Exceptions
10 years ago
Freemius.php
10 years ago
FreemiusBase.php
10 years ago
LICENSE.txt
10 years ago
Freemius.php
403 lines
| 1 | <?php |
| 2 | /** |
| 3 | * Copyright 2014 Freemius, Inc. |
| 4 | * |
| 5 | * Licensed under the GPL v2 (the "License"); you may |
| 6 | * not use this file except in compliance with the License. You may obtain |
| 7 | * a copy of the License at |
| 8 | * |
| 9 | * http://choosealicense.com/licenses/gpl-v2/ |
| 10 | * |
| 11 | * Unless required by applicable law or agreed to in writing, software |
| 12 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 13 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 14 | * License for the specific language governing permissions and limitations |
| 15 | * under the License. |
| 16 | */ |
| 17 | |
| 18 | require_once( dirname( __FILE__ ) . '/FreemiusBase.php' ); |
| 19 | |
| 20 | define( 'FS_SDK__USER_AGENT', 'fs-php-' . Freemius_Api_Base::VERSION ); |
| 21 | |
| 22 | if ( ! defined( 'FS_SDK__SIMULATE_NO_CURL' ) ) { |
| 23 | define( 'FS_SDK__SIMULATE_NO_CURL', false ); |
| 24 | } |
| 25 | |
| 26 | if ( ! defined( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE' ) ) { |
| 27 | define( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE', false ); |
| 28 | } |
| 29 | |
| 30 | if ( ! defined( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL' ) ) { |
| 31 | define( 'FS_SDK__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL', false ); |
| 32 | } |
| 33 | |
| 34 | define( 'FS_SDK__HAS_CURL', ! FS_SDK__SIMULATE_NO_CURL && function_exists( 'curl_version' ) ); |
| 35 | |
| 36 | if ( ! FS_SDK__HAS_CURL ) { |
| 37 | $curl_version = array( 'version' => '7.0.0' ); |
| 38 | } else { |
| 39 | $curl_version = curl_version(); |
| 40 | } |
| 41 | |
| 42 | define( 'FS_API__PROTOCOL', version_compare( $curl_version['version'], '7.37', '>=' ) ? 'https' : 'http' ); |
| 43 | |
| 44 | if ( ! defined( 'FS_API__ADDRESS' ) ) { |
| 45 | define( 'FS_API__ADDRESS', '://api.freemius.com' ); |
| 46 | } |
| 47 | if ( ! defined( 'FS_API__SANDBOX_ADDRESS' ) ) { |
| 48 | define( 'FS_API__SANDBOX_ADDRESS', '://sandbox-api.freemius.com' ); |
| 49 | } |
| 50 | |
| 51 | class Freemius_Api extends Freemius_Api_Base { |
| 52 | /** |
| 53 | * Default options for curl. |
| 54 | */ |
| 55 | public static $CURL_OPTS = array( |
| 56 | CURLOPT_CONNECTTIMEOUT => 10, |
| 57 | CURLOPT_RETURNTRANSFER => true, |
| 58 | CURLOPT_TIMEOUT => 60, |
| 59 | CURLOPT_USERAGENT => FS_SDK__USER_AGENT, |
| 60 | ); |
| 61 | |
| 62 | /** |
| 63 | * @param string $pScope 'app', 'developer', 'user' or 'install'. |
| 64 | * @param number $pID Element's id. |
| 65 | * @param string $pPublic Public key. |
| 66 | * @param string|bool $pSecret Element's secret key. |
| 67 | * @param bool $pSandbox Whether or not to run API in sandbox mode. |
| 68 | */ |
| 69 | public function __construct( $pScope, $pID, $pPublic, $pSecret = false, $pSandbox = false ) { |
| 70 | // If secret key not provided, use public key encryption. |
| 71 | if ( is_bool( $pSecret ) ) { |
| 72 | $pSecret = $pPublic; |
| 73 | } |
| 74 | |
| 75 | parent::Init( $pScope, $pID, $pPublic, $pSecret, $pSandbox ); |
| 76 | } |
| 77 | |
| 78 | public function GetUrl( $pCanonizedPath = '' ) { |
| 79 | $address = ( $this->_sandbox ? FS_API__SANDBOX_ADDRESS : FS_API__ADDRESS ); |
| 80 | |
| 81 | if ( ':' === $address[0] ) { |
| 82 | $address = self::$_protocol . $address; |
| 83 | } |
| 84 | |
| 85 | return $address . $pCanonizedPath; |
| 86 | } |
| 87 | |
| 88 | /** |
| 89 | * @var int Clock diff in seconds between current server to API server. |
| 90 | */ |
| 91 | private static $_clock_diff = 0; |
| 92 | |
| 93 | /** |
| 94 | * Set clock diff for all API calls. |
| 95 | * |
| 96 | * @since 1.0.3 |
| 97 | * |
| 98 | * @param $pSeconds |
| 99 | */ |
| 100 | public static function SetClockDiff( $pSeconds ) { |
| 101 | self::$_clock_diff = $pSeconds; |
| 102 | } |
| 103 | |
| 104 | /** |
| 105 | * @var string http or https |
| 106 | */ |
| 107 | private static $_protocol = FS_API__PROTOCOL; |
| 108 | |
| 109 | /** |
| 110 | * Set API connection protocol. |
| 111 | * |
| 112 | * @since 1.0.4 |
| 113 | */ |
| 114 | public static function SetHttp() { |
| 115 | self::$_protocol = 'http'; |
| 116 | } |
| 117 | |
| 118 | /** |
| 119 | * @since 1.0.4 |
| 120 | * |
| 121 | * @return bool |
| 122 | */ |
| 123 | public static function IsHttps() { |
| 124 | return ( 'https' === self::$_protocol ); |
| 125 | } |
| 126 | |
| 127 | /** |
| 128 | * Sign request with the following HTTP headers: |
| 129 | * Content-MD5: MD5(HTTP Request body) |
| 130 | * Date: Current date (i.e Sat, 14 Feb 2015 20:24:46 +0000) |
| 131 | * Authorization: FS {scope_entity_id}:{scope_entity_public_key}:base64encode(sha256(string_to_sign, |
| 132 | * {scope_entity_secret_key})) |
| 133 | * |
| 134 | * @param string $pResourceUrl |
| 135 | * @param array $opts |
| 136 | */ |
| 137 | protected function SignRequest( $pResourceUrl, &$opts ) { |
| 138 | $eol = "\n"; |
| 139 | $content_md5 = ''; |
| 140 | $now = ( time() - self::$_clock_diff ); |
| 141 | $date = date( 'r', $now ); |
| 142 | $content_type = ''; |
| 143 | |
| 144 | if ( isset( $opts[ CURLOPT_POST ] ) && 0 < $opts[ CURLOPT_POST ] ) { |
| 145 | $content_md5 = md5( $opts[ CURLOPT_POSTFIELDS ] ); |
| 146 | $opts[ CURLOPT_HTTPHEADER ][] = 'Content-MD5: ' . $content_md5; |
| 147 | $content_type = 'application/json'; |
| 148 | } |
| 149 | |
| 150 | $opts[ CURLOPT_HTTPHEADER ][] = 'Date: ' . $date; |
| 151 | |
| 152 | $string_to_sign = implode( $eol, array( |
| 153 | $opts[ CURLOPT_CUSTOMREQUEST ], |
| 154 | $content_md5, |
| 155 | $content_type, |
| 156 | $date, |
| 157 | $pResourceUrl |
| 158 | ) ); |
| 159 | |
| 160 | // If secret and public keys are identical, it means that |
| 161 | // the signature uses public key hash encoding. |
| 162 | $auth_type = ( $this->_secret !== $this->_public ) ? 'FS' : 'FSP'; |
| 163 | |
| 164 | // Add authorization header. |
| 165 | $opts[ CURLOPT_HTTPHEADER ][] = 'Authorization: ' . |
| 166 | $auth_type . ' ' . |
| 167 | $this->_id . ':' . |
| 168 | $this->_public . ':' . |
| 169 | self::Base64UrlEncode( |
| 170 | hash_hmac( 'sha256', $string_to_sign, $this->_secret ) |
| 171 | ); |
| 172 | } |
| 173 | |
| 174 | /** |
| 175 | * Get API request URL signed via query string. |
| 176 | * |
| 177 | * @param string $pPath |
| 178 | * |
| 179 | * @throws Freemius_Exception |
| 180 | * |
| 181 | * @return string |
| 182 | */ |
| 183 | function GetSignedUrl( $pPath ) { |
| 184 | $resource = explode( '?', $this->CanonizePath( $pPath ) ); |
| 185 | $pResourceUrl = $resource[0]; |
| 186 | |
| 187 | $eol = "\n"; |
| 188 | $content_md5 = ''; |
| 189 | $content_type = ''; |
| 190 | $now = ( time() - self::$_clock_diff ); |
| 191 | $date = date( 'r', $now ); |
| 192 | |
| 193 | $string_to_sign = implode( $eol, array( |
| 194 | 'GET', |
| 195 | $content_md5, |
| 196 | $content_type, |
| 197 | $date, |
| 198 | $pResourceUrl |
| 199 | ) ); |
| 200 | |
| 201 | // If secret and public keys are identical, it means that |
| 202 | // the signature uses public key hash encoding. |
| 203 | $auth_type = ( $this->_secret !== $this->_public ) ? 'FS' : 'FSP'; |
| 204 | |
| 205 | return $this->GetUrl( |
| 206 | $pResourceUrl . '?' . |
| 207 | ( 1 < count( $resource ) && ! empty( $resource[1] ) ? $resource[1] . '&' : '' ) . |
| 208 | http_build_query( array( |
| 209 | 'auth_date' => $date, |
| 210 | 'authorization' => $auth_type . ' ' . $this->_id . ':' . |
| 211 | $this->_public . ':' . |
| 212 | self::Base64UrlEncode( hash_hmac( |
| 213 | 'sha256', $string_to_sign, $this->_secret |
| 214 | ) ) |
| 215 | ) ) ); |
| 216 | } |
| 217 | |
| 218 | /** |
| 219 | * Makes an HTTP request. This method can be overridden by subclasses if |
| 220 | * developers want to do fancier things or use something other than curl to |
| 221 | * make the request. |
| 222 | * |
| 223 | * @param string $pCanonizedPath The URL to make the request to |
| 224 | * @param string $pMethod HTTP method |
| 225 | * @param array $params The parameters to use for the POST body |
| 226 | * @param null|resource $ch Initialized curl handle |
| 227 | * |
| 228 | * @return object[]|object|null |
| 229 | * |
| 230 | * @throws Freemius_Exception |
| 231 | */ |
| 232 | public function MakeRequest( $pCanonizedPath, $pMethod = 'GET', $params = array(), $ch = null ) { |
| 233 | if ( !FS_SDK__HAS_CURL ) { |
| 234 | $this->ThrowNoCurlException(); |
| 235 | } |
| 236 | |
| 237 | // Connectivity errors simulation. |
| 238 | if ( FS_SDK__SIMULATE_NO_API_CONNECTIVITY_CLOUDFLARE ) { |
| 239 | $this->ThrowCloudFlareDDoSException(); |
| 240 | } else if ( FS_SDK__SIMULATE_NO_API_CONNECTIVITY_SQUID_ACL ) { |
| 241 | $this->ThrowSquidAclException(); |
| 242 | } |
| 243 | |
| 244 | if ( ! $ch ) { |
| 245 | $ch = curl_init(); |
| 246 | } |
| 247 | |
| 248 | $opts = self::$CURL_OPTS; |
| 249 | |
| 250 | if ( ! isset( $opts[ CURLOPT_HTTPHEADER ] ) || ! is_array( $opts[ CURLOPT_HTTPHEADER ] ) ) { |
| 251 | $opts[ CURLOPT_HTTPHEADER ] = array(); |
| 252 | } |
| 253 | |
| 254 | if ( 'POST' === $pMethod || 'PUT' === $pMethod ) { |
| 255 | if ( is_array( $params ) && 0 < count( $params ) ) { |
| 256 | $opts[ CURLOPT_HTTPHEADER ][] = 'Content-Type: application/json'; |
| 257 | $opts[ CURLOPT_POST ] = count( $params ); |
| 258 | $opts[ CURLOPT_POSTFIELDS ] = json_encode( $params ); |
| 259 | } |
| 260 | |
| 261 | $opts[ CURLOPT_RETURNTRANSFER ] = true; |
| 262 | } |
| 263 | |
| 264 | $opts[ CURLOPT_URL ] = $this->GetUrl( $pCanonizedPath ); |
| 265 | $opts[ CURLOPT_CUSTOMREQUEST ] = $pMethod; |
| 266 | |
| 267 | $resource = explode( '?', $pCanonizedPath ); |
| 268 | |
| 269 | // Only sign request if not ping.json connectivity test. |
| 270 | if ( '/v1/ping.json' !== strtolower( substr( $resource[0], - strlen( '/v1/ping.json' ) ) ) ) { |
| 271 | $this->SignRequest( $resource[0], $opts ); |
| 272 | } |
| 273 | |
| 274 | // disable the 'Expect: 100-continue' behaviour. This causes CURL to wait |
| 275 | // for 2 seconds if the server does not support this header. |
| 276 | $opts[ CURLOPT_HTTPHEADER ][] = 'Expect:'; |
| 277 | |
| 278 | if ( 'https' === substr( strtolower( $pCanonizedPath ), 0, 5 ) ) { |
| 279 | $opts[ CURLOPT_SSL_VERIFYHOST ] = false; |
| 280 | $opts[ CURLOPT_SSL_VERIFYPEER ] = false; |
| 281 | } |
| 282 | |
| 283 | curl_setopt_array( $ch, $opts ); |
| 284 | $result = curl_exec( $ch ); |
| 285 | |
| 286 | /*if (curl_errno($ch) == 60) // CURLE_SSL_CACERT |
| 287 | { |
| 288 | self::errorLog('Invalid or no certificate authority found, using bundled information'); |
| 289 | curl_setopt($ch, CURLOPT_CAINFO, |
| 290 | dirname(__FILE__) . '/fb_ca_chain_bundle.crt'); |
| 291 | $result = curl_exec($ch); |
| 292 | }*/ |
| 293 | |
| 294 | // With dual stacked DNS responses, it's possible for a server to |
| 295 | // have IPv6 enabled but not have IPv6 connectivity. If this is |
| 296 | // the case, curl will try IPv4 first and if that fails, then it will |
| 297 | // fall back to IPv6 and the error EHOSTUNREACH is returned by the |
| 298 | // operating system. |
| 299 | if ( false === $result && empty( $opts[ CURLOPT_IPRESOLVE ] ) ) { |
| 300 | $matches = array(); |
| 301 | $regex = '/Failed to connect to ([^:].*): Network is unreachable/'; |
| 302 | if ( preg_match( $regex, curl_error( $ch ), $matches ) ) { |
| 303 | if ( strlen( @inet_pton( $matches[1] ) ) === 16 ) { |
| 304 | // self::errorLog('Invalid IPv6 configuration on server, Please disable or get native IPv6 on your server.'); |
| 305 | self::$CURL_OPTS[ CURLOPT_IPRESOLVE ] = CURL_IPRESOLVE_V4; |
| 306 | curl_setopt( $ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4 ); |
| 307 | $result = curl_exec( $ch ); |
| 308 | } |
| 309 | } |
| 310 | } |
| 311 | |
| 312 | if ( $result === false ) { |
| 313 | $e = new Freemius_Exception( array( |
| 314 | 'error' => array( |
| 315 | 'code' => curl_errno( $ch ), |
| 316 | 'message' => curl_error( $ch ), |
| 317 | 'type' => 'CurlException', |
| 318 | ), |
| 319 | ) ); |
| 320 | |
| 321 | curl_close( $ch ); |
| 322 | throw $e; |
| 323 | } |
| 324 | |
| 325 | curl_close( $ch ); |
| 326 | |
| 327 | if (empty($result)) |
| 328 | return null; |
| 329 | |
| 330 | $decoded = json_decode( $result ); |
| 331 | |
| 332 | if ( is_null( $decoded ) ) { |
| 333 | if ( preg_match( '/Please turn JavaScript on/i', $result ) && |
| 334 | preg_match( '/text\/javascript/', $result ) |
| 335 | ) { |
| 336 | $this->ThrowCloudFlareDDoSException( $result ); |
| 337 | } else if ( preg_match( '/Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect./', $result ) && |
| 338 | preg_match( '/squid/', $result ) |
| 339 | ) { |
| 340 | $this->ThrowSquidAclException( $result ); |
| 341 | } else { |
| 342 | $decoded = (object) array( |
| 343 | 'error' => (object) array( |
| 344 | 'type' => 'Unknown', |
| 345 | 'message' => $result, |
| 346 | 'code' => 'unknown', |
| 347 | 'http' => 402 |
| 348 | ) |
| 349 | ); |
| 350 | } |
| 351 | } |
| 352 | |
| 353 | return $decoded; |
| 354 | } |
| 355 | |
| 356 | /** |
| 357 | * @param string $pResult |
| 358 | * |
| 359 | * @throws Freemius_Exception |
| 360 | */ |
| 361 | private function ThrowNoCurlException( $pResult = '' ) { |
| 362 | throw new Freemius_Exception( array( |
| 363 | 'error' => (object) array( |
| 364 | 'type' => 'cUrlMissing', |
| 365 | 'message' => $pResult, |
| 366 | 'code' => 'curl_missing', |
| 367 | 'http' => 402 |
| 368 | ) |
| 369 | ) ); |
| 370 | } |
| 371 | |
| 372 | /** |
| 373 | * @param string $pResult |
| 374 | * |
| 375 | * @throws Freemius_Exception |
| 376 | */ |
| 377 | private function ThrowCloudFlareDDoSException( $pResult = '' ) { |
| 378 | throw new Freemius_Exception( array( |
| 379 | 'error' => (object) array( |
| 380 | 'type' => 'CloudFlareDDoSProtection', |
| 381 | 'message' => $pResult, |
| 382 | 'code' => 'cloudflare_ddos_protection', |
| 383 | 'http' => 402 |
| 384 | ) |
| 385 | ) ); |
| 386 | } |
| 387 | |
| 388 | /** |
| 389 | * @param string $pResult |
| 390 | * |
| 391 | * @throws Freemius_Exception |
| 392 | */ |
| 393 | private function ThrowSquidAclException( $pResult = '' ) { |
| 394 | throw new Freemius_Exception( array( |
| 395 | 'error' => (object) array( |
| 396 | 'type' => 'SquidCacheBlock', |
| 397 | 'message' => $pResult, |
| 398 | 'code' => 'squid_cache_block', |
| 399 | 'http' => 402 |
| 400 | ) |
| 401 | ) ); |
| 402 | } |
| 403 | } |