From ab9b82e77878e1c904d02ab931f8f6f8c0651a21 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 6 Sep 2017 16:44:10 -0700 Subject: [PATCH 01/12] ignore diaspora_meta column on item import. --- include/import.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/import.php b/include/import.php index 2199400af..4d38c8061 100644 --- a/include/import.php +++ b/include/import.php @@ -602,6 +602,11 @@ function import_items($channel, $items, $sync = false, $relocate = null) { if(! $item) continue; + // deprecated + + if(array_key_exists('diaspora_meta',$item)) + unset($item['diaspora_meta']); + if($relocate && $item['mid'] === $item['parent_mid']) { item_url_replace($channel,$item,$relocate['url'],z_root(),$relocate['channel_address']); } From 318643cf9a8b40fad98df58f6c262d6ae6a0c63b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 6 Sep 2017 19:55:32 -0700 Subject: [PATCH 02/12] mastodon wraps oembed in an iframe - which we immediately purify our of existence and what we really want to purify is the content. So strip away the iframe, fetch the content and purify that instead. --- include/oembed.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/oembed.php b/include/oembed.php index 460e0244e..f662d84c7 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -225,6 +225,17 @@ function oembed_fetch_url($embedurl){ if($j['html']) { $orig = $j['html']; $allow_position = (($is_matrix) ? true : false); + + // some sites wrap their entire embed in an iframe + // which we will purify away and which we provide anyway. + // So if we see this, grab the frame src url and use that + // as the embed content - which will still need to be purified. + + if(preg_match('# Date: Wed, 6 Sep 2017 20:07:53 -0700 Subject: [PATCH 03/12] use array_key_exists() instead of x() in this case as the latter fails on an array that's empty and we unconditionally need to encode the array even if empty --- include/items.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/items.php b/include/items.php index d10d43687..f286015fe 100755 --- a/include/items.php +++ b/include/items.php @@ -2004,17 +2004,17 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { $arr = $translate['item']; } - if((x($arr,'obj')) && is_array($arr['obj'])) { + if((array_key_exists('obj',$arr)) && is_array($arr['obj'])) { activity_sanitise($arr['obj']); $arr['obj'] = json_encode($arr['obj']); } - if((x($arr,'target')) && is_array($arr['target'])) { + if((array_key_exists('target',$arr)) && is_array($arr['target'])) { activity_sanitise($arr['target']); $arr['target'] = json_encode($arr['target']); } - if((x($arr,'attach')) && is_array($arr['attach'])) { + if((array_key_exists('attach',$arr)) && is_array($arr['attach'])) { activity_sanitise($arr['attach']); $arr['attach'] = json_encode($arr['attach']); } From 23e774db8ea25ba8eb8d8d5d6731622998534bbc Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 13:19:13 -0700 Subject: [PATCH 04/12] markdown code blocks not preserving line breaks, removed a bootstrap over-ride which fixes this, but also changed the style to pre-wrap to wrap the text rather than the default horizontal scroll --- view/css/bootstrap-red.css | 4 ---- view/css/conversation.css | 10 ++++++++++ 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/view/css/bootstrap-red.css b/view/css/bootstrap-red.css index a3a8ce0be..e0018989d 100644 --- a/view/css/bootstrap-red.css +++ b/view/css/bootstrap-red.css @@ -71,10 +71,6 @@ nav .dropdown-menu { min-width: auto; } -code { - white-space: normal; -} - label { font-weight: bold; } diff --git a/view/css/conversation.css b/view/css/conversation.css index dcabb5f3c..32870065b 100644 --- a/view/css/conversation.css +++ b/view/css/conversation.css @@ -1,3 +1,4 @@ + /* jot */ .jothidden input[type="text"] { @@ -302,3 +303,12 @@ img.smiley.emoji:hover { #filer_save { margin-left: 15px; } + + + +/* general over-rides */ + +/* prevent horizontal scrollbars in code blocks */ +code { + white-space: pre-wrap; +} From 61f339a874784d3181f4c884bab9994ec9200f50 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 17:56:02 -0700 Subject: [PATCH 05/12] owa - first commit --- Zotlabs/Module/Magic.php | 32 ++++++++++++++++++- Zotlabs/Module/Owa.php | 57 +++++++++++++++++++++++++++++++++ Zotlabs/Module/Rmagic.php | 4 +-- Zotlabs/Web/HTTPSig.php | 8 +++++ Zotlabs/Web/WebServer.php | 6 ++++ Zotlabs/Zot/Verify.php | 16 ++++++++++ include/zid.php | 66 +++++++++++++++++++++++++++++++++++++++ 7 files changed, 186 insertions(+), 3 deletions(-) create mode 100644 Zotlabs/Module/Owa.php diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index bf3198067..0eb2f27a1 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -17,6 +17,7 @@ class Magic extends \Zotlabs\Web\Controller { $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); + $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); $parsed = parse_url($dest); @@ -132,12 +133,41 @@ class Magic extends \Zotlabs\Web\Controller { if(local_channel()) { $channel = \App::get_channel(); + // OpenWebAuth + + if($owa) { + + $headers = []; + $headers['Accept'] = 'application/x-zot+json' ; + $headers['X-Open-Web-Auth'] = random_string(); + $headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], + 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512'); + + $x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]); + if($x['success']) { + $j = json_decode($x['body'],true); + if($j['success'] && $j['token']) { + $x = strpbrk($dest,'?&'); + $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); + goaway($dest . $args); + } + } + goaway($dest); + } + + $token = random_string(); + // $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); - // $channel['token'] = $token; // $channel['token_sig'] = $token_sig; + + + + + + \Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']); $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel)) diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php new file mode 100644 index 000000000..f71099599 --- /dev/null +++ b/Zotlabs/Module/Owa.php @@ -0,0 +1,57 @@ + true, 'token' => $token ]); + header('Content-Type: application/x-zot+json'); + echo $x; + killme(); + } + } + } + } + $x = json_encode([ 'success' => false ]); + header('Content-Type: application/x-zot+json'); + echo $x; + killme(); + } + } + + $x = json_encode([ 'success' => false ]); + header('Content-Type: application/x-zot+json'); + echo $x; + killme(); + } +} diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index 9fcc72441..0c4eb9ae4 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -18,7 +18,7 @@ class Rmagic extends \Zotlabs\Web\Controller { if($r[0]['hubloc_url'] === z_root()) goaway(z_root() . '/login'); $dest = z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string); - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&dest=' . $dest); + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest); } } } @@ -63,7 +63,7 @@ class Rmagic extends \Zotlabs\Web\Controller { else $dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string)); - goaway($url . '/magic' . '?f=&dest=' . $dest); + goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest); } } } diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 2b139a2a1..fee8aaa41 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -91,6 +91,9 @@ class HTTPSig { if($sig_block['algorithm'] === 'rsa-sha256') { $algorithm = 'sha256'; } + if($sig_block['algorithm'] === 'rsa-sha512') { + $algorithm = 'sha512'; + } if(! $key) { $result['signer'] = $sig_block['keyId']; @@ -113,6 +116,8 @@ class HTTPSig { $digest = explode('=', $headers['digest']); if($digest[0] === 'SHA-256') $hashalg = 'sha256'; + if($digest[0] === 'SHA-512') + $hashalg = 'sha512'; // The explode operation will have stripped the '=' padding, so compare against unpadded base64 if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) { @@ -164,6 +169,9 @@ class HTTPSig { if($alg === 'sha256') { $algorithm = 'rsa-sha256'; } + if($alg === 'sha512') { + $algorithm = 'rsa-sha512'; + } $x = self::sign($request,$head,$prvkey,$alg); diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index a66384c40..8431a2e0e 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -70,6 +70,12 @@ class WebServer { } } + if((x($_REQUEST,'owt')) && (! \App::$install)) { + $token = $_REQUEST['owt']; + \App::$query_string = strip_query_param(\App::$query_string,'owt'); + owt_init($token); + } + if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || (\App::$module === 'login')) require('include/auth.php'); diff --git a/Zotlabs/Zot/Verify.php b/Zotlabs/Zot/Verify.php index 06bd3188c..1f1288aa0 100644 --- a/Zotlabs/Zot/Verify.php +++ b/Zotlabs/Zot/Verify.php @@ -31,6 +31,22 @@ class Verify { return false; } + + function get_meta($type,$channel_id,$token) { + $r = q("select id from verify where vtype = '%s' and channel = %d and token = '%s' limit 1", + dbesc($type), + intval($channel_id), + dbesc($token) + ); + if($r) { + q("delete from verify where id = %d", + intval($r[0]['id']) + ); + return $r[0]['meta']; + } + return false; + } + function purge($type,$interval) { q("delete from verify where vtype = '%s' and created < %s - INTERVAL %s", dbesc($type), diff --git a/include/zid.php b/include/zid.php index ee43fd7c8..5d58ff257 100644 --- a/include/zid.php +++ b/include/zid.php @@ -81,6 +81,10 @@ function zid($s,$address = '') { } +function strip_query_param($s,$param) { + return preg_replace('/[\?&]' . $param . '=(.*?)(&|$)/ism','$2',$s); +} + function strip_zids($s) { return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s); } @@ -230,3 +234,65 @@ function red_zrlify_img_callback($matches) { return $matches[0]; } +function owt_init($token) { + + \Zotlabs\Zot\Verify::purge('owt','3 MINUTE'); + + $ob_hash = \Zotlabs\Zot\Verify::get_meta('owt',0,$token); + if($ob_hash === false) { + return; + } + + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash + where hubloc_addr = '%s' order by hubloc_id desc", + dbesc($ob_hash) + ); + + if(! $r) { + // finger them if they can't be found. + $j = Finger::run($ob_hash, null); + if ($j['success']) { + import_xchan($j); + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash + where hubloc_addr = '%s' order by hubloc_id desc", + dbesc($ob_hash) + ); + } + } + if(! $r) { + logger('owt: unable to finger ' . $ob_hash); + return; + } + $hubloc = $r[0]; + + $delegate_success = false; + if($_REQUEST['delegate']) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", + dbesc($_REQUEST['delegate']) + ); + if ($r && intval($r[0]['channel_id'])) { + $allowed = perm_is_allowed($r[0]['channel_id'],$hubloc['xchan_hash'],'delegate'); + if($allowed) { + $_SESSION['delegate_channel'] = $r[0]['channel_id']; + $_SESSION['delegate'] = $hubloc['xchan_hash']; + $_SESSION['account_id'] = intval($r[0]['channel_account_id']); + require_once('include/security.php'); + // this will set the local_channel authentication in the session + change_channel($r[0]['channel_id']); + $delegate_success = true; + } + } + } + + if (! $delegate_success) { + // normal visitor (remote_channel) login session credentials + $_SESSION['visitor_id'] = $hubloc['xchan_hash']; + $_SESSION['my_url'] = $hubloc['xchan_url']; + $_SESSION['my_address'] = $hubloc['hubloc_addr']; + $_SESSION['remote_hub'] = $hubloc['hubloc_url']; + $_SESSION['DNT'] = 1; + } + + logger('owa success!'); + +} \ No newline at end of file From 4d794103be4112a6f1f0d8f54e0d54c0961297b5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 18:09:31 -0700 Subject: [PATCH 06/12] testing owa --- include/channel.php | 2 +- include/connections.php | 2 +- include/text.php | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/channel.php b/include/channel.php index 41feca362..213676f52 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1633,7 +1633,7 @@ function zid_init() { $query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query); $dest = '/' . urlencode($query); if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&dest=' . z_root() . $dest); + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&dest=' . z_root() . $dest); } else logger('zid_init: no hubloc found.'); diff --git a/include/connections.php b/include/connections.php index 8df795190..a9f906649 100644 --- a/include/connections.php +++ b/include/connections.php @@ -115,7 +115,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { App::$profile_uid = $xchan['channel_id']; $url = (($observer) - ? z_root() . '/magic?f=&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] + ? z_root() . '/magic?f=&owa=1&dest=' . $xchan['xchan_url'] . '&addr=' . $xchan['xchan_addr'] : $xchan['xchan_url'] ); diff --git a/include/text.php b/include/text.php index a3c2bbc08..51d711021 100644 --- a/include/text.php +++ b/include/text.php @@ -987,7 +987,7 @@ function chanlink_cid($d) { function magiclink_url($observer,$myaddr,$url) { return (($observer) - ? z_root() . '/magic?f=&dest=' . $url . '&addr=' . $myaddr + ? z_root() . '/magic?f=&owa=1&dest=' . $url . '&addr=' . $myaddr : $url ); } @@ -1389,7 +1389,7 @@ function theme_attachments(&$item) { if(is_foreigner($item['author_xchan'])) $url = $r['href']; else - $url = z_root() . '/magic?f=&hash=' . $item['author_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; + $url = z_root() . '/magic?f=&owa=1&hash=' . $item['author_xchan'] . '&dest=' . $r['href'] . '/' . $r['revision']; //$s .= '' . $icon . ''; $attaches[] = array('label' => $label, 'url' => $url, 'icon' => $icon, 'title' => $title); From f09fe8da7814a64e653700b4fe04f165edd90045 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 18:14:04 -0700 Subject: [PATCH 07/12] add logging --- Zotlabs/Module/Magic.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 0eb2f27a1..3fe0e1e35 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -144,6 +144,9 @@ class Magic extends \Zotlabs\Web\Controller { 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512'); $x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]); + + logger('owtfetch: ' . print_r($x,true)); + if($x['success']) { $j = json_decode($x['body'],true); if($j['success'] && $j['token']) { From 7e9162ef06b4719723941679e55af079421ae475 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 18:19:49 -0700 Subject: [PATCH 08/12] there's the problem --- Zotlabs/Module/Magic.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 3fe0e1e35..342c11eb9 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -151,7 +151,7 @@ class Magic extends \Zotlabs\Web\Controller { $j = json_decode($x['body'],true); if($j['success'] && $j['token']) { $x = strpbrk($dest,'?&'); - $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); + $args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : ''); goaway($dest . $args); } } From 1fbb1e6c2a665159d0085217c9b73d571e360256 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 18:52:18 -0700 Subject: [PATCH 09/12] initial testing success with owa --- Zotlabs/Module/Owa.php | 2 +- Zotlabs/Zot/Finger.php | 2 +- Zotlabs/Zot/Verify.php | 2 +- include/zid.php | 5 ++++- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index f71099599..0b625dbe5 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -33,7 +33,7 @@ logger('verified: ' . print_r($verified,true)); if($verified && $verified['header_signed'] && $verified['header_valid']) { $token = random_string(32); - \Zotlabs\Zot\Verify::create('owt',0,token,$r[0]['hubloc_hash']); + \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); $x = json_encode([ 'success' => true, 'token' => $token ]); header('Content-Type: application/x-zot+json'); echo $x; diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index dab7d9e01..348171bdc 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -123,7 +123,7 @@ class Finger { $x = json_decode($result['body'], true); $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : '')); - + if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); if($signed_token) { diff --git a/Zotlabs/Zot/Verify.php b/Zotlabs/Zot/Verify.php index 1f1288aa0..1d9e6de3f 100644 --- a/Zotlabs/Zot/Verify.php +++ b/Zotlabs/Zot/Verify.php @@ -33,7 +33,7 @@ class Verify { function get_meta($type,$channel_id,$token) { - $r = q("select id from verify where vtype = '%s' and channel = %d and token = '%s' limit 1", + $r = q("select id, meta from verify where vtype = '%s' and channel = %d and token = '%s' limit 1", dbesc($type), intval($channel_id), dbesc($token) diff --git a/include/zid.php b/include/zid.php index 5d58ff257..d5d863be6 100644 --- a/include/zid.php +++ b/include/zid.php @@ -239,6 +239,7 @@ function owt_init($token) { \Zotlabs\Zot\Verify::purge('owt','3 MINUTE'); $ob_hash = \Zotlabs\Zot\Verify::get_meta('owt',0,$token); + if($ob_hash === false) { return; } @@ -250,7 +251,7 @@ function owt_init($token) { if(! $r) { // finger them if they can't be found. - $j = Finger::run($ob_hash, null); + $j = \Zotlabs\Zot\Finger::run($ob_hash, null); if ($j['success']) { import_xchan($j); $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash @@ -265,6 +266,8 @@ function owt_init($token) { } $hubloc = $r[0]; + $_SESSION['authenticated'] = 1; + $delegate_success = false; if($_REQUEST['delegate']) { $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", From 048a8c5f44eee9b201cb3f6a71a5ed7e865e446e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 19:04:35 -0700 Subject: [PATCH 10/12] provide owa discovery --- Zotlabs/Module/Wfinger.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 07a7b7735..de67522b3 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -124,6 +124,13 @@ class Wfinger extends \Zotlabs\Web\Controller { 'rel' => 'http://purl.org/zot/protocol', 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr'], ], + + [ + 'rel' => 'http://purl.org/openwebauth/v1', + 'type' => 'application/x-zot+json', + 'href' => z_root() . '/owa', + ], + [ 'rel' => 'magic-public-key', From f2dc55244c0741505e5de891fae97d67f31381d2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 20:42:03 -0700 Subject: [PATCH 11/12] provide root discovery for owa --- Zotlabs/Module/Wfinger.php | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index de67522b3..d0c4d73d2 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -30,9 +30,15 @@ class Wfinger extends \Zotlabs\Web\Controller { $resource = $_REQUEST['resource']; logger('webfinger: ' . $resource,LOGGER_DEBUG); + + $root_resource = false; + + if(strcasecmp(rtrim($resource,'/'),z_root()) === 0) + $root_resource = true; + $r = null; - if($resource) { + if(($resource) && (! $root_resource)) { if(strpos($resource,'acct:') === 0) { $channel = str_replace('acct:','',$resource); @@ -60,7 +66,25 @@ class Wfinger extends \Zotlabs\Web\Controller { header('Access-Control-Allow-Origin: *'); + + if($root_resource) { + $result['subject'] = $resource; + $result['properties'] = [ + 'https://w3id.org/security/v1#publicKeyPem' => get_config('system','pubkey') + ]; + $result['links'] = [ + [ + 'rel' => 'http://purl.org/openwebauth/v1', + 'type' => 'application/x-zot+json', + 'href' => z_root() . '/owa', + ], + ]; + + + + } + if($resource && $r) { $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0", @@ -84,7 +108,8 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['properties'] = [ 'http://webfinger.net/ns/name' => $r[0]['channel_name'], - 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'] + 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], + 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'] ]; foreach($aliases as $alias) @@ -143,14 +168,16 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['zot'] = zotinfo( [ 'address' => $r[0]['xchan_addr'] ]); } } - else { + + if(! $result) { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request'); killme(); } $arr = [ 'channel' => $r[0], 'request' => $_REQUEST, 'result' => $result ]; call_hooks('webfinger',$arr); - + + json_return_and_die($arr['result'],'application/jrd+json'); } From 1104e2652f15aaa405208b6dec9e439fb8c39537 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 21:29:32 -0700 Subject: [PATCH 12/12] improve the code block styling a wee bit --- view/css/conversation.css | 10 +--------- view/theme/redbasic/css/style.css | 2 ++ 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/view/css/conversation.css b/view/css/conversation.css index 32870065b..a5a847676 100644 --- a/view/css/conversation.css +++ b/view/css/conversation.css @@ -274,6 +274,7 @@ code { font-size: 1em; padding: 1em 1.5em; display: block; + white-space: pre-wrap; } code.inline-code { @@ -303,12 +304,3 @@ img.smiley.emoji:hover { #filer_save { margin-left: 15px; } - - - -/* general over-rides */ - -/* prevent horizontal scrollbars in code blocks */ -code { - white-space: pre-wrap; -} diff --git a/view/theme/redbasic/css/style.css b/view/theme/redbasic/css/style.css index 621fa2781..b508b2576 100644 --- a/view/theme/redbasic/css/style.css +++ b/view/theme/redbasic/css/style.css @@ -136,6 +136,8 @@ input, optgroup, select, textarea { pre code { border: none; + padding: 1em 1.5em; + border-radius: $radius; } code {