aaronpk · March 6, 2021 23:47 · argovaerts · Dec 3, 2018 · thunderrabbit · Mar 6, 2021
diff --git a/media-endpoint.php b/media-endpoint.php
 <?php
 header('Access-Control-Allow-Origin: *');
 header('Access-Control-Allow-Headers: Authorization');

 if(isset($_SERVER['HTTP_ACCEPT']) && strpos($_SERVER['HTTP_ACCEPT'], 'text/plain') !== false) {
  $format = 'text';
 } else {
  header('Content-Type: application/json');
  $format = 'json';
 }

 // Require access token
 if(!array_key_exists('HTTP_AUTHORIZATION', $_SERVER)) {
  header('HTTP/1.1 401 Unauthorized');
  echo json_encode([
    'error' => 'unauthorized',
    'error_description' => 'No authorization header was present in the request'
  ]);
  die();
 }

 if(!preg_match('/Bearer (.+)/', $_SERVER['HTTP_AUTHORIZATION'], $match)) {
  header('HTTP/1.1 400 Bad Request');
  echo json_encode([
    'error' => 'invalid_authorization',
    'error_description' => 'Invalid authorization header'
  ]);
  die();
 }

 $token = $match[1];

 // Check whether the access token is valid
 $ch = curl_init('https://aaronparecki.com/auth/token');
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($ch, CURLOPT_HTTPHEADER, [
  'Authorization: Bearer ' . $token,
  'Accept: application/json'
 ]);
 $response = curl_exec($ch);

 $data = json_decode($response, true);

 if(!$data || !array_key_exists('scope', $data)) {
  header('HTTP/1.1 401 Unauthorized');
  echo $response;
  die();
 }

 // Only tokens with "create" or "media" scope can upload files
 if(!array_intersect(['create','media'], $data['scope'])) {
  header('HTTP/1.1 401 Unauthorized');
  echo json_encode([
    'error' => 'insufficient_scope',
    'error_description' => 'The access token provided does not have the necessary scope to upload files'
  ]);
  die();
 }


 if(isset($_GET['q'])) {

  switch($_GET['q']) {
    case 'last':
      $url = null;
      if(file_exists('.last')) {
        // Only use the file if it was uploaded in the last 5 minutes
        if(filemtime('.last') >= time() - 300) {
          $filename = trim(file_get_contents('.last'));
          $url = 'https://media.aaronpk.com/' . $filename;
        }
      }
      echo json_encode([
        'url' => $url
      ]);
      break;
  }
  
 } else {
  
  // Check for a file
  if(!array_key_exists('file', $_FILES)) {
    header('HTTP/1.1 400 Bad Request');
    echo json_encode([
      'error' => 'invalid_request',
      'error_description' => 'The request must have a file upload named "file". Found: '.implode(', ',array_keys($_POST))
    ]);
    die();
  }
  
  $file = $_FILES['file'];
  
  $ext = mime_type_to_ext($file['type']);
  if(!$ext) {
    $ext = pathinfo($file['name'], PATHINFO_EXTENSION);
    if(!$ext)
      $ext = 'txt';
  }
  $filename = 'file-'.date('YmdHis').'-'.mt_rand(1000,9999).'.'.$ext;
  
  copy($file['tmp_name'], $filename);
  
  file_put_contents('.last', $filename);
  
  $url = 'https://media.aaronpk.com/' . $filename;
  header('HTTP/1.1 201 Created');
  header('Location: '.$url);
  
  if($format == 'text') {
    echo $url."\n";
  } else {
    echo json_encode([
      'url' => $url
    ]);
  }
 }  
  

 function mime_type_to_ext($type) {
  $types = [
    'image/jpeg' => 'jpg',
    'image/pjpeg' => 'jpg',
    'image/gif' => 'gif',
    'image/png' => 'png',
    'image/x-png' => 'png',
    'image/svg' => 'svg',
    'audio/x-wav' => 'wav',
    'audio/wave' => 'wav',
    'audio/wav' => 'wav',
    'video/mpeg' => 'mpg',
    'video/quicktime' => 'mov',
    'video/mp4' => 'mp4',
    'audio/x-m4a' => 'm4a',
    'audio/mp3' => 'mp3',
    'audio/mpeg3' => 'mp3',
    'audio/mpeg' => 'mp3',
    'application/json' => 'json',
    'text/json' => 'json',
    'text/html' => 'html',
    'text/plain' => 'txt',
    'application/xml' => 'xml',
    'text/xml' => 'xml',
    'application/x-zip' => 'zip',
    'application/zip' => 'zip',
    'text/csv' => 'csv',
  ];
  if(array_key_exists($type, $types))
    return $types[$type];
  else {
    $fp = fopen('content-types.txt', 'a');
    fwrite($fp, "Unrecognized: $type\n");
    fclose($fp);
    return false;
  }
 }
	<?php
	header('Access-Control-Allow-Origin: *');
	header('Access-Control-Allow-Headers: Authorization');

	if(isset($_SERVER['HTTP_ACCEPT']) && strpos($_SERVER['HTTP_ACCEPT'], 'text/plain') !== false) {
	$format = 'text';
	} else {
	header('Content-Type: application/json');
	$format = 'json';
	}

	// Require access token
	if(!array_key_exists('HTTP_AUTHORIZATION', $_SERVER)) {
	header('HTTP/1.1 401 Unauthorized');
	echo json_encode([
	'error' => 'unauthorized',
	'error_description' => 'No authorization header was present in the request'
	]);
	die();
	}

	if(!preg_match('/Bearer (.+)/', $_SERVER['HTTP_AUTHORIZATION'], $match)) {
	header('HTTP/1.1 400 Bad Request');
	echo json_encode([
	'error' => 'invalid_authorization',
	'error_description' => 'Invalid authorization header'
	]);
	die();
	}

	$token = $match[1];

	// Check whether the access token is valid
	$ch = curl_init('https://aaronparecki.com/auth/token');
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($ch, CURLOPT_HTTPHEADER, [
	'Authorization: Bearer ' . $token,
	'Accept: application/json'
	]);
	$response = curl_exec($ch);

	$data = json_decode($response, true);

	if(!$data \|\| !array_key_exists('scope', $data)) {
	header('HTTP/1.1 401 Unauthorized');
	echo $response;
	die();
	}

	// Only tokens with "create" or "media" scope can upload files
	if(!array_intersect(['create','media'], $data['scope'])) {
	header('HTTP/1.1 401 Unauthorized');
	echo json_encode([
	'error' => 'insufficient_scope',
	'error_description' => 'The access token provided does not have the necessary scope to upload files'
	]);
	die();
	}


	if(isset($_GET['q'])) {

	switch($_GET['q']) {
	case 'last':
	$url = null;
	if(file_exists('.last')) {
	// Only use the file if it was uploaded in the last 5 minutes
	if(filemtime('.last') >= time() - 300) {
	$filename = trim(file_get_contents('.last'));
	$url = 'https://media.aaronpk.com/' . $filename;
	}
	}
	echo json_encode([
	'url' => $url
	]);
	break;
	}

	} else {

	// Check for a file
	if(!array_key_exists('file', $_FILES)) {
	header('HTTP/1.1 400 Bad Request');
	echo json_encode([
	'error' => 'invalid_request',
	'error_description' => 'The request must have a file upload named "file". Found: '.implode(', ',array_keys($_POST))
	]);
	die();
	}

	$file = $_FILES['file'];

	$ext = mime_type_to_ext($file['type']);
	if(!$ext) {
	$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
	if(!$ext)
	$ext = 'txt';
	}
	$filename = 'file-'.date('YmdHis').'-'.mt_rand(1000,9999).'.'.$ext;

	copy($file['tmp_name'], $filename);

	file_put_contents('.last', $filename);

	$url = 'https://media.aaronpk.com/' . $filename;
	header('HTTP/1.1 201 Created');
	header('Location: '.$url);

	if($format == 'text') {
	echo $url."\n";
	} else {
	echo json_encode([
	'url' => $url
	]);
	}
	}


	function mime_type_to_ext($type) {
	$types = [
	'image/jpeg' => 'jpg',
	'image/pjpeg' => 'jpg',
	'image/gif' => 'gif',
	'image/png' => 'png',
	'image/x-png' => 'png',
	'image/svg' => 'svg',
	'audio/x-wav' => 'wav',
	'audio/wave' => 'wav',
	'audio/wav' => 'wav',
	'video/mpeg' => 'mpg',
	'video/quicktime' => 'mov',
	'video/mp4' => 'mp4',
	'audio/x-m4a' => 'm4a',
	'audio/mp3' => 'mp3',
	'audio/mpeg3' => 'mp3',
	'audio/mpeg' => 'mp3',
	'application/json' => 'json',
	'text/json' => 'json',
	'text/html' => 'html',
	'text/plain' => 'txt',
	'application/xml' => 'xml',
	'text/xml' => 'xml',
	'application/x-zip' => 'zip',
	'application/zip' => 'zip',
	'text/csv' => 'csv',
	];
	if(array_key_exists($type, $types))
	return $types[$type];
	else {
	$fp = fopen('content-types.txt', 'a');
	fwrite($fp, "Unrecognized: $type\n");
	fclose($fp);
	return false;
	}
	}