aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-01-09 13:22:43 +0000
committerMario <mario@mariovavti.com>2021-01-09 13:22:43 +0000
commit7cfb230a5e90986b62a5c1df86ce48c894c0578c (patch)
tree7b9b543e48c9e9d64c7aa2f41a02d9f4acadcd49
parent0e2af403298599737b41a44a0b6b3e0a1204b108 (diff)
downloadvolse-hubzilla-7cfb230a5e90986b62a5c1df86ce48c894c0578c.tar.gz
volse-hubzilla-7cfb230a5e90986b62a5c1df86ce48c894c0578c.tar.bz2
volse-hubzilla-7cfb230a5e90986b62a5c1df86ce48c894c0578c.zip
streamline keyid
-rw-r--r--Zotlabs/Module/Cdav.php2
-rw-r--r--Zotlabs/Module/Dav.php2
-rw-r--r--Zotlabs/Module/Getfile.php40
-rw-r--r--Zotlabs/Zot6/Finger.php4
-rw-r--r--include/import.php2
5 files changed, 25 insertions, 25 deletions
diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php
index f7e43e436..f5c5f4384 100644
--- a/Zotlabs/Module/Cdav.php
+++ b/Zotlabs/Module/Cdav.php
@@ -50,7 +50,7 @@ class Cdav extends Controller {
if($sigblock) {
$keyId = str_replace('acct:','',$sigblock['keyId']);
if($keyId) {
- $r = q("select * from hubloc where hubloc_addr = '%s'",
+ $r = q("select * from hubloc where hubloc_id_url = '%s'",
dbesc($keyId)
);
if($r) {
diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index 949b89950..82d773139 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -51,7 +51,7 @@ class Dav extends \Zotlabs\Web\Controller {
if($sigblock) {
$keyId = str_replace('acct:','',$sigblock['keyId']);
if($keyId) {
- $r = q("select * from hubloc where hubloc_addr = '%s'",
+ $r = q("select * from hubloc where hubloc_id_url = '%s'",
dbesc($keyId)
);
if($r) {
diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php
index 17d1c84b8..20cc23ac0 100644
--- a/Zotlabs/Module/Getfile.php
+++ b/Zotlabs/Module/Getfile.php
@@ -6,20 +6,20 @@ use Zotlabs\Lib\Libzot;
/**
* module: getfile
- *
+ *
* used for synchronising files and photos across clones
- *
+ *
* The site initiating the file operation will send a sync packet to known clones.
* They will respond by building the DB structures they require, then will provide a
* post request to this site to grab the file data. This is sent as a stream direct to
* disk at the other end, avoiding memory issues.
*
* Since magic-auth cannot easily be used by the CURL process at the other end,
- * we will require a signed request which includes a timestamp. This should not be
- * used without SSL and is potentially vulnerable to replay if an attacker decrypts
+ * we will require a signed request which includes a timestamp. This should not be
+ * used without SSL and is potentially vulnerable to replay if an attacker decrypts
* the SSL traffic fast enough. The amount of time slop is configurable but defaults
* to 3 minutes.
- *
+ *
*/
@@ -54,13 +54,13 @@ class Getfile extends \Zotlabs\Web\Controller {
$keyId = $sigblock['keyId'];
if($keyId) {
- $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
- where hubloc_addr = '%s'",
+ $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
+ where hubloc_id_url = '%s'",
dbesc(str_replace('acct:','',$keyId))
);
if($r) {
$hubloc = Libzot::zot_record_preferred($r);
- $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']);
+ $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']);
if($verified && $verified['header_signed'] && $verified['header_valid'] && $hash == $hubloc['hubloc_hash']) {
$header_verified = true;
}
@@ -74,15 +74,15 @@ class Getfile extends \Zotlabs\Web\Controller {
logger('post: ' . print_r($_POST,true),LOGGER_DEBUG,LOG_INFO);
if($header_verified) {
logger('HTTPSig verified');
- }
-
+ }
+
$channel = channelx_by_hash($hash);
if((! $channel) || (! $time) || (! $sig)) {
logger('error: missing info');
killme();
}
-
+
if(isset($_POST['resolution']))
$resolution = intval($_POST['resolution']);
elseif(substr($resource,-2,1) == '-') {
@@ -91,21 +91,21 @@ class Getfile extends \Zotlabs\Web\Controller {
}
else {
$resolution = (-1);
- }
+ }
$slop = intval(get_pconfig($channel['channel_id'],'system','getfile_time_slop'));
if($slop < 1)
$slop = 3;
-
+
$d1 = datetime_convert('UTC','UTC',"now + $slop minutes");
- $d2 = datetime_convert('UTC','UTC',"now - $slop minutes");
-
+ $d2 = datetime_convert('UTC','UTC',"now - $slop minutes");
+
if(! $header_verified) {
if(($time > $d1) || ($time < $d2)) {
logger('time outside allowable range');
killme();
}
-
+
if(! rsa_verify($hash . '.' . $time,base64url_decode($sig),$channel['channel_pubkey'])) {
logger('verify failed.');
killme();
@@ -137,20 +137,20 @@ class Getfile extends \Zotlabs\Web\Controller {
else {
echo dbunescbin($r[0]['content']);
}
- }
+ }
killme();
}
$r = attach_by_hash($resource,$channel['channel_hash'],$revision);
-
+
if(! $r['success']) {
logger('attach_by_hash failed: ' . $r['message']);
notice( $r['message'] . EOL);
return;
}
-
+
$unsafe_types = array('text/html','text/css','application/javascript');
-
+
if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) {
header('Content-type: text/plain');
}
diff --git a/Zotlabs/Zot6/Finger.php b/Zotlabs/Zot6/Finger.php
index 22ce4685d..cec3f98ab 100644
--- a/Zotlabs/Zot6/Finger.php
+++ b/Zotlabs/Zot6/Finger.php
@@ -88,7 +88,7 @@ class Finger {
$headers = [];
$headers['X-Zot-Channel'] = $channel['channel_address'] . '@' . \App::get_hostname();
$headers['X-Zot-Nonce'] = random_string();
- $xhead = HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel));
+ $xhead = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel));
$retries = 0;
@@ -100,7 +100,7 @@ class Finger {
$result = z_post_url('http://' . $host . $rhs,$postvars, $retries, [ 'headers' => $xhead ]);
}
}
- }
+ }
else {
$rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token;
diff --git a/include/import.php b/include/import.php
index d02cc1e1f..853690094 100644
--- a/include/import.php
+++ b/include/import.php
@@ -1358,7 +1358,7 @@ function sync_files($channel, $files) {
$headers = [];
$headers['Accept'] = 'application/x-zot+json' ;
$headers['Sigtoken'] = random_string();
- $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], 'acct:' . channel_reddress($channel),true,'sha512');
+ $headers = HTTPSig::create_sig($headers, $channel['channel_prvkey'], channel_url($channel), true, 'sha512');
$x = z_post_url($fetch_url,$parr,$redirects,[ 'filep' => $fp, 'headers' => $headers]);
fclose($fp);