diff options
author | Max Kostikov <max@kostikov.co> | 2020-11-15 11:09:44 +0100 |
---|---|---|
committer | Max Kostikov <max@kostikov.co> | 2020-11-15 11:09:44 +0100 |
commit | 38985dc4e2a05e4746e1d0fc7bdb09ec55273e54 (patch) | |
tree | 7be5457bcd756985adc7025db9424972f74a4a6c /Zotlabs | |
parent | 7cf9b85a97829dc6e11fef4dcafeebe746084c1f (diff) | |
parent | e74c52094f218686c59ddb5f6c186f02158cf89a (diff) | |
download | volse-hubzilla-38985dc4e2a05e4746e1d0fc7bdb09ec55273e54.tar.gz volse-hubzilla-38985dc4e2a05e4746e1d0fc7bdb09ec55273e54.tar.bz2 volse-hubzilla-38985dc4e2a05e4746e1d0fc7bdb09ec55273e54.zip |
Merge branch 'dev' into 'dev'
Dev sync
See merge request kostikov/core!1
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Daemon/Notifier.php | 23 | ||||
-rw-r--r-- | Zotlabs/Lib/Activity.php | 20 | ||||
-rw-r--r-- | Zotlabs/Lib/JSalmon.php | 2 | ||||
-rw-r--r-- | Zotlabs/Lib/LDSignatures.php | 3 | ||||
-rw-r--r-- | Zotlabs/Lib/Share.php | 2 | ||||
-rw-r--r-- | Zotlabs/Lib/Zotfinger.php | 7 | ||||
-rw-r--r-- | Zotlabs/Module/Admin/Site.php | 8 | ||||
-rw-r--r-- | Zotlabs/Module/Channel.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Connedit.php | 15 | ||||
-rw-r--r-- | Zotlabs/Module/Photos.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Sse.php | 107 | ||||
-rw-r--r-- | Zotlabs/Module/Sse_bs.php | 5 | ||||
-rw-r--r-- | Zotlabs/Module/Zot_probe.php | 2 | ||||
-rw-r--r-- | Zotlabs/Update/_1239.php | 27 | ||||
-rw-r--r-- | Zotlabs/Web/HTTPSig.php | 66 | ||||
-rw-r--r-- | Zotlabs/Zot6/Receiver.php | 2 |
16 files changed, 207 insertions, 86 deletions
diff --git a/Zotlabs/Daemon/Notifier.php b/Zotlabs/Daemon/Notifier.php index 8ea75af61..f24eab773 100644 --- a/Zotlabs/Daemon/Notifier.php +++ b/Zotlabs/Daemon/Notifier.php @@ -4,6 +4,7 @@ namespace Zotlabs\Daemon; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\Activity; +use Zotlabs\Lib\Queue; require_once('include/queue_fn.php'); require_once('include/html2plain.php'); @@ -734,15 +735,17 @@ class Notifier { } if($packet) { - queue_insert(array( - 'hash' => $hash, - 'account_id' => $channel['channel_account_id'], - 'channel_id' => $channel['channel_id'], - 'posturl' => $hub['hubloc_callback'], - 'driver' => $hub['hubloc_network'], - 'notify' => $packet, - 'msg' => (($pmsg) ? json_encode($pmsg) : '') - )); + Queue::insert( + [ + 'hash' => $hash, + 'account_id' => $channel['channel_account_id'], + 'channel_id' => $channel['channel_id'], + 'posturl' => $hub['hubloc_callback'], + 'driver' => $hub['hubloc_network'], + 'notify' => $packet, + 'msg' => (($pmsg) ? json_encode($pmsg) : '') + ] + ); } else { $env = (($hub_env && $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']]) ? $hub_env[$hub['hubloc_host'] . $hub['hubloc_sitekey']] : ''); @@ -803,7 +806,7 @@ class Notifier { } } - queue_insert( + Queue::insert( [ 'hash' => $hash, 'account_id' => $target_item['aid'], diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 08e5ffaca..5f222754b 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -104,6 +104,7 @@ class Activity { } else { logger('fetch failed: ' . $url); + logger($x['body']); } return null; } @@ -1018,6 +1019,7 @@ class Activity { if(! $extended) { return $p['xchan_url']; } + $ret = []; $c = ((array_key_exists('channel_id',$p)) ? $p : channelx_by_hash($p['xchan_hash'])); @@ -1063,10 +1065,16 @@ class Activity { ] ]; + $ret['publicKey'] = [ + 'id' => $p['xchan_url'], + 'owner' => $p['xchan_url'], + 'publicKeyPem' => $p['xchan_pubkey'] + ]; + $arr = [ 'xchan' => $p, 'encoded' => $ret ]; call_hooks('encode_person', $arr); - $ret = $arr['encoded']; + $ret = $arr['encoded']; return $ret; } @@ -1485,6 +1493,14 @@ class Activity { if(! is_array($person_obj)) return; + $inbox = $person_obj['inbox']; + + // invalid identity + + if (! $inbox || strpos($inbox,z_root()) !== false) { + return; + } + $name = $person_obj['name']; if(! $name) $name = $person_obj['preferredUsername']; @@ -1532,8 +1548,6 @@ class Activity { $profile = $url; } - $inbox = $person_obj['inbox']; - $collections = []; if($inbox) { diff --git a/Zotlabs/Lib/JSalmon.php b/Zotlabs/Lib/JSalmon.php index 67512046f..48a4e649b 100644 --- a/Zotlabs/Lib/JSalmon.php +++ b/Zotlabs/Lib/JSalmon.php @@ -51,7 +51,7 @@ class JSalmon { . base64url_encode($x['encoding'],true) . '.' . base64url_encode($x['alg'],true); - $key = HTTPSig::get_key(EMPTY_STR,base64url_decode($x['sigs']['key_id'])); + $key = HTTPSig::get_key(EMPTY_STR,'zot6',base64url_decode($x['sigs']['key_id'])); logger('key: ' . print_r($key,true)); if($key['portable_id'] && $key['public_key']) { if(rsa_verify($signed_data,base64url_decode($x['sigs']['value']),$key['public_key'])) { diff --git a/Zotlabs/Lib/LDSignatures.php b/Zotlabs/Lib/LDSignatures.php index 16c8cfc18..2eba66ccf 100644 --- a/Zotlabs/Lib/LDSignatures.php +++ b/Zotlabs/Lib/LDSignatures.php @@ -93,7 +93,8 @@ class LDSignatures { $d = jsonld_normalize($data,[ 'algorithm' => 'URDNA2015', 'format' => 'application/nquads' ]); } catch (\Exception $e) { - logger('normalise error:' . print_r($e,true)); + // Don't log the exception - this can exhaust memory + // logger('normalise error:' . print_r($e,true)); logger('normalise error: ' . print_r($data,true)); } diff --git a/Zotlabs/Lib/Share.php b/Zotlabs/Lib/Share.php index 419e6ed5f..d34c0eaba 100644 --- a/Zotlabs/Lib/Share.php +++ b/Zotlabs/Lib/Share.php @@ -133,7 +133,7 @@ class Share { "' message_id='" . $this->item['mid'] . "']"; if($this->item['title']) - $bb .= '[b]'.$this->item['title'].'[/b]'."\r\n"; + $bb .= '[h3][b]'.$this->item['title'].'[/b][/h3]'."\r\n"; $bb .= (($is_photo) ? $photo_bb . "\r\n" . $this->item['body'] : $this->item['body']); $bb .= "[/share]"; } diff --git a/Zotlabs/Lib/Zotfinger.php b/Zotlabs/Lib/Zotfinger.php index 722e34dfc..e853d6ebc 100644 --- a/Zotlabs/Lib/Zotfinger.php +++ b/Zotlabs/Lib/Zotfinger.php @@ -6,7 +6,7 @@ use Zotlabs\Web\HTTPSig; class Zotfinger { - static function exec($resource,$channel = null) { + static function exec($resource,$channel = null, $verify = true) { if(! $resource) { return false; @@ -41,8 +41,9 @@ class Zotfinger { logger('fetch: ' . print_r($x,true)); if($x['success']) { - - $result['signature'] = HTTPSig::verify($x); + if ($verify) { + $result['signature'] = HTTPSig::verify($x, EMPTY_STR, 'zot6'); + } $result['data'] = json_decode($x['body'],true); diff --git a/Zotlabs/Module/Admin/Site.php b/Zotlabs/Module/Admin/Site.php index 4bb34b7b7..011bf3ce4 100644 --- a/Zotlabs/Module/Admin/Site.php +++ b/Zotlabs/Module/Admin/Site.php @@ -62,6 +62,9 @@ class Site { $from_email = ((array_key_exists('from_email',$_POST) && trim($_POST['from_email'])) ? trim($_POST['from_email']) : 'Administrator@' . \App::get_hostname()); $from_email_name = ((array_key_exists('from_email_name',$_POST) && trim($_POST['from_email_name'])) ? trim($_POST['from_email_name']) : \Zotlabs\Lib\System::get_site_name()); + + $sse_enabled = ((x($_POST,'sse_enabled')) ? true : false); + $verifyssl = ((x($_POST,'verifyssl')) ? True : False); $proxyuser = ((x($_POST,'proxyuser')) ? notags(trim($_POST['proxyuser'])) : ''); $proxy = ((x($_POST,'proxy')) ? notags(trim($_POST['proxy'])) : ''); @@ -151,6 +154,9 @@ class Site { set_config('system','no_community_page', $no_community_page); set_config('system','no_utf', $no_utf); + + set_config('system','sse_enabled', $sse_enabled); + set_config('system','verifyssl', $verifyssl); set_config('system','proxyuser', $proxyuser); set_config('system','proxy', $proxy); @@ -331,6 +337,8 @@ class Site { '$directory_server' => (($dir_choices) ? array('directory_server', t("Directory Server URL"), get_config('system','directory_server'), t("Default directory server"), $dir_choices) : null), + '$sse_enabled' => array('sse_enabled', t('Enable SSE Notifications'), get_config('system', 'sse_enabled', 0), t('If disabled, traditional polling will be used. Warning: this setting might not be suited for shared hosting')), + '$proxyuser' => array('proxyuser', t("Proxy user"), get_config('system','proxyuser'), ""), '$proxy' => array('proxy', t("Proxy URL"), get_config('system','proxy'), ""), '$timeout' => array('timeout', t("Network timeout"), (x(get_config('system','curl_timeout'))?get_config('system','curl_timeout'):60), t("Value is in seconds. Set to 0 for unlimited (not recommended).")), diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 307be048a..dc8e9e1c5 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -60,7 +60,7 @@ class Channel extends Controller { if(Libzot::is_zot_request()) { - $sigdata = HTTPSig::verify(file_get_contents('php://input')); + $sigdata = HTTPSig::verify(file_get_contents('php://input'), EMPTY_STR, 'zot6'); if($sigdata && $sigdata['signer'] && $sigdata['header_valid']) { $data = json_encode(Libzot::zotinfo([ 'address' => $channel['channel_address'], 'target_url' => $sigdata['signer'] ])); diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index 0fc807d42..becf8460d 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -294,8 +294,8 @@ class Connedit extends Controller { intval($channel['channel_id']) ); if(($pr) && (! intval($orig_record[0]['abook_hidden'])) && (intval(get_pconfig($channel['channel_id'],'system','post_newfriend')))) { - $xarr = array(); - $xarr['verb'] = ACTIVITY_FRIEND; + $xarr = []; + $xarr['item_wall'] = 1; $xarr['item_origin'] = 1; $xarr['item_thread_top'] = 1; @@ -305,17 +305,6 @@ class Connedit extends Controller { $xarr['deny_cid'] = $channel['channel_deny_cid']; $xarr['deny_gid'] = $channel['channel_deny_gid']; $xarr['item_private'] = (($xarr['allow_cid']||$xarr['allow_gid']||$xarr['deny_cid']||$xarr['deny_gid']) ? 1 : 0); - $obj = array( - 'type' => ACTIVITY_OBJ_PERSON, - 'title' => App::$poi['xchan_name'], - 'id' => App::$poi['xchan_hash'], - 'link' => array( - array('rel' => 'alternate', 'type' => 'text/html', 'href' => App::$poi['xchan_url']), - array('rel' => 'photo', 'type' => App::$poi['xchan_photo_mimetype'], 'href' => App::$poi['xchan_photo_l']) - ), - ); - $xarr['obj'] = json_encode($obj); - $xarr['obj_type'] = ACTIVITY_OBJ_PERSON; $xarr['body'] = '[zrl=' . $channel['xchan_url'] . ']' . $channel['xchan_name'] . '[/zrl]' . ' ' . t('is now connected to') . ' ' . '[zrl=' . App::$poi['xchan_url'] . ']' . App::$poi['xchan_name'] . '[/zrl]'; diff --git a/Zotlabs/Module/Photos.php b/Zotlabs/Module/Photos.php index 649e753ad..fa9216c97 100644 --- a/Zotlabs/Module/Photos.php +++ b/Zotlabs/Module/Photos.php @@ -210,7 +210,7 @@ class Photos extends \Zotlabs\Web\Controller { if(($m) && ($m[0]['folder'] != $_POST['move_to_album'])) { attach_move($page_owner_uid,argv(2),$_POST['move_to_album']); - $sync = attach_export_data(\App::$data['channel'],argv(2),true); + $sync = attach_export_data(\App::$data['channel'], argv(2), false); if($sync) Libsync::build_sync_packet($page_owner_uid,array('file' => array($sync))); diff --git a/Zotlabs/Module/Sse.php b/Zotlabs/Module/Sse.php index b68fe6705..46b4a8d87 100644 --- a/Zotlabs/Module/Sse.php +++ b/Zotlabs/Module/Sse.php @@ -14,6 +14,7 @@ class Sse extends Controller { public static $ob_hash; public static $sse_id; public static $vnotify; + public static $sse_enabled; function init() { @@ -49,18 +50,86 @@ class Sse extends Controller { $sys = get_sys_channel(); $sleep_seconds = 3; - header("Content-Type: text/event-stream"); - header("Cache-Control: no-cache"); - header("Connection: keep-alive"); - header("X-Accel-Buffering: no"); + self::$sse_enabled = get_config('system', 'sse_enabled', 0); - while(true) { + if(self::$sse_enabled) { - /** - * Update chat presence indication (if applicable) - */ + // Server Sent Events + + header("Content-Type: text/event-stream"); + header("Cache-Control: no-cache"); + header("Connection: keep-alive"); + header("X-Accel-Buffering: no"); + + while(true) { + + if(! self::$sse_id) { + + // Update chat presence indication + + $r = q("select cp_id, cp_room from chatpresence where cp_xchan = '%s' and cp_client = '%s' and cp_room = 0 limit 1", + dbesc(self::$ob_hash), + dbesc($_SERVER['REMOTE_ADDR']) + ); + $basic_presence = false; + if($r) { + $basic_presence = true; + q("update chatpresence set cp_last = '%s' where cp_id = %d", + dbesc(datetime_convert()), + intval($r[0]['cp_id']) + ); + } + if(! $basic_presence) { + q("insert into chatpresence ( cp_xchan, cp_last, cp_status, cp_client) + values( '%s', '%s', '%s', '%s' ) ", + dbesc(self::$ob_hash), + dbesc(datetime_convert()), + dbesc('online'), + dbesc($_SERVER['REMOTE_ADDR']) + ); + } + } + + XConfig::Load(self::$ob_hash); + + $result = XConfig::Get(self::$ob_hash, 'sse', 'notifications', []); + $lock = XConfig::Get(self::$ob_hash, 'sse', 'lock'); + + if($result && !$lock) { + echo "event: notifications\n"; + echo 'data: ' . json_encode($result); + echo "\n\n"; + + XConfig::Set(self::$ob_hash, 'sse', 'notifications', []); + unset($result); + } + + // always send heartbeat to detect disconnected clients + echo "event: heartbeat\n"; + echo 'data: {}'; + echo "\n\n"; + + ob_end_flush(); + flush(); + + if(connection_status() != CONNECTION_NORMAL || connection_aborted()) { + //TODO: this does not seem to be triggered + XConfig::Set(self::$ob_hash, 'sse', 'timestamp', NULL_DATE); + break; + } + + sleep($sleep_seconds); + + } + + } + else { + // Fallback to traditional polling if(! self::$sse_id) { + + // Update chat presence indication + $r = q("select cp_id, cp_room from chatpresence where cp_xchan = '%s' and cp_client = '%s' and cp_room = 0 limit 1", dbesc(self::$ob_hash), dbesc($_SERVER['REMOTE_ADDR']) @@ -90,29 +159,11 @@ class Sse extends Controller { $lock = XConfig::Get(self::$ob_hash, 'sse', 'lock'); if($result && !$lock) { - echo "event: notifications\n"; - echo 'data: ' . json_encode($result); - echo "\n\n"; - XConfig::Set(self::$ob_hash, 'sse', 'notifications', []); - unset($result); - } - - // always send heartbeat to detect disconnected clients - echo "event: heartbeat\n"; - echo 'data: {}'; - echo "\n\n"; - - ob_end_flush(); - flush(); - - if(connection_status() != CONNECTION_NORMAL || connection_aborted()) { - //TODO: this does not seem to be triggered - XConfig::Set(self::$ob_hash, 'sse', 'timestamp', NULL_DATE); - break; + json_return_and_die($result); } - sleep($sleep_seconds); + killme(); } diff --git a/Zotlabs/Module/Sse_bs.php b/Zotlabs/Module/Sse_bs.php index e3439e7dd..287c24829 100644 --- a/Zotlabs/Module/Sse_bs.php +++ b/Zotlabs/Module/Sse_bs.php @@ -129,8 +129,9 @@ class Sse_bs extends Controller { call_hooks('update_unseen',$x); if($x['update'] === 'unset' || intval($x['update'])) { - q("UPDATE item SET item_unseen = 0 WHERE uid = %d AND mid in (". $str . ") AND item_unseen = 1", - intval(self::$uid) + q("UPDATE item SET item_unseen = 0 WHERE uid = %d AND mid in (%s) AND item_unseen = 1", + intval(self::$uid), + $str // this is dbesc() in the above foreach loop ); } diff --git a/Zotlabs/Module/Zot_probe.php b/Zotlabs/Module/Zot_probe.php index 648ed2175..7585affdf 100644 --- a/Zotlabs/Module/Zot_probe.php +++ b/Zotlabs/Module/Zot_probe.php @@ -34,7 +34,7 @@ class Zot_probe extends \Zotlabs\Web\Controller { $o .= '<pre>' . htmlspecialchars($x['header']) . '</pre>' . EOL; - $o .= 'verify returns: ' . str_replace("\n",EOL,print_r(HTTPSig::verify($x),true)) . EOL; + $o .= 'verify returns: ' . str_replace("\n",EOL,print_r(HTTPSig::verify($x, EMPTY_STR, 'zot6'),true)) . EOL; $o .= '<pre>' . htmlspecialchars(json_encode(json_decode($x['body']),JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES)) . '</pre>' . EOL; diff --git a/Zotlabs/Update/_1239.php b/Zotlabs/Update/_1239.php new file mode 100644 index 000000000..ed8de30bb --- /dev/null +++ b/Zotlabs/Update/_1239.php @@ -0,0 +1,27 @@ +<?php + +namespace Zotlabs\Update; + +class _1239 { + + function run() { + + dbq("START TRANSACTION"); + + // remove broken activitypub hubloc entries + $r = dbq("DELETE FROM hubloc WHERE hubloc_network = 'activitypub' and hubloc_callback = ''"); + + // remove broken hubloc entries from friendica + $r1 = dbq("DELETE FROM hubloc WHERE hubloc_hash = ''"); + + if($r && $r1) { + dbq("COMMIT"); + return UPDATE_SUCCESS; + } + + dbq("ROLLBACK"); + return UPDATE_FAILED; + + } + +} diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 827e0d779..42426afb1 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -76,7 +76,7 @@ class HTTPSig { // See draft-cavage-http-signatures-10 - static function verify($data,$key = '') { + static function verify($data,$key = '', $keytype = '') { $body = $data; $headers = null; @@ -151,7 +151,7 @@ class HTTPSig { $result['signer'] = $sig_block['keyId']; - $key = self::get_key($key,$result['signer']); + $key = self::get_key($key,$keytype,$result['signer']); if(! ($key && $key['public_key'])) { return $result; @@ -162,13 +162,26 @@ class HTTPSig { logger('verified: ' . $x, LOGGER_DEBUG); if(! $x) { - logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($key['public_key']) ? '' : ' no key')); - $sig_block['signature'] = base64_encode($sig_block['signature']); - logger('affected sigblock: ' . print_r($sig_block,true)); - logger('signed_data: ' . print_r($signed_data,true)); - logger('headers: ' . print_r($headers,true)); - logger('server: ' . print_r($_SERVER,true)); - return $result; + + // try again, ignoring the local actor (xchan) cache and refetching the key + // from its source + + $fkey = self::get_key($key,$keytype,$result['signer'],true); + + if ($fkey && $fkey['public_key']) { + $y = rsa_verify($signed_data,$sig_block['signature'],$fkey['public_key'],$algorithm); + logger('verified: (cache reload) ' . $x, LOGGER_DEBUG); + } + + if (! $y) { + logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($fkey['public_key']) ? '' : ' no key')); + $sig_block['signature'] = base64_encode($sig_block['signature']); + logger('affected sigblock: ' . print_r($sig_block,true)); + logger('headers: ' . print_r($headers,true)); + logger('server: ' . print_r($_SERVER,true)); + return $result; + } + } $result['portable_id'] = $key['portable_id']; @@ -187,12 +200,17 @@ class HTTPSig { } logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false')); + if (! $result['content_valid']) { + logger('invalid content signature: data ' . print_r($data,true)); + logger('invalid content signature: headers ' . print_r($headers,true)); + logger('invalid content signature: body ' . print_r($body,true)); + } } return $result; } - static function get_key($key,$id) { + static function get_key($key,$keytype,$id) { if($key) { if(function_exists($key)) { @@ -201,6 +219,13 @@ class HTTPSig { return [ 'public_key' => $key ]; } + if($keytype === 'zot6') { + $key = self::get_zotfinger_key($id,$force); + if($key) { + return $key; + } + } + if(strpos($id,'#') === false) { $key = self::get_webfinger_key($id); } @@ -243,7 +268,7 @@ class HTTPSig { $url = ((strpos($id,'#')) ? substr($id,0,strpos($id,'#')) : $id); - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s'", + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' and hubloc_network in ('zot6', 'activitypub')", dbesc(str_replace('acct:','',$url)), dbesc($url) ); @@ -303,18 +328,15 @@ class HTTPSig { return (($key['public_key']) ? $key : false); } - function get_zotfinger_key($id) { - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s'", + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' and hubloc_network = 'zot6'", dbesc(str_replace('acct:','',$id)), dbesc($id) ); - $x = Libzot::zot_record_preferred($x); - - if($x && $x['xchan_pubkey']) { - return [ 'portable_id' => $x['xchan_hash'], 'public_key' => $x['xchan_pubkey'] , 'hubloc' => $x ]; + if($x && $x[0]['xchan_pubkey']) { + return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ]; } $wf = Webfinger::exec($id); @@ -330,13 +352,18 @@ class HTTPSig { continue; } if($l['rel'] === 'http://purl.org/zot/protocol/6.0' && array_key_exists('href',$l) && $l['href'] !== EMPTY_STR) { - $z = \Zotlabs\Lib\Zotfinger::exec($l['href']); + + // The third argument to Zotfinger::exec() tells it not to verify signatures + // Since we're inside a function that is fetching keys with which to verify signatures, + // this is necessary to prevent infinite loops. + + $z = \Zotlabs\Lib\Zotfinger::exec($l['href'],null,false); if($z) { $i = Libzot::import_xchan($z['data']); if($i['success']) { $key['portable_id'] = $i['hash']; - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' limit 1", + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' and hubloc_network = 'zot6'", dbesc($l['href']) ); if($x) { @@ -485,7 +512,6 @@ class HTTPSig { if(preg_match('/iv="(.*?)"/ism',$header,$matches)) $header = self::decrypt_sigheader($header); - if(preg_match('/keyId="(.*?)"/ism',$header,$matches)) $ret['keyId'] = $matches[1]; if(preg_match('/algorithm="(.*?)"/ism',$header,$matches)) diff --git a/Zotlabs/Zot6/Receiver.php b/Zotlabs/Zot6/Receiver.php index 9e70ab318..a9a7ab0df 100644 --- a/Zotlabs/Zot6/Receiver.php +++ b/Zotlabs/Zot6/Receiver.php @@ -155,7 +155,7 @@ class Receiver { $result = false; - $this->sigdata = HTTPSig::verify($this->rawdata); + $this->sigdata = HTTPSig::verify($this->rawdata, EMPTY_STR, 'zot6'); if ($this->sigdata && $this->sigdata['header_signed'] && $this->sigdata['header_valid']) { $result = true; |