Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-20 00:55:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

optionally require authenticated fetches

Browse source
This commit is contained in:
zotlabs 2019-03-11 17:45:44 -07:00
parent 54883729b4
commit 5be2ad8e3a
1 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
Zotlabs/Module/Item.php
View file

@ -25,6 +25,7 @@ use Zotlabs\Web\HTTPSig;
use Zotlabs\Web\Controller;
use Zotlabs\Lib\Libzot;
use Zotlabs\Lib\ThreadListener;
use Zotlabs\Lib\Config;
use Zotlabs\Lib\IConfig;
use Zotlabs\Lib\Enotify;
use App;
@ -46,16 +47,19 @@ class Item extends Controller {
http_status_exit(404, 'Not found');
$sigdata = HTTPSig::verify(EMPTY_STR);
if($sigdata['portable_id'] && $sigdata['header_valid']) {
if ($sigdata['portable_id'] && $sigdata['header_valid']) {
$portable_id = $sigdata['portable_id'];
if(! check_channelallowed($portable_id)) {
if (! check_channelallowed($portable_id)) {
http_status_exit(403, 'Permission denied');
}
if(! check_siteallowed($sigdata['signer'])) {
if (! check_siteallowed($sigdata['signer'])) {
http_status_exit(403, 'Permission denied');
}
observer_auth($portable_id);
}
elseif (! Config::get('system','require_authenticated_fetch',false)) {
http_status_exit(403,'Permission denied');
}
$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 ";
@ -126,16 +130,19 @@ class Item extends Controller {
$portable_id = EMPTY_STR;
$sigdata = HTTPSig::verify(EMPTY_STR);
if($sigdata['portable_id'] && $sigdata['header_valid']) {
if ($sigdata['portable_id'] && $sigdata['header_valid']) {
$portable_id = $sigdata['portable_id'];
if(! check_channelallowed($portable_id)) {
if (! check_channelallowed($portable_id)) {
http_status_exit(403, 'Permission denied');
}
if(! check_siteallowed($sigdata['signer'])) {
if (! check_siteallowed($sigdata['signer'])) {
http_status_exit(403, 'Permission denied');
}
observer_auth($portable_id);
}
elseif (! Config::get('system','require_authenticated_fetch',false)) {
http_status_exit(403,'Permission denied');
}
$item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 ";
@ -150,7 +157,7 @@ class Item extends Controller {
$r = q("select * from item where mid = '%s' $item_normal limit 1",
dbesc(z_root() . '/item/' . $item_id)
);
if($r) {
if ($r) {
http_status_exit(403, 'Forbidden');
}
http_status_exit(404, 'Not found');