Last active
January 20, 2023 16:09
-
-
Save adactio/8168e6b78da7b16a4644 to your computer and use it in GitHub Desktop.
Minimal micropub endpoint.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
# Licensed under a CC0 1.0 Universal (CC0 1.0) Public Domain Dedication | |
# http://creativecommons.org/publicdomain/zero/1.0/ | |
$mysite = 'https://adactio.com/'; // Change this to your website. | |
$token_endpoint = 'https://tokens.indieauth.com/token'; | |
$_HEADERS = array(); | |
foreach(getallheaders() as $name => $value) { | |
$_HEADERS[$name] = $value; | |
} | |
if (!isset($_HEADERS['Authorization'])) { | |
header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized'); | |
echo 'Missing "Authorization" header.'; | |
exit; | |
} | |
if (!isset($_POST['h'])) { | |
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request'); | |
echo 'Missing "h" value.'; | |
exit; | |
} | |
$options = array( | |
CURLOPT_URL => $token_endpoint, | |
CURLOPT_HTTPGET => TRUE, | |
CURLOPT_USERAGENT => $mysite, | |
CURLOPT_TIMEOUT => 5, | |
CURLOPT_RETURNTRANSFER => TRUE, | |
CURLOPT_HEADER => FALSE, | |
CURLOPT_HTTPHEADER => array( | |
'Content-type: application/x-www-form-urlencoded', | |
'Authorization: '.$_HEADERS['Authorization'] | |
) | |
); | |
$curl = curl_init(); | |
curl_setopt_array($curl, $options); | |
$source = curl_exec($curl); | |
curl_close($curl); | |
parse_str($source, $values); | |
if (!isset($values['me'])) { | |
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request'); | |
echo 'Missing "me" value in authentication token.'; | |
exit; | |
} | |
if (!isset($values['scope'])) { | |
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request'); | |
echo 'Missing "scope" value in authentication token.'; | |
exit; | |
} | |
if (substr($values['me'], -1) != '/') { | |
$values['me'].= '/'; | |
} | |
if (substr($mysite, -1) != '/') { | |
$mysite.= '/'; | |
} | |
if (strtolower($values['me']) != strtolower($mysite)) { | |
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); | |
echo 'Mismatching "me" value in authentication token.'; | |
exit; | |
} | |
if (!stristr($values['scope'], 'post')) { | |
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); | |
echo 'Missing "post" value in "scope".'; | |
exit; | |
} | |
if (!isset($_POST['content'])) { | |
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request'); | |
echo 'Missing "content" value.'; | |
exit; | |
} | |
/* Everything's cool. Do something with the $_POST variables | |
(such as $_POST['content'], $_POST['category'], $_POST['location'], etc.) | |
e.g. create a new entry, store it in a database, whatever. */ | |
header($_SERVER['SERVER_PROTOCOL'] . ' 201 Created'); | |
header('Location: '.$mysite); | |
?> |
fyi most Micropub clients have started using the create
scope instead of post
, so you'll likely want to change that on line 66
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
void header ( string $string [, bool $replace = true [, int $http_response_code ]] )
header('Location: ' . $mysite, true, 201);