provide a daemon for implementing zot magic-auth over curl.

1 files changed, 52 insertions, 0 deletions

diff --git a/Zotlabs/Daemon/CurlAuth.php b/Zotlabs/Daemon/CurlAuth.php
new file mode 100644
index 000000000..d0296a729
--- /dev/null
+++ b/Zotlabs/Daemon/CurlAuth.php
@@ -0,0 +1,52 @@
+<?php
+
+namespace Zotlabs\Daemon;
+
+// generate a curl compatible cookie file with an authenticated session for the given channel_id. 
+// If this file is then used with curl and the destination url is sent through zid() or manually 
+// manipulated to add a zid, it should allow curl to provide zot magic-auth across domains.
+
+// Handles expiration of stale cookies currently by deleting them and rewriting the file.  
+
+class CurlAuth {
+
+	static public function run($argc,$argv) {
+
+		if($argc != 2)
+			killme();
+
+		session_start();
+
+		$_SESSION['authenticated'] = 1;
+		$_SESSION['uid'] = $argv[1];
+
+		$x = session_id();
+
+		$f = 'store/[data]/cookie_' . $argv[1];
+
+		$e = file_exists($f);
+
+		$output = '';
+
+		if($e) {
+			$lines = file($f);
+			if($lines) {
+				foreach($lines as $line) {
+					if(strlen($line) > 0 && $line[0] != '#' && substr_count($line, "\t") == 6) {
+						$tokens = explode("\t", $line);
+						$tokens = array_map('trim', $tokens);
+						if($tokens[4] > time()) {
+							$output .= $line . "\n";
+						}
+					}
+					else
+						$output .= $line;
+				}
+			}
+		}
+
+		file_put_contents($f, $output . 'HttpOnly_' . \App::get_hostname() . "\tFALSE\t/\tFALSE\t0\tPHPSESSID\t" . $x, (($e) ? FILE_APPEND : 0));
+
+		killme();
+	}
+}
\ No newline at end of file