diff options
-rw-r--r-- | Zotlabs/Lib/ActivityStreams.php | 16 | ||||
-rw-r--r-- | Zotlabs/Lib/LDSignatures.php | 5 | ||||
-rw-r--r-- | Zotlabs/Module/Pubstream.php | 4 | ||||
-rw-r--r-- | Zotlabs/Module/Xrd.php | 1 | ||||
-rw-r--r-- | Zotlabs/Web/HTTPSig.php | 10 | ||||
-rw-r--r-- | Zotlabs/Web/Router.php | 19 | ||||
-rwxr-xr-x | boot.php | 29 | ||||
-rw-r--r-- | doc/hooklist.bb | 3 |
8 files changed, 76 insertions, 11 deletions
diff --git a/Zotlabs/Lib/ActivityStreams.php b/Zotlabs/Lib/ActivityStreams.php index 1b9f82ddf..379e78a59 100644 --- a/Zotlabs/Lib/ActivityStreams.php +++ b/Zotlabs/Lib/ActivityStreams.php @@ -58,7 +58,7 @@ class ActivityStreams { $this->saved_recips = $arr; } - function collect_recips($base = '',$namespace = ACTIVITYSTREAMS_JSONLD_REV) { + function collect_recips($base = '',$namespace = '') { $x = []; $fields = [ 'to','cc','bto','bcc','audience']; foreach($fields as $f) { @@ -75,7 +75,7 @@ class ActivityStreams { return $x; } - function expand($arr,$base = '',$namespace = ACTIVITYSTREAMS_JSONLD_REV) { + function expand($arr,$base = '',$namespace = '') { $ret = []; // right now use a hardwired recursion depth of 5 @@ -103,8 +103,12 @@ class ActivityStreams { function get_namespace($base,$namespace) { + if(! $namespace) + return ''; + $key = null; + foreach( [ $this->data, $base ] as $b ) { if(! $b) continue; @@ -135,7 +139,7 @@ class ActivityStreams { } - function get_property_obj($property,$base = '',$namespace = ACTIVITYSTREAMS_JSONLD_REV ) { + function get_property_obj($property,$base = '',$namespace = '' ) { $prefix = $this->get_namespace($base,$namespace); if($prefix === null) return null; @@ -152,13 +156,13 @@ class ActivityStreams { } $x = z_fetch_url($url,true,$redirects, - ['headers' => [ 'Accept: application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"']]); + ['headers' => [ 'Accept: application/ld+json; profile="https://www.w3.org/ns/activitystreams", application/activity+json' ]]); if($x['success']) return json_decode($x['body'],true); return null; } - function get_compound_property($property,$base = '',$namespace = ACTIVITYSTREAMS_JSONLD_REV) { + function get_compound_property($property,$base = '',$namespace = '') { $x = $this->get_property_obj($property,$base,$namespace); if($this->is_url($x)) { $x = $this->fetch_property($x); @@ -173,7 +177,7 @@ class ActivityStreams { return false; } - function get_primary_type($base = '',$namespace = ACTIVITYSTREAMS_JSONLD_REV) { + function get_primary_type($base = '',$namespace = '') { if(! $base) $base = $this->data; $x = $this->get_property_obj('type',$base,$namespace); diff --git a/Zotlabs/Lib/LDSignatures.php b/Zotlabs/Lib/LDSignatures.php index 31ffd71f1..d500799c0 100644 --- a/Zotlabs/Lib/LDSignatures.php +++ b/Zotlabs/Lib/LDSignatures.php @@ -12,7 +12,10 @@ class LDSignatures { $ohash = self::hash(self::signable_options($data['signature'])); $dhash = self::hash(self::signable_data($data)); - return rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey); + $x = rsa_verify($ohash . $dhash,base64_decode($data['signature']['signatureValue']), $pubkey); + logger('LD-verify: ' . intval($x)); + + return $x; } static function dopplesign(&$data,$channel) { diff --git a/Zotlabs/Module/Pubstream.php b/Zotlabs/Module/Pubstream.php index ef818845c..72d5f80fa 100644 --- a/Zotlabs/Module/Pubstream.php +++ b/Zotlabs/Module/Pubstream.php @@ -28,6 +28,8 @@ class Pubstream extends \Zotlabs\Web\Controller { if(! $update) { + nav_set_selected(t('Public Stream')); + $_SESSION['static_loadtime'] = datetime_convert(); $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1); @@ -108,7 +110,7 @@ class Pubstream extends \Zotlabs\Web\Controller { $simple_update = ''; if($static && $simple_update) - $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; + $simple_update .= " and item_thread_top = 0 and author_xchan = '" . protect_sprintf(get_observer_hash()) . "' "; //logger('update: ' . $update . ' load: ' . $load); diff --git a/Zotlabs/Module/Xrd.php b/Zotlabs/Module/Xrd.php index 60a8f58fa..959e31cbe 100644 --- a/Zotlabs/Module/Xrd.php +++ b/Zotlabs/Module/Xrd.php @@ -50,6 +50,7 @@ class Xrd extends \Zotlabs\Web\Controller { '$accturi' => $resource, '$subject' => $subject, '$aliases' => $aliases, + '$channel_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$profile_url' => z_root() . '/channel/' . $r[0]['channel_address'], '$hcard_url' => z_root() . '/hcard/' . $r[0]['channel_address'], '$atom' => z_root() . '/ofeed/' . $r[0]['channel_address'], diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 6526fa7c8..986e10d73 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -20,7 +20,7 @@ class HTTPSig { return $digest; } - // See draft-cavage-http-signatures-07 + // See draft-cavage-http-signatures-08 static function verify($data,$key = '') { @@ -48,7 +48,7 @@ class HTTPSig { else { $headers = []; $headers['(request-target)'] = - $_SERVER['REQUEST_METHOD'] . ' ' . + strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; foreach($_SERVER as $k => $v) { if(strpos($k,'HTTP_') === 0) { @@ -70,6 +70,8 @@ class HTTPSig { if(! $sig_block) return $result; + logger('sig_block: ' . print_r($sig_block,true), LOGGER_DATA); + $result['header_signed'] = true; $signed_headers = $sig_block['headers']; @@ -110,6 +112,8 @@ class HTTPSig { $x = rsa_verify($signed_data,$sig_block['signature'],$key,$algorithm); + logger('verified: ' . $x, LOGGER_DEBUG); + if($x === false) return $result; @@ -130,6 +134,8 @@ class HTTPSig { } } + logger('Content_Valid: ' . $result['content_valid']); + return $result; } diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php index 710aa2844..b0193652b 100644 --- a/Zotlabs/Web/Router.php +++ b/Zotlabs/Web/Router.php @@ -178,6 +178,25 @@ class Router { */ if(\App::$module_loaded) { + if (( \App::$module === 'channel' ) && argc() > 1) { + \App::$channel_links = [ + [ + 'rel' => 'lrdd', + 'type' => 'application/xrd+xml', + 'url' => z_root() . '/xrd?f=&uri=acct%3A' . argv(1) . '%40' . \App::get_hostname() + ], + [ + 'rel' => 'jrd', + 'type' => 'application/jrd+json', + 'url' => z_root() . '/.well-known/webfinger?f=&resource=acct%3A' . argv(1) . '%40' . \App::get_hostname() + ], + ]; + $x = [ 'channel_address' => argv(1), 'channel_links' => \App::$channel_links ]; + call_hooks('channel_links', $x ); + \App::$channel_links = $x['channel_links']; + header('Link: ' . \App::get_channel_links()); + } + \App::$page['page_title'] = \App::$module; $placeholder = ''; @@ -456,7 +456,16 @@ define ( 'NAMESPACE_STATUSNET', 'http://status.net/schema/api/1/' ); define ( 'NAMESPACE_ATOM1', 'http://www.w3.org/2005/Atom' ); define ( 'NAMESPACE_YMEDIA', 'http://search.yahoo.com/mrss/' ); -define ( 'ACTIVITYSTREAMS_JSONLD_REV', 'https://www.w3.org/ns/activitystreams-history/v1.8.jsonld' ); +// We should be using versioned jsonld contexts so that signatures will be slightly more reliable. +// Why signatures are unreliable by design is a problem nobody seems to care about +// "because it's a proposed W3C standard". . + +// Anyway, if you use versioned contexts, communication with Mastodon fails. Have not yet investigated +// the reason for the dependency but for the current time, use the standard non-versioned context. +//define ( 'ACTIVITYSTREAMS_JSONLD_REV', 'https://www.w3.org/ns/activitystreams-history/v1.8.jsonld' ); + +define ( 'ACTIVITYSTREAMS_JSONLD_REV', 'https://www.w3.org/ns/activitystreams' ); + define ( 'ZOT_APSCHEMA_REV', '/apschema/v1.2' ); /** * activity stream defines @@ -782,6 +791,10 @@ class App { public static $is_tablet = false; public static $comanche; + + public static $channel_links; + + public static $category; // Allow themes to control internal parameters @@ -929,6 +942,7 @@ class App { self::$module = 'home'; } + /* * See if there is any page number information, and initialise * pagination @@ -1026,6 +1040,19 @@ class App { return self::$path; } + public static function get_channel_links() { + $s = ''; + $x = self::$channel_links; + if($x && is_array($x) && count($x)) { + foreach($x as $y) { + if($s) { + $s .= ','; + } + $s .= '<' . $y['url'] . '>; rel="' . $y['rel'] . '"; type="' . $y['type'] . '"'; + } + } + return $s; + } public static function set_account($acct) { self::$account = $acct; } diff --git a/doc/hooklist.bb b/doc/hooklist.bb index 9a17fdb91..1192a1506 100644 --- a/doc/hooklist.bb +++ b/doc/hooklist.bb @@ -91,6 +91,9 @@ Hooks allow plugins/addons to "hook into" the code at many points and alter the [zrl=[baseurl]/help/hook/channel_remove]channel_remove[/zrl] Called when removing a channel +[zrl=[baseurl]/help/hook/channel_links]channel_links[/zrl] + Called when generating the Link: HTTP header for a channel + [zrl=[baseurl]/help/hook/channel_settings]channel_settings[/zrl] Called when displaying the channel settings page |