aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/zot.php90
-rw-r--r--mod/post.php58
-rw-r--r--mod/zfinger.php25
-rw-r--r--version.inc2
4 files changed, 116 insertions, 59 deletions
diff --git a/include/zot.php b/include/zot.php
index 021025f62..63508b749 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -69,11 +69,13 @@ function zot_notify($channel,$url,$type = 'notify',$recipients = null, $remote_k
'hub' => z_root(),
'hub_sig' => base64url_encode(z_root,$channel['prvkey'])
)),
- 'recipients' => json_encode($recipients),
'callback' => '/post',
'version' => ZOT_REVISION
);
+ if($recipients)
+ $params['recipients'] = json_encode($recipients);
+
// Hush-hush ultra top-secret mode
if($remote_key) {
@@ -137,7 +139,7 @@ function zot_finger($webbie,$channel) {
}
-function zot_refresh($them,$channel) {
+function zot_refresh($them,$channel = null) {
if($them['hubloc_url'])
$url = $them['hubloc_url'];
@@ -152,20 +154,26 @@ function zot_refresh($them,$channel) {
if(! $url)
return;
- if($them['xchan_hash'])
- $guid_hash = $them['xchan_hash'];
-
- if(! $guid_hash)
- return;
-
+ $postvars = array();
+
+ if($channel) {
+ $postvars['target'] = $channel['channel_guid'];
+ $postvars['target_sig'] = $channel['channel_guid_sig'];
+ $postvars['key'] = $channel['channel_pubkey'];
+ }
+
+ if(array_key_exists('xchan_addr',$them) && $them['xchan_addr'])
+ $postvars['address'] = $them['xchan_addr'];
+ if(array_key_exists('xchan_hash',$them) && $them['xchan_hash'])
+ $postvars['guid_hash'] = $them['xchan_hash'];
+ if(array_key_exists('xchan_guid',$them) && $them['xchan_guid']
+ && array_key_exists('xchan_guid_sig',$them) && $them['xchan_guid_sig']) {
+ $postvars['guid'] = $them['xchan_guid'];
+ $postvars['guid_sig'] = $them['xchan_guid_sig'];
+ }
+
$rhs = '/.well-known/zot-info';
- $postvars = array(
- 'guid_hash' => $guid_hash,
- 'target' => $channel['channel_guid'],
- 'target_sig' => $channel['channel_guid_sig'],
- 'key' => $channel['channel_pubkey']
- );
$result = z_post_url($url . $rhs,$postvars);
if($result['success']) {
@@ -181,37 +189,39 @@ function zot_refresh($them,$channel) {
$their_perms = 0;
- $global_perms = get_perms();
-
- if($j->permissions->data) {
- $permissions = aes_unencapsulate(array(
- 'data' => $j->permissions->data,
- 'key' => $j->permissions->key,
- 'iv' => $j->permissions->iv),
- $channel['channel_prvkey']);
- if($permissions)
- $permissions = json_decode($permissions);
- logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA);
- }
- else
- $permissions = $j->permissions;
- foreach($permissions as $k => $v) {
- if($v) {
- $their_perms = $their_perms | intval($global_perms[$k][1]);
+ if($channel) {
+ $global_perms = get_perms();
+ if($j->permissions->data) {
+ $permissions = aes_unencapsulate(array(
+ 'data' => $j->permissions->data,
+ 'key' => $j->permissions->key,
+ 'iv' => $j->permissions->iv),
+ $channel['channel_prvkey']);
+ if($permissions)
+ $permissions = json_decode($permissions);
+ logger('decrypted permissions: ' . print_r($permissions,true), LOGGER_DATA);
+ }
+ else
+ $permissions = $j->permissions;
+
+ foreach($permissions as $k => $v) {
+ if($v) {
+ $their_perms = $their_perms | intval($global_perms[$k][1]);
+ }
}
+
+ $r = q("update abook set their_perms = %d
+ where abook_xchan = '%s' and abook_channel = %d limit 1",
+ intval($their_perms),
+ dbesc($channel['channel_hash']),
+ intval($channel['channel_id'])
+ );
+ if(! $r)
+ logger('abook update failed');
}
- $r = q("update abook set their_perms = %d where abook_xchan = '%s' and abook_channel = %d limit 1",
- intval($their_perms),
- dbesc($channel['channel_hash']),
- intval($channel['channel_id'])
- );
- if(! $r)
- logger('abook update failed');
-
return true;
-
}
return false;
diff --git a/mod/post.php b/mod/post.php
index fb8885b93..82ffb5817 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -9,16 +9,25 @@ require_once('include/zot.php');
function post_post(&$a) {
- $ret = array('result' => false, 'message' => '');
+ $ret = array('result' => false);
- $msgtype = ((array_key_exists('type',$_REQUEST)) ? $_REQUEST['type'] : '');
+ if(array_key_exists('iv',$_REQUEST)) {
+ // hush-hush ultra top secret mode
+ $data = aes_unencapsulate($_REQUEST,get_config('system','site_prvkey'));
+ }
+ else {
+ $data = $_REQUEST;
+ }
- if(array_key_exists('sender',$_REQUEST)) {
- $j_sender = json_decode($_REQUEST['sender']);
+ $msgtype = ((array_key_exists('type',$data)) ? $data['type'] : '');
+
+ if(array_key_exists('sender',$data)) {
+ $j_sender = json_decode($data['sender']);
}
$hub = zot_gethub($j_sender);
if(! $hub) {
+ // (!!) this will validate the sender
$result = zot_register_hub($j_sender);
if((! $result['success']) || (! zot_gethub($j_sender))) {
$ret['message'] = 'Hub not available.';
@@ -26,27 +35,54 @@ function post_post(&$a) {
}
}
- // check which hub is primary and take action if mismatched
+ // TODO: check which hub is primary and take action if mismatched
+ if(array_key_exists('recipients',$data))
+ $j_recipients = json_decode($data['recipients']);
if($msgtype === 'refresh') {
- // Need to pass the recipient in the message
+ // remote channel info (such as permissions or photo or something)
+ // has been updated. Grab a fresh copy and sync it.
- // look up recipient
+ if($j_recipients) {
- // format args
- // $r = zot_refresh($them,$channel);
+ // This would be a permissions update, typically for one connection
- return;
+ foreach($j_recipients as $recip) {
+ $r = q("select channel.*,xchan.* from channel
+ left join xchan on channel_hash = xchan_hash
+ where channel_guid = '%s' and channel_guid_sig = '%s' limit 1",
+ dbesc($recip->guid),
+ dbesc($recip->guid_sig)
+ );
+ $x = zot_refresh(array(
+ 'xchan_guid' => $j_sender->guid,
+ 'xchan_guid_sig' => $j_sender->guid_sig,
+ 'hubloc_url' => $j_sender->url
+ ),$r[0]);
+ }
+ }
+ else {
+
+ // system wide refresh
+
+ $x = zot_refresh(array(
+ 'xchan_guid' => $j_sender->guid,
+ 'xchan_guid_sig' => $j_sender->guid_sig,
+ 'hubloc_url' => $j_sender->url
+ ),null);
+ }
+ $ret['result'] = true;
+ json_return_and_die($ret);
}
if($msgtype === 'notify') {
// add to receive queue
- // qreceive_add($_REQUEST);
+ // qreceive_add($data);
$ret['result'] = true;
json_return_and_die($ret);
diff --git a/mod/zfinger.php b/mod/zfinger.php
index cc4b8cdd3..e1afdeba4 100644
--- a/mod/zfinger.php
+++ b/mod/zfinger.php
@@ -7,11 +7,13 @@ function zfinger_init(&$a) {
$ret = array('success' => false);
- $zhash = ((x($_REQUEST,'guid_hash')) ? $_REQUEST['guid_hash'] : '');
- $zaddr = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : '');
- $ztarget = ((x($_REQUEST,'target')) ? $_REQUEST['target'] : '');
- $zsig = ((x($_REQUEST,'target_sig')) ? $_REQUEST['target_sig'] : '');
- $zkey = ((x($_REQUEST,'key')) ? $_REQUEST['key'] : '');
+ $zhash = ((x($_REQUEST,'guid_hash')) ? $_REQUEST['guid_hash'] : '');
+ $zguid = ((x($_REQUEST,'guid')) ? $_REQUEST['guid'] : '');
+ $zguid_sig = ((x($_REQUEST,'guid_sig')) ? $_REQUEST['guid_sig'] : '');
+ $zaddr = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : '');
+ $ztarget = ((x($_REQUEST,'target')) ? $_REQUEST['target'] : '');
+ $zsig = ((x($_REQUEST,'target_sig')) ? $_REQUEST['target_sig'] : '');
+ $zkey = ((x($_REQUEST,'key')) ? $_REQUEST['key'] : '');
if($ztarget) {
if((! $zkey) || (! $zsig) || (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) {
@@ -23,12 +25,19 @@ function zfinger_init(&$a) {
$r = null;
- if(strlen($zguid)) {
+ if(strlen($zhash)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
where channel_hash = '%s' limit 1",
dbesc($zhash)
);
}
+ if(strlen($zguid) && strlen($zguid_sig)) {
+ $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
+ where channel_guid = '%s' and channel_guid_sig = '%s' limit 1",
+ dbesc($zguid),
+ dbesc($zguid_sig)
+ );
+ }
elseif(strlen($zaddr)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
where channel_address = '%s' limit 1",
@@ -40,7 +49,7 @@ function zfinger_init(&$a) {
json_return_and_die($ret);
}
- if(! ($r && count($r))) {
+ if(! $r) {
$ret['message'] = 'Item not found.';
json_return_and_die($ret);
}
@@ -48,6 +57,8 @@ function zfinger_init(&$a) {
$e = $r[0];
$id = $e['channel_id'];
+
+// This is for birthdays and keywords, but must check access permissions
// $r = q("select contact.*, profile.*
// from contact left join profile on contact.uid = profile.uid
// where contact.uid = %d && contact.self = 1 and profile.is_default = 1 limit 1",
diff --git a/version.inc b/version.inc
index cf7a2bc05..551d49439 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2012-11-11.135
+2012-11-12.136