lszeremeta · August 29, 2015 14:07
diff --git a/proxy.php b/proxy.php
 <?php

 /* USOS API Base URL, trailing slash included. */
 $usosapi_base_url = '';

 /* Consumer Key to use. */
 $consumer_key = '';
 $consumer_secret = '';

 /* 
 * This is a simple proxy application. It receives a request, signs it
 * with the Consumer Key (and optionally - with a given Token), queries
 * given USOS API method and returns the results. It MUST be used in
 * a SECURE environment - you must be SURE that only trusted parties
 * are able to make requests to this proxy (like an IP check). Otherwise,
 * the attacker will be able to access USOS API on your behalf!
 *
 * Following $_GET arguments have a special meaning:
 * 
 * - proxy_method - required, USOS API method to call, starts with "services/".
 * - proxy_secure - optional, '0' or '1' (default '0') - whether USOS API call
 *       should be secure (https) or not. Usually you will want to leave it at '0'.
 * - proxy_token - optional, a Token (will be used as oauth_token),
 * - proxy_token_secret - optional, Token Secret (will affect the signature).
 * 
 * All other arguments (which do NOT start with "proxy_") will be passed as
 * arguments to the USOS API method.
 */

 error_reporting(E_ALL);
 ini_set("display_errors", 1);

 if (!isset($_GET['proxy_method'])) {
 	header("HTTP/1.1 400 BAD REQUEST");
 	print "Read instructions in the comments!";
 	exit;
 }
 $proxy_method = $_GET['proxy_method'];
 $proxy_secure = isset($_GET['proxy_secure']) ? ($_GET['proxy_secure'] == '1') : false;
 $proxy_token = isset($_GET['proxy_token']) ? $_GET['proxy_token'] : null;
 if ($proxy_token != null) {
 	if (!isset($_GET['proxy_token_secret'])) {
 		header("HTTP/1.1 400 BAD REQUEST");
 		print "You supplied Token, but forgot about the Token Secret.";
 		exit;
 	}
 	$proxy_token_secret = $_GET['proxy_token_secret'];
 }
 $vars = array();
 foreach ($_GET as $key => $value)
 	if (strpos($key, "proxy_") !== 0)
 		$vars[$key] = $value;

 try {
 	$oauth = new OAuth($consumer_key, $consumer_secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
 	if ($proxy_token) {
 		$oauth->setToken($proxy_token, $proxy_token_secret);
 	}
 	$url = $proxy_secure ? str_replace("http://", "https://", $usosapi_base_url) : $usosapi_base_url;
 	$url .= $proxy_method;
 	$var_chunks = array();
 	foreach ($vars as $key => $value)
 		$var_chunks[] = $key."=".rawurlencode($value);
 	if (count($var_chunks) > 0)
 		$url .= "?".implode("&", $var_chunks);
 	$oauth->fetch($url);
 	$response_info = $oauth->getLastResponseInfo();
 	header("Content-Type: {$response_info["content_type"]}");
 	print $oauth->getLastResponse();
 	exit;
 } catch(OAuthException $E) {
 	header("HTTP/1.1 400 BAD REQUEST");
 	print $E->lastResponse;
 }

 ?>
	<?php

	/* USOS API Base URL, trailing slash included. */
	$usosapi_base_url = '';

	/* Consumer Key to use. */
	$consumer_key = '';
	$consumer_secret = '';

	/*
	* This is a simple proxy application. It receives a request, signs it
	* with the Consumer Key (and optionally - with a given Token), queries
	* given USOS API method and returns the results. It MUST be used in
	* a SECURE environment - you must be SURE that only trusted parties
	* are able to make requests to this proxy (like an IP check). Otherwise,
	* the attacker will be able to access USOS API on your behalf!
	*
	* Following $_GET arguments have a special meaning:
	*
	* - proxy_method - required, USOS API method to call, starts with "services/".
	* - proxy_secure - optional, '0' or '1' (default '0') - whether USOS API call
	* should be secure (https) or not. Usually you will want to leave it at '0'.
	* - proxy_token - optional, a Token (will be used as oauth_token),
	* - proxy_token_secret - optional, Token Secret (will affect the signature).
	*
	* All other arguments (which do NOT start with "proxy_") will be passed as
	* arguments to the USOS API method.
	*/

	error_reporting(E_ALL);
	ini_set("display_errors", 1);

	if (!isset($_GET['proxy_method'])) {
	header("HTTP/1.1 400 BAD REQUEST");
	print "Read instructions in the comments!";
	exit;
	}
	$proxy_method = $_GET['proxy_method'];
	$proxy_secure = isset($_GET['proxy_secure']) ? ($_GET['proxy_secure'] == '1') : false;
	$proxy_token = isset($_GET['proxy_token']) ? $_GET['proxy_token'] : null;
	if ($proxy_token != null) {
	if (!isset($_GET['proxy_token_secret'])) {
	header("HTTP/1.1 400 BAD REQUEST");
	print "You supplied Token, but forgot about the Token Secret.";
	exit;
	}
	$proxy_token_secret = $_GET['proxy_token_secret'];
	}
	$vars = array();
	foreach ($_GET as $key => $value)
	if (strpos($key, "proxy_") !== 0)
	$vars[$key] = $value;

	try {
	$oauth = new OAuth($consumer_key, $consumer_secret, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_URI);
	if ($proxy_token) {
	$oauth->setToken($proxy_token, $proxy_token_secret);
	}
	$url = $proxy_secure ? str_replace("http://", "https://", $usosapi_base_url) : $usosapi_base_url;
	$url .= $proxy_method;
	$var_chunks = array();
	foreach ($vars as $key => $value)
	$var_chunks[] = $key."=".rawurlencode($value);
	if (count($var_chunks) > 0)
	$url .= "?".implode("&", $var_chunks);
	$oauth->fetch($url);
	$response_info = $oauth->getLastResponseInfo();
	header("Content-Type: {$response_info["content_type"]}");
	print $oauth->getLastResponse();
	exit;
	} catch(OAuthException $E) {
	header("HTTP/1.1 400 BAD REQUEST");
	print $E->lastResponse;
	}

	?>