Streams/streams
Streams/streams
1
0
Fork 0
mirror of https://codeberg.org/streams/streams.git synced 2024-09-20 09:15:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

osada issue #6 - enforce Mastodon advisory privacy on hyper-drive imported items

Browse source
This commit is contained in:
zotlabs 2018-11-07 15:31:11 -08:00
parent b590ad1b3f
commit b58c032b8f
5 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Zotlabs/Module/Channel.php
View file

@ -97,7 +97,7 @@ class Channel extends Controller {
'Content-Type' => 'application/x-zot+json', 'Content-Type' => 'application/x-zot+json',
'Digest' => HTTPSig::generate_digest_header($data), 'Digest' => HTTPSig::generate_digest_header($data),
'(request-target)' => strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'] '(request-target)' => strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']
]; ];
$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel)); $h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel));
HTTPSig::set_headers($h); HTTPSig::set_headers($h);
echo $data; echo $data;

17
Zotlabs/Module/Item.php
View file

@ -147,7 +147,18 @@ class Item extends \Zotlabs\Web\Controller {
xchan_query($r,true); xchan_query($r,true);
$items = fetch_post_tags($r,true); $items = fetch_post_tags($r,true);
$chan = channelx_by_n($items[0]['uid']); $observer = App::get_observer();
$parent = $items[0];
$recips = (($parent['owner']['xchan_network'] === 'activitypub') ? get_iconfig($parent['id'],'activitypub','recips', []) : []);
$to = (($recips && array_key_exists('to',$recips) && is_array($recips['to'])) ? $recips['to'] : null);
$nitems = [];
foreach($items as $i) {
if(intval($i['item_private']) && $to && (! in_array($observer['xchan_url'],$to)))
continue;
$nitems[] = $i;
}
$chan = channelx_by_n($nitems[0]['uid']);
if(! $chan) if(! $chan)
http_status_exit(404, 'Not found'); http_status_exit(404, 'Not found');
@ -156,13 +167,13 @@ class Item extends \Zotlabs\Web\Controller {
http_status_exit(403, 'Forbidden'); http_status_exit(403, 'Forbidden');
if($conversation) { if($conversation) {
$i = Activity::encode_item_collection($items,'conversation/' . $item_id,'OrderedCollection',false); $i = Activity::encode_item_collection($nitems,'conversation/' . $item_id,'OrderedCollection',false);
if($portable_id) { if($portable_id) {
ThreadListener::store(z_root() . '/item/' . $item_id,$portable_id); ThreadListener::store(z_root() . '/item/' . $item_id,$portable_id);
} }
} }
else { else {
$i = Activity::encode_item($items[0]); $i = Activity::encode_item($nitems[0]);
} }
if(! $i) if(! $i)

2
Zotlabs/Module/Zot_probe.php
View file

@ -3,7 +3,7 @@
namespace Zotlabs\Module; namespace Zotlabs\Module;
use Zotlabs\Lib\Zotfinger; use Zotlabs\Lib\Zotfinger;
use Zotlabs\Web\HTTPSig; use Zotlabs\Zot6\HTTPSig;
class Zot_probe extends \Zotlabs\Web\Controller { class Zot_probe extends \Zotlabs\Web\Controller {

2
Zotlabs/Web/HTTPSig.php
View file

@ -161,7 +161,7 @@ class HTTPSig {
if(! $x) { if(! $x) {
logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($key['public_key']) ? '' : ' no key')); logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($key['public_key']) ? '' : ' no key'));
$sig_block['signature'] = base64url_encode($sig_block['signature']); $sig_block['signature'] = base64_encode($sig_block['signature']);
logger('affected sigblock: ' . print_r($sig_block,true)); logger('affected sigblock: ' . print_r($sig_block,true));
logger('headers: ' . print_r($headers,true)); logger('headers: ' . print_r($headers,true));
logger('server: ' . print_r($_SERVER,true)); logger('server: ' . print_r($_SERVER,true));

2
Zotlabs/Zot6/Zot6Handler.php
View file

@ -231,7 +231,7 @@ class Zot6Handler implements IHandler {
foreach ($recipients as $recip) { foreach ($recipients as $recip) {
$r = q("select channel.*,xchan.* from channel $r = q("select channel.*,xchan.* from channel
left join xchan on channel_hash = xchan_hash left join xchan on channel_hash = xchan_hash
where channel_hash = '%s' and channel_guid_sig = '%s' limit 1", where channel_hash = '%s' limit 1",
dbesc($recip) dbesc($recip)
); );
if ($r) { if ($r) {