mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-20 09:55:15 +00:00
z6 deliver
This commit is contained in:
parent
82306682c6
commit
2de1285121
3 changed files with 104 additions and 9 deletions
|
@ -137,6 +137,21 @@ class HTTPSig {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
if(in_array('x-zot-digest',$signed_headers)) {
|
||||
$result['content_signed'] = true;
|
||||
$digest = explode('=', $headers['x-zot-digest']);
|
||||
if($digest[0] === 'SHA-256')
|
||||
$hashalg = 'sha256';
|
||||
if($digest[0] === 'SHA-512')
|
||||
$hashalg = 'sha512';
|
||||
|
||||
// The explode operation will have stripped the '=' padding, so compare against unpadded base64
|
||||
if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) {
|
||||
$result['content_valid'] = true;
|
||||
}
|
||||
}
|
||||
|
||||
logger('Content_Valid: ' . $result['content_valid']);
|
||||
|
||||
return $result;
|
||||
|
|
|
@ -216,7 +216,24 @@ function queue_deliver($outq, $immediate = false) {
|
|||
// normal zot delivery
|
||||
|
||||
logger('deliver: dest: ' . $outq['outq_posturl'], LOGGER_DEBUG);
|
||||
$result = zot_zot($outq['outq_posturl'],$outq['outq_notify']);
|
||||
|
||||
|
||||
|
||||
$msg = $outq['outq_notify'];
|
||||
$channel = null;
|
||||
|
||||
if($outq['outq_msg']) {
|
||||
$tmp = json_decode($msg,true);
|
||||
$tmp['pickup'] = json_decode($outq['outq_msg'],true);
|
||||
$msg = json_encode($tmp);
|
||||
if($outq['outq_channel']) {
|
||||
$channel = channelx_by_n($outq['outq_channel']);
|
||||
}
|
||||
}
|
||||
|
||||
$result = zot_zot($outq['outq_posturl'],$msg,$channel);
|
||||
|
||||
|
||||
if($result['success']) {
|
||||
logger('deliver: remote zot delivery succeeded to ' . $outq['outq_posturl']);
|
||||
zot_process_response($outq['outq_posturl'],$result, $outq);
|
||||
|
|
|
@ -211,8 +211,19 @@ function zot_best_algorithm($methods) {
|
|||
* @param array $data
|
||||
* @return array see z_post_url() for returned data format
|
||||
*/
|
||||
function zot_zot($url, $data) {
|
||||
return z_post_url($url, array('data' => $data));
|
||||
function zot_zot($url, $data, $channel = null) {
|
||||
|
||||
$headers = [];
|
||||
|
||||
if($channel) {
|
||||
$headers['X-Zot-Token'] = random_string();
|
||||
$hash = \Zotlabs\Web\HTTPSig::generate_digest($data,false);
|
||||
$headers['X-Zot-Digest'] = 'SHA-256=' . $hash;
|
||||
\Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
|
||||
}
|
||||
|
||||
$redirects = 0;
|
||||
return z_post_url($url, array('data' => $data),$redirects,((is_empty($headers)) ? [] : [ 'headers' => $headers ]));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -4967,12 +4978,63 @@ function zot_reply_refresh($sender, $recipients) {
|
|||
}
|
||||
|
||||
|
||||
function zot6_check_sig() {
|
||||
|
||||
$ret = [ 'success' => false ];
|
||||
|
||||
foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
|
||||
if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
|
||||
if($head !== 'HTTP_AUTHORIZATION') {
|
||||
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
|
||||
continue;
|
||||
}
|
||||
|
||||
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
|
||||
if($sigblock) {
|
||||
$keyId = $sigblock['keyId'];
|
||||
|
||||
if($keyId) {
|
||||
$r = q("select hubloc.*, site_crypto from hubloc left join site on hubloc_url = site_url
|
||||
where hubloc_addr = '%s' ",
|
||||
dbesc(str_replace('acct:','',$keyId))
|
||||
);
|
||||
if($r) {
|
||||
foreach($r as $hubloc) {
|
||||
$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
|
||||
if($verified && $verified['header_signed'] && $verified['header_valid'] && $verified['content_signed'] && $verified['content_valid']) {
|
||||
$ret['hubloc'] = $hubloc;
|
||||
$ret['success'] = true;
|
||||
return $ret;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
function zot_reply_notify($data) {
|
||||
|
||||
$ret = array('success' => false);
|
||||
|
||||
logger('notify received from ' . $data['sender']['url']);
|
||||
|
||||
// handle zot6 delivery
|
||||
|
||||
$zret = zot6_check_sig();
|
||||
if($zret['success'] && $zret['hubloc'] && $zret['hubloc']['hubloc_guid'] === $data['sender']['guid']) {
|
||||
logger('zot6_delivery');
|
||||
logger('zot6_data: ' . print_r($data,true),LOGGER_DATA);
|
||||
$x = zot_import($data,$data['sender']['url']);
|
||||
if($x) {
|
||||
$x = crypto_encapsulate(json_encode($x),$zret['hubloc']['hubloc_sitekey'],zot_best_algorithm($zret['hubloc']['site_crypto']));
|
||||
$ret['delivery_report'] = $x;
|
||||
}
|
||||
}
|
||||
else {
|
||||
$async = get_config('system','queued_fetch');
|
||||
|
||||
if($async) {
|
||||
|
@ -4983,6 +5045,7 @@ function zot_reply_notify($data) {
|
|||
$x = zot_fetch($data);
|
||||
$ret['delivery_report'] = $x;
|
||||
}
|
||||
}
|
||||
|
||||
$ret['success'] = true;
|
||||
json_return_and_die($ret);
|
||||
|
|
Loading…
Reference in a new issue