From b4c603cdace281f79e1738d2e006851b00af511e Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 12 Nov 2012 16:16:37 -0800
Subject: [PATCH] one could say we've sort of got zot - at least there are
 two-way communications for channel meta info, don't yet know if it's working

---
 include/zot.php | 90 +++++++++++++++++++++++++++----------------------
 mod/post.php    | 58 +++++++++++++++++++++++++------
 mod/zfinger.php | 25 ++++++++++----
 version.inc     |  2 +-
 4 files changed, 116 insertions(+), 59 deletions(-)

diff --git a/include/zot.php b/include/zot.php
index 021025f62..63508b749 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -69,11 +69,13 @@ function zot_notify($channel,$url,$type = 'notify',$recipients = null, $remote_k
 			'hub' => z_root(),
 			'hub_sig' => base64url_encode(z_root,$channel['prvkey'])
 		)), 
-		'recipients' => json_encode($recipients), 
 		'callback' => '/post',
 		'version' => ZOT_REVISION
 	);
 
+	if($recipients)
+		$params['recipients'] = json_encode($recipients);
+
 	// Hush-hush ultra top-secret mode
 
 	if($remote_key) {
@@ -137,7 +139,7 @@ function zot_finger($webbie,$channel) {
 
 }
 
-function zot_refresh($them,$channel) {
+function zot_refresh($them,$channel = null) {
 
 	if($them['hubloc_url'])
 		$url = $them['hubloc_url'];
@@ -152,20 +154,26 @@ function zot_refresh($them,$channel) {
 	if(! $url)
 		return;
 
-	if($them['xchan_hash'])
-		$guid_hash = $them['xchan_hash'];
-	
-	if(! $guid_hash)
-		return;
-	
+	$postvars = array();
+
+	if($channel) {
+		$postvars['target']     = $channel['channel_guid'];
+		$postvars['target_sig'] = $channel['channel_guid_sig'];
+		$postvars['key']        = $channel['channel_pubkey'];
+	}
+
+	if(array_key_exists('xchan_addr',$them) && $them['xchan_addr'])
+		$postvars['address'] = $them['xchan_addr'];
+	if(array_key_exists('xchan_hash',$them) && $them['xchan_hash'])
+		$postvars['guid_hash'] = $them['xchan_hash'];
+	if(array_key_exists('xchan_guid',$them) && $them['xchan_guid'] 
+		&& array_key_exists('xchan_guid_sig',$them) && $them['xchan_guid_sig']) {
+		$postvars['guid'] = $them['xchan_guid'];
+		$postvars['guid_sig'] = $them['xchan_guid_sig'];
+	}
+
 	$rhs = '/.well-known/zot-info';
 
-	$postvars = array(
-		'guid_hash'  => $guid_hash,
-		'target'     => $channel['channel_guid'],
-		'target_sig' => $channel['channel_guid_sig'],
-		'key'        => $channel['channel_pubkey']
-	);
 	$result = z_post_url($url . $rhs,$postvars);
 	
 	if($result['success']) {
@@ -181,37 +189,39 @@ function zot_refresh($them,$channel) {
 
 		$their_perms = 0;
 
-		$global_perms = get_perms();
 
-		if($j->permissions->data) {
-			$permissions = aes_unencapsulate(array(
-				'data' => $j->permissions->data,
-				'key'  => $j->permissions->key,
-				'iv'   => $j->permissions->iv),
-				$channel['channel_prvkey']);
-			if($permissions)
-				$permissions = json_decode($permissions);
-			logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA);
-		}
-		else
-			$permissions = $j->permissions;
-
-		foreach($permissions as $k => $v) {
-			if($v) {
-				$their_perms = $their_perms | intval($global_perms[$k][1]);
+		if($channel) {
+			$global_perms = get_perms();
+			if($j->permissions->data) {
+				$permissions = aes_unencapsulate(array(
+					'data' => $j->permissions->data,
+					'key'  => $j->permissions->key,
+					'iv'   => $j->permissions->iv),
+					$channel['channel_prvkey']);
+				if($permissions)
+					$permissions = json_decode($permissions);
+				logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA);
 			}
+			else
+				$permissions = $j->permissions;
+
+			foreach($permissions as $k => $v) {
+				if($v) {
+					$their_perms = $their_perms | intval($global_perms[$k][1]);
+				}
+			}
+
+			$r = q("update abook set their_perms = %d 
+				where abook_xchan = '%s' and abook_channel = %d limit 1",
+				intval($their_perms),
+				dbesc($channel['channel_hash']),
+				intval($channel['channel_id'])
+			);
+			if(! $r)
+				logger('abook update failed');
 		}
 
-		$r = q("update abook set their_perms = %d where abook_xchan = '%s' and abook_channel = %d limit 1",
-			intval($their_perms),
-			dbesc($channel['channel_hash']),
-			intval($channel['channel_id'])
-		);
-		if(! $r)
-			logger('abook update failed');
-	
 		return true;
-
 	}
 	return false;
 
diff --git a/mod/post.php b/mod/post.php
index fb8885b93..82ffb5817 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -9,16 +9,25 @@ require_once('include/zot.php');
 	
 function post_post(&$a) {
 
-	$ret = array('result' => false, 'message' => '');
+	$ret = array('result' => false);
 
-	$msgtype = ((array_key_exists('type',$_REQUEST)) ? $_REQUEST['type'] : '');
+	if(array_key_exists('iv',$_REQUEST)) {
+		// hush-hush ultra top secret mode
+		$data = aes_unencapsulate($_REQUEST,get_config('system','site_prvkey'));
+	}
+	else {
+		$data = $_REQUEST;
+	}
 
-	if(array_key_exists('sender',$_REQUEST)) {
-		$j_sender = json_decode($_REQUEST['sender']);
+	$msgtype = ((array_key_exists('type',$data)) ? $data['type'] : '');
+
+	if(array_key_exists('sender',$data)) {
+		$j_sender = json_decode($data['sender']);
 	}	
 
 	$hub = zot_gethub($j_sender);
 	if(! $hub) {
+		// (!!) this will validate the sender
 		$result = zot_register_hub($j_sender);
 		if((! $result['success']) || (! zot_gethub($j_sender))) {
 			$ret['message'] = 'Hub not available.';
@@ -26,27 +35,54 @@ function post_post(&$a) {
 		}
 	}
 
-	// check which hub is primary and take action if mismatched
+	// TODO: check which hub is primary and take action if mismatched
 
+	if(array_key_exists('recipients',$data))
+		$j_recipients = json_decode($data['recipients']);
 
 	if($msgtype === 'refresh') {
 
-		// Need to pass the recipient in the message
+		// remote channel info (such as permissions or photo or something)
+		// has been updated. Grab a fresh copy and sync it.
 
-		// look up recipient
+		if($j_recipients) {
 
-		// format args
-		// $r = zot_refresh($them,$channel);
+			// This would be a permissions update, typically for one connection
 
-		return;
+			foreach($j_recipients as $recip) {	
+				$r = q("select channel.*,xchan.* from channel 
+					left join xchan on channel_hash = xchan_hash
+					where channel_guid = '%s' and channel_guid_sig = '%s' limit 1",
+					dbesc($recip->guid),
+					dbesc($recip->guid_sig)
+				);
 
+				$x = zot_refresh(array(
+						'xchan_guid'     => $j_sender->guid, 
+						'xchan_guid_sig' => $j_sender->guid_sig,
+						'hubloc_url'     => $j_sender->url
+				),$r[0]);
+			}
+		}
+		else {
+
+			// system wide refresh
+				
+			$x = zot_refresh(array(
+				'xchan_guid'     => $j_sender->guid, 
+				'xchan_guid_sig' => $j_sender->guid_sig,
+				'hubloc_url'     => $j_sender->url
+			),null);
+		}
+		$ret['result'] = true;
+		json_return_and_die($ret);
 	}
 
 	if($msgtype === 'notify') {
 
 
 		// add to receive queue
-		// qreceive_add($_REQUEST);
+		// qreceive_add($data);
 
 		$ret['result'] = true;
 		json_return_and_die($ret);
diff --git a/mod/zfinger.php b/mod/zfinger.php
index cc4b8cdd3..e1afdeba4 100644
--- a/mod/zfinger.php
+++ b/mod/zfinger.php
@@ -7,11 +7,13 @@ function zfinger_init(&$a) {
 
 	$ret = array('success' => false);
 
-	$zhash   = ((x($_REQUEST,'guid_hash'))   ? $_REQUEST['guid_hash']  : '');
-	$zaddr   = ((x($_REQUEST,'address'))     ? $_REQUEST['address']    : '');
-	$ztarget = ((x($_REQUEST,'target'))      ? $_REQUEST['target']     : '');
-	$zsig    = ((x($_REQUEST,'target_sig'))  ? $_REQUEST['target_sig'] : '');
-	$zkey    = ((x($_REQUEST,'key'))         ? $_REQUEST['key']        : '');
+	$zhash     = ((x($_REQUEST,'guid_hash'))  ? $_REQUEST['guid_hash']  : '');
+	$zguid     = ((x($_REQUEST,'guid'))       ? $_REQUEST['guid']       : '');
+	$zguid_sig = ((x($_REQUEST,'guid_sig'))   ? $_REQUEST['guid_sig']   : '');
+	$zaddr     = ((x($_REQUEST,'address'))    ? $_REQUEST['address']    : '');
+	$ztarget   = ((x($_REQUEST,'target'))     ? $_REQUEST['target']     : '');
+	$zsig      = ((x($_REQUEST,'target_sig')) ? $_REQUEST['target_sig'] : '');
+	$zkey      = ((x($_REQUEST,'key'))        ? $_REQUEST['key']        : '');
 
 	if($ztarget) {
 		if((! $zkey) || (! $zsig) || (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) {
@@ -23,12 +25,19 @@ function zfinger_init(&$a) {
 
 	$r = null;
 
-	if(strlen($zguid)) {
+	if(strlen($zhash)) {
 		$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash 
 			where channel_hash = '%s' limit 1",
 			dbesc($zhash)
 		);
 	}
+	if(strlen($zguid) && strlen($zguid_sig)) {
+		$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash 
+			where channel_guid = '%s' and channel_guid_sig = '%s' limit 1",
+			dbesc($zguid),
+			dbesc($zguid_sig)
+		);
+	}
 	elseif(strlen($zaddr)) {
 		$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
 			where channel_address = '%s' limit 1",
@@ -40,7 +49,7 @@ function zfinger_init(&$a) {
 		json_return_and_die($ret);
 	}
 
-	if(! ($r && count($r))) {
+	if(! $r) {
 		$ret['message'] = 'Item not found.';
 		json_return_and_die($ret);
 	}
@@ -48,6 +57,8 @@ function zfinger_init(&$a) {
 	$e = $r[0];
 
 	$id = $e['channel_id'];
+
+//  This is for birthdays and keywords, but must check access permissions
 //	$r = q("select contact.*, profile.* 
 //		from contact left join profile on contact.uid = profile.uid
 //		where contact.uid = %d && contact.self = 1 and profile.is_default = 1 limit 1",
diff --git a/version.inc b/version.inc
index cf7a2bc05..551d49439 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2012-11-11.135
+2012-11-12.136