/lib/mini_fb.rb
Ruby | 294 lines | 186 code | 54 blank | 54 comment | 25 complexity | 375bab4962c71facc2a106f73aa0f587 MD5 | raw file
- require 'digest/md5'
- require 'erb'
- require 'json' unless defined? JSON
- module MiniFB
- # Global constants
- FB_URL = "http://api.facebook.com/restserver.php"
- FB_API_VERSION = "1.0"
- @@logging = false
- def self.enable_logging
- @@logging = true
- end
- def self.disable_logging
- @@logging = false
- end
- class FaceBookError < StandardError
- attr_accessor :code
- # Error that happens during a facebook call.
- def initialize( error_code, error_msg )
- @code = error_code
- super("Facebook error #{error_code}: #{error_msg}" )
- end
- end
- class Session
- attr_accessor :api_key, :secret_key, :session_key, :uid
- def initialize(api_key, secret_key, session_key, uid)
- @api_key = api_key
- @secret_key = FaceBookSecret.new secret_key
- @session_key = session_key
- @uid = uid
- end
- # returns current user
- def user
- return @user unless @user.nil?
- @user = User.new(MiniFB.call(@api_key, @secret_key, "Users.getInfo", "session_key"=>@session_key, "uids"=>@uid, "fields"=>User.all_fields)[0], self)
- @user
- end
- def photos
- Photos.new(self)
- end
- def call(method, params={})
- return MiniFB.call(api_key, secret_key, method, params.update("session_key"=>session_key))
- end
- end
- class User
- FIELDS = [:uid, :status, :political, :pic_small, :name, :quotes, :is_app_user, :tv, :profile_update_time, :meeting_sex, :hs_info, :timezone, :relationship_status, :hometown_location, :about_me, :wall_count, :significant_other_id, :pic_big, :music, :work_history, :sex, :religion, :notes_count, :activities, :pic_square, :movies, :has_added_app, :education_history, :birthday, :birthday_date, :first_name, :meeting_for, :last_name, :interests, :current_location, :pic, :books, :affiliations, :locale, :profile_url, :proxied_email, :email, :email_hashes, :allowed_restrictions, :pic_with_logo, :pic_big_with_logo, :pic_small_with_logo, :pic_square_with_logo]
- STANDARD_FIELDS = [:uid, :first_name, :last_name, :name, :timezone, :birthday, :sex, :affiliations, :locale, :profile_url, :proxied_email, :email]
- def self.all_fields
- FIELDS.join(",")
- end
- def self.standard_fields
- STANDARD_FIELDS.join(",")
- end
- def initialize(fb_hash, session)
- @fb_hash = fb_hash
- @session = session
- end
- def [](key)
- @fb_hash[key]
- end
- def uid
- return self["uid"]
- end
- def profile_photos
- @session.photos.get("uid"=>uid, "aid"=>profile_pic_album_id)
- end
- def profile_pic_album_id
- merge_aid(-3, uid)
- end
- def merge_aid(aid, uid)
- uid = uid.to_i
- ret = (uid << 32) + (aid & 0xFFFFFFFF)
- # puts 'merge_aid=' + ret.inspect
- return ret
- end
- end
- class Photos
- def initialize(session)
- @session = session
- end
- def get(params)
- pids = params["pids"]
- if !pids.nil? && pids.is_a?(Array)
- pids = pids.join(",")
- params["pids"] = pids
- end
- @session.call("photos.get", params)
- end
- end
- BAD_JSON_METHODS = ["users.getloggedinuser", "auth.promotesession", "users.hasapppermission", "Auth.revokeExtendedPermission", "pages.isAdmin"].collect { |x| x.downcase }
- # Call facebook server with a method request. Most keyword arguments
- # are passed directly to the server with a few exceptions.
- # The 'sig' value will always be computed automatically.
- # The 'v' version will be supplied automatically if needed.
- # The 'call_id' defaults to True, which will generate a valid
- # number. Otherwise it should be a valid number or False to disable.
- # The default return is a parsed json object.
- # Unless the 'format' and/or 'callback' arguments are given,
- # in which case the raw text of the reply is returned. The string
- # will always be returned, even during errors.
- # If an error occurs, a FacebookError exception will be raised
- # with the proper code and message.
- # The secret argument should be an instance of FacebookSecret
- # to hide value from simple introspection.
- def MiniFB.call( api_key, secret, method, kwargs )
- puts 'kwargs=' + kwargs.inspect if @@logging
- if secret.is_a? String
- secret = FaceBookSecret.new(secret)
- end
- # Prepare arguments for call
- call_id = kwargs.fetch("call_id", true)
- if call_id == true then
- kwargs["call_id"] = Time.now.tv_sec.to_s
- else
- kwargs.delete("call_id")
- end
- custom_format = kwargs.include?("format") or kwargs.include?("callback")
- kwargs["format"] ||= "JSON"
- kwargs["v"] ||= FB_API_VERSION
- kwargs["api_key"]||= api_key
- kwargs["method"] ||= method
- # Hash with secret
- arg_string = String.new
- # todo: convert symbols to strings, symbols break the next line
- kwargs.sort.each { |kv| arg_string << kv[0] << "=" << kv[1].to_s }
- kwargs["sig"] = Digest::MD5.hexdigest( arg_string + secret.value.call )
- # Call website with POST request
- begin
- response = Net::HTTP.post_form( URI.parse(FB_URL), kwargs )
- rescue SocketError => err
- raise IOError.new( "Cannot connect to the facebook server: " + err )
- end
- # Handle response
- return response.body if custom_format
- fb_method = kwargs["method"].downcase
- body = response.body
- puts 'response=' + body.inspect if @@logging
- begin
- data = JSON.parse( body )
- if data.include?( "error_msg" ) then
- raise FaceBookError.new( data["error_code"] || 1, data["error_msg"] )
- end
- rescue JSON::ParserError => ex
- if BAD_JSON_METHODS.include?(fb_method) # Little hack because this response isn't valid JSON
- if body == "0" || body == "false"
- return false
- end
- return body
- else
- raise ex
- end
- end
- return data
- end
- # Returns true is signature is valid, false otherwise.
- def MiniFB.verify_signature( secret, arguments )
- signature = arguments.delete( "fb_sig" )
- return false if signature.nil?
- unsigned = Hash.new
- signed = Hash.new
- arguments.each do |k, v|
- if k =~ /^fb_sig_(.*)/ then
- signed[$1] = v
- else
- unsigned[k] = v
- end
- end
- arg_string = String.new
- signed.sort.each { |kv| arg_string << kv[0] << "=" << kv[1] }
- if Digest::MD5.hexdigest( arg_string + secret ) == signature
- return true
- end
- return false
- end
-
- # The cookie format has changed with the new open source
- # javascript SDK. See "Has the Cookie format changed" in
- # the Facebook Connect JavaScript SDK FAQ:
- # http://wiki.github.com/facebook/connect-js/faq
- # Returns true is signature is valid, false otherwise.
- def MiniFB.verify_session_signature(secret, arguments)
- signature = arguments.delete('sig')
- signature == Digest::MD5.hexdigest(arguments.sort.map {|kv| kv.join('=') }.join << secret)
- end
- # Returns the login/add app url for your application.
- #
- # options:
- # - :next => a relative next page to go to. relative to your facebook connect url or if :canvas is true, then relative to facebook app url
- # - :canvas => true/false - to say whether this is a canvas app or not
- def self.login_url(api_key, options={})
- login_url = "http://api.facebook.com/login.php?api_key=#{api_key}"
- login_url << "&next=#{options[:next]}" if options[:next]
- login_url << "&canvas" if options[:canvas]
- login_url
- end
- # This function expects arguments as a hash, so
- # it is agnostic to different POST handling variants in ruby.
- #
- # Validate the arguments received from facebook. This is usually
- # sent for the iframe in Facebook's canvas. It is not necessary
- # to use this on the auth_token and uid passed to callbacks like
- # post-add and post-remove.
- #
- # The arguments must be a mapping of to string keys and values
- # or a string of http request data.
- #
- # If the data is invalid or not signed properly, an empty
- # dictionary is returned.
- #
- # The secret argument should be an instance of FacebookSecret
- # to hide value from simple introspection.
- #
- # DEPRECATED, use verify_signature instead
- def MiniFB.validate( secret, arguments )
- signature = arguments.delete( "fb_sig" )
- return arguments if signature.nil?
- unsigned = Hash.new
- signed = Hash.new
- arguments.each do |k, v|
- if k =~ /^fb_sig_(.*)/ then
- signed[$1] = v
- else
- unsigned[k] = v
- end
- end
- arg_string = String.new
- signed.sort.each { |kv| arg_string << kv[0] << "=" << kv[1] }
- if Digest::MD5.hexdigest( arg_string + secret ) != signature
- unsigned # Hash is incorrect, return only unsigned fields.
- else
- unsigned.merge signed
- end
- end
- class FaceBookSecret
- # Simple container that stores a secret value.
- # Proc cannot be dumped or introspected by normal tools.
- attr_reader :value
- def initialize( value )
- @value = Proc.new { value }
- end
- end
- end