aboutsummaryrefslogtreecommitdiff
path: root/lisp
diff options
context:
space:
mode:
authormarty hiatt <martianhiatus [a t] riseup [d o t] net>2023-05-10 09:23:25 +0200
committermarty hiatt <martianhiatus [a t] riseup [d o t] net>2023-05-10 09:23:25 +0200
commit0326fb24ff527cd67916f9392387068037068b7c (patch)
treeaedef0bfd7008395f3baa4c895e2eb20676b3591 /lisp
parent8520659c0908a553a7c646fe788bbc64deea903b (diff)
audit http.el
Diffstat (limited to 'lisp')
-rw-r--r--lisp/mastodon-http.el95
1 files changed, 43 insertions, 52 deletions
diff --git a/lisp/mastodon-http.el b/lisp/mastodon-http.el
index 9d9b6e4..ba79bd0 100644
--- a/lisp/mastodon-http.el
+++ b/lisp/mastodon-http.el
@@ -86,8 +86,6 @@ Message status and JSON error from RESPONSE if unsuccessful."
(mastodon-http--status))))
(if (string-prefix-p "2" status)
(funcall success)
- ;; don't switch to buffer, just with-current-buffer the response:
- ;; (switch-to-buffer response)
;; 404 sometimes returns http response so --process-json fails:
(if (string-prefix-p "404" status)
(message "Error %s: page not found" status)
@@ -104,7 +102,8 @@ Message status and JSON error from RESPONSE if unsuccessful."
(defmacro mastodon-http--authorized-request (method body &optional unauthenticated-p)
"Make a METHOD type request using BODY, with Mastodon authorization.
Unless UNAUTHENTICATED-P is non-nil."
- (declare (debug 'body))
+ (declare (debug 'body)
+ (indent 1))
`(let ((url-request-method ,method)
(url-request-extra-headers
(unless ,unauthenticated-p
@@ -115,14 +114,12 @@ Unless UNAUTHENTICATED-P is non-nil."
(defun mastodon-http--build-params-string (params)
"Build a request parameters string from parameters alist PARAMS."
;; (url-build-query-string args nil))
- ;; url-build-query-string adds 'nil' to empty params so lets stay with our
+ ;; url-build-query-string adds 'nil' for empty params so lets stick with our
;; own:
(mapconcat (lambda (p)
(concat (url-hexify-string (car p))
- "="
- (url-hexify-string (cdr p))))
- params
- "&"))
+ "=" (url-hexify-string (cdr p))))
+ params "&"))
(defun mastodon-http--build-array-params-alist (param-str array)
"Return parameters alist using PARAM-STR and ARRAY param values.
@@ -133,20 +130,18 @@ Used for API form data parameters that take an array."
(defun mastodon-http--post (url &optional params headers unauthenticated-p)
"POST synchronously to URL, optionally with PARAMS and HEADERS.
Authorization header is included by default unless UNAUTHENTICATED-P is non-nil."
- (mastodon-http--authorized-request
- "POST"
- (let ((url-request-data
- (when params
- (mastodon-http--build-params-string params)))
- (url-request-extra-headers
- (append url-request-extra-headers ; auth set in macro
- ;; pleroma compat:
- (unless (assoc "Content-Type" headers)
- '(("Content-Type" . "application/x-www-form-urlencoded")))
- headers)))
- (with-temp-buffer
- (mastodon-http--url-retrieve-synchronously url)))
- unauthenticated-p))
+ (mastodon-http--authorized-request "POST"
+ (let ((url-request-data (when params
+ (mastodon-http--build-params-string params)))
+ (url-request-extra-headers
+ (append url-request-extra-headers ; auth set in macro
+ (unless (assoc "Content-Type" headers) ; pleroma compat:
+ '(("Content-Type" . "application/x-www-form-urlencoded")))
+ headers)))
+ (with-temp-buffer
+ (mastodon-http--url-retrieve-synchronously url)))
+ unauthenticated-p))
+
(defun mastodon-http--concat-params-to-url (url params)
"Build a query string with PARAMS and concat to URL."
(if params
@@ -199,17 +194,14 @@ Callback to `mastodon-http--get-response-async', usually
(goto-char (point-min))
(re-search-forward "^$" nil 'move)
(let ((json-array-type (if vector 'vector 'list))
- (json-string
- (decode-coding-string
- (buffer-substring-no-properties (point) (point-max))
- 'utf-8)))
+ (json-string (decode-coding-string
+ (buffer-substring-no-properties (point) (point-max))
+ 'utf-8)))
(kill-buffer)
- ;; (unless (or (string-empty-p json-string) (null json-string))
(cond ((or (string-empty-p json-string) (null json-string))
nil)
- ;; if we don't have json, maybe we have a plain string error
- ;; message (misskey works like this for instance, but there are
- ;; probably less dunce ways to do this):
+ ;; if no json, maybe we have a plain string error message (misskey
+ ;; does this, but there are probably better ways to do this):
;; FIXME: friendica at least sends plain html if endpoint not found.
((not (or (string-prefix-p "\n{" json-string)
(string-prefix-p "\n[" json-string)))
@@ -243,17 +235,15 @@ PARAMS is an alist of any extra parameters to send with the request."
"Make PUT request to URL.
PARAMS is an alist of any extra parameters to send with the request.
HEADERS is an alist of any extra headers to send with the request."
- (mastodon-http--authorized-request
- "PUT"
- (let ((url-request-data
- (when params (mastodon-http--build-params-string params)))
- (url-request-extra-headers
- (append url-request-extra-headers ; auth set in macro
- ;; pleroma compat:
- (unless (assoc "Content-Type" headers)
- '(("Content-Type" . "application/x-www-form-urlencoded")))
- headers)))
- (with-temp-buffer (mastodon-http--url-retrieve-synchronously url)))))
+ (mastodon-http--authorized-request "PUT"
+ (let ((url-request-data
+ (when params (mastodon-http--build-params-string params)))
+ (url-request-extra-headers
+ (append url-request-extra-headers ; auth set in macro
+ (unless (assoc "Content-Type" headers) ; pleroma compat:
+ '(("Content-Type" . "application/x-www-form-urlencoded")))
+ headers)))
+ (with-temp-buffer (mastodon-http--url-retrieve-synchronously url)))))
;; profile update functions
@@ -287,7 +277,7 @@ PARAMS is an alist of any extra parameters to send with the request."
url
params
(lambda (status)
- (when status ;; only when we actually get sth?
+ (when status ; for flakey servers
(apply callback (mastodon-http--process-response) cbargs)))))
(defun mastodon-http--get-json-async (url &optional params callback &rest cbargs)
@@ -304,14 +294,12 @@ PARAMS is an alist of any extra parameters to send with the request."
"POST asynchronously to URL with PARAMS and HEADERS.
Then run function CALLBACK with arguements CBARGS.
Authorization header is included by default unless UNAUTHENTICED-P is non-nil."
- (mastodon-http--authorized-request
- "POST"
- (let ((request-timeout 5)
- (url-request-data
- (when params
- (mastodon-http--build-params-string params))))
- (with-temp-buffer
- (url-retrieve url callback cbargs)))))
+ (mastodon-http--authorized-request "POST"
+ (let ((request-timeout 5)
+ (url-request-data (when params
+ (mastodon-http--build-params-string params))))
+ (with-temp-buffer
+ (url-retrieve url callback cbargs)))))
;; TODO: test for curl first?
(defun mastodon-http--post-media-attachment (url filename caption)
@@ -353,9 +341,12 @@ item uploaded, and `mastodon-toot--update-status-fields' is run."
;; handle mastodon api errors
;; they have the form (error http 401)
((= (car (last error-thrown)) 401)
- (message "Got error: %s Unauthorized: The access token is invalid" error-thrown))
+ (message "Got error: %s Unauthorized: The access token is invalid"
+ error-thrown))
((= (car (last error-thrown)) 422)
- (message "Got error: %s Unprocessable entity: file or file type is unsupported or invalid" error-thrown))
+ (message "Got error: %s Unprocessable entity: file or file\
+ type is unsupported or invalid"
+ error-thrown))
(t
(message "Got error: %s Shit went south"
error-thrown))))))))