From 3f82ec2f757c62c25a31b461e0a0cddc14886117 Mon Sep 17 00:00:00 2001 From: Aaron Parecki Date: Sat, 24 May 2014 14:41:21 -0700 Subject: Working app! Copied signin logic from OwnYourGram. New "post" interface for writing a simple text post. Also supports browser geolocation. --- views/auth_callback.php | 68 ++++++++++ views/auth_error.php | 4 + views/auth_start.php | 54 ++++++++ views/creating-a-micropub-endpoint.php | 90 +++++++++++++ views/dashboard.php | 214 ++++++++++++++++++++++++++++++ views/docs.php | 22 +++ views/index.php | 9 ++ views/layout.php | 90 +++++++++++++ views/partials/auth-endpoint-help.php | 3 + views/partials/micropub-endpoint-help.php | 3 + views/partials/token-endpoint-help.php | 6 + views/signin.php | 10 ++ 12 files changed, 573 insertions(+) create mode 100644 views/auth_callback.php create mode 100644 views/auth_error.php create mode 100644 views/auth_start.php create mode 100644 views/creating-a-micropub-endpoint.php create mode 100644 views/dashboard.php create mode 100644 views/docs.php create mode 100644 views/index.php create mode 100644 views/layout.php create mode 100644 views/partials/auth-endpoint-help.php create mode 100644 views/partials/micropub-endpoint-help.php create mode 100644 views/partials/token-endpoint-help.php create mode 100644 views/signin.php (limited to 'views') diff --git a/views/auth_callback.php b/views/auth_callback.php new file mode 100644 index 0000000..44c2daa --- /dev/null +++ b/views/auth_callback.php @@ -0,0 +1,68 @@ +tokenEndpoint): ?> + + auth): ?> + +

Bad response from token endpoint

+

Your token endpoint returned a response that was not understood.

+ + + + auth, 'error')): ?> + +

Error

+

Got an error response from the token endpoint:

+
+

auth['error'] ?>

+ auth, 'error_description') ? ('

'.$this->auth['error_description'].'

') : '' ?> +
+ + + + + auth, array('me','access_token','scope'))): ?> + +

Success!

+ +

All required values were found! You are now signed in.

+

Continue

+ + + + auth, 'access_token')): ?> +

Missing access_token

+

The token endpoint did not return an access token. The access_token parameter is the token the client will use to make requests to the Micropub endpoint.

+ + + auth, 'me')): ?> +

Missing me

+

The token endpoint did not return a "me" parameter. The me parameter lets this client know what user the token is for.

+ + + auth, 'scope')): ?> +

Missing scope

+

The token endpoint did not return a "scope" parameter. The scope parameter lets this client what permission the token represents.

+ + + + + + + + +

Token endpoint response

+ +

Below is the raw response from your token endpoint (tokenEndpoint ?>):

+
+ curl_error ?> + response) ?> +
+ + + + + +

Error

+

Could not find your token endpoint. We found it last time, so double check nothing on your website has changed in the mean time.

+ + + diff --git a/views/auth_error.php b/views/auth_error.php new file mode 100644 index 0000000..818ded4 --- /dev/null +++ b/views/auth_error.php @@ -0,0 +1,4 @@ +

error ?>

+ +

errorDescription ?>

+ diff --git a/views/auth_start.php b/views/auth_start.php new file mode 100644 index 0000000..819fd65 --- /dev/null +++ b/views/auth_start.php @@ -0,0 +1,54 @@ +
+

Authorization Endpoint

+ +

The authorization endpoint tells this app where to direct your browser to sign you in.

+ + authorizationEndpoint): ?> +
Found your authorization endpoint: authorizationEndpoint ?>
+ +
Could not find your authorization endpoint!
+

You need to set your authorization endpoint in a <link> tag on your home page or in an HTTP header.

+ + +
+ +
+

Token Endpoint

+ +

The token endpoint is where this app will make a request to get an access token after obtaining authorization.

+ + tokenEndpoint): ?> +
Found your token endpoint: tokenEndpoint ?>
+ +
Could not find your token endpoint!
+

You need to set your token endpoint in a <link> tag on your home page or in an HTTP header.

+ + + +
+ +
+

Micropub Endpoint

+ +

The Micropub endpoint is the URL this app will use to post new photos.

+ + micropubEndpoint): ?> +
Found your Micropub endpoint: micropubEndpoint ?>
+ +
Could not find your Micropub endpoint!
+

You need to set your Micropub endpoint in a <link> tag on your home page or in an HTTP header.

+ + + +
+ +authorizationURL): ?> + +

Ready!

+ +

Clicking the button below will take you to your authorization server which is where you will allow this app to be able to post to your site.

+ + Authorize + + + diff --git a/views/creating-a-micropub-endpoint.php b/views/creating-a-micropub-endpoint.php new file mode 100644 index 0000000..617b52f --- /dev/null +++ b/views/creating-a-micropub-endpoint.php @@ -0,0 +1,90 @@ + +## The Micropub Endpoint + +After a client has obtained an access token and discovered the user's Micropub endpoint +it is ready to make requests to create posts. + +### The Request + +This is not intended to be a comprehensive guide to Micropub, and only includes the +fields that this client sends. + +The request to create a post will be sent with as a standard HTTP form-encoded request +The example code here is written in PHP but the idea is applicable in any language. + +The request will contain the following POST parameters: + +* `h=entry` - Indicates the type of object being created, in this case an h-entry. +* `content` - The text content the user entered, in this case the caption on the Instagram photo. +* `category` - A comma-separated list of tags that you entered +* `location` - A "geo" URI including the latitude and longitude of the photo if included. (Will look like `geo:37.786971,-122.399677;u=50`, where u=50 indicates the "uncertainty" of the location in meters) +* `in-reply-to` - If set, this is a URL that the post is in reply to + +The request will also contain an access token in the HTTP `Authorization` header: + +
+Authorization: Bearer XXXXXXXX
+
+ + +### Verifying Access Tokens + +Before you can begin processing the photo, you must first verify the access token is valid +and contains at least the "post" scope. + +How exactly you do this is dependent on your architecture. You can query the token endpoint +to check if an access token is still valid. See [https://tokens.indieauth.com/#verify tokens.indieauth.com] +for more information. + +Once you have looked up the token info, you need to make a determination +about whether that access token is still valid. You'll have the following information +at hand that can be used to check: + +* `me` - The user who this access token corresponds to. +* `client_id` - The app that generated the token. +* `scope` - The list of scopes that were authorized by the user. +* `issued_at` - The date the token was issued. + +Keep in mind that it may be possible for another user besides yourself to have created +an access token at your token endpoint, so the first thing you'll do when verifying +is making sure the "me" parameter matches your own domain. This way you are the only +one that can create posts on your website. + + +### Validating the Request Parameters + +A valid request to create a post will contain the parameters listed above. For now, +you can verify the presence of everything in the list, or you can try to genericize your +micropub endpoint so that it can also create [http://ownyourgram.com/creating-a-micropub-endpoint photo posts]. + +At a bare minimum, a Micropub request will contain the following: + +* `h=entry` +* `content` + +The access token must also contain at least the "post" scope. + + +### The Response + +Once you've validated the access token and checked for the presence of all required parameters, +you can create a post in your website with the information provided. + +If a post was successfully created, the endpoint must return an `HTTP 201` response with a +`Location` header that points to the URL of the post. No body is required for the response. + +
+HTTP/1.1 201 Created
+Location: http://example.com/post/100
+
+ +If there was an error, the response should include an HTTP error code as appropriate, +and optionally an HTML or other body with more information. Below is a list of possible errors. + +* `HTTP 401 Unauthorized` - No access token was provided in the request. +* `HTTP 403 Forbidden` - An access token was provided, but the authenticated user does not have permission to complete the request. +* `HTTP 400 Bad Request` - Something was wrong with the request, such as a missing "h" parameter, or other missing data. The response body may contain more human-readable information about the error. + + + + diff --git a/views/dashboard.php b/views/dashboard.php new file mode 100644 index 0000000..7a35ba1 --- /dev/null +++ b/views/dashboard.php @@ -0,0 +1,214 @@ + +
+
+ +
+ + +
+ +
+ + +
+ +
+ + +
+ +
+ + + + + + + + +
+ +
+ + + + + + + + test_response): ?> +

Last response from your Micropub endpoint (response_date) ?>)

+ +
test_response) ?>
+ + +
+

Clicking "Post" will post this note to your Micropub endpoint. Below is some information about the request that will be made.

+ + + + + + + + + + + + + + + + + + +
me (should be your URL)
scopemicropub_scope ?> (should be a space-separated list of permissions including "post")
micropub endpointmicropub_endpoint ?> (should be a URL)
access tokenString of length micropub_access_token) ?>micropub_access_token) > 0) ? (', ending in ' . substr($this->micropub_access_token, -7) . '') : '' ?> (should be greater than length 0)
+
+ +
+ + + + diff --git a/views/docs.php b/views/docs.php new file mode 100644 index 0000000..5b2fc3a --- /dev/null +++ b/views/docs.php @@ -0,0 +1,22 @@ +

Introduction

+ +
+ +
+ +

This is a simple Micropub client for creating text posts on your own website. To use it, you will need to turn your website into an OAuth provider, and implement a Micropub endpoint that this app will send requests to.

+ +

Once you've signed in, you'll see an interface like the below which you can use to write a post. Clicking "post" will make a Micropub request to your endpoint.

+ +

Configuring Endpoints

+ +

Authorization Endpoint

+ + +

Token Endpoint

+ + +

Micropub Endpoint

+ + +

The Creating a Micropub Endpoint tutorial will walk you through how to handle incoming POST requests from apps like this.

diff --git a/views/index.php b/views/index.php new file mode 100644 index 0000000..2c62f09 --- /dev/null +++ b/views/index.php @@ -0,0 +1,9 @@ +
+

#IndiePost

+

How does it work?

+
    +
  1. Sign in with your domain
  2. +
  3. Post a note!
  4. +
+

Get Started »

+
diff --git a/views/layout.php b/views/layout.php new file mode 100644 index 0000000..d2421d9 --- /dev/null +++ b/views/layout.php @@ -0,0 +1,90 @@ + + + + <?= $this->title ?> + + + + + + + + + + + + + + + + + + +
+ +
+ fetch($this->page . '.php') ?> +
+ + +
+ + + \ No newline at end of file diff --git a/views/partials/auth-endpoint-help.php b/views/partials/auth-endpoint-help.php new file mode 100644 index 0000000..6378db4 --- /dev/null +++ b/views/partials/auth-endpoint-help.php @@ -0,0 +1,3 @@ +

You can create your own authorization endpoint, but it's easier to use an existing service such as IndieAuth.com. To delegate to IndieAuth.com, you can use the markup provided below.

+

<link rel="authorization_endpoint" href="https://indieauth.com/auth">

+

Link: <https://indieauth.com/auth>; rel="authorization_endpoint"

diff --git a/views/partials/micropub-endpoint-help.php b/views/partials/micropub-endpoint-help.php new file mode 100644 index 0000000..35705ca --- /dev/null +++ b/views/partials/micropub-endpoint-help.php @@ -0,0 +1,3 @@ +

You will need to create a Micropub endpoint for your website which can create posts on your site. Once you've created the Micropub endpoint, you can indicate its location using the markup below.

+

<link rel="micropub" href="https://meParts['host'] : 'example.com') ?>/micropub">

+

Link: <https://meParts['host'] : 'example.com') ?>/micropub>; rel="micropub"

diff --git a/views/partials/token-endpoint-help.php b/views/partials/token-endpoint-help.php new file mode 100644 index 0000000..ea5442e --- /dev/null +++ b/views/partials/token-endpoint-help.php @@ -0,0 +1,6 @@ +

You can create your own token endpoint for + your website which can issue access tokens when given an authorization code, but + it's easier to use an existing service such as tokens.indieauth.com. + To use this service as your token endpoint, use the markup provided below.

+

<link rel="token_endpoint" href="https://tokens.indieauth.com/token">

+

Link: <https://tokens.indieauth.com/token>; rel="token_endpoint"

diff --git a/views/signin.php b/views/signin.php new file mode 100644 index 0000000..228cf32 --- /dev/null +++ b/views/signin.php @@ -0,0 +1,10 @@ + +
+
+ + + + + +
+ -- cgit v1.2.3