mirror of
https://codeberg.org/streams/streams.git
synced 2024-09-19 21:55:15 +00:00
require token signatures in zot_refresh, also move channel specific stuff into include/channel.php from include/connections.php
This commit is contained in:
parent
80f2ba640e
commit
c37eaff263
5 changed files with 50 additions and 23 deletions
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -14,6 +14,8 @@
|
|||
*.rej
|
||||
# OSX .DS_Store files
|
||||
.DS_Store
|
||||
# version scripts (repo master only)
|
||||
.version*
|
||||
Thumbs.db
|
||||
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@ require_once('include/queue_fn.php');
|
|||
require_once('include/zot.php');
|
||||
|
||||
class Queue {
|
||||
|
||||
static public function run($argc,$argv) {
|
||||
|
||||
require_once('include/items.php');
|
||||
|
|
|
@ -1945,3 +1945,26 @@ function get_zcard_embed($channel,$observer_hash = '',$args = array()) {
|
|||
return $o;
|
||||
|
||||
}
|
||||
|
||||
|
||||
function channelx_by_nick($nick) {
|
||||
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and channel_removed = 0 LIMIT 1",
|
||||
dbesc($nick)
|
||||
);
|
||||
return(($r) ? $r[0] : false);
|
||||
}
|
||||
|
||||
function channelx_by_hash($hash) {
|
||||
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and channel_removed = 0 LIMIT 1",
|
||||
dbesc($hash)
|
||||
);
|
||||
return(($r) ? $r[0] : false);
|
||||
}
|
||||
|
||||
function channelx_by_n($id) {
|
||||
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and channel_removed = 0 LIMIT 1",
|
||||
dbesc($id)
|
||||
);
|
||||
return(($r) ? $r[0] : false);
|
||||
}
|
||||
|
||||
|
|
|
@ -48,27 +48,6 @@ function abook_self($channel_id) {
|
|||
return(($r) ? $r[0] : array());
|
||||
}
|
||||
|
||||
function channelx_by_nick($nick) {
|
||||
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and channel_removed = 0 LIMIT 1",
|
||||
dbesc($nick)
|
||||
);
|
||||
return(($r) ? $r[0] : false);
|
||||
}
|
||||
|
||||
function channelx_by_hash($hash) {
|
||||
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and channel_removed = 0 LIMIT 1",
|
||||
dbesc($hash)
|
||||
);
|
||||
return(($r) ? $r[0] : false);
|
||||
}
|
||||
|
||||
function channelx_by_n($id) {
|
||||
$r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and channel_removed = 0 LIMIT 1",
|
||||
dbesc($id)
|
||||
);
|
||||
return(($r) ? $r[0] : false);
|
||||
}
|
||||
|
||||
|
||||
function vcard_from_xchan($xchan, $observer = null, $mode = '') {
|
||||
|
||||
|
|
|
@ -329,8 +329,12 @@ function zot_refresh($them, $channel = null, $force = false) {
|
|||
return false;
|
||||
}
|
||||
|
||||
$token = random_string();
|
||||
|
||||
$postvars = array();
|
||||
|
||||
$postvars['token'] = $token;
|
||||
|
||||
if($channel) {
|
||||
$postvars['target'] = $channel['channel_guid'];
|
||||
$postvars['target_sig'] = $channel['channel_guid_sig'];
|
||||
|
@ -343,11 +347,13 @@ function zot_refresh($them, $channel = null, $force = false) {
|
|||
$postvars['guid_hash'] = $them['xchan_hash'];
|
||||
if (array_key_exists('xchan_guid',$them) && $them['xchan_guid']
|
||||
&& array_key_exists('xchan_guid_sig',$them) && $them['xchan_guid_sig']) {
|
||||
|
||||
$postvars['guid'] = $them['xchan_guid'];
|
||||
$postvars['guid_sig'] = $them['xchan_guid_sig'];
|
||||
|
||||
}
|
||||
|
||||
$token = random_string();
|
||||
|
||||
$rhs = '/.well-known/zot-info';
|
||||
|
||||
$result = z_post_url($url . $rhs,$postvars);
|
||||
|
@ -363,6 +369,22 @@ function zot_refresh($them, $channel = null, $force = false) {
|
|||
return false;
|
||||
}
|
||||
|
||||
$signed_token = ((is_array($j) && array_key_exists('signed_token',$j)) ? $j['signed_token'] : null);
|
||||
if($signed_token) {
|
||||
$valid = rsa_verify('token.' . $token,base64url_decode($signed_token),$j['key']);
|
||||
if(! $valid) {
|
||||
logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_WARN);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
else {
|
||||
logger('No signed token from ' . $url . $rhs, LOGGER_NORMAL, LOG_WARN);
|
||||
// after 2017-01-01 this will be a hard error unless you over-ride it.
|
||||
if((time() > 1483228800) && (! get_config('system','allow_unsigned_zotfinger'))) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
$x = import_xchan($j, (($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
|
||||
|
||||
if(! $x['success'])
|
||||
|
@ -1493,7 +1515,7 @@ function public_recips($msg) {
|
|||
/**
|
||||
* @brief
|
||||
*
|
||||
* This is the second part of public_recipes().
|
||||
* This is the second part of public_recips().
|
||||
* We'll find all the channels willing to accept public posts from us, then
|
||||
* match them against the sender privacy scope and see who in that list that
|
||||
* the sender is allowing.
|
||||
|
|
Loading…
Reference in a new issue