diff options
-rw-r--r-- | include/diaspora.php | 204 |
1 files changed, 174 insertions, 30 deletions
diff --git a/include/diaspora.php b/include/diaspora.php index 0764dfa4a..e089e3f04 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -114,15 +114,29 @@ EOT; } - -function diaspora_decode($importer,$xml) { +/** + * + * diaspora_decode($importer,$xml) + * array $importer -> from user table + * string $xml -> urldecoded Diaspora salmon + * + * Returns array + * 'message' -> decoded Diaspora XML message + * 'author' -> author diaspora handle + * 'key' -> author public key (converted to pkcs#8) + * + * Author and key are used elsewhere to save a lookup for verifying replies and likes + */ +function diaspora_decode($importer,$xml) { $basedom = parse_xml_string($xml); $atom = $basedom->children(NAMESPACE_ATOM1); + // Diaspora devs: This is kind of sucky - 'encrypted_header' does not belong in the atom namespace + $encrypted_header = json_decode(base64_decode($atom->encrypted_header)); $encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key); @@ -185,7 +199,14 @@ function diaspora_decode($importer,$xml) { // strip whitespace so our data element will return to one big base64 blob $data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data); + // Add back the 60 char linefeeds + + // Diaspora devs: This completely violates the entire principle of salmon magic signatures, + // which was to have a message signing format that was completely ambivalent to linefeeds + // and transport whitespace mangling, and base64 wrapping rules. Guess what? PHP and Ruby + // use different linelengths for base64 output. + $lines = str_split($data,60); $data = implode("\n",$lines); @@ -197,6 +218,8 @@ function diaspora_decode($importer,$xml) { $encoding = $base->encoding; $alg = $base->alg; + // Diaspora devs: I can't even begin to tell you how sucky this is. Read the freaking spec. + $signed_data = $data . (($data[-1] != "\n") ? "\n" : '') . '.' . base64url_encode($type) . "\n" . '.' . base64url_encode($encoding) . "\n" . '.' . base64url_encode($alg) . "\n"; @@ -255,6 +278,20 @@ function diaspora_get_contact_by_handle($uid,$handle) { return false; } +function find_person_by_handle($handle) { + // we don't care about the uid, we just want to save an expensive webfinger probe + $r = q("select * from contact where network = '%s' and addr = '%s' LIMIT 1", + dbesc(NETWORK_DIASPORA), + dbesc($handle) + ); + if(count($r)) + return $r[0]; + $r = probe_url($handle); + // need to cached this, perhaps in fcontact + if(count($r)) + return ($r); + return false; +} function diaspora_request($importer,$xml) { @@ -266,7 +303,12 @@ function diaspora_request($importer,$xml) { $contact = diaspora_get_contact_by_handle($importer['uid'],$sender_handle); + if($contact) { + + // perhaps we were already sharing with this person. Now they're sharing with us. + // That makes us friends. + if($contact['rel'] == CONTACT_IS_FOLLOWER) { q("UPDATE `contact` SET `rel` = %d WHERE `id` = %d AND `uid` = %d LIMIT 1", intval(CONTACT_IS_FRIEND), @@ -414,11 +456,19 @@ function diaspora_post($importer,$xml) { } function diaspora_comment($importer,$xml,$msg) { + $guid = notags(unxmlify($xml->guid)); + $parent_guid = notags(unxmlify($xml->parent_guid)); $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + $target_type = notags(unxmlify($xml->target_type)); + $text = unxmlify($xml->text); + $author_signature = notags(unxmlify($xml->author_signature)); + $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : ''); - $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); + $text = $xml->text; + + $contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']); if(! $contact) return; @@ -428,24 +478,109 @@ function diaspora_comment($importer,$xml,$msg) { // NOTREACHED } - - - $message_id = $diaspora_handle . ':' . $guid; - $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", + $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", intval($importer['uid']), - dbesc($guid) + dbesc($parent_guid) ); - if(! count($r)) + if(! count($r)) { + logger('diaspora_comment: parent item not found: ' . $guid); return; + } + $parent_item = $r[0]; - $owner = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", - intval($importer['uid']) - ); - if(! count($owner)) + $author_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $diaspora_handle; + + $author_signature = base64_decode($author_signature); + + if(stricmp($diaspora_handle,$msg['author']) == 0) { + $person = $contact; + $key = $msg['key']; + } + else { + $person = find_person_by_handle($diaspora_handle); + + if(is_array($person) && x($person,'pubkey')) + $key = $person['pubkey']; + else { + logger('diaspora_comment: unable to find author details'); + return; + } + } + + if(! rsa_verify($author_signed_data,$author_signature,$key)) { + logger('diaspora_comment: verification failed.'); return; + } - $created = unxmlify($xml->created_at); - $private = ((unxmlify($xml->public) == 'false') ? 1 : 0); + if($parent_author_signature) { + $owner_signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $msg['author']; + + $parent_author_signature = base64_decode($parent_author_signature); + + $key = $msg['key']; + + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) { + logger('diaspora_comment: owner verification failed.'); + return; + } + } + + // Phew! Everything checks out. Now create an item. + + require_once('library/HTMLPurifier.auto.php'); + require_once('include/html2bbcode.php'); + + $body = $text; + + $maxlen = get_max_import_size(); + if($maxlen && (strlen($body) > $maxlen)) + $body = substr($body,0, $maxlen); + + if((strpos($body,'<') !== false) || (strpos($body,'>') !== false)) { + + $body = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s', + '[youtube]$1[/youtube]', $body); + + $body = preg_replace('#<iframe[^>].+?' . 'http://www.youtube.com/embed/([A-Za-z0-9\-_=]+).+?</iframe>#s', + '[youtube]$1[/youtube]', $body); + + $body = oembed_html2bbcode($body); + + $config = HTMLPurifier_Config::createDefault(); + $config->set('Cache.DefinitionImpl', null); + $purifier = new HTMLPurifier($config); + $body = $purifier->purify($body); + + $body = html2bbcode($body); + } + + $message_id = $diaspora_handle . ':' . $guid; + + $datarray = array(); + $datarray['uid'] = $importer['uid']; + $datarray['contact-id'] = $contact['id']; + $datarray['wall'] = $parent_item['wall']; + $datarray['gravity'] = GRAVITY_COMMENT; + $datarray['guid'] = $guid; + $datarray['uri'] = $message_id; + $datarray['parent-uri'] = $parent_item['uri']; + + // No timestamps for comments? OK, we'll the use current time. + $datarray['created'] = $datarray['edited'] = datetime_convert(); + $datarray['private'] = $parent_item['private']; + + $datarray['owner-name'] = $contact['name']; + $datarray['owner-link'] = $contact['url']; + $datarray['owner-avatar'] = $contact['thumb']; + + $datarray['author-name'] = $person['name']; + $datarray['author-link'] = $person['url']; + $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); + $datarray['body'] = $body; + + item_store($datarray); + + return; } @@ -456,14 +591,16 @@ function diaspora_like($importer,$xml,$msg) { $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); $target_type = notags(unxmlify($xml->target_type)); $positive = notags(unxmlify($xml->positive)); + $author_signature = notags(unxmlify($xml->author_signature)); $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : ''); - // likes on comments not supported here + // likes on comments not supported here and likes on photos not supported by Diaspora + if($target_type !== 'Post') return; - $contact = diaspora_get_contact_by_handle($importer['uid'],$msg->author); + $contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']); if(! $contact) return; @@ -512,10 +649,19 @@ function diaspora_like($importer,$xml,$msg) { $author_signature = base64_decode($author_signature); - if(stricmp($diaspora_handle,$msg['author']) == 0) + if(stricmp($diaspora_handle,$msg['author']) == 0) { + $person = $contact; $key = $msg['key']; - else - $key = get_diaspora_key($diaspora_handle); + } + else { + $person = find_person_by_handle($diaspora_handle); + if(is_array($person) && x($person,'pubkey')) + $key = $person['pubkey']; + else { + logger('diaspora_comment: unable to find author details'); + return; + } + } if(! rsa_verify($author_signed_data,$author_signature,$key)) { logger('diaspora_like: verification failed.'); @@ -539,6 +685,7 @@ function diaspora_like($importer,$xml,$msg) { $uri = $diaspora_handle . ':' . $guid; + $activity = ACTIVITY_LIKE; $post_type = (($parent_item['resource-id']) ? t('photo') : t('status')); $objtype = (($parent_item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); $link = xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . '" />' . "\n") ; @@ -568,26 +715,23 @@ EOT; $arr['parent'] = $parent_item['id']; $arr['parent-uri'] = $parent_item['uri']; -// $arr['owner-name'] = $owner['name']; // FIXME -// $arr['owner-link'] = $owner['url']; -// $arr['owner-avatar'] = $owner['thumb']; + $datarray['owner-name'] = $contact['name']; + $datarray['owner-link'] = $contact['url']; + $datarray['owner-avatar'] = $contact['thumb']; - $arr['author-name'] = $contact['name']; - $arr['author-link'] = $contact['url']; - $arr['author-avatar'] = $contact['thumb']; + $datarray['author-name'] = $person['name']; + $datarray['author-link'] = $person['url']; + $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); $ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]'; $alink = '[url=' . $parent_item['author-link'] . ']' . $parent_item['author-name'] . '[/url]'; $plink = '[url=' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . ']' . $post_type . '[/url]'; $arr['body'] = sprintf( $bodyverb, $ulink, $alink, $plink ); + $arr['private'] = $parent_item['private']; $arr['verb'] = $activity; $arr['object-type'] = $objtype; $arr['object'] = $obj; - $arr['allow_cid'] = $parent_item['allow_cid']; - $arr['allow_gid'] = $parent_item['allow_gid']; - $arr['deny_cid'] = $parent_item['deny_cid']; - $arr['deny_gid'] = $parent_item['deny_gid']; $arr['visible'] = 1; $arr['unseen'] = 1; $arr['last-child'] = 0; |