aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Web
diff options
context:
space:
mode:
authorHilmar R <u02@u29lx193>2021-02-28 21:06:16 +0100
committerHilmar R <u02@u29lx193>2021-03-01 18:48:11 +0100
commitc26dede97f626b52b7bf8962ed55d1dbda86abe8 (patch)
tree3c8c9bc97aa09f7ce9afe9bf467cf87bbf2c7d0b /Zotlabs/Web
parentea3390d626f85b7293a750958bfd1b5460958365 (diff)
downloadvolse-hubzilla-c26dede97f626b52b7bf8962ed55d1dbda86abe8.tar.gz
volse-hubzilla-c26dede97f626b52b7bf8962ed55d1dbda86abe8.tar.bz2
volse-hubzilla-c26dede97f626b52b7bf8962ed55d1dbda86abe8.zip
get dev
Diffstat (limited to 'Zotlabs/Web')
-rw-r--r--Zotlabs/Web/HTTPSig.php27
-rw-r--r--Zotlabs/Web/Router.php85
-rw-r--r--Zotlabs/Web/WebServer.php8
3 files changed, 62 insertions, 58 deletions
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 1f6979191..2535c9016 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -3,8 +3,9 @@
namespace Zotlabs\Web;
use Zotlabs\Lib\ActivityStreams;
+use Zotlabs\Lib\Crypto;
+use Zotlabs\Lib\Keyutils;
use Zotlabs\Lib\Webfinger;
-use Zotlabs\Web\HTTPHeaders;
use Zotlabs\Lib\Libzot;
/**
@@ -157,10 +158,12 @@ class HTTPSig {
return $result;
}
- $x = rsa_verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm);
+ $x = Crypto::verify($signed_data,$sig_block['signature'],$cached_key['public_key'],$algorithm);
logger('verified: ' . $x, LOGGER_DEBUG);
+ $fetched_key = '';
+
if(! $x) {
// try again, ignoring the local actor (xchan) cache and refetching the key
@@ -169,7 +172,7 @@ class HTTPSig {
$fetched_key = self::get_key($key,$keytype,$result['signer'],true);
if ($fetched_key && $fetched_key['public_key']) {
- $y = rsa_verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm);
+ $y = Crypto::verify($signed_data,$sig_block['signature'],$fetched_key['public_key'],$algorithm);
logger('verified: (cache reload) ' . $x, LOGGER_DEBUG);
}
@@ -225,7 +228,7 @@ class HTTPSig {
}
if($keytype === 'zot6') {
- $key = self::get_zotfinger_key($id,$force);
+ $key = self::get_zotfinger_key($id);
if($key) {
return $key;
}
@@ -244,13 +247,13 @@ class HTTPSig {
}
- function convertKey($key) {
+ static function convertKey($key) {
if(strstr($key,'RSA ')) {
return rsatopem($key);
}
elseif(substr($key,0,5) === 'data:') {
- return convert_salmon_key($key);
+ return Keyutils::convertSalmonKey($key);
}
else {
return $key;
@@ -267,7 +270,7 @@ class HTTPSig {
* false if no pub key found, otherwise return the pub key
*/
- function get_activitystreams_key($id) {
+ static function get_activitystreams_key($id) {
// remove fragment
@@ -298,7 +301,7 @@ class HTTPSig {
}
- function get_webfinger_key($id) {
+ static function get_webfinger_key($id) {
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s'",
dbesc(str_replace('acct:','',$id)),
@@ -333,7 +336,7 @@ class HTTPSig {
return (($key['public_key']) ? $key : false);
}
- function get_zotfinger_key($id) {
+ static function get_zotfinger_key($id) {
$x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' and hubloc_network = 'zot6'",
dbesc(str_replace('acct:','',$id)),
@@ -415,7 +418,7 @@ class HTTPSig {
$headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
if($encryption) {
- $x = crypto_encapsulate($headerval,$encryption['key'],$encryption['algorithm']);
+ $x = Crypto::encapsulate($headerval,$encryption['key'],$encryption['algorithm']);
if(is_array($x)) {
$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"';
}
@@ -489,7 +492,7 @@ class HTTPSig {
$headers = rtrim($headers,"\n");
}
- $sig = base64_encode(rsa_sign($headers,$prvkey,$alg));
+ $sig = base64_encode(Crypto::sign($headers,$prvkey,$alg));
$ret['headers'] = $fields;
$ret['signature'] = $sig;
@@ -565,7 +568,7 @@ class HTTPSig {
$data = $matches[1];
if($iv && $key && $alg && $data) {
- return crypto_unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey);
+ return Crypto::unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey);
}
return '';
diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php
index 96bf131b8..a6a841ccb 100644
--- a/Zotlabs/Web/Router.php
+++ b/Zotlabs/Web/Router.php
@@ -2,6 +2,7 @@
namespace Zotlabs\Web;
+use App;
use Zotlabs\Extend\Route;
use Exception;
@@ -43,7 +44,7 @@ class Router {
*/
function __construct() {
- $module = \App::$module;
+ $module = App::$module;
$modname = "Zotlabs\\Module\\" . ucfirst($module);
if(strlen($module)) {
@@ -60,7 +61,7 @@ class Router {
include_once($route[0]);
if(class_exists($modname)) {
$this->controller = new $modname;
- \App::$module_loaded = true;
+ App::$module_loaded = true;
}
}
}
@@ -68,15 +69,15 @@ class Router {
// legacy plugins - this can be removed when they have all been converted
- if(! (\App::$module_loaded)) {
- if(is_array(\App::$plugins) && in_array($module,\App::$plugins) && file_exists("addon/{$module}/{$module}.php")) {
+ if(! (App::$module_loaded)) {
+ if(is_array(App::$plugins) && in_array($module, App::$plugins) && file_exists("addon/{$module}/{$module}.php")) {
include_once("addon/{$module}/{$module}.php");
if(class_exists($modname)) {
$this->controller = new $modname;
- \App::$module_loaded = true;
+ App::$module_loaded = true;
}
elseif(function_exists($module . '_module')) {
- \App::$module_loaded = true;
+ App::$module_loaded = true;
}
}
}
@@ -86,40 +87,40 @@ class Router {
* Otherwise, look for the standard program module
*/
- if(! (\App::$module_loaded)) {
+ if(! (App::$module_loaded)) {
try {
$filename = 'Zotlabs/SiteModule/'. ucfirst($module). '.php';
if(file_exists($filename)) {
// This won't be picked up by the autoloader, so load it explicitly
require_once($filename);
$this->controller = new $modname;
- \App::$module_loaded = true;
+ App::$module_loaded = true;
}
else {
$filename = 'Zotlabs/Module/'. ucfirst($module). '.php';
if(file_exists($filename)) {
$this->controller = new $modname;
- \App::$module_loaded = true;
+ App::$module_loaded = true;
}
}
- if(! \App::$module_loaded)
- throw new \Exception('Module not found');
+ if(! App::$module_loaded)
+ throw new Exception('Module not found');
}
- catch(\Exception $e) {
+ catch(Exception $e) {
if(file_exists("mod/site/{$module}.php")) {
include_once("mod/site/{$module}.php");
- \App::$module_loaded = true;
+ App::$module_loaded = true;
}
elseif(file_exists("mod/{$module}.php")) {
include_once("mod/{$module}.php");
- \App::$module_loaded = true;
+ App::$module_loaded = true;
}
}
}
$x = [
'module' => $module,
- 'installed' => \App::$module_loaded,
+ 'installed' => App::$module_loaded,
'controller' => $this->controller
];
/**
@@ -136,7 +137,7 @@ class Router {
*/
call_hooks('module_loaded', $x);
if($x['installed']) {
- \App::$module_loaded = true;
+ App::$module_loaded = true;
$this->controller = $x['controller'];
}
@@ -144,7 +145,7 @@ class Router {
* The URL provided does not resolve to a valid module.
*/
- if(! (\App::$module_loaded)) {
+ if(! (App::$module_loaded)) {
// undo the setting of a letsencrypt acme-challenge rewrite rule
// which blocks access to our .well-known routes.
@@ -160,7 +161,7 @@ class Router {
$x = [
'module' => $module,
- 'installed' => \App::$module_loaded,
+ 'installed' => App::$module_loaded,
'controller' => $this->controller
];
call_hooks('page_not_found',$x);
@@ -181,14 +182,14 @@ class Router {
header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found');
$tpl = get_markup_template('404.tpl');
- \App::$page['content'] = replace_macros($tpl, array(
+ App::$page['content'] = replace_macros($tpl, array(
'$message' => t('Page not found.')
));
// pretend this is a module so it will initialise the theme
- \App::$module = '404';
- \App::$module_loaded = true;
- \App::$error = true;
+ App::$module = '404';
+ App::$module_loaded = true;
+ App::$error = true;
}
}
}
@@ -203,9 +204,9 @@ class Router {
* Call module functions
*/
- if(\App::$module_loaded) {
+ if(App::$module_loaded) {
- \App::$page['page_title'] = \App::$module;
+ App::$page['page_title'] = App::$module;
$placeholder = '';
/*
@@ -216,13 +217,13 @@ class Router {
*/
$arr = array('init' => true, 'replace' => false);
- call_hooks(\App::$module . '_mod_init', $arr);
+ call_hooks(App::$module . '_mod_init', $arr);
if(! $arr['replace']) {
if($this->controller && method_exists($this->controller,'init')) {
$this->controller->init();
}
- elseif(function_exists(\App::$module . '_init')) {
- $func = \App::$module . '_init';
+ elseif(function_exists(App::$module . '_init')) {
+ $func = App::$module . '_init';
$func($a);
}
}
@@ -258,41 +259,41 @@ class Router {
$func = str_replace('-', '_', $current_theme[0]) . '_init';
$func($a);
}
- elseif (x(\App::$theme_info, 'extends') && file_exists('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php')) {
- require_once('view/theme/' . \App::$theme_info['extends'] . '/php/theme.php');
- if(function_exists(str_replace('-', '_', \App::$theme_info['extends']) . '_init')) {
- $func = str_replace('-', '_', \App::$theme_info['extends']) . '_init';
+ elseif (x(App::$theme_info, 'extends') && file_exists('view/theme/' . App::$theme_info['extends'] . '/php/theme.php')) {
+ require_once('view/theme/' . App::$theme_info['extends'] . '/php/theme.php');
+ if(function_exists(str_replace('-', '_', App::$theme_info['extends']) . '_init')) {
+ $func = str_replace('-', '_', App::$theme_info['extends']) . '_init';
$func($a);
}
}
- if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! \App::$error) && (! x($_POST, 'auth-params'))) {
- call_hooks(\App::$module . '_mod_post', $_POST);
+ if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! App::$error) && (! x($_POST, 'auth-params'))) {
+ call_hooks(App::$module . '_mod_post', $_POST);
if($this->controller && method_exists($this->controller,'post')) {
$this->controller->post();
}
- elseif(function_exists(\App::$module . '_post')) {
- $func = \App::$module . '_post';
+ elseif(function_exists(App::$module . '_post')) {
+ $func = App::$module . '_post';
$func($a);
}
}
- if(! \App::$error) {
- $arr = array('content' => \App::$page['content'], 'replace' => false);
- call_hooks(\App::$module . '_mod_content', $arr);
+ if(! App::$error) {
+ $arr = array('content' => App::$page['content'], 'replace' => false);
+ call_hooks(App::$module . '_mod_content', $arr);
if(! $arr['replace']) {
if($this->controller && method_exists($this->controller,'get')) {
$arr = array('content' => $this->controller->get());
}
- elseif(function_exists(\App::$module . '_content')) {
- $func = \App::$module . '_content';
+ elseif(function_exists(App::$module . '_content')) {
+ $func = App::$module . '_content';
$arr = array('content' => $func($a));
}
}
- call_hooks(\App::$module . '_mod_aftercontent', $arr);
- \App::$page['content'] = (($arr['replace']) ? $arr['content'] : \App::$page['content'] . $arr['content']);
+ call_hooks(App::$module . '_mod_aftercontent', $arr);
+ App::$page['content'] = ((isset($arr['replace'])) ? $arr['content'] : App::$page['content'] . $arr['content']);
}
}
}
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index ac792dd69..de0d5a883 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -112,7 +112,7 @@ class WebServer {
// now that we've been through the module content, see if the page reported
// a permission problem and if so, a 403 response would seem to be in order.
- if(is_array($_SESSION['sysmsg']) && stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) {
+ if(isset($_SESSION['sysmsg']) && is_array($_SESSION['sysmsg']) && stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.'));
}
@@ -137,9 +137,9 @@ class WebServer {
private function create_channel_links() {
- /* Initialise the Link: response header if this is a channel page.
+ /* Initialise the Link: response header if this is a channel page.
* This cannot be done inside the channel module because some protocol
- * addons over-ride the module functions and these links are common
+ * addons over-ride the module functions and these links are common
* to all protocol drivers; thus doing it here avoids duplication.
*/
@@ -156,7 +156,7 @@ class WebServer {
'url' => z_root() . '/.well-known/webfinger?f=&resource=acct%3A' . argv(1) . '%40' . \App::get_hostname()
],
];
- $x = [ 'channel_address' => argv(1), 'channel_links' => \App::$channel_links ];
+ $x = [ 'channel_address' => argv(1), 'channel_links' => \App::$channel_links ];
call_hooks('channel_links', $x );
\App::$channel_links = $x['channel_links'];
header('Link: ' . \App::get_channel_links());