diff options
| -rw-r--r-- | Zotlabs/Daemon/Gprobe.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Daemon/Notifier.php | 64 | ||||
| -rw-r--r-- | Zotlabs/Lib/Activity.php | 6 | ||||
| -rw-r--r-- | Zotlabs/Lib/Libzot.php | 12 | ||||
| -rw-r--r-- | Zotlabs/Module/Chanview.php | 72 | ||||
| -rw-r--r-- | Zotlabs/Module/Connedit.php | 98 | ||||
| -rw-r--r-- | Zotlabs/Module/Magic.php | 237 | ||||
| -rw-r--r-- | Zotlabs/Module/Owa.php | 95 | ||||
| -rw-r--r-- | Zotlabs/Module/Regdir.php | 35 | ||||
| -rw-r--r-- | app/probe.apd | 4 | ||||
| -rw-r--r-- | include/dir_fns.php | 21 | ||||
| -rw-r--r-- | include/socgraph.php | 2 | ||||
| -rw-r--r-- | include/zid.php | 42 |
13 files changed, 303 insertions, 387 deletions
diff --git a/Zotlabs/Daemon/Gprobe.php b/Zotlabs/Daemon/Gprobe.php index da92fbec7..6951aa1d4 100644 --- a/Zotlabs/Daemon/Gprobe.php +++ b/Zotlabs/Daemon/Gprobe.php @@ -26,7 +26,7 @@ class Gprobe { if(! $r) { $href = Webfinger::zot_url(punify($url)); if($href) { - $zf = Zotfinger::exec($href,$channel); + $zf = Zotfinger::exec($href, null); } if(is_array($zf) && array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $href && intval($zf['signature']['header_valid'])) { $xc = Libzot::import_xchan($zf['data']); diff --git a/Zotlabs/Daemon/Notifier.php b/Zotlabs/Daemon/Notifier.php index 0efa93cce..ac35b4558 100644 --- a/Zotlabs/Daemon/Notifier.php +++ b/Zotlabs/Daemon/Notifier.php @@ -45,18 +45,18 @@ require_once('include/bbcode.php'); * * where COMMAND is one of the following: * - * activity (in diaspora.php, dfrn_confirm.php, profiles.php) - * comment-import (in diaspora.php, items.php) - * comment-new (in item.php) - * drop (in diaspora.php, items.php, photos.php) - * edit_post (in item.php) - * event (in events.php) - * expire (in items.php) - * like (in like.php, poke.php) - * mail (in message.php) - * tag (in photos.php, poke.php, tagger.php) - * tgroup (in items.php) - * wall-new (in photos.php, item.php) + * activity (in diaspora.php, dfrn_confirm.php, profiles.php) + * comment-import (in diaspora.php, items.php) + * comment-new (in item.php) + * drop (in diaspora.php, items.php, photos.php) + * edit_post (in item.php) + * event (in events.php) + * expire (in items.php) + * like (in like.php, poke.php) + * mail (in message.php) + * tag (in photos.php, poke.php, tagger.php) + * tgroup (in items.php) + * wall-new (in photos.php, item.php) * * and ITEM_ID is the id of the item in the database that needs to be sent to others. * @@ -66,9 +66,10 @@ require_once('include/bbcode.php'); * permission_reject abook_id * permission_update abook_id * refresh_all channel_id + * purge channel_id xchan_hash * purge_all channel_id * expire channel_id - * relay item_id (item was relayed to owner, we will deliver it as owner) + * relay item_id (item was relayed to owner, we will deliver it as owner) * single_activity item_id (deliver to a singleton network from the appropriate clone) * single_mail mail_id (deliver to a singleton network from the appropriate clone) * location channel_id @@ -240,25 +241,40 @@ class Notifier { $packet_type = 'location'; $location = true; } + elseif($cmd === 'purge') { + $xchan = $argv[3]; + logger('notifier: purge: ' . $item_id . ' => ' . $xchan); + if (! $xchan) { + return; + } + + $channel = channelx_by_n($item_id); + $recipients[] = $xchan; + $private = true; + $packet_type = 'purge'; + $packet_recips[] = ['hash' => $xchan]; + } elseif($cmd === 'purge_all') { + logger('notifier: purge_all: ' . $item_id); - $s = q("select * from channel where channel_id = %d limit 1", - intval($item_id) - ); - if($s) - $channel = $s[0]; - $uid = $item_id; - $recipients = array(); + $channel = channelx_by_n($item_id); + + $recipients = []; $r = q("select abook_xchan from abook where abook_channel = %d and abook_self = 0", intval($item_id) ); - if($r) { - foreach($r as $rr) { - $recipients[] = $rr['abook_xchan']; - } + if (! $r) { + return; + } + foreach ($r as $rr) { + $recipients[] = $rr['abook_xchan']; + $packet_recips[] = ['hash' => $rr['abook_xchan']]; } + $private = false; $packet_type = 'purge'; + + } else { diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 83c04c042..7ad6c91ae 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -663,7 +663,7 @@ class Activity { return []; } else { - $obj = self::encode_item($i); + $obj = self::encode_item($i,$activitypub); if ($obj) $ret['object'] = $obj; else @@ -672,10 +672,8 @@ class Activity { $ret['to'] = [ ACTIVITY_PUBLIC_INBOX ]; return $ret; - } - $ret['type'] = self::activity_mapper($i['verb']); if($ret['type'] === 'emojiReaction') { @@ -2023,7 +2021,7 @@ class Activity { $s['mid'] = $act->id; $s['parent_mid'] = $act->obj['id']; - $s['uuid'] = $act->{'diaspora:guid'}; + $s['uuid'] = $act->data['diaspora:guid']; // over-ride the object timestamp with the activity diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index f4eb26463..a6db9e431 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -1739,11 +1739,15 @@ class Libzot { continue; } + // reactions such as like and dislike could have an mid with /activity/ in it. + // Check for both forms in order to prevent duplicates. - $r = q("select * from item where mid = '%s' and uid = %d limit 1", + $r = q("select * from item where mid in ('%s','%s') and uid = %d limit 1", dbesc($arr['mid']), + dbesc(str_replace(z_root() . '/activity/', z_root() . '/item/', $arr['mid'])), intval($channel['channel_id']) ); + if($r) { // We already have this post. $item_id = $r[0]['id']; @@ -2112,12 +2116,16 @@ class Libzot { $item_found = false; $post_id = 0; + // reactions such as like and dislike could have an mid with /activity/ in it. + // Check for both forms in order to prevent duplicates. + $r = q("select * from item where ( author_xchan = '%s' or owner_xchan = '%s' or source_xchan = '%s' ) - and mid = '%s' and uid = %d limit 1", + and mid IN ('%s', '%s') and uid = %d limit 1", dbesc($sender), dbesc($sender), dbesc($sender), dbesc($item['mid']), + dbesc(str_replace('/activity/', '/item/', $item['mid'])), intval($uid) ); diff --git a/Zotlabs/Module/Chanview.php b/Zotlabs/Module/Chanview.php index 20ac41fbe..06ff10f9e 100644 --- a/Zotlabs/Module/Chanview.php +++ b/Zotlabs/Module/Chanview.php @@ -1,13 +1,17 @@ <?php namespace Zotlabs\Module; -require_once('include/zot.php'); +use App; +use Zotlabs\Lib\Libzot; +use Zotlabs\Lib\Webfinger; +use Zotlabs\Lib\Zotfinger; + class Chanview extends \Zotlabs\Web\Controller { function get() { - $observer = \App::get_observer(); + $observer = App::get_observer(); $xchan = null; $r = null; @@ -40,7 +44,7 @@ class Chanview extends \Zotlabs\Web\Controller { ); } if($r) { - \App::$poi = $r[0]; + App::$poi = $r[0]; } @@ -49,43 +53,45 @@ class Chanview extends \Zotlabs\Web\Controller { // address, we can and should try to import it. If it's just a hash, we can't continue, but we // probably wouldn't have a hash if we don't already have an xchan for this channel. - if(! \App::$poi) { + if(! App::$poi) { logger('mod_chanview: fallback'); - // This is hackish - construct a zot address from the url - if($_REQUEST['url']) { - if(preg_match('/https?\:\/\/(.*?)(\/channel\/|\/profile\/)(.*?)$/ism',$_REQUEST['url'],$matches)) { - $_REQUEST['address'] = $matches[3] . '@' . $matches[1]; + + if($_REQUEST['address']) { + $href = Webfinger::zot_url(punify($_REQUEST['address'])); + if($href) { + $_REQUEST['url'] = $href; } - logger('mod_chanview: constructed address ' . print_r($matches,true)); } $r = null; - if($_REQUEST['address']) { - $j = \Zotlabs\Zot\Finger::run($_REQUEST['address'],null); - if($j['success']) { - import_xchan($j); - $r = q("select * from xchan where xchan_addr = '%s' limit 1", - dbesc($_REQUEST['address']) + if($_REQUEST['url']) { + + $zf = Zotfinger::exec($_REQUEST['url'], null); + + if(array_path_exists('signature/signer',$zf) && $zf['signature']['signer'] === $_REQUEST['url'] && intval($zf['signature']['header_valid'])) { + Libzot::import_xchan($j); + $r = q("select * from xchan where xchan_url = '%s' limit 1", + dbesc($_REQUEST['url']) ); if($r) { - \App::$poi = $r[0]; + App::$poi = $r[0]; } } if(! $r) { - if(discover_by_webbie($_REQUEST['address'])) { - $r = q("select * from xchan where xchan_addr = '%s' limit 1", - dbesc($_REQUEST['address']) + if(discover_by_webbie($_REQUEST['url'])) { + $r = q("select * from xchan where xchan_url = '%s' limit 1", + dbesc($_REQUEST['url']) ); if($r) { - \App::$poi = $r[0]; + App::$poi = $r[0]; } } } } } - if(! \App::$poi) { + if(! App::$poi) { notice( t('Channel not found.') . EOL); return; } @@ -93,19 +99,17 @@ class Chanview extends \Zotlabs\Web\Controller { $is_zot = false; $connected = false; - if (\App::$poi) { - $url = \App::$poi['xchan_url']; - if(in_array(\App::$poi['xchan_network'], ['zot', 'zot6'])) { - $is_zot = true; - } - if(local_channel()) { - $c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s' limit 1", - intval(local_channel()), - dbesc(\App::$poi['xchan_hash']) - ); - if($c) - $connected = true; - } + $url = App::$poi['xchan_url']; + if(in_array(App::$poi['xchan_network'], ['zot', 'zot6'])) { + $is_zot = true; + } + if(local_channel()) { + $c = q("select abook_id from abook where abook_channel = %d and abook_xchan = '%s' limit 1", + intval(local_channel()), + dbesc(App::$poi['xchan_hash']) + ); + if($c) + $connected = true; } // We will load the chanview template if it's a foreign network, diff --git a/Zotlabs/Module/Connedit.php b/Zotlabs/Module/Connedit.php index c0df57390..0fc807d42 100644 --- a/Zotlabs/Module/Connedit.php +++ b/Zotlabs/Module/Connedit.php @@ -7,9 +7,16 @@ namespace Zotlabs\Module; * */ +use App; use Zotlabs\Lib\Apps; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\Libsync; +use Zotlabs\Daemon\Master; +use Zotlabs\Web\Controller; +use Zotlabs\Access\Permissions; +use Zotlabs\Access\PermissionLimits; +use Zotlabs\Web\HTTPHeaders; +use Zotlabs\Lib\Permcat; require_once('include/socgraph.php'); require_once('include/selectors.php'); @@ -17,7 +24,7 @@ require_once('include/group.php'); require_once('include/photos.php'); -class Connedit extends \Zotlabs\Web\Controller { +class Connedit extends Controller { /* @brief Initialize the connection-editor * @@ -37,12 +44,12 @@ class Connedit extends \Zotlabs\Web\Controller { intval(argv(1)) ); if($r) { - \App::$poi = array_shift($r); + App::$poi = array_shift($r); } } - $channel = \App::get_channel(); + $channel = App::get_channel(); if($channel) head_set_icon($channel['xchan_photo_s']); @@ -62,7 +69,7 @@ class Connedit extends \Zotlabs\Web\Controller { if(! $contact_id) return; - $channel = \App::get_channel(); + $channel = App::get_channel(); // TODO if configured for hassle-free permissions, we'll post the form with ajax as soon as the // connection enable is toggled to a special autopost url and set permissions immediately, leaving @@ -141,7 +148,7 @@ class Connedit extends \Zotlabs\Web\Controller { $rating_text = trim(escape_tags($_REQUEST['rating_text'])); - $all_perms = \Zotlabs\Access\Permissions::Perms(); + $all_perms = Permissions::Perms(); if($all_perms) { foreach($all_perms as $perm => $desc) { @@ -213,7 +220,7 @@ class Connedit extends \Zotlabs\Web\Controller { $record = $z[0]['xlink_id']; } if($record) { - \Zotlabs\Daemon\Master::Summon(array('Ratenotif','rating',$record)); + Master::Summon(array('Ratenotif','rating',$record)); } } @@ -228,7 +235,7 @@ class Connedit extends \Zotlabs\Web\Controller { // request. The workaround is to approve the connection, then go back and // adjust permissions as desired. - $p = \Zotlabs\Access\Permissions::connect_perms(local_channel()); + $p = Permissions::connect_perms(local_channel()); $my_perms = $p['perms']; if($my_perms) { foreach($my_perms as $k => $v) { @@ -258,12 +265,12 @@ class Connedit extends \Zotlabs\Web\Controller { else notice( t('Failed to update connection record.') . EOL); - if(! intval(\App::$poi['abook_self'])) { + if(! intval(App::$poi['abook_self'])) { if($new_friend) { - \Zotlabs\Daemon\Master::Summon( [ 'Notifier', 'permission_accept', $contact_id ] ); + Master::Summon( [ 'Notifier', 'permission_accept', $contact_id ] ); } - \Zotlabs\Daemon\Master::Summon( [ + Master::Summon( [ 'Notifier', (($new_friend) ? 'permission_create' : 'permission_update'), $contact_id @@ -276,7 +283,7 @@ class Connedit extends \Zotlabs\Web\Controller { require_once('include/group.php'); $g = group_rec_byhash(local_channel(),$default_group); if($g) - group_add_member(local_channel(),'',\App::$poi['abook_xchan'],$g['id']); + group_add_member(local_channel(),'',App::$poi['abook_xchan'],$g['id']); } // Check if settings permit ("post new friend activity" is allowed, and @@ -300,19 +307,19 @@ class Connedit extends \Zotlabs\Web\Controller { $xarr['item_private'] = (($xarr['allow_cid']||$xarr['allow_gid']||$xarr['deny_cid']||$xarr['deny_gid']) ? 1 : 0); $obj = array( 'type' => ACTIVITY_OBJ_PERSON, - 'title' => \App::$poi['xchan_name'], - 'id' => \App::$poi['xchan_hash'], + 'title' => App::$poi['xchan_name'], + 'id' => App::$poi['xchan_hash'], 'link' => array( - array('rel' => 'alternate', 'type' => 'text/html', 'href' => \App::$poi['xchan_url']), - array('rel' => 'photo', 'type' => \App::$poi['xchan_photo_mimetype'], 'href' => \App::$poi['xchan_photo_l']) + array('rel' => 'alternate', 'type' => 'text/html', 'href' => App::$poi['xchan_url']), + array('rel' => 'photo', 'type' => App::$poi['xchan_photo_mimetype'], 'href' => App::$poi['xchan_photo_l']) ), ); $xarr['obj'] = json_encode($obj); $xarr['obj_type'] = ACTIVITY_OBJ_PERSON; - $xarr['body'] = '[zrl=' . $channel['xchan_url'] . ']' . $channel['xchan_name'] . '[/zrl]' . ' ' . t('is now connected to') . ' ' . '[zrl=' . \App::$poi['xchan_url'] . ']' . \App::$poi['xchan_name'] . '[/zrl]'; + $xarr['body'] = '[zrl=' . $channel['xchan_url'] . ']' . $channel['xchan_name'] . '[/zrl]' . ' ' . t('is now connected to') . ' ' . '[zrl=' . App::$poi['xchan_url'] . ']' . App::$poi['xchan_name'] . '[/zrl]'; - $xarr['body'] .= "\n\n\n" . '[zrl=' . \App::$poi['xchan_url'] . '][zmg=80x80]' . \App::$poi['xchan_photo_m'] . '[/zmg][/zrl]'; + $xarr['body'] .= "\n\n\n" . '[zrl=' . App::$poi['xchan_url'] . '][zmg=80x80]' . App::$poi['xchan_photo_m'] . '[/zmg][/zrl]'; post_activity_item($xarr); @@ -320,7 +327,7 @@ class Connedit extends \Zotlabs\Web\Controller { // pull in a bit of content if there is any to pull in - \Zotlabs\Daemon\Master::Summon(array('Onepoll',$contact_id)); + Master::Summon(array('Onepoll',$contact_id)); } @@ -333,11 +340,11 @@ class Connedit extends \Zotlabs\Web\Controller { intval($contact_id) ); if($r) { - \App::$poi = $r[0]; + App::$poi = $r[0]; } if($new_friend) { - $arr = array('channel_id' => local_channel(), 'abook' => \App::$poi); + $arr = array('channel_id' => local_channel(), 'abook' => App::$poi); call_hooks('accept_follow', $arr); } @@ -357,23 +364,23 @@ class Connedit extends \Zotlabs\Web\Controller { function connedit_clone(&$a) { - if(! \App::$poi) + if(! App::$poi) return; - $channel = \App::get_channel(); + $channel = App::get_channel(); $r = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_channel = %d and abook_id = %d LIMIT 1", intval(local_channel()), - intval(\App::$poi['abook_id']) + intval(App::$poi['abook_id']) ); if($r) { - \App::$poi = array_shift($r); + App::$poi = array_shift($r); } - $clone = \App::$poi; + $clone = App::$poi; unset($clone['abook_id']); unset($clone['abook_account']); @@ -402,11 +409,11 @@ class Connedit extends \Zotlabs\Web\Controller { } $section = ((array_key_exists('section',$_REQUEST)) ? $_REQUEST['section'] : ''); - $channel = \App::get_channel(); + $channel = App::get_channel(); $yes_no = array(t('No'),t('Yes')); - $connect_perms = \Zotlabs\Access\Permissions::connect_perms(local_channel()); + $connect_perms = Permissions::connect_perms(local_channel()); $o .= "<script>function connectDefaultShare() { \$('.abook-edit-me').each(function() { @@ -427,7 +434,7 @@ class Connedit extends \Zotlabs\Web\Controller { return; $cmd = argv(2); - + $orig_record = q("SELECT abook.*, xchan.* FROM abook left join xchan on abook_xchan = xchan_hash WHERE abook_id = %d AND abook_channel = %d AND abook_self = 0 LIMIT 1", intval($contact_id), @@ -441,7 +448,7 @@ class Connedit extends \Zotlabs\Web\Controller { if($cmd === 'update') { // pull feed and consume it, which should subscribe to the hub. - \Zotlabs\Daemon\Master::Summon(array('Poller',$contact_id)); + Master::Summon(array('Poller',$contact_id)); goaway(z_root() . '/connedit/' . $contact_id); } @@ -451,7 +458,7 @@ class Connedit extends \Zotlabs\Web\Controller { $recurse = 0; $x = z_fetch_url(zid($url),false,$recurse,['session' => true]); if($x['success']) { - $h = new \Zotlabs\Web\HTTPHeaders($x['header']); + $h = new HTTPHeaders($x['header']); $fields = $h->fetch(); if($fields) { foreach($fields as $y) { @@ -482,17 +489,17 @@ class Connedit extends \Zotlabs\Web\Controller { if($cmd === 'refresh') { if($orig_record[0]['xchan_network'] === 'zot') { - if(! zot_refresh($orig_record[0],\App::get_channel())) + if(! zot_refresh($orig_record[0],App::get_channel())) notice( t('Refresh failed - channel is currently unavailable.') ); } elseif($orig_record[0]['xchan_network'] === 'zot6') { - if(! Libzot::refresh($orig_record[0],\App::get_channel())) + if(! Libzot::refresh($orig_record[0],App::get_channel())) notice( t('Refresh failed - channel is currently unavailable.') ); } else { // if you are on a different network we'll force a refresh of the connection basic info - \Zotlabs\Daemon\Master::Summon(array('Notifier','permission_update',$contact_id)); + Master::Summon(array('Notifier','permission_update',$contact_id)); } goaway(z_root() . '/connedit/' . $contact_id); } @@ -550,15 +557,10 @@ class Connedit extends \Zotlabs\Web\Controller { if($cmd === 'drop') { - - // @FIXME - // We need to send either a purge or a refresh packet to the other side (the channel being unfriended). - // The issue is that the abook DB record _may_ get destroyed when we call contact_remove. As the notifier - // runs in the background there could be a race condition preventing this packet from being sent in all - // cases. - // PLACEHOLDER - contact_remove(local_channel(), $orig_record[0]['abook_id']); + + Master::Summon( [ 'Notifier', 'purge', local_channel(), $orig_record[0]['xchan_hash'] ] ); + Libsync::build_sync_packet(0 /* use the current local_channel */, array('abook' => array(array( 'abook_xchan' => $orig_record[0]['abook_xchan'], @@ -574,13 +576,13 @@ class Connedit extends \Zotlabs\Web\Controller { } } - if(\App::$poi) { + if(App::$poi) { $abook_prev = 0; $abook_next = 0; - $contact_id = \App::$poi['abook_id']; - $contact = \App::$poi; + $contact_id = App::$poi['abook_id']; + $contact = App::$poi; $cn = q("SELECT abook_id, xchan_name from abook left join xchan on abook_xchan = xchan_hash where abook_channel = %d and abook_self = 0 and xchan_deleted = 0 order by xchan_name", intval(local_channel()) @@ -788,9 +790,9 @@ class Connedit extends \Zotlabs\Web\Controller { $perms = array(); - $channel = \App::get_channel(); + $channel = App::get_channel(); - $global_perms = \Zotlabs\Access\Permissions::Perms(); + $global_perms = Permissions::Perms(); $existing = get_all_perms(local_channel(),$contact['abook_xchan'],false); @@ -822,7 +824,7 @@ class Connedit extends \Zotlabs\Web\Controller { $thisperm = get_abconfig(local_channel(),$contact['abook_xchan'],'my_perms',$k); //fixme - $checkinherited = \Zotlabs\Access\PermissionLimits::Get(local_channel(),$k); + $checkinherited = PermissionLimits::Get(local_channel(),$k); // For auto permissions (when $self is true) we don't want to look at existing // permissions because they are enabled for the channel owner @@ -835,7 +837,7 @@ class Connedit extends \Zotlabs\Web\Controller { $perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited); } - $pcat = new \Zotlabs\Lib\Permcat(local_channel()); + $pcat = new Permcat(local_channel()); $pcatlist = $pcat->listing(); $permcats = []; if($pcatlist) { diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 6ac656a04..b4372e26d 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -1,214 +1,133 @@ <?php namespace Zotlabs\Module; +use App; +use Zotlabs\Web\Controller; use Zotlabs\Web\HTTPSig; +use Zotlabs\Lib\Libzot; +use Zotlabs\Lib\SConfig; -@require_once('include/zot.php'); - - -class Magic extends \Zotlabs\Web\Controller { +class Magic extends Controller { function init() { + + $ret = [ + 'success' => false, + 'url' => '', + 'message' => '' + ]; - $ret = array('success' => false, 'url' => '', 'message' => ''); logger('mod_magic: invoked', LOGGER_DEBUG); - - logger('mod_magic: args: ' . print_r($_REQUEST,true),LOGGER_DATA); - - $addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : ''); - $bdest = ((x($_REQUEST,'bdest')) ? $_REQUEST['bdest'] : ''); - $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); - $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); - $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); - $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); - $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); - - if($bdest) + + logger('args: ' . print_r($_REQUEST,true),LOGGER_DATA); + + $addr = ((x($_REQUEST,'addr')) ? $_REQUEST['addr'] : ''); + $bdest = ((x($_REQUEST,'bdest')) ? $_REQUEST['bdest'] : ''); + $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); + $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); + $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); + $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); + + // bdest is preferred as it is hex-encoded and can survive url rewrite and argument parsing + + if ($bdest) { $dest = hex2bin($bdest); + } $parsed = parse_url($dest); - if(! $parsed) { - if($test) { - $ret['message'] .= 'could not parse ' . $dest . EOL; - return($ret); - } + + if (! $parsed) { goaway($dest); } - + $basepath = $parsed['scheme'] . '://' . $parsed['host'] . (($parsed['port']) ? ':' . $parsed['port'] : ''); - - $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", - dbesc($basepath) - ); - - if(! $x) { - - /* - * We have no records for, or prior communications with this hub. - * If an address was supplied, let's finger them to create a hub record. - * Otherwise we'll use the special address '[system]' which will return - * either a system channel or the first available normal channel. We don't - * really care about what channel is returned - we need the hub information - * from that response so that we can create signed auth packets destined - * for that hub. - * - */ - - $j = \Zotlabs\Zot\Finger::run((($addr) ? $addr : '[system]@' . $parsed['host']),null); - if($j['success']) { - import_xchan($j); - - // Now try again - - $x = q("select * from hubloc where hubloc_url = '%s' order by hubloc_connected desc limit 1", - dbesc($basepath) - ); - } - } - - if(! $x) { - if($rev) - goaway($dest); - else { - logger('mod_magic: no channels found for requested hub.' . print_r($_REQUEST,true)); - if($test) { - $ret['message'] .= 'This site has no previous connections with ' . $basepath . EOL; - return $ret; - } - notice( t('Hub not found.') . EOL); - return; - } - } - + $owapath = SConfig::get($basepath,'system','openwebauth', $basepath . '/owa'); + // This is ready-made for a plugin that provides a blacklist or "ask me" before blindly authenticating. // By default, we'll proceed without asking. - - $arr = array( - 'channel_id' => local_channel(), - 'xchan' => $x[0], + + $arr = [ + 'channel_id' => local_channel(), 'destination' => $dest, - 'proceed' => true - ); - + 'proceed' => true + ]; + call_hooks('magic_auth',$arr); $dest = $arr['destination']; - if(! $arr['proceed']) { - if($test) { - $ret['message'] .= 'cancelled by plugin.' . EOL; - return $ret; - } + if (! $arr['proceed']) { goaway($dest); } - - if((get_observer_hash()) && ($x[0]['hubloc_url'] === z_root())) { + + if((get_observer_hash()) && (stripos($dest,z_root()) === 0)) { + // We are already authenticated on this site and a registered observer. - // Just redirect. - if($test) { - $ret['success'] = true; - $ret['message'] .= 'Local site - you are already authenticated.' . EOL; - return $ret; - } - - $delegation_success = false; - if($delegate) { + // First check if this is a delegate request on the local system and process accordingly. + // Otherwise redirect. + + if ($delegate) { + $r = q("select * from channel left join hubloc on channel_hash = hubloc_hash where hubloc_addr = '%s' limit 1", dbesc($delegate) ); - - if($r && intval($r[0]['channel_id'])) { - $allowed = perm_is_allowed($r[0]['channel_id'],get_observer_hash(),'delegate'); - if($allowed) { + + if ($r) { + $c = array_shift($r); + if (perm_is_allowed($c['channel_id'],get_observer_hash(),'delegate')) { $tmp = $_SESSION; - $_SESSION['delegate_push'] = $tmp; - $_SESSION['delegate_channel'] = $r[0]['channel_id']; - $_SESSION['delegate'] = get_observer_hash(); - $_SESSION['account_id'] = intval($r[0]['channel_account_id']); - change_channel($r[0]['channel_id']); - - $delegation_success = true; + $_SESSION['delegate_push'] = $tmp; + $_SESSION['delegate_channel'] = $c['channel_id']; + $_SESSION['delegate'] = get_observer_hash(); + $_SESSION['account_id'] = intval($c['channel_account_id']); + + change_channel($c['channel_id']); } } } - - - - // FIXME: check and honour local delegation - - + goaway($dest); } - - if(local_channel()) { - $channel = \App::get_channel(); - + + if (local_channel()) { + $channel = App::get_channel(); + // OpenWebAuth - if($owa) { + if ($owa) { $dest = strip_zids($dest); $dest = strip_query_param($dest,'f'); + // We now post to the OWA endpoint. This improves security by providing a signed digest + $data = json_encode([ 'OpenWebAuth' => random_string() ]); $headers = []; $headers['Accept'] = 'application/x-zot+json' ; + $headers['Content-Type'] = 'application/x-zot+json' ; $headers['X-Open-Web-Auth'] = random_string(); - $headers['Host'] = $parsed['host']; $headers['Digest'] = HTTPSig::generate_digest_header($data); + $headers['Host'] = $parsed['host']; + $headers['(request-target)'] = 'post ' . '/owa'; - $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], 'acct:' . channel_reddress($channel),true,'sha512'); - $x = z_post_url($basepath . '/owa',$data,$redirects,[ 'headers' => $headers ]); - - if($x['success']) { + $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], channel_url($channel),true,'sha512'); + $x = z_post_url($owapath,$data,$redirects,[ 'headers' => $headers ]); + logger('owa fetch returned: ' . print_r($x,true),LOGGER_DATA); + if ($x['success']) { $j = json_decode($x['body'],true); - if($j['success']) { + if ($j['success'] && $j['encrypted_token']) { + // decrypt the token using our private key $token = ''; - if($j['encrypted_token']) { - openssl_private_decrypt(base64url_decode($j['encrypted_token']),$token,$channel['channel_prvkey']); - } - else { - $token = $j['token']; - } - - $strp = strpbrk($dest,'?&'); - $args = (($strp) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); + openssl_private_decrypt(base64url_decode($j['encrypted_token']),$token,$channel['channel_prvkey']); + $x = strpbrk($dest,'?&'); + // redirect using the encrypted token which will be exchanged for an authenticated session + $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); goaway($dest . $args); } } - goaway($dest); - } - - - $token = random_string(); - - \Zotlabs\Lib\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']); - - $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel)) - . '&sec=' . $token . '&dest=' . urlencode($dest) . '&version=' . ZOT_REVISION; - - if($delegate) - $target_url .= '&delegate=' . urlencode($delegate); - - logger('mod_magic: redirecting to: ' . $target_url, LOGGER_DEBUG); - - if($test) { - $ret['success'] = true; - $ret['url'] = $target_url; - $ret['message'] = 'token ' . $token . ' created for channel ' . $channel['channel_id'] . ' for url ' . $x[0]['hubloc_url'] . EOL; - return $ret; } - - goaway($target_url); - } - - if($test) { - $ret['message'] = 'Not authenticated or invalid arguments to mod_magic' . EOL; - return $ret; - } - + goaway($dest); - } - + } diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 4c6fd6216..561e35754 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -3,10 +3,12 @@ namespace Zotlabs\Module; use Zotlabs\Web\HTTPSig; +use Zotlabs\Lib\Verify; +use Zotlabs\Web\Controller; /** * OpenWebAuth verifier and token generator - * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home + * See spec/OpenWebAuth/Home.md * Requests to this endpoint should be signed using HTTP Signatures * using the 'Authorization: Signature' authentication method * If the signature verifies a token is returned. @@ -14,74 +16,51 @@ use Zotlabs\Web\HTTPSig; * This token may be exchanged for an authenticated cookie. */ -class Owa extends \Zotlabs\Web\Controller { +class Owa extends Controller { function init() { $ret = [ 'success' => false ]; - foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { - if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { - if($head !== 'HTTP_AUTHORIZATION') { - $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; - continue; - } - - $sigblock = HTTPSig::parse_sigheader($_SERVER[$head]); - if($sigblock) { - $keyId = $sigblock['keyId']; - - if($keyId) { - - // Hubzilla connections can have both zot6 and zot hublocs - // The connections will usually be zot6 so match those first - - $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) and hubloc_network = 'zot6' ", - dbesc(str_replace('acct:','',$keyId)), - dbesc($keyId) - ); + if (array_key_exists('REDIRECT_REMOTE_USER',$_SERVER) && (! array_key_exists('HTTP_AUTHORIZATION',$_SERVER))) { + $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_REMOTE_USER']; + } - // If nothing was found, try searching on any network - - if (! $r) { + if (array_key_exists('HTTP_AUTHORIZATION',$_SERVER) && substr(trim($_SERVER['HTTP_AUTHORIZATION']),0,9) === 'Signature') { + $sigblock = HTTPSig::parse_sigheader($_SERVER['HTTP_AUTHORIZATION']); + if ($sigblock) { + $keyId = $sigblock['keyId']; + if ($keyId) { + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", + dbesc(str_replace('acct:','',$keyId)), + dbesc($keyId) + ); + if (! $r) { + $found = discover_by_webbie(str_replace('acct:','',$keyId)); + if ($found) { $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )", + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", dbesc(str_replace('acct:','',$keyId)), dbesc($keyId) ); } - - // If nothing was found on any network, use network discovery and create a new record - - if (! $r) { - $found = discover_by_webbie(str_replace('acct:','',$keyId)); - if($found) { - $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", - dbesc(str_replace('acct:','',$keyId)), - dbesc($keyId) - ); - } - } - - if ($r) { - foreach($r as $hubloc) { - $verified = HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']); - if($verified && $verified['header_signed'] && $verified['header_valid']) { - logger('OWA header: ' . print_r($verified,true),LOGGER_DATA); - logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); - $ret['success'] = true; - $token = random_string(32); - \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_network'] . ',' . $hubloc['hubloc_addr']); - $result = ''; - openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); - $ret['encrypted_token'] = base64url_encode($result); - break; - } - else { - logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_addr']); - } + } + if ($r) { + foreach ($r as $hubloc) { + $verified = HTTPSig::verify(file_get_contents('php://input')); + if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) { + logger('OWA header: ' . print_r($verified,true),LOGGER_DATA); + logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); + $ret['success'] = true; + $token = random_string(32); + Verify::create('owt',0,$token,$hubloc['hubloc_addr']); + $result = ''; + openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); + $ret['encrypted_token'] = base64url_encode($result); + break; + } else { + logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_addr']); } } } diff --git a/Zotlabs/Module/Regdir.php b/Zotlabs/Module/Regdir.php index f4d16c562..e49f89231 100644 --- a/Zotlabs/Module/Regdir.php +++ b/Zotlabs/Module/Regdir.php @@ -1,6 +1,9 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Lib\Zotfinger; +use Zotlabs\Web\Controller; + /** * With args, register a directory server for this realm. * With no args, return a JSON array of directory servers for this realm. @@ -14,7 +17,7 @@ namespace Zotlabs\Module; * @param App &$a */ -class Regdir extends \Zotlabs\Web\Controller { +class Regdir extends Controller { function init() { @@ -25,7 +28,7 @@ class Regdir extends \Zotlabs\Web\Controller { $valid = 0; // we probably don't need the realm as we will find out in the probe. - // What we may want to die is throw an error if you're trying to register in a different realm + // What we may want to do is throw an error if you're trying to register in a different realm // so this configuration issue can be discovered. $realm = $_REQUEST['realm']; @@ -59,34 +62,28 @@ class Regdir extends \Zotlabs\Web\Controller { json_return_and_die($result); } - $j = \Zotlabs\Zot\Finger::run('[system]@' . $m['host']); - if($j['success'] && $j['guid']) { - $x = import_xchan($j); - if($x['success']) { - $result['success'] = true; - } + $j = Zotfinger::exec($url); + if($j) { + $result['success'] = true; } - - if(! $result['success']) + else { $valid = 0; - + } + q("update site set site_valid = %d where site_url = '%s'", intval($valid), strtolower($url) ); - + json_return_and_die($result); - } else { - - // We can put this in the sql without the condition after 31 august 2015 assuming - // most directory servers will have updated by then - // This just makes sure it happens if I forget + + } + else { - $sql_extra = ((datetime_convert() > datetime_convert('UTC','UTC','2015-08-31')) ? ' and site_valid = 1 ' : '' ); if ($dirmode == DIRECTORY_MODE_STANDALONE) { $r = array(array('site_url' => z_root())); } else { - $r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s' and site_type = %d $sql_extra ", + $r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s' and site_type = %d and site_valid = 1 ", dbesc(get_directory_realm()), intval(SITE_TYPE_ZOT) ); diff --git a/app/probe.apd b/app/probe.apd index 097219292..1cc8bd991 100644 --- a/app/probe.apd +++ b/app/probe.apd @@ -1,5 +1,5 @@ -version: 2 -url: $baseurl/probe +version: 3 +url: $baseurl/zot_probe requires: local_channel name: Remote Diagnostics photo: icon:user-md diff --git a/include/dir_fns.php b/include/dir_fns.php index 34a6f13cd..f477b35dd 100644 --- a/include/dir_fns.php +++ b/include/dir_fns.php @@ -3,6 +3,10 @@ * @file include/dir_fns.php */ +use Zotlabs\Lib\Libzot; +use Zotlabs\Lib\Webfinger; +use Zotlabs\Lib\Zotfinger; + require_once('include/permissions.php'); /** @@ -67,15 +71,10 @@ function check_upstream_directory() { $isadir = true; if ($directory) { - $h = parse_url($directory); - if ($h) { - $j = Zotlabs\Zot\Finger::run('[system]@' . $h['host']); - if ($j['success']) { - if (array_key_exists('site', $j) && array_key_exists('directory_mode', $j['site'])) { - if ($j['site']['directory_mode'] === 'normal') { - $isadir = false; - } - } + $j = Zotfinger::exec($directory); + if (array_path_exists('data/directory_mode',$j)) { + if ($j['data']['directory_mode'] === 'normal') { + $isadir = false; } } } @@ -341,9 +340,9 @@ function update_directory_entry($ud) { // Hubzilla channels running traditional zot which have not upgraded can or will be dropped from the directory or // "not found" at the end of the transition period as the directory will only serve zot6 entries at that time. - $uri = \Zotlabs\Lib\Webfinger::zot_url($ud['ud_addr']); + $uri = Webfinger::zot_url($ud['ud_addr']); if($uri) { - $record = \Zotlabs\Lib\Zotfinger::exec($uri); + $record = Zotfinger::exec($uri); // Check the HTTP signature diff --git a/include/socgraph.php b/include/socgraph.php index 3d26f5cfd..3da4dce63 100644 --- a/include/socgraph.php +++ b/include/socgraph.php @@ -158,7 +158,7 @@ function poco_load($xchan = '', $url = null) { if($address) { if($network === 'zot6') { $j = Zotfinger::exec($profile_url); - if(is_array($j) && array_path_exists('signature/signer',$j) && $j['signature']['signer'] === $profile_url && intval($j['signature']['header_valid'])) { + if(array_path_exists('signature/signer',$j) && $j['signature']['signer'] === $profile_url && intval($j['signature']['header_valid'])) { Libzot::import_xchan($j['data']); } $x = q("select xchan_hash from xchan where xchan_hash = '%s' limit 1", diff --git a/include/zid.php b/include/zid.php index 10e09e212..538adcc41 100644 --- a/include/zid.php +++ b/include/zid.php @@ -2,7 +2,6 @@ use Zotlabs\Lib\Libzot; use Zotlabs\Lib\Verify; -use Zotlabs\Zot\Finger; function is_matrix_url($url) { @@ -280,44 +279,39 @@ function owt_init($token) { Verify::purge('owt', '3 MINUTE'); - $key = Verify::get_meta('owt', 0, $token); + $ob_hash = Verify::get_meta('owt', 0, $token); - if($key === false) { - return; - } - - $parts = explode(',',$key,2); - if(count($parts) < 2) { + if($ob_hash === false) { return; } $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash - where hubloc_network = '%s' and hubloc_addr = '%s' order by hubloc_id desc", - dbesc($parts[0]), - dbesc($parts[1]) + where hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s' order by hubloc_id desc", + dbesc($ob_hash), + dbesc($ob_hash), + dbesc($ob_hash) ); if(! $r) { - // finger them if they can't be found. - // @todo check that this is still needed. Discovery should have been performed in the Owa module. - - $j = \Zotlabs\Zot\Finger::run($parts[1], null); - if ($j['success']) { - import_xchan($j); + $wf = discover_by_webbie($ob_hash); + if($wf) { $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash - where hubloc_network = '%s' and hubloc_addr = '%s' order by hubloc_id desc", - dbesc($parts[0]), - dbesc($parts[1]) + where hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s' order by hubloc_id desc", + dbesc($ob_hash), + dbesc($ob_hash), + dbesc($ob_hash) ); } } if(! $r) { - logger('owt: unable to finger ' . $key); + logger('owt: unable to finger ' . $ob_hash); return; } - - $hubloc = $r[0]; + + $r = Libzot::zot_record_preferred($r); + + $hubloc = $r; $_SESSION['authenticated'] = 1; @@ -343,7 +337,7 @@ function owt_init($token) { if (! $delegate_success) { // normal visitor (remote_channel) login session credentials $_SESSION['visitor_id'] = $hubloc['xchan_hash']; - $_SESSION['my_url'] = $hubloc['xchan_url']; + $_SESSION['my_url'] = $hubloc['xchan_url']; $_SESSION['my_address'] = $hubloc['hubloc_addr']; $_SESSION['remote_hub'] = $hubloc['hubloc_url']; $_SESSION['DNT'] = 1; |