streams/mod/zfinger.php

<?php

function zfinger_init(&$a) {

	require_once('include/zot.php');
	require_once('include/crypto.php');

	$ret = array('success' => false);

	$zguid   = ((x($_REQUEST,'guid'))        ? $_REQUEST['guid']       : '');
	$zaddr   = ((x($_REQUEST,'address'))     ? $_REQUEST['address']    : '');
	$ztarget = ((x($_REQUEST,'target'))      ? $_REQUEST['target']     : '');
	$zsig    = ((x($_REQUEST,'target_sig'))  ? $_REQUEST['target_sig'] : '');
	$zkey    = ((x($_REQUEST,'key'))         ? $_REQUEST['key']        : '');

	if($ztarget) {
		if((! $zkey) || (! $zsig) || (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) {
			logger('zfinger: invalid target signature');
			$ret['message'] = t("invalid target signature");
			json_return_and_die($ret);
		}
	}

	$r = null;

	if(strlen($zguid)) {
		$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash 
			where channel_guid = '%s' limit 1",
			dbesc($zguid)
		);
	}
	elseif(strlen($zaddr)) {
		$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
			where channel_address = '%s' limit 1",
			dbesc($zaddr)
		);
	}
	else {
		$ret['message'] = 'Invalid request';
		json_return_and_die($ret);
	}

	if(! ($r && count($r))) {
		$ret['message'] = 'Item not found.';
		json_return_and_die($ret);
	}

	$e = $r[0];

	$id = $e['channel_id'];
//	$r = q("select contact.*, profile.* 
//		from contact left join profile on contact.uid = profile.uid
//		where contact.uid = %d && contact.self = 1 and profile.is_default = 1 limit 1",
//		intval($id)
//	);
//	if($r && count($r)) {
//		$profile = $r[0];
//	}


	$ret['success'] = true;

	// Communication details

	$ret['guid']           = $e['xchan_guid'];
	$ret['guid_sig']       = $e['xchan_guid_sig'];
	$ret['key']            = $e['xchan_pubkey'];
	$ret['name']           = $e['xchan_name'];
	$ret['name_updated']   = $e['xchan_name_date'];
	$ret['address']        = $e['xchan_addr'];
	$ret['photo_mimetype'] = $e['xchan_photo_mimetype'];
	$ret['photo']          = $e['xchan_photo_l'];
	$ret['photo_updated']  = $e['xchan_photo_date'];
	$ret['url']            = $e['xchan_url'];
	$ret['name_updated']   = $e['xchan_name_date'];
	$ret['target']         = $ztarget;
	$ret['target_sig']     = $zsig;

// FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery. 

	$ret['permissions']   = get_all_perms($e['channel_id'],(($ztarget && $zsig) 
			? base64url_encode(hash('whirlpool',$ztarget . $zsig,true)) 
			: '' ),false);


//	$ret['profile']  = $profile;

	// array of (verified) hubs this channel uses

	$ret['locations'] = array();
	$x = zot_get_hubloc(array($e['channel_hash']));
	if($x && count($x)) {
		foreach($x as $hub) {
			if(! ($hub['hubloc_flags'] & HUBLOC_FLAGS_UNVERIFIED)) {
				$ret['locations'][] = array(
					'host'     => $hub['hubloc_host'],
					'address'  => $hub['hubloc_addr'],
					'primary'  => (($hub['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) ? true : false),
					'url'      => $hub['hubloc_url'],
					'url_sig'  => $hub['hubloc_url_sig'],
					'callback' => $hub['hubloc_callback'],
					'sitekey'  => $hub['hubloc_sitekey']
				);
			}
		}
	}

	json_return_and_die($ret);

}
zfinger 2012-08-22 04:18:01 +00:00			`<?php`

			`function zfinger_init(&$a) {`

zfinger - return all additional hubs 2012-08-22 04:39:21 +00:00			`require_once('include/zot.php');`
updates 2012-09-10 04:17:06 +00:00			`require_once('include/crypto.php');`
zfinger 2012-08-22 04:18:01 +00:00
a few minor changes 2012-08-27 06:05:00 +00:00			`$ret = array('success' => false);`

add key passing and verification to targeted discovery 2012-11-02 22:34:35 +00:00			`$zguid = ((x($_REQUEST,'guid')) ? $_REQUEST['guid'] : '');`
			`$zaddr = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : '');`
			`$ztarget = ((x($_REQUEST,'target')) ? $_REQUEST['target'] : '');`
			`$zsig = ((x($_REQUEST,'target_sig')) ? $_REQUEST['target_sig'] : '');`
			`$zkey = ((x($_REQUEST,'key')) ? $_REQUEST['key'] : '');`

			`if($ztarget) {`
			`if((! $zkey) \|\| (! $zsig) \|\| (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) {`
			`logger('zfinger: invalid target signature');`
			`$ret['message'] = t("invalid target signature");`
			`json_return_and_die($ret);`
			`}`
			`}`
get permission discovery working - guid sigs were getting truncated in db 2012-11-01 03:53:02 +00:00
a few minor changes 2012-08-27 06:05:00 +00:00			`$r = null;`

			`if(strlen($zguid)) {`
merge zperms functionality into zfinger 2012-11-01 00:38:22 +00:00			`$r = q("select channel., xchan. from channel left join xchan on channel_hash = xchan_hash`
			`where channel_guid = '%s' limit 1",`
a few minor changes 2012-08-27 06:05:00 +00:00			`dbesc($zguid)`
			`);`
			`}`
			`elseif(strlen($zaddr)) {`
merge zperms functionality into zfinger 2012-11-01 00:38:22 +00:00			`$r = q("select channel., xchan. from channel left join xchan on channel_hash = xchan_hash`
			`where channel_address = '%s' limit 1",`
a few minor changes 2012-08-27 06:05:00 +00:00			`dbesc($zaddr)`
			`);`
			`}`
			`else {`
			`$ret['message'] = 'Invalid request';`
			`json_return_and_die($ret);`
			`}`
zfinger 2012-08-22 04:18:01 +00:00
a few minor changes 2012-08-27 06:05:00 +00:00			`if(! ($r && count($r))) {`
			`$ret['message'] = 'Item not found.';`
			`json_return_and_die($ret);`
			`}`

			`$e = $r[0];`
zfinger 2012-08-22 04:18:01 +00:00
moving a lot of structure around. 'entity' is now 'channel' 2012-09-26 00:57:20 +00:00			`$id = $e['channel_id'];`
merge zperms functionality into zfinger 2012-11-01 00:38:22 +00:00			`// $r = q("select contact., profile.`
			`// from contact left join profile on contact.uid = profile.uid`
			`// where contact.uid = %d && contact.self = 1 and profile.is_default = 1 limit 1",`
			`// intval($id)`
			`// );`
			`// if($r && count($r)) {`
			`// $profile = $r[0];`
			`// }`
start on contacts/profiles 2012-08-31 01:17:38 +00:00

a few minor changes 2012-08-27 06:05:00 +00:00			`$ret['success'] = true;`
basic hub registration 2012-08-22 06:11:27 +00:00
a few minor changes 2012-08-27 06:05:00 +00:00			`// Communication details`
basic hub registration 2012-08-22 06:11:27 +00:00
add mimetype to photo info 2012-11-01 08:49:00 +00:00			`$ret['guid'] = $e['xchan_guid'];`
			`$ret['guid_sig'] = $e['xchan_guid_sig'];`
			`$ret['key'] = $e['xchan_pubkey'];`
			`$ret['name'] = $e['xchan_name'];`
			`$ret['name_updated'] = $e['xchan_name_date'];`
			`$ret['address'] = $e['xchan_addr'];`
typos 2012-11-01 09:00:25 +00:00			`$ret['photo_mimetype'] = $e['xchan_photo_mimetype'];`
add mimetype to photo info 2012-11-01 08:49:00 +00:00			`$ret['photo'] = $e['xchan_photo_l'];`
			`$ret['photo_updated'] = $e['xchan_photo_date'];`
send more info 2012-11-01 08:53:57 +00:00			`$ret['url'] = $e['xchan_url'];`
			`$ret['name_updated'] = $e['xchan_name_date'];`
add mimetype to photo info 2012-11-01 08:49:00 +00:00			`$ret['target'] = $ztarget;`
			`$ret['target_sig'] = $zsig;`
get permission discovery working - guid sigs were getting truncated in db 2012-11-01 03:53:02 +00:00
fixme note about discovered permission encryption 2012-11-02 21:48:33 +00:00			`// FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery.`

get permission discovery working - guid sigs were getting truncated in db 2012-11-01 03:53:02 +00:00			`$ret['permissions'] = get_all_perms($e['channel_id'],(($ztarget && $zsig)`
			`? base64url_encode(hash('whirlpool',$ztarget . $zsig,true))`
			`: '' ),false);`


zfinger 2012-08-22 04:18:01 +00:00
merge zperms functionality into zfinger 2012-11-01 00:38:22 +00:00			`// $ret['profile'] = $profile;`
start on contacts/profiles 2012-08-31 01:17:38 +00:00
moving a lot of structure around. 'entity' is now 'channel' 2012-09-26 00:57:20 +00:00			`// array of (verified) hubs this channel uses`
a few minor changes 2012-08-27 06:05:00 +00:00
get permission discovery working - guid sigs were getting truncated in db 2012-11-01 03:53:02 +00:00			`$ret['locations'] = array();`
merge zperms functionality into zfinger 2012-11-01 00:38:22 +00:00			`$x = zot_get_hubloc(array($e['channel_hash']));`
a few minor changes 2012-08-27 06:05:00 +00:00			`if($x && count($x)) {`
			`foreach($x as $hub) {`
			`if(! ($hub['hubloc_flags'] & HUBLOC_FLAGS_UNVERIFIED)) {`
get permission discovery working - guid sigs were getting truncated in db 2012-11-01 03:53:02 +00:00			`$ret['locations'][] = array(`
			`'host' => $hub['hubloc_host'],`
			`'address' => $hub['hubloc_addr'],`
a few minor changes 2012-08-27 06:05:00 +00:00			`'primary' => (($hub['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) ? true : false),`
			`'url' => $hub['hubloc_url'],`
starting on pinging the basic elements of federation and communication 2012-10-31 23:55:19 +00:00			`'url_sig' => $hub['hubloc_url_sig'],`
a few minor changes 2012-08-27 06:05:00 +00:00			`'callback' => $hub['hubloc_callback'],`
			`'sitekey' => $hub['hubloc_sitekey']`
			`);`
zfinger - return all additional hubs 2012-08-22 04:39:21 +00:00			`}`
			`}`
a few minor changes 2012-08-27 06:05:00 +00:00			`}`
zfinger - return all additional hubs 2012-08-22 04:39:21 +00:00
zfinger 2012-08-22 04:18:01 +00:00			`json_return_and_die($ret);`
a few minor changes 2012-08-27 06:05:00 +00:00
zfinger 2012-08-22 04:18:01 +00:00			`}`