
+ }
}
/**
* This exception will be thrown when dieUsage is called to stop module execution.
* The exception handling code will print a help screen explaining how this API may be used.
- *
- * @addtogroup API
+ *
+ * @ingroup API
*/
class UsageException extends Exception {
return "{$this->getCodeString()}: {$this->getMessage()}";
}
}
-