diff options
author | friendica <info@friendica.com> | 2015-02-24 16:36:27 -0800 |
---|---|---|
committer | friendica <info@friendica.com> | 2015-02-24 16:36:27 -0800 |
commit | 08f054130f5a57e2928e129131e7609271ec7f40 (patch) | |
tree | e4eb2166044c05f750c78fc30742835ae5294f44 | |
parent | 11df605c2e065e123e58bd73525e7ca2113f40b8 (diff) | |
download | volse-hubzilla-08f054130f5a57e2928e129131e7609271ec7f40.tar.gz volse-hubzilla-08f054130f5a57e2928e129131e7609271ec7f40.tar.bz2 volse-hubzilla-08f054130f5a57e2928e129131e7609271ec7f40.zip |
require access token to view, query, or join directories in private realms, if the realm is so configured.
-rwxr-xr-x | boot.php | 2 | ||||
-rw-r--r-- | include/dir_fns.php | 18 | ||||
-rw-r--r-- | install/schema_mysql.sql | 4 | ||||
-rw-r--r-- | install/schema_postgres.sql | 2 | ||||
-rw-r--r-- | install/update.php | 10 | ||||
-rw-r--r-- | mod/directory.php | 8 | ||||
-rw-r--r-- | mod/dirsearch.php | 10 | ||||
-rw-r--r-- | mod/regdir.php | 28 |
8 files changed, 68 insertions, 14 deletions
@@ -49,7 +49,7 @@ define ( 'RED_PLATFORM', 'redmatrix' ); define ( 'RED_VERSION', trim(file_get_contents('version.inc')) . 'R'); define ( 'ZOT_REVISION', 1 ); -define ( 'DB_UPDATE_VERSION', 1137 ); +define ( 'DB_UPDATE_VERSION', 1138 ); /** * Constant with a HTML line break. diff --git a/include/dir_fns.php b/include/dir_fns.php index 686c5140f..37a7c04e7 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -48,7 +48,7 @@ function check_upstream_directory() { if($directory) { $h = parse_url($directory); if($h) { - $x = zot_finger('sys@' . $h['host']); + $x = zot_finger('[system]@' . $h['host']); if($x['success']) { $j = json_decode($x['body'],true); if(array_key_exists('site',$j) && array_key_exists('directory_mode',$j['site'])) { @@ -166,20 +166,23 @@ function sync_directories($dirmode) { // FIXME - what to do if we're in a different realm? if((! $r) && (z_root() != DIRECTORY_FALLBACK_MASTER)) { - $r = array( + $r = array(); + $r[] = array( 'site_url' => DIRECTORY_FALLBACK_MASTER, 'site_flags' => DIRECTORY_MODE_PRIMARY, 'site_update' => NULL_DATE, 'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch', - 'site_realm' => DIRECTORY_REALM + 'site_realm' => DIRECTORY_REALM, + 'site_valid' => 1 ); - $x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm ) + $x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid ) values ( '%s', %d', '%s', '%s', '%s' ) ", dbesc($r[0]['site_url']), intval($r[0]['site_flags']), dbesc($r[0]['site_update']), dbesc($r[0]['site_directory']), - dbesc($r[0]['site_realm']) + dbesc($r[0]['site_realm']), + intval($r[0]['site_valid']) ); $r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s'", @@ -201,8 +204,11 @@ function sync_directories($dirmode) { // It will take about a month for a new directory to obtain the full current repertoire of channels. // FIXME - go back and pick up earlier ratings if this is a new directory server. These do not get refreshed. + $token = get_config('system','realm_token'); + + $syncdate = (($rr['site_sync'] === NULL_DATE) ? datetime_convert('UTC','UTC','now - 2 days') : $rr['site_sync']); - $x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate)); + $x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate) . (($token) ? '&t=' . $token : '')); if(! $x['success']) continue; diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql index 247b33814..da78d9c61 100644 --- a/install/schema_mysql.sql +++ b/install/schema_mysql.sql @@ -1256,6 +1256,7 @@ CREATE TABLE IF NOT EXISTS `site` ( `site_sellpage` char(255) NOT NULL DEFAULT '', `site_location` char(255) NOT NULL DEFAULT '', `site_realm` char(255) NOT NULL DEFAULT '', + `site_valid` smallint NOT NULL DEFAULT '0', PRIMARY KEY (`site_url`), KEY `site_flags` (`site_flags`), KEY `site_update` (`site_update`), @@ -1264,7 +1265,8 @@ CREATE TABLE IF NOT EXISTS `site` ( KEY `site_access` (`site_access`), KEY `site_sellpage` (`site_sellpage`), KEY `site_pull` (`site_pull`), - KEY `site_realm` (`site_realm`) + KEY `site_realm` (`site_realm`), + KEY `site_valid` (`site_valid`) ) ENGINE=MyISAM DEFAULT CHARSET=utf8; -- -------------------------------------------------------- diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql index d852f38e9..1370f3b8a 100644 --- a/install/schema_postgres.sql +++ b/install/schema_postgres.sql @@ -959,6 +959,7 @@ CREATE TABLE "site" ( "site_sellpage" text NOT NULL DEFAULT '', "site_location" text NOT NULL DEFAULT '', "site_realm" text NOT NULL DEFAULT '', + "site_valid" smallint NOT NULL DEFAULT '0', PRIMARY KEY ("site_url") ); create index "site_flags" on site ("site_flags"); @@ -968,6 +969,7 @@ create index "site_register" on site ("site_register"); create index "site_access" on site ("site_access"); create index "site_sellpage" on site ("site_sellpage"); create index "site_realm" on site ("site_realm"); +create index "site_valid" on site ("site_valid"); CREATE TABLE "source" ( "src_id" serial NOT NULL, diff --git a/install/update.php b/install/update.php index 86731e165..ee13bee78 100644 --- a/install/update.php +++ b/install/update.php @@ -1,6 +1,6 @@ <?php -define( 'UPDATE_VERSION' , 1137 ); +define( 'UPDATE_VERSION' , 1138 ); /** * @@ -1568,3 +1568,11 @@ function update_r1136() { return UPDATE_SUCCESS; return UPDATE_FAILED; } + +function update_r1137() { + $r1 = q("alter table site add site_valid smallint not null default '0' "); + $r2 = q("create index site_valid on site ( site_valid ) "); + if($r1 && $r2) + return UPDATE_SUCCESS; + return UPDATE_FAILED; +} diff --git a/mod/directory.php b/mod/directory.php index 329e255cf..bc5aa41e2 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -92,6 +92,9 @@ function directory_content(&$a) { $url = $directory['url'] . '/dirsearch'; } + $token = get_config('system','realm_token'); + + logger('mod_directory: URL = ' . $url, LOGGER_DEBUG); $contacts = array(); @@ -106,8 +109,6 @@ function directory_content(&$a) { } } - - if($url) { // We might want to make the tagadelic count (&kw=) configurable or turn it off completely. @@ -116,6 +117,9 @@ function directory_content(&$a) { $kw = ((intval($numtags)) ? $numtags : 24); $query = $url . '?f=&kw=' . $kw . (($safe_mode != 1) ? '&safe=' . $safe_mode : ''); + if($token) + $query .= '&t=' . $token; + if($search) $query .= '&name=' . urlencode($search) . '&keywords=' . urlencode($search); if(strpos($search,'@')) diff --git a/mod/dirsearch.php b/mod/dirsearch.php index 5a0a7cee8..12abfafb8 100644 --- a/mod/dirsearch.php +++ b/mod/dirsearch.php @@ -13,7 +13,6 @@ function dirsearch_content(&$a) { $ret = array('success' => false); - $dirmode = intval(get_config('system','directory_mode')); if($dirmode == DIRECTORY_MODE_NORMAL) { @@ -21,6 +20,15 @@ function dirsearch_content(&$a) { json_return_and_die($ret); } + $access_token = $_REQUEST['t']; + + $token = get_config('system','realm_token'); + if($token && $access_token != $token) { + $result['message'] = t('This directory server requires an access token'); + return; + } + + if(argc() > 1 && argv(1) === 'sites') { $ret = list_public_sites(); json_return_and_die($ret); diff --git a/mod/regdir.php b/mod/regdir.php index f24ee3951..f12659dad 100644 --- a/mod/regdir.php +++ b/mod/regdir.php @@ -18,7 +18,8 @@ function regdir_init(&$a) { $result = array('success' => false); $url = $_REQUEST['url']; - + $access_token = $_REQUEST['t']; + $valid = 0; // we probably don't need the realm as we will find out in the probe. // What we may want to die is throw an error if you're trying to register in a different realm @@ -28,6 +29,18 @@ function regdir_init(&$a) { if(! $realm) $realm = DIRECTORY_REALM; + if($realm === DIRECTORY_REALM) { + $valid = 1; + } + else { + $token = get_config('system','realm_token'); + if($token && $access_token != $token) { + $result['message'] = 'This realm requires an access token'; + return; + } + $valid = 1; + } + $dirmode = intval(get_config('system','directory_mode')); if($dirmode == DIRECTORY_MODE_NORMAL) { @@ -56,14 +69,25 @@ function regdir_init(&$a) { } } + q("update site set site_valid = %d where site_url = '%s' limit 1", + intval($valid), + strtolower($url) + ); + json_return_and_die($result); } else { + + // We can put this in the sql without the condition after 31 march 2015 assuming + // most directory servers will have updated by then + // This just makes sure it happens if I forget + + $sql_extra = ((datetime_convert() > datetime_convert('UTC','UTC','2015-03-31')) ? ' and site_valid = 1 ' : '' ); if($dirmode == DIRECTORY_MODE_STANDALONE) { $r = array(array('site_url' => z_root())); } else { - $r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s'", + $r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s' $sql_extra ", dbesc(get_directory_realm()) ); } |