OS X Wiki/Blog Server API

Question

I'm working on a client app for iOS to edit the built-in Wiki/Blog on Mac OS X Server (Snow Leopard and Lion).

It seems that we are able to use MetaWeblog , Atom API(I've tried but failed) or XML-RPC. However, I can't find any API document for it.

So my question is, where can I find the documents, or some open source samples? All samples I found can't deal with the OS X Server.

Much appreciate!

Update:

Heres the standard structure of the Wiki system:

I can't even get the list of the 'group_name' under ~/Groups/

Answer 1

I'm working on the latest Lion server, for an access via an app. The structure of the Lion server web service is based on ruby on rails, and is easy to understand ( I have no ruby experience before). However, the whole system(for the implemented part) is not designed for API access. For example, the auth system is based on Cookie authentication(session id or something). not all the output of the request has a json response. Not any failed request responses with a json body.

all the work need to be done by ur self.

The first is to authenticate with the server. all the process is exposed to you:

'wiki/api/csrf' to get the X-CSRF-Token value
'auth/challenge_advanced?username=xxxx' to get a challenge parameters
'auth/digest_login' to use md5-sess digest to login

while, the md5-sess digest is calculated by your own code following to the digest.js (objective-c for me, with CC_md5 lib)

then you can added json render support to ur required controllers, such as,

respond_to do |format|
  format.html
  format.js  { render_js_pagination_response(@search, 'people/entitylist_item') }
  format.json { #new added json support
    rs = []
    @search.results.each do |r|
      nr = filterUserInfo r  # I only need some of the all properties
      rs.push nr
    end
    render :json => rs
  }
end

One important thing is, the lion server use web auth/cookie to authorize an access, so your request lib/api must handle the cookies.

all above is a simplest solution the the api/json access, but not the best one. U had better to re-work all access progress to suit the api access.

BTW: u can copy the whole /usr/share/collabd/ into ur own project's dir, then modify all /your projects path/collab/coreclient/config/collabcore{1,2,3,4}.yml, change the production to development.

so u can start a development server app under collab/coreclient with:

sudo -u _teamsserver thin start

access to the server thru http://localhost:3000

Answer 2

The javascript source code for the wiki is not obfuscated, and it seems simple enough to serve as documentation. For example, the authentication process:

sendAuthenticationPlain: function() {
    $('webauth').addClassName('verifying').removeClassName('error');
    var username = $F('username');
    var password = $F('password');
    var csrf = $F('authenticity_token');
    var plainResponse = "username="+username+"&password="+password
    this.setRememberMeCookie();
    var ajaxReq = new Ajax.Request(window.location.protocol + '//' + window.location.host + "/auth/plain_login", {
        method: 'post',
        requestHeaders: {'X-CSRF-Token': csrf},
        onComplete: this.gotAuthentication.bind(this),
        postBody: plainResponse
    });
    return false;
},
gotAuthentication: function(origRequest) {
    if (origRequest.responseJSON) {
        var jsonObject = origRequest.responseJSON
        if (jsonObject['success']) {
            var redirect = jsonObject['redirect'];
            var authToken = jsonObject['auth_token'];
            this.successCallback(authToken, redirect);
        } else {
            var errorString = jsonObject['error_string']
            this.failureCallback(errorString);
        }
    }
},

So you send a POST request to auth/plain_login, containing just the username/password in the POST data and an X-CSRF-Token header who's value comes from the <input type="hidden" name="authenticity_token" /> element on the page. The server returns a JSON string containing 'success' boolean.

You can also use safari/chrome's developer tools to monitor ajax requests to/from the server, for example this is the JSON contents of a PUT request to save a wiki page: