aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-05-24 23:05:00 -0700
committerredmatrix <git@macgirvin.com>2016-05-24 23:05:00 -0700
commitc37eaff26331c49a2c8754f6d49c6145863f47ca (patch)
treefbeaa955e7819a104fbd1a015a9414a6ebff4bc3 /include
parent80f2ba640ec528bd43db243122a69e765703b7c0 (diff)
downloadvolse-hubzilla-c37eaff26331c49a2c8754f6d49c6145863f47ca.tar.gz
volse-hubzilla-c37eaff26331c49a2c8754f6d49c6145863f47ca.tar.bz2
volse-hubzilla-c37eaff26331c49a2c8754f6d49c6145863f47ca.zip
require token signatures in zot_refresh, also move channel specific stuff into include/channel.php from include/connections.php
Diffstat (limited to 'include')
-rw-r--r--include/channel.php23
-rw-r--r--include/connections.php21
-rw-r--r--include/zot.php26
3 files changed, 47 insertions, 23 deletions
diff --git a/include/channel.php b/include/channel.php
index 8f93ca16f..35084741f 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -1945,3 +1945,26 @@ function get_zcard_embed($channel,$observer_hash = '',$args = array()) {
return $o;
}
+
+
+function channelx_by_nick($nick) {
+ $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and channel_removed = 0 LIMIT 1",
+ dbesc($nick)
+ );
+ return(($r) ? $r[0] : false);
+}
+
+function channelx_by_hash($hash) {
+ $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and channel_removed = 0 LIMIT 1",
+ dbesc($hash)
+ );
+ return(($r) ? $r[0] : false);
+}
+
+function channelx_by_n($id) {
+ $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and channel_removed = 0 LIMIT 1",
+ dbesc($id)
+ );
+ return(($r) ? $r[0] : false);
+}
+
diff --git a/include/connections.php b/include/connections.php
index d9331f42f..d18383fad 100644
--- a/include/connections.php
+++ b/include/connections.php
@@ -48,27 +48,6 @@ function abook_self($channel_id) {
return(($r) ? $r[0] : array());
}
-function channelx_by_nick($nick) {
- $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_address = '%s' and channel_removed = 0 LIMIT 1",
- dbesc($nick)
- );
- return(($r) ? $r[0] : false);
-}
-
-function channelx_by_hash($hash) {
- $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_hash = '%s' and channel_removed = 0 LIMIT 1",
- dbesc($hash)
- );
- return(($r) ? $r[0] : false);
-}
-
-function channelx_by_n($id) {
- $r = q("SELECT * FROM channel left join xchan on channel_hash = xchan_hash WHERE channel_id = %d and channel_removed = 0 LIMIT 1",
- dbesc($id)
- );
- return(($r) ? $r[0] : false);
-}
-
function vcard_from_xchan($xchan, $observer = null, $mode = '') {
diff --git a/include/zot.php b/include/zot.php
index 9ed3d7d03..b6424c272 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -329,8 +329,12 @@ function zot_refresh($them, $channel = null, $force = false) {
return false;
}
+ $token = random_string();
+
$postvars = array();
+ $postvars['token'] = $token;
+
if($channel) {
$postvars['target'] = $channel['channel_guid'];
$postvars['target_sig'] = $channel['channel_guid_sig'];
@@ -343,11 +347,13 @@ function zot_refresh($them, $channel = null, $force = false) {
$postvars['guid_hash'] = $them['xchan_hash'];
if (array_key_exists('xchan_guid',$them) && $them['xchan_guid']
&& array_key_exists('xchan_guid_sig',$them) && $them['xchan_guid_sig']) {
-
$postvars['guid'] = $them['xchan_guid'];
$postvars['guid_sig'] = $them['xchan_guid_sig'];
+
}
+ $token = random_string();
+
$rhs = '/.well-known/zot-info';
$result = z_post_url($url . $rhs,$postvars);
@@ -363,6 +369,22 @@ function zot_refresh($them, $channel = null, $force = false) {
return false;
}
+ $signed_token = ((is_array($j) && array_key_exists('signed_token',$j)) ? $j['signed_token'] : null);
+ if($signed_token) {
+ $valid = rsa_verify('token.' . $token,base64url_decode($signed_token),$j['key']);
+ if(! $valid) {
+ logger('invalid signed token: ' . $url . $rhs, LOGGER_NORMAL, LOG_WARN);
+ return false;
+ }
+ }
+ else {
+ logger('No signed token from ' . $url . $rhs, LOGGER_NORMAL, LOG_WARN);
+ // after 2017-01-01 this will be a hard error unless you over-ride it.
+ if((time() > 1483228800) && (! get_config('system','allow_unsigned_zotfinger'))) {
+ return false;
+ }
+ }
+
$x = import_xchan($j, (($force) ? UPDATE_FLAGS_FORCED : UPDATE_FLAGS_UPDATED));
if(! $x['success'])
@@ -1493,7 +1515,7 @@ function public_recips($msg) {
/**
* @brief
*
- * This is the second part of public_recipes().
+ * This is the second part of public_recips().
* We'll find all the channels willing to accept public posts from us, then
* match them against the sender privacy scope and see who in that list that
* the sender is allowing.