Luckily, Goodreads has a really well thought out API, so I lunged straight in. They use OAuth 1.0 to authenticate requests to some of the API calls (mostly the ones concerned with updating data, which is exactly what I was up to) so I started looking for a Perl OAuth 1.0 module on CPAN. There's some choice out there! OAuth 1.0 has been round the block for a while so it appears that multiple authors have had a go at making supporting libraries with varying amounts of success and complexity.
So in the spirit of being super helpful, I thought I'd share with you the prototype code that I knocked up today. Its far, far, far from production ready and there's probably loads of security holes that you'll need to plug. However it does demonstrate how to do OAuth 1.0 using the Net::OAuth::Simple Perl module and how to do both GET and POST style (view and update) Goodreads API calls. Its also a great way for me to remember what the heck I did when I next need to use OAuth calls!
First off we have a new Perl module I called Goodreads.pm. Its a super class of the Net::OAuth::Simple module that sets things up to talk to Goodreads and provides a few convenience functions. Its obviously massively stolen from the example in the Net::OAuth::Simple perldoc that comes with the module.
#!/usr/bin/perl package Goodreads; use strict; use base qw(Net::OAuth::Simple); sub new { my $class = shift; my %tokens = @_; return $class->SUPER::new( tokens => \%tokens, protocol_version => '1.0', return_undef_on_error => 1, urls => { authorization_url => 'http://www.goodreads.com/oauth/authorize', request_token_url => 'http://www.goodreads.com/oauth/request_token', access_token_url => 'http://www.goodreads.com/oauth/access_token', }); } sub view_restricted_resource { my $self = shift; my $url = shift; return $self->make_restricted_request($url, 'GET'); } sub update_restricted_resource { my $self = shift; my $url = shift; my %extra_params = @_; return $self->make_restricted_request($url, 'POST', %extra_params); } sub make_restricted_request { my $self = shift; croak $Net::OAuth::Simple::UNAUTHORIZED unless $self->authorized; my( $url, $method, %extras ) = @_; my $uri = URI->new( $url ); my %query = $uri->query_form; $uri->query_form( {} ); $method = lc $method; my $content_body = delete $extras{ContentBody}; my $content_type = delete $extras{ContentType}; my $request = Net::OAuth::ProtectedResourceRequest->new( consumer_key => $self->consumer_key, consumer_secret => $self->consumer_secret, request_url => $uri, request_method => uc( $method ), signature_method => $self->signature_method, protocol_version => $self->oauth_1_0a ? Net::OAuth::PROTOCOL_VERSION_1_0A : Net::OAuth::PROTOCOL_VERSION_1_0, timestamp => time, nonce => $self->_nonce, token => $self->access_token, token_secret => $self->access_token_secret, extra_params => { %query, %extras }, ); $request->sign; die "COULDN'T VERIFY! Check OAuth parameters.\n" unless $request->verify; my $request_url = URI->new( $url ); my $req = HTTP::Request->new(uc($method) => $request_url); $req->header('Authorization' => $request->to_authorization_header); if ($content_body) { $req->content_type($content_type); $req->content_length(length $content_body); $req->content($content_body); } my $response = $self->{browser}->request($req); return $response; } 1;
Next we have the actual CGI script that makes use of this module. This shows how to call the Goodreads.pm (and thus Net::OAuth::Simple) and then do the Goodreads API calls:
#!/usr/bin/perl use strict; use CGI; use CGI::Cookie; use Goodreads; use XML::Mini::Document; use Data::Dumper; my %tokens; $tokens{'consumer_key'} = 'YOUR_CONSUMER_KEY_GOES_IN_HERE'; $tokens{'consumer_secret'} = 'YOUR_CONSUMER_SECRET_GOES_IN_HERE'; my $q = new CGI; my %cookies = fetch CGI::Cookie; if($cookies{'at'}) { $tokens{'access_token'} = $cookies{'at'}->value; } if($cookies{'ats'}) { $tokens{'access_token_secret'} = $cookies{'ats'}->value; } if($q->param('isbns')) { $cookies{'isbns'} = $q->param('isbns'); } my $oauth_token = undef; if($q->param('authorize') == 1 && $q->param('oauth_token')) { $oauth_token = $q->param('oauth_token'); } elsif(defined $q->param('authorize') && !$q->param('authorize')) { print $q->header, $q->start_html, $q->h1('Not authorized to use Goodreads'), $q->p('This user does not allow us to use Goodreads'); $q->end_html; exit; } my $app = Goodreads->new(%tokens); unless ($app->consumer_key && $app->consumer_secret) { die "You must go get a consumer key and secret from App\n"; } if ($oauth_token) { if(!$app->authorized) { GetOAuthAccessTokens(); } StartInjection(); } else { my $url = $app->get_authorization_url(callback => 'https://example.com/cgi-bin/good-reads/inject'); my @cookies; foreach my $name (qw(request_token request_token_secret)) { my $cookie = $q->cookie(-name => $name, -value => $app->$name); push @cookies, $cookie; } push @cookies, $q->cookie(-name => 'isbns', -value => $cookies{'isbns'} || ''); # print $q->redirect($url); print $q->header(-cookie => \@cookies, -status=>'302 Moved', -location=>$url, ); } exit; sub GetOAuthAccessTokens { foreach my $name (qw(request_token request_token_secret)) { my $value = $q->cookie($name); $app->$name($value); } ($tokens{'access_token'}, $tokens{'access_token_secret'}) = $app->request_access_token( callback => 'https://example.com/cgi-bin/goodreads-inject', ); } sub StartInjection { my $at_cookie = new CGI::Cookie(-name=>'at', -value => $tokens{'access_token'}); my $ats_cookie = new CGI::Cookie(-name => 'ats', -value => $tokens{'access_token_secret'} ); my $isbns_cookie = new CGI::Cookie(-name => 'isbns', -value => ''); print $q->header(-cookie=>[$at_cookie,$ats_cookie,$isbns_cookie]); print $q->start_html; my $user_id = GetUserId(); if($user_id) { my $shelf_id = LoughboroughShelf(user_id => $user_id); if($shelf_id) { my $isbns = $cookies{'isbns'}->value; print $q->p("Got ISBNs list of $isbns"); AddBooksToShelf(shelf_id => $shelf_id, isbns => $isbns, ) } } print $q->end_html; } sub GetUserId { my $user_id = 0; my $response = $app->view_restricted_resource( 'https://www.goodreads.com/api/auth_user' ); if($response->content) { my $xml = XML::Mini::Document->new(); $xml->parse($response->content); my $user_xml = $xml->toHash(); $user_id = $user_xml->{'GoodreadsResponse'}->{'user'}->{'id'}; } return $user_id; } sub LoughboroughShelf { my $params; %{$params} = @_; my $shelf_id = 0; my $user_id = $params->{'user_id'} || return $shelf_id; my $response = $app->view_restricted_resource('https://www.goodreads.com/shelf/list.xml?key=' . $tokens{'consumer_key'} . '&user_id=' . $user_id); if($response->content) { my $xml = XML::Mini::Document->new(); $xml->parse($response->content); my $shelf_xml = $xml->toHash(); foreach my $this_shelf (@{$shelf_xml->{'GoodreadsResponse'}->{'shelves'}->{'user_shelf'}}) { if($this_shelf->{'name'} eq 'loughborough-wishlist') { $shelf_id = $this_shelf->{'id'}->{'-content'}; last; } } if(!$shelf_id) { $shelf_id = MakeLoughboroughShelf(user_id => $user_id); } } print $q->p("Returning shelf id of $shelf_id"); return $shelf_id; } sub MakeLoughboroughShelf { my $params; %{$params} = @_; my $shelf_id = 0; my $user_id = $params->{'user_id'} || return $shelf_id; my $response = $app->update_restricted_resource('https://www.goodreads.com/user_shelves.xml?user_shelf[name]=loughborough-wishlist', ); if($response->content) { my $xml = XML::Mini::Document->new(); $xml->parse($response->content); my $shelf_xml = $xml->toHash(); $shelf_id = $shelf_xml->{'user_shelf'}->{'id'}->{'-content'}; print $q->p("Shelf hash: ".Dumper($shelf_xml)); } return $shelf_id; } sub AddBooksToShelf { my $params; %{$params} = @_; my $shelf_id = $params->{'shelf_id'} || return; my $isbns = $params->{'isbns'} || return; foreach my $isbn (split(',',$isbns)) { my $response = $app->view_restricted_resource('https://www.goodreads.com/book/isbn_to_id?key=' . $tokens{'consumer_key'} . '&isbn=' . $isbn); if($response->content) { my $book_id = $response->content; print $q->p("Adding book ID for ISBN $isbn is $book_id"); $response = $app->update_restricted_resource('http://www.goodreads.com/shelf/add_to_shelf.xml?name=loughborough-wishlist&book_id='.$book_id); } } }
You'll obviously need to get a developer consumer key and secret from the Goodreads site and pop them into the variables at the start of the script (no, I'm not sharing mine with you!). The real work is done by the StartInjection() subroutine and the subordinate subroutines that it then calls once the OAuth process has been completed. By this point we've got an access token and its associated secret so we can act as whichever user has allowed us to connect to Goodreads as them. The code will find this user's Goodreads ID, see if they have a bookshelf called "loughborough-wishlist" (and create it if they don't) and then add any books that Goodreads knows about with the given ISBN(s). You'd call this CGI script with a URL something like:
https://example.com/cgi-bin/goodreads-inject?isbns=9781565928282
Anyway, there's a "works for me" simple example of talking to Goodreads from Perl using OAuth 1.0. There's plenty of development work left in turning this into production level code (it needs to be made more secure for a start off, and the access tokens and secret could be cached in a file or database for reuse in subsequent sessions) but I hope some folk find this useful.
Hey Jon,
ReplyDeleteI actually was planning to connect to the Good Reads API with a quick perl script myself, can I use your code?
Yeah sure - the code is yours to do with as you will.
Delete