#! /usr/bin/env python # # pyfacebook - Python bindings for the Facebook API # # Copyright (c) 2008, Samuel Cormier-Iijima # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # * Neither the name of the author nor the names of its contributors may # be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS``AS IS'' AND ANY # EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE # DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. """ Python bindings for the Facebook API (pyfacebook - http://code.google.com/p/pyfacebook) PyFacebook is a client library that wraps the Facebook API. For more information, see Home Page: http://code.google.com/p/pyfacebook Developer Wiki: http://wiki.developers.facebook.com/index.php/Python Facebook IRC Channel: #facebook on irc.freenode.net PyFacebook can use simplejson if it is installed, which is much faster than XML and also uses less bandwith. Go to http://undefined.org/python/#simplejson to download it, or do apt-get install python-simplejson on a Debian-like system. """ import sys import time import struct import urllib import urllib2 import httplib import hmac try: import hashlib except ImportError: import md5 as hashlib from django.conf import settings import binascii import urlparse import mimetypes # try to use simplejson first, otherwise fallback to XML RESPONSE_FORMAT = 'JSON' try: import json as simplejson simplejson.loads except (ImportError, AttributeError): try: import simplejson simplejson.loads except (ImportError, AttributeError): try: from django.utils import simplejson simplejson.loads except (ImportError, AttributeError): try: import jsonlib as simplejson simplejson.loads except (ImportError, AttributeError): from xml.dom import minidom RESPONSE_FORMAT = 'XML' # support Google App Engine. GAE does not have a working urllib.urlopen. try: from google.appengine.api import urlfetch def urlread(url, data=None, headers=None): if data is not None: if headers is None: headers = {"Content-type": "application/x-www-form-urlencoded"} method = urlfetch.POST else: if headers is None: headers = {} method = urlfetch.GET result = urlfetch.fetch(url, method=method, payload=data, headers=headers) if result.status_code == 200: return result.content else: raise urllib2.URLError("fetch error url=%s, code=%d" % (url, result.status_code)) except ImportError: def urlread(url, data=None): res = urllib2.urlopen(url, data=data) return res.read() __all__ = ['Facebook','create_hmac'] VERSION = '1.0a2' FACEBOOK_URL = 'http://api.facebook.com/restserver.php' FACEBOOK_VIDEO_URL = 'http://api-video.facebook.com/restserver.php' FACEBOOK_SECURE_URL = 'https://api.facebook.com/restserver.php' def create_hmac(tbhashed): return hmac.new(settings.SECRET_KEY, tbhashed, hashlib.sha1).hexdigest() class json(object): pass # simple IDL for the Facebook API METHODS = { #dashboard methods 'dashboard': { 'incrementCount': [ ('uid', int, ['optional']) ], 'decrementCount': [ ('uid', int, ['optional']) ], 'getCount': [ ('uid', int, ['optional']) ], 'setCount': [ ('count', int, []), ('uid', int, ['optional']) ], 'getActivity': [ ('activity_ids', list, ['optional']), ('uid', int, ['optional']) ], 'publishActivity': [ ('activity', json, []), ] }, 'application': { 'getPublicInfo': [ ('application_id', int, ['optional']), ('application_api_key', str, ['optional']), ('application_canvas_name', str,['optional']), ], }, # admin methods 'admin': { 'getAllocation': [ ('integration_point_name', str, []), ], 'getRestrictionInfo': [], 'setRestrictionInfo': [ ('format', str, ['optional']), ('callback', str, ['optional']), ('restriction_str', json, ['optional']), ], # Some methods don't work with access_tokens, the signed option forces # use of the secret_key signature (avoids error 15 and, sometimes, 8) 'getAppProperties': [ ('properties', list, []), 'signed' ], 'setAppProperties': [ ('properties', json, []), 'signed' ], }, # auth methods 'auth': { 'revokeAuthorization': [ ('uid', int, ['optional']), ], 'revokeExtendedPermission': [ ('perm', str, []), ('uid', int, ['optional']), ], }, # feed methods 'feed': { 'publishStoryToUser': [ ('title', str, []), ('body', str, ['optional']), ('image_1', str, ['optional']), ('image_1_link', str, ['optional']), ('image_2', str, ['optional']), ('image_2_link', str, ['optional']), ('image_3', str, ['optional']), ('image_3_link', str, ['optional']), ('image_4', str, ['optional']), ('image_4_link', str, ['optional']), ('priority', int, ['optional']), ], 'publishActionOfUser': [ ('title', str, []), ('body', str, ['optional']), ('image_1', str, ['optional']), ('image_1_link', str, ['optional']), ('image_2', str, ['optional']), ('image_2_link', str, ['optional']), ('image_3', str, ['optional']), ('image_3_link', str, ['optional']), ('image_4', str, ['optional']), ('image_4_link', str, ['optional']), ('priority', int, ['optional']), ], 'publishTemplatizedAction': [ ('title_template', str, []), ('page_actor_id', int, ['optional']), ('title_data', json, ['optional']), ('body_template', str, ['optional']), ('body_data', json, ['optional']), ('body_general', str, ['optional']), ('image_1', str, ['optional']), ('image_1_link', str, ['optional']), ('image_2', str, ['optional']), ('image_2_link', str, ['optional']), ('image_3', str, ['optional']), ('image_3_link', str, ['optional']), ('image_4', str, ['optional']), ('image_4_link', str, ['optional']), ('target_ids', list, ['optional']), ], 'registerTemplateBundle': [ ('one_line_story_templates', json, []), ('short_story_templates', json, ['optional']), ('full_story_template', json, ['optional']), ('action_links', json, ['optional']), ], 'deactivateTemplateBundleByID': [ ('template_bundle_id', int, []), ], 'getRegisteredTemplateBundles': [], 'getRegisteredTemplateBundleByID': [ ('template_bundle_id', str, []), ], 'publishUserAction': [ ('template_bundle_id', int, []), ('template_data', json, ['optional']), ('target_ids', list, ['optional']), ('body_general', str, ['optional']), ('story_size', int, ['optional']), ], }, # fql methods 'fql': { 'query': [ ('query', str, []), ], 'multiquery': [ ('queries', json, []), ], }, # friends methods 'friends': { 'areFriends': [ ('uids1', list, []), ('uids2', list, []), ], 'get': [ ('flid', int, ['optional']), ], 'getLists': [], 'getAppUsers': [], 'getMutualFriends': [ ('target_uid', int, []), ('source_uid', int, ['optional']), ], }, # notifications methods 'notifications': { 'get': [], 'send': [ ('to_ids', list, []), ('notification', str, []), ('email', str, ['optional']), ('type', str, ['optional']), ], 'sendRequest': [ ('to_ids', list, []), ('type', str, []), ('content', str, []), ('image', str, []), ('invite', bool, []), ], 'sendEmail': [ ('recipients', list, []), ('subject', str, []), ('text', str, ['optional']), ('fbml', str, ['optional']), ] }, # profile methods 'profile': { 'setFBML': [ ('markup', str, ['optional']), ('uid', int, ['optional']), ('profile', str, ['optional']), ('profile_action', str, ['optional']), ('mobile_fbml', str, ['optional']), ('profile_main', str, ['optional']), ], 'getFBML': [ ('uid', int, ['optional']), ('type', int, ['optional']), ], 'setInfo': [ ('title', str, []), ('type', int, []), ('info_fields', json, []), ('uid', int, []), ], 'getInfo': [ ('uid', int, []), ], 'setInfoOptions': [ ('field', str, []), ('options', json, []), ], 'getInfoOptions': [ ('field', str, []), ], }, # users methods 'users': { 'getInfo': [ ('uids', list, []), ('fields', list, [('default', ['name'])]), ], 'getStandardInfo': [ ('uids', list, []), ('fields', list, [('default', ['uid'])]), ], 'getLoggedInUser': [], 'isAppAdded': [], 'isAppUser': [ ('uid', int, []), ], 'hasAppPermission': [ ('ext_perm', str, []), ('uid', int, ['optional']), ], 'setStatus': [ ('status', str, []), ('clear', bool, []), ('status_includes_verb', bool, ['optional']), ('uid', int, ['optional']), ], }, # events methods 'events': { 'cancel': [ ('eid', int, []), ('cancel_message', str, ['optional']), ], 'create': [ ('event_info', json, []), ], 'edit': [ ('eid', int, []), ('event_info', json, []), ], 'get': [ ('uid', int, ['optional']), ('eids', list, ['optional']), ('start_time', int, ['optional']), ('end_time', int, ['optional']), ('rsvp_status', str, ['optional']), ], 'getMembers': [ ('eid', int, []), ], 'invite': [ ('eid', int, []), ('uids', list, []), ('personal_message', str, ['optional']), ], 'rsvp': [ ('eid', int, []), ('rsvp_status', str, []), ], 'edit': [ ('eid', int, []), ('event_info', json, []), ], 'invite': [ ('eid', int, []), ('uids', list, []), ('personal_message', str, ['optional']), ], }, # update methods 'update': { 'decodeIDs': [ ('ids', list, []), ], }, # groups methods 'groups': { 'get': [ ('uid', int, ['optional']), ('gids', list, ['optional']), ], 'getMembers': [ ('gid', int, []), ], }, # marketplace methods 'marketplace': { 'createListing': [ ('listing_id', int, []), ('show_on_profile', bool, []), ('listing_attrs', str, []), ], 'getCategories': [], 'getListings': [ ('listing_ids', list, []), ('uids', list, []), ], 'getSubCategories': [ ('category', str, []), ], 'removeListing': [ ('listing_id', int, []), ('status', str, []), ], 'search': [ ('category', str, ['optional']), ('subcategory', str, ['optional']), ('query', str, ['optional']), ], }, # pages methods 'pages': { 'getInfo': [ ('fields', list, [('default', ['page_id', 'name'])]), ('page_ids', list, ['optional']), ('uid', int, ['optional']), ], 'isAdmin': [ ('page_id', int, []), ], 'isAppAdded': [ ('page_id', int, []), ], 'isFan': [ ('page_id', int, []), ('uid', int, []), ], }, # photos methods 'photos': { 'addTag': [ ('pid', int, []), ('tag_uid', int, [('default', 0)]), ('tag_text', str, [('default', '')]), ('x', float, [('default', 50)]), ('y', float, [('default', 50)]), ('tags', json, ['optional']), ], 'createAlbum': [ ('name', str, []), ('location', str, ['optional']), ('description', str, ['optional']), ], 'get': [ ('subj_id', int, ['optional']), ('aid', int, ['optional']), ('pids', list, ['optional']), ], 'getAlbums': [ ('uid', int, ['optional']), ('aids', list, ['optional']), ], 'getTags': [ ('pids', list, []), ], }, # videos methods 'video': { 'getUploadLimits': [ ], }, # status methods 'status': { 'get': [ ('uid', int, ['optional']), ('limit', int, ['optional']), ], 'set': [ ('status', str, ['optional']), ('uid', int, ['optional']), ], }, # fbml methods 'fbml': { 'refreshImgSrc': [ ('url', str, []), ], 'refreshRefUrl': [ ('url', str, []), ], 'setRefHandle': [ ('handle', str, []), ('fbml', str, []), ], }, # SMS Methods 'sms' : { 'canSend' : [ ('uid', int, []), ], 'send' : [ ('uid', int, []), ('message', str, []), ('session_id', int, []), ('req_session', bool, []), ], }, 'data': { 'getCookies': [ ('uid', int, []), ('string', str, ['optional']), ], 'setCookie': [ ('uid', int, []), ('name', str, []), ('value', str, []), ('expires', int, ['optional']), ('path', str, ['optional']), ], }, # connect methods 'connect': { 'registerUsers': [ ('accounts', json, []), ], 'unregisterUsers': [ ('email_hashes', json, []), ], 'getUnconnectedFriendsCount': [ ], }, 'links': { 'post': [ ('url', str, []), ('comment', str, []), ('uid', int, []), ('image', str, ['optional']), ('callback', str, ['optional']), ], 'preview': [ ('url', str, []), ('callback', str, ['optional']), ], }, #stream methods (beta) 'stream' : { 'addComment' : [ ('post_id', int, []), ('comment', str, []), ('uid', int, ['optional']), ], 'addLike': [ ('uid', int, ['optional']), ('post_id', int, ['optional']), ], 'get' : [ ('viewer_id', int, ['optional']), ('source_ids', list, ['optional']), ('start_time', int, ['optional']), ('end_time', int, ['optional']), ('limit', int, ['optional']), ('filter_key', str, ['optional']), ], 'getComments' : [ ('post_id', int, []), ], 'getFilters' : [ ('uid', int, ['optional']), ], 'publish' : [ ('message', str, ['optional']), ('attachment', json, ['optional']), ('action_links', json, ['optional']), ('target_id', str, ['optional']), ('uid', str, ['optional']), ], 'remove' : [ ('post_id', int, []), ('uid', int, ['optional']), ], 'removeComment' : [ ('comment_id', int, []), ('uid', int, ['optional']), ], 'removeLike' : [ ('uid', int, ['optional']), ('post_id', int, ['optional']), ], }, # livemessage methods (beta) 'livemessage': { 'send': [ ('recipient', int, []), ('event_name', str, []), ('message', str, []), ], }, # dashboard methods (beta) 'dashboard': { # setting counters for a single user 'decrementCount': [ ('uid', int, []), ], 'incrementCount': [ ('uid', int, []), ], 'getCount': [ ('uid', int, []), ], 'setCount': [ ('uid', int, []), ('count', int, []), ], # setting counters for multiple users 'multiDecrementCount': [ ('uids', list, []), ], 'multiIncrementCount': [ ('uids', list, []), ], 'multiGetCount': [ ('uids', list, []), ], 'multiSetCount': [ ('uids', list, []), ], # setting news for a single user 'addNews': [ ('news', json, []), ('image', str, ['optional']), ('uid', int, ['optional']), ], 'getNews': [ ('uid', int, []), ('news_ids', list, ['optional']), ], 'clearNews': [ ('uid', int, []), ('news_ids', list, ['optional']), ], # setting news for multiple users 'multiAddNews': [ ('uids', list, []), ('news', json, []), ('image', str, ['optional']), ], 'multiGetNews': [ ('uids', json, []), ], 'multiClearNews': [ ('uids', json, []), ], # setting application news for all users 'addGlobalNews': [ ('news', json, []), ('image', str, ['optional']), ], 'getGlobalNews': [ ('news_ids', list, ['optional']), ], 'clearGlobalNews': [ ('news_ids', list, ['optional']), ], # user activity 'getActivity': [ ('activity_ids', list, ['optional']), ], 'publishActivity': [ ('activity', json, []), ], 'removeActivity': [ ('activity_ids', list, []), ], }, # comments methods (beta) 'comments' : { 'add': [ # text should be after xid/object_id, but is required ('text', str, []), # One of xid and object_is is required. Can this be expressed? ('xid', str, ['optional']), ('object_id', str, ['optional']), ('uid', int, ['optional']), ('title', str, ['optional']), ('url', str, ['optional']), ('publish_to_stream', bool, [('default', False)]), ], 'remove': [ # One of xid and object_is is required. Can this be expressed? ('xid', str, ['optional']), ('object_id', str, ['optional']), # comment_id should be required ('comment_id', str, ['optional']), ], 'get': [ # One of xid and object_is is required. Can this be expressed? ('xid', str, ['optional']), ('object_id', str, ['optional']), ], } } def __fixup_param(name, klass, options, param): optional = 'optional' in options default = [x[1] for x in options if isinstance(x, tuple) and x[0] == 'default'] if default: default = default[0] else: default = None if param is None: if klass is list and default: param = default[:] else: param = default if klass is json and isinstance(param, (list, dict)): param = simplejson.dumps(param) return param def __generate_facebook_method(namespace, method_name, param_data): # This method-level option forces the method to be signed rather than using # the access_token signed = False if 'signed' in param_data: signed = True param_data.remove('signed') # a required parameter doesn't have 'optional' in the options, # and has no tuple option that starts with 'default' required = [x for x in param_data if 'optional' not in x[2] and not [y for y in x[2] if isinstance(y, tuple) and y and y[0] == 'default']] def facebook_method(self, *args, **kwargs): params = {} for i, arg in enumerate(args): params[param_data[i][0]] = arg params.update(kwargs) for param in required: if param[0] not in params: raise TypeError("missing parameter %s" % param[0]) for name, klass, options in param_data: if name in params: params[name] = __fixup_param(name, klass, options, params[name]) return self(method_name, params, signed=signed) facebook_method.__name__ = method_name facebook_method.__doc__ = "Facebook API call. See http://developers.facebook.com/documentation.php?v=1.0&method=%s.%s" % (namespace, method_name) return facebook_method class Proxy(object): """Represents a "namespace" of Facebook API calls.""" def __init__(self, client, name): self._client = client self._name = name def __call__(self, method=None, args=None, add_session_args=True, signed=False): # for Django templates if method is None: return self if add_session_args: self._client._add_session_args(args) return self._client('%s.%s' % (self._name, method), args, signed=signed) # generate the Facebook proxies def __generate_proxies(): for namespace in METHODS: methods = {} for method, param_data in METHODS[namespace].iteritems(): methods[method] = __generate_facebook_method(namespace, method, param_data) proxy = type('%sProxy' % namespace.title(), (Proxy,), methods) globals()[proxy.__name__] = proxy __generate_proxies() class FacebookError(Exception): """Exception class for errors received from Facebook.""" def __init__(self, code, msg, args=None): self.code = code self.msg = msg self.extra_args = args Exception.__init__(self, code, msg, args) def __str__(self): return 'Error %s: %s' % (self.code, self.msg) class AuthProxy(AuthProxy): """Special proxy for facebook.auth.""" def getSession(self): """Facebook API call. See http://developers.facebook.com/documentation.php?v=1.0&method=auth.getSession""" args = {} try: args['auth_token'] = self._client.auth_token except AttributeError: raise RuntimeError('Client does not have auth_token set.') try: args['generate_session_secret'] = self._client.generate_session_secret except AttributeError: pass result = self._client('%s.getSession' % self._name, args) self._client.session_key = result['session_key'] self._client.uid = result['uid'] self._client.secret = result.get('secret') self._client.session_key_expires = result['expires'] return result def createToken(self): """Facebook API call. See http://developers.facebook.com/documentation.php?v=1.0&method=auth.createToken""" token = self._client('%s.createToken' % self._name) self._client.auth_token = token return token class FriendsProxy(FriendsProxy): """Special proxy for facebook.friends.""" def get(self, **kwargs): """Facebook API call. See http://developers.facebook.com/documentation.php?v=1.0&method=friends.get""" if not kwargs.get('flid') and self._client._friends: return self._client._friends return super(FriendsProxy, self).get(**kwargs) class PhotosProxy(PhotosProxy): """Special proxy for facebook.photos.""" def upload(self, image, aid=None, uid=None, caption=None, size=(720, 720), filename=None, callback=None): """Facebook API call. See http://developers.facebook.com/documentation.php?v=1.0&method=photos.upload size -- an optional size (width, height) to resize the image to before uploading. Resizes by default to Facebook's maximum display dimension of 720. """ args = {} if uid is not None: args['uid'] = uid if aid is not None: args['aid'] = aid if caption is not None: args['caption'] = caption if self._client.oauth2: url = self._client.facebook_secure_url else: url = self._client.facebook_url args = self._client._build_post_args('facebook.photos.upload', self._client._add_session_args(args)) try: import cStringIO as StringIO except ImportError: import StringIO # check for a filename specified...if the user is passing binary data in # image then a filename will be specified if filename is None: try: import Image except ImportError: data = StringIO.StringIO(open(image, 'rb').read()) else: img = Image.open(image) if size: img.thumbnail(size, Image.ANTIALIAS) data = StringIO.StringIO() img.save(data, img.format) else: # there was a filename specified, which indicates that image was not # the path to an image file but rather the binary data of a file data = StringIO.StringIO(image) image = filename content_type, body = self.__encode_multipart_formdata(list(args.iteritems()), [(image, data)]) urlinfo = urlparse.urlsplit(url) try: content_length = len(body) chunk_size = 4096 if self._client.oauth2: h = httplib.HTTPSConnection(urlinfo[1]) else: h = httplib.HTTPConnection(urlinfo[1]) h.putrequest('POST', urlinfo[2]) h.putheader('Content-Type', content_type) h.putheader('Content-Length', str(content_length)) h.putheader('MIME-Version', '1.0') h.putheader('User-Agent', 'PyFacebook Client Library') h.endheaders() if callback: count = 0 while len(body) > 0: if len(body) < chunk_size: data = body body = '' else: data = body[0:chunk_size] body = body[chunk_size:] h.send(data) count += 1 callback(count, chunk_size, content_length) else: h.send(body) response = h.getresponse() if response.status != 200: raise Exception('Error uploading photo: Facebook returned HTTP %s (%s)' % (response.status, response.reason)) response = response.read() except: # sending the photo failed, perhaps we are using GAE try: from google.appengine.api import urlfetch try: response = urlread(url=url,data=body,headers={'POST':urlinfo[2],'Content-Type':content_type,'MIME-Version':'1.0'}) except urllib2.URLError: raise Exception('Error uploading photo: Facebook returned %s' % (response)) except ImportError: # could not import from google.appengine.api, so we are not running in GAE raise Exception('Error uploading photo.') return self._client._parse_response(response, 'facebook.photos.upload') def __encode_multipart_formdata(self, fields, files): """Encodes a multipart/form-data message to upload an image.""" boundary = '-------tHISiStheMulTIFoRMbOUNDaRY' crlf = '\r\n' l = [] for (key, value) in fields: l.append('--' + boundary) l.append('Content-Disposition: form-data; name="%s"' % str(key)) l.append('') l.append(str(value)) for (filename, value) in files: l.append('--' + boundary) l.append('Content-Disposition: form-data; filename="%s"' % (str(filename), )) l.append('Content-Type: %s' % self.__get_content_type(filename)) l.append('') l.append(value.getvalue()) l.append('--' + boundary + '--') l.append('') body = crlf.join(l) content_type = 'multipart/form-data; boundary=%s' % boundary return content_type, body def __get_content_type(self, filename): """Returns a guess at the MIME type of the file from the filename.""" return str(mimetypes.guess_type(filename)[0]) or 'application/octet-stream' class VideoProxy(VideoProxy): """Special proxy for facebook.video.""" def upload(self, video, aid=None, title=None, description=None, filename=None, uid=None, privacy=None, callback=None): """Facebook API call. See http://wiki.developers.facebook.com/index.php/Video.upload""" args = {} if aid is not None: args['aid'] = aid if title is not None: args['title'] = title if description is not None: args['description'] = title if uid is not None: args['uid'] = uid if privacy is not None: args['privacy'] = privacy args = self._client._build_post_args('facebook.video.upload', self._client._add_session_args(args)) try: import cStringIO as StringIO except ImportError: import StringIO # check for a filename specified...if the user is passing binary data in # video then a filename will be specified if filename is None: data = StringIO.StringIO(open(video, 'rb').read()) else: # there was a filename specified, which indicates that video was not # the path to an video file but rather the binary data of a file data = StringIO.StringIO(video) video = filename content_type, body = self.__encode_multipart_formdata(list(args.iteritems()), [(video, data)]) # Set the correct End Point Url, note this is different to all other FB EndPoints urlinfo = urlparse.urlsplit(FACEBOOK_VIDEO_URL) try: content_length = len(body) chunk_size = 4096 h = httplib.HTTPConnection(urlinfo[1]) h.putrequest('POST', urlinfo[2]) h.putheader('Content-Type', content_type) h.putheader('Content-Length', str(content_length)) h.putheader('MIME-Version', '1.0') h.putheader('User-Agent', 'PyFacebook Client Library') h.endheaders() if callback: count = 0 while len(body) > 0: if len(body) < chunk_size: data = body body = '' else: data = body[0:chunk_size] body = body[chunk_size:] h.send(data) count += 1 callback(count, chunk_size, content_length) else: h.send(body) response = h.getresponse() if response.status != 200: raise Exception('Error uploading video: Facebook returned HTTP %s (%s)' % (response.status, response.reason)) response = response.read() except: # sending the photo failed, perhaps we are using GAE try: from google.appengine.api import urlfetch try: response = urlread(url=FACEBOOK_VIDEO_URL,data=body,headers={'POST':urlinfo[2],'Content-Type':content_type,'MIME-Version':'1.0'}) except urllib2.URLError: raise Exception('Error uploading video: Facebook returned %s' % (response)) except ImportError: # could not import from google.appengine.api, so we are not running in GAE raise Exception('Error uploading video.') return self._client._parse_response(response, 'facebook.video.upload') def __encode_multipart_formdata(self, fields, files): """Encodes a multipart/form-data message to upload an image.""" boundary = '-------tHISiStheMulTIFoRMbOUNDaRY' crlf = '\r\n' l = [] for (key, value) in fields: l.append('--' + boundary) l.append('Content-Disposition: form-data; name="%s"' % str(key)) l.append('') l.append(str(value)) for (filename, value) in files: l.append('--' + boundary) l.append('Content-Disposition: form-data; filename="%s"' % (str(filename), )) l.append('Content-Type: %s' % self.__get_content_type(filename)) l.append('') l.append(value.getvalue()) l.append('--' + boundary + '--') l.append('') body = crlf.join(l) content_type = 'multipart/form-data; boundary=%s' % boundary return content_type, body def __get_content_type(self, filename): """Returns a guess at the MIME type of the file from the filename.""" return str(mimetypes.guess_type(filename)[0]) or 'application/octet-stream' class Facebook(object): """ Provides access to the Facebook API. Instance Variables: added True if the user has added this application. api_key Your API key, as set in the constructor. app_id Your application id, as set in the constructor or fetched from fb_sig_app_id request parameter. app_name Your application's name, i.e. the APP_NAME in http://apps.facebook.com/APP_NAME/ if this is for an internal web application. Optional, but useful for automatic redirects to canvas pages. auth_token The auth token that Facebook gives you, either with facebook.auth.createToken, or through a GET parameter. callback_path The path of the callback set in the Facebook app settings. If your callback is set to http://www.example.com/facebook/callback/, this should be '/facebook/callback/'. Optional, but useful for automatic redirects back to the same page after login. desktop True if this is a desktop app, False otherwise. Used for determining how to authenticate. ext_perms Any extended permissions that the user has granted to your application. This parameter is set only if the user has granted any. facebook_url The url to use for Facebook requests. facebook_secure_url The url to use for secure Facebook requests. in_canvas True if the current request is for a canvas page. in_iframe True if the current request is for an HTML page to embed in Facebook inside an iframe. is_session_from_cookie True if the current request session comes from a session cookie. in_profile_tab True if the current request is for a user's tab for your application. internal True if this Facebook object is for an internal application (one that can be added on Facebook) locale The user's locale. Default: 'en_US' oauth2: Whether to use the new OAuth 2.0 authentication mechanism. Default: False oauth2_token: The current OAuth 2.0 token. oauth2_token_expires: The UNIX time when the OAuth 2.0 token expires (seconds). page_id Set to the page_id of the current page (if any) profile_update_time The time when this user's profile was last updated. This is a UNIX timestamp. Default: None if unknown. secret Secret that is used after getSession for desktop apps. secret_key Your application's secret key, as set in the constructor. session_key The current session key. Set automatically by auth.getSession, but can be set manually for doing infinite sessions. session_key_expires The UNIX time of when this session key expires, or 0 if it never expires. uid After a session is created, you can get the user's UID with this variable. Set automatically by auth.getSession. ---------------------------------------------------------------------- """ def __init__(self, api_key, secret_key, auth_token=None, app_name=None, callback_path=None, internal=None, proxy=None, facebook_url=None, facebook_secure_url=None, generate_session_secret=0, app_id=None, oauth2=False): """ Initializes a new Facebook object which provides wrappers for the Facebook API. If this is a desktop application, the next couple of steps you might want to take are: facebook.auth.createToken() # create an auth token facebook.login() # show a browser window wait_login() # somehow wait for the user to log in facebook.auth.getSession() # get a session key For web apps, if you are passed an auth_token from Facebook, pass that in as a named parameter. Then call: facebook.auth.getSession() """ self.api_key = api_key self.secret_key = secret_key self.app_id = app_id self.oauth2 = oauth2 self.oauth2_token = None self.oauth2_token_expires = None self.session_key = None self.session_key_expires = None self.auth_token = auth_token self.secret = None self.generate_session_secret = generate_session_secret self.uid = None self.page_id = None self.in_canvas = False self.in_iframe = False self.is_session_from_cookie = False self.in_profile_tab = False self.added = False self.app_name = app_name self.callback_path = callback_path self.internal = internal self._friends = None self.locale = 'en_US' self.profile_update_time = None self.ext_perms = [] self.proxy = proxy if facebook_url is None: self.facebook_url = FACEBOOK_URL else: self.facebook_url = facebook_url if facebook_secure_url is None: self.facebook_secure_url = FACEBOOK_SECURE_URL else: self.facebook_secure_url = facebook_secure_url for namespace in METHODS: self.__dict__[namespace] = eval('%sProxy(self, \'%s\')' % (namespace.title(), 'facebook.%s' % namespace)) def _hash_args(self, args, secret=None): """Hashes arguments by joining key=value pairs, appending a secret, and then taking the MD5 hex digest.""" # @author: houyr # fix for UnicodeEncodeError hasher = hashlib.md5(''.join(['%s=%s' % (isinstance(x, unicode) and x.encode("utf-8") or x, isinstance(args[x], unicode) and args[x].encode("utf-8") or args[x]) for x in sorted(args.keys())])) if secret: hasher.update(secret) elif self.secret: hasher.update(self.secret) else: hasher.update(self.secret_key) return hasher.hexdigest() def _parse_response_item(self, node): """Parses an XML response node from Facebook.""" if node.nodeType == node.DOCUMENT_NODE and \ node.childNodes[0].hasAttributes() and \ node.childNodes[0].hasAttribute('list') and \ node.childNodes[0].getAttribute('list') == "true": return {node.childNodes[0].nodeName: self._parse_response_list(node.childNodes[0])} elif node.nodeType == node.ELEMENT_NODE and \ node.hasAttributes() and \ node.hasAttribute('list') and \ node.getAttribute('list')=="true": return self._parse_response_list(node) elif len(filter(lambda x: x.nodeType == x.ELEMENT_NODE, node.childNodes)) > 0: return self._parse_response_dict(node) else: return ''.join(node.data for node in node.childNodes if node.nodeType == node.TEXT_NODE) def _parse_response_dict(self, node): """Parses an XML dictionary response node from Facebook.""" result = {} for item in filter(lambda x: x.nodeType == x.ELEMENT_NODE, node.childNodes): result[item.nodeName] = self._parse_response_item(item) if node.nodeType == node.ELEMENT_NODE and node.hasAttributes(): if node.hasAttribute('id'): result['id'] = node.getAttribute('id') return result def _parse_response_list(self, node): """Parses an XML list response node from Facebook.""" result = [] for item in filter(lambda x: x.nodeType == x.ELEMENT_NODE, node.childNodes): result.append(self._parse_response_item(item)) return result def _check_error(self, response): """Checks if the given Facebook response is an error, and then raises the appropriate exception.""" if type(response) is dict and response.has_key('error_code'): raise FacebookError(response['error_code'], response['error_msg'], response['request_args']) def _build_post_args(self, method, args=None, signed=False): """Adds to args parameters that are necessary for every call to the API.""" if args is None: args = {} for arg in args.items(): if type(arg[1]) == list: args[arg[0]] = ','.join(str(a) for a in arg[1]) elif type(arg[1]) == unicode: args[arg[0]] = arg[1].encode("UTF-8") elif type(arg[1]) == bool: args[arg[0]] = str(arg[1]).lower() args['method'] = method args['format'] = RESPONSE_FORMAT if not signed and self.oauth2 and self.oauth2_token: args['access_token'] = self.oauth2_token else: args['api_key'] = self.api_key args['v'] = '1.0' args['sig'] = self._hash_args(args) return args def _add_session_args(self, args=None): """Adds 'session_key' and 'call_id' to args, which are used for API calls that need sessions.""" if args is None: args = {} if not self.session_key: return args #some calls don't need a session anymore. this might be better done in the markup #raise RuntimeError('Session key not set. Make sure auth.getSession has been called.') if not self.oauth2 or not self.oauth2_token: args['session_key'] = self.session_key args['call_id'] = str(int(time.time() * 1000)) return args def _parse_response(self, response, method, format=None): """Parses the response according to the given (optional) format, which should be either 'JSON' or 'XML'.""" if not format: format = RESPONSE_FORMAT if format == 'JSON': result = simplejson.loads(response) self._check_error(result) elif format == 'XML': dom = minidom.parseString(response) result = self._parse_response_item(dom) dom.unlink() if 'error_response' in result: self._check_error(result['error_response']) result = result[method[9:].replace('.', '_') + '_response'] else: raise RuntimeError('Invalid format specified.') return result def hash_email(self, email): """ Hash an email address in a format suitable for Facebook Connect. """ email = email.lower().strip() return "%s_%s" % ( struct.unpack("I", struct.pack("i", binascii.crc32(email)))[0], hashlib.md5(email).hexdigest(), ) def unicode_urlencode(self, params): """ @author: houyr A unicode aware version of urllib.urlencode. """ if isinstance(params, dict): params = params.items() return urllib.urlencode([(k, isinstance(v, unicode) and v.encode('utf-8') or v) for k, v in params]) def __call__(self, method=None, args=None, secure=False, signed=False): """Make a call to Facebook's REST server.""" # for Django templates, if this object is called without any arguments # return the object itself if method is None: return self # __init__ hard-codes into en_US if args is not None and not args.has_key('locale'): args['locale'] = self.locale # @author: houyr # fix for bug of UnicodeEncodeError post_data = self.unicode_urlencode(self._build_post_args(method, args, signed)) if self.proxy: proxy_handler = urllib2.ProxyHandler(self.proxy) opener = urllib2.build_opener(proxy_handler) if self.oauth2 or secure: response = opener.open(self.facebook_secure_url, post_data).read() else: response = opener.open(self.facebook_url, post_data).read() else: if self.oauth2 or secure: response = urlread(self.facebook_secure_url, post_data) else: response = urlread(self.facebook_url, post_data) return self._parse_response(response, method) def oauth2_access_token(self, code, next, required_permissions=None): """ We've called authorize, and received a code, now we need to convert this to an access_token """ args = { 'client_id': self.app_id, 'client_secret': self.secret_key, 'redirect_uri': next, 'code': code } if required_permissions: args['scope'] = ",".join(required_permissions) # TODO see if immediate param works as per OAuth 2.0 spec? url = self.get_graph_url('oauth/access_token', **args) if self.proxy: proxy_handler = urllib2.ProxyHandler(self.proxy) opener = urllib2.build_opener(proxy_handler) response = opener.open(url).read() else: response = urlread(url) result = urlparse.parse_qs(response) self.oauth2_token = result['access_token'][0] self.oauth2_token_expires = time.time() + int(result['expires'][0]) # URL helpers def get_url(self, page, **args): """ Returns one of the Facebook URLs (www.facebook.com/SOMEPAGE.php). Named arguments are passed as GET query string parameters. """ return 'http://www.facebook.com/%s.php?%s' % (page, urllib.urlencode(args)) def get_app_url(self, path=''): """ Returns the URL for this app's canvas page, according to app_name. """ return 'http://apps.facebook.com/%s/%s' % (self.app_name, path) def get_graph_url(self, path='', **args): """ Returns the URL for the graph API with the supplied path and parameters """ return 'https://graph.facebook.com/%s?%s' % (path, urllib.urlencode(args)) def get_add_url(self, next=None): """ Returns the URL that the user should be redirected to in order to add the application. """ args = {'api_key': self.api_key, 'v': '1.0'} if next is not None: args['next'] = next return self.get_url('install', **args) def get_authorize_url(self, next=None, next_cancel=None): """ Returns the URL that the user should be redirected to in order to authorize certain actions for application. """ args = {'api_key': self.api_key, 'v': '1.0'} if next is not None: args['next'] = next if next_cancel is not None: args['next_cancel'] = next_cancel return self.get_url('authorize', **args) def get_login_url(self, next=None, popup=False, canvas=True, required_permissions=None): """ Returns the URL that the user should be redirected to in order to login. next -- the URL that Facebook should redirect to after login required_permissions -- permission required by the application """ if self.oauth2: args = { 'client_id': self.app_id, 'redirect_uri': next } if required_permissions: args['scope'] = required_permissions if popup: args['display'] = 'popup' return self.get_graph_url('oauth/authorize', **args) else: args = {'api_key': self.api_key, 'v': '1.0'} if next is not None: args['next'] = next if canvas is True: args['canvas'] = 1 if popup is True: args['popup'] = 1 if required_permissions: args['req_perms'] = ",".join(required_permissions) if self.auth_token is not None: args['auth_token'] = self.auth_token return self.get_url('login', **args) def login(self, popup=False): """Open a web browser telling the user to login to Facebook.""" import webbrowser webbrowser.open(self.get_login_url(popup=popup)) def get_ext_perm_url(self, ext_perm, next=None, popup=False): """ Returns the URL that the user should be redirected to in order to grant an extended permission. ext_perm -- the name of the extended permission to request next -- the URL that Facebook should redirect to after login """ args = {'ext_perm': ext_perm, 'api_key': self.api_key, 'v': '1.0'} if next is not None: args['next'] = next if popup is True: args['popup'] = 1 return self.get_url('authorize', **args) def request_extended_permission(self, ext_perm, popup=False): """Open a web browser telling the user to grant an extended permission.""" import webbrowser webbrowser.open(self.get_ext_perm_url(ext_perm, popup=popup)) def check_session(self, request, params=None): """ Checks the given Django HttpRequest for Facebook parameters such as POST variables or an auth token. If the session is valid, returns True and this object can now be used to access the Facebook API. Otherwise, it returns False, and the application should take the appropriate action (either log the user in or have him add the application). """ self.in_canvas = (request.POST.get('fb_sig_in_canvas') == '1') if not 'auth_token' in request.GET and self.session_key and (self.uid or self.page_id): return True if not params: if request.method == 'POST': params = self.validate_signature(request.POST) else: if 'installed' in request.GET: self.added = True if 'fb_page_id' in request.GET: self.page_id = request.GET['fb_page_id'] if 'auth_token' in request.GET: self.added = True # added by Marinho self.auth_token = request.GET['auth_token'] try: self.auth.getSession() except FacebookError, e: self.auth_token = None return False return True params = self.validate_signature(request.GET) if not params: cookies = None # first check if we are in django - to check cookies if hasattr(request, 'COOKIES'): cookies = request.COOKIES else: if hasattr(request, 'cookies'): cookies = request.cookies if cookies: params = self.validate_oauth_cookie_signature(cookies) if params: self.is_oauth = True self.oauth_token = params['access_token'] else: params = self.validate_cookie_signature(cookies) self.is_session_from_cookie = True if not params: if self.validate_iframe(request): return True else: params = {} if not params: return False if 'in_canvas' in params and params.get('in_canvas') == '1': self.in_canvas = True if 'in_iframe' in params and params.get('in_iframe') == '1': self.in_iframe = True if 'in_profile_tab' in params and params.get('in_profile_tab') == '1': self.in_profile_tab = True if 'added' in params and params.get('added') == '1': self.added = True if params.get('expires'): # Marinho Brandao - fixing problem with no session self.session_key_expires = params.get('expires', '').isdigit() and int(params['expires']) or 0 if 'locale' in params: self.locale = params['locale'] if 'profile_update_time' in params: try: self.profile_update_time = int(params['profile_update_time']) except ValueError: pass if 'ext_perms' in params: if params['ext_perms']: self.ext_perms = params['ext_perms'].split(',') else: self.ext_perms = [] if 'friends' in params: if params['friends']: self._friends = params['friends'].split(',') else: self._friends = [] # If app_id is not set explicitly, pick it up from the param if not self.app_id and 'app_id' in params: self.app_id = params['app_id'] if 'session_key' in params: self.session_key = params['session_key'] if 'user' in params: self.uid = params['user'] elif 'page_id' in params: self.page_id = params['page_id'] elif 'uid' in params: self.uid = params['uid'] else: return False elif 'profile_session_key' in params: self.session_key = params['profile_session_key'] if 'profile_user' in params: self.uid = params['profile_user'] else: return False elif 'canvas_user' in params: self.uid = params['canvas_user'] elif 'uninstall' in params: self.uid = params['user'] else: return False return True def validate_oauth_session(self, session_json): session = simplejson.loads(session_json) sig = session.pop('sig') hash = self._hash_args(session) if hash == sig: return session return None def validate_signature(self, post, prefix='fb_sig', timeout=None): """ Validate parameters passed to an internal Facebook app from Facebook. """ args = post.copy() if prefix not in args: return None del args[prefix] if timeout and '%s_time' % prefix in post and time.time() - float(post['%s_time' % prefix]) > timeout: return None args = dict([(key[len(prefix + '_'):], value) for key, value in args.items() if key.startswith(prefix)]) hash = self._hash_args(args) if hash == post[prefix]: return args else: return None def validate_iframe(self, request): request_dict = request.POST if request.method == 'POST' else request.GET if any(not request_dict.has_key(key) for key in ['userid','reqtime','appsig']): return False request_time = request_dict['reqtime'] time_now = int(time.time()) if time_now - int(request_time) > settings.FACEBOOK_IFRAME_VALIDATION_TIMEOUT: return False userid = int(request_dict['userid']) self.uid = userid app_sig = request_dict['appsig'] digest = create_hmac("%s%s" % (str(userid),str(request_time))) return digest == app_sig def validate_oauth_cookie_signature(self, cookies): cookie_name = 'fbs_%s' % self.app_id if cookie_name in cookies: # value like # "access_token=104302089510310%7C2.HYYLow1Vlib0s_sJSAESjw__.3600.1275037200-100000214342553%7CtC1aolM22Lauj_dZhYnv_tF2CK4.&base_domain=yaycy.com&expires=1275037200&secret=FvIHkbAFwEy_0sueRk2ZYQ__&session_key=2.HYYoow1Vlib0s_sJSAESjw__.3600.1275037200-100000214342553&sig=7bb035a0411be7aa801964ae34416f28&uid=100000214342553" params = dict([part.split('=') for part in cookies[cookie_name]]) sig = params.pop('sig') hash = self._hash_args(params) if hash == sig: return params return None def validate_cookie_signature(self, cookies): """ Validate parameters passed by cookies, namely facebookconnect or js api. """ api_key = self.api_key if api_key not in cookies: return None prefix = api_key + "_" params = {} vals = '' for k in sorted(cookies): if k.startswith(prefix): key = k.replace(prefix,"") value = cookies[k] if value != 'None': params[key] = value vals += '%s=%s' % (key, value) hasher = hashlib.md5(vals) hasher.update(self.secret_key) digest = hasher.hexdigest() if digest == cookies[api_key]: params['is_session_from_cookie'] = True return params else: return False # new methods for GAE def check_connect_session(self, request): params = self.validate_cookie(request.cookies) if not params: return False if params.get('expires'): self.session_key_expires = int(params['expires']) if 'session_key' in params and 'user' in params: self.session_key = params['session_key'] self.uid = params['user'] else: return False return True def validate_cookie(self, cookies): #check for the hashed secret if self.api_key not in cookies: return None #create a dict of the elements that start with the api_key #the resultant dict removes the self.api_key from the beginning args = dict([(key[len(self.api_key) + 1:], value) for key, value in cookies.items() if key.startswith(self.api_key+"_")]) #check the hashes before returning them if self._hash_args(args) == cookies[self.api_key]: return args return None if __name__ == '__main__': # sample desktop application api_key = '' secret_key = '' facebook = Facebook(api_key, secret_key) facebook.auth.createToken() # Show login window # Set popup=True if you want login without navigational elements facebook.login() # Login to the window, then press enter print 'After logging in, press enter...' raw_input() facebook.auth.getSession() print 'Session Key: ', facebook.session_key print 'Your UID: ', facebook.uid info = facebook.users.getInfo([facebook.uid], ['name', 'birthday', 'affiliations', 'sex'])[0] print 'Your Name: ', info['name'] print 'Your Birthday: ', info['birthday'] print 'Your Gender: ', info['sex'] friends = facebook.friends.get() friends = facebook.users.getInfo(friends[0:5], ['name', 'birthday', 'relationship_status']) for friend in friends: print friend['name'], 'has a birthday on', friend['birthday'], 'and is', friend['relationship_status'] arefriends = facebook.friends.areFriends([friends[0]['uid']], [friends[1]['uid']]) photos = facebook.photos.getAlbums(facebook.uid)