diff options
-rw-r--r-- | include/deliver.php | 1 | ||||
-rwxr-xr-x | include/diaspora.php | 44 | ||||
-rwxr-xr-x | include/items.php | 50 | ||||
-rw-r--r-- | include/queue.php | 3 | ||||
-rw-r--r-- | mod/item.php | 6 |
5 files changed, 82 insertions, 22 deletions
diff --git a/include/deliver.php b/include/deliver.php index 2693fe165..f4fae6061 100644 --- a/include/deliver.php +++ b/include/deliver.php @@ -29,6 +29,7 @@ function deliver_run($argv, $argc) { ); } else { + logger('deliver: queue post returned ' . $result['return_code'] . ' from ' . $r[0]['outq_posturl'],LOGGER_DEBUG); $y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", dbesc(datetime_convert()), dbesc($argv[$x]) diff --git a/include/diaspora.php b/include/diaspora.php index 352ed48e4..b544dad53 100755 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1228,7 +1228,7 @@ function diaspora_comment($importer,$xml,$msg) { check only the parent_author_signature. Basically, they trust that the top-level post owner has already verified the authenticity of anything he/she sends out - In either case, the signature that get checked is the signature created by the person - who sent the salmon + who sent the psuedo-salmon */ $signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $diaspora_handle; @@ -1346,6 +1346,9 @@ function diaspora_comment($importer,$xml,$msg) { $result = item_store($datarray); + if($result && $result['success']) + $message_id = $result['item_id']; + if(($parent_item['item_flags'] & ITEM_ORIGIN) && (! $parent_author_signature)) { q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", intval($message_id), @@ -2500,6 +2503,7 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { // Diaspora doesn't support threaded comments, but some // versions of Diaspora (i.e. Diaspora-pistos) support // likes on comments + if($item['verb'] === ACTIVITY_LIKE && $item['thr_parent']) { $p = q("select * from item where mid = '%s' limit 1", dbesc($item['thr_parent']) @@ -2514,14 +2518,18 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { intval($item['parent']) ); } + if($p) $parent = $p[0]; - else + else { + logger('diaspora_send_relay: no parent'); return; + } $like = false; $relay_retract = false; $sql_sign_id = 'iid'; + if( $item['item_restrict'] & ITEM_DELETED) { $relay_retract = true; @@ -2544,10 +2552,10 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { } - // fetch the original signature if the relayable was created by a Diaspora - // or DFRN user. Relayables for other networks are not supported. + // fetch the original signature if the relayable was created by a Diaspora, Friendica-over Diaspora, + // or zot user. Relayables for other networks are not supported. -/* $r = q("select * from sign where " . $sql_sign_id . " = %d limit 1", + $r = q("select * from sign where " . $sql_sign_id . " = %d limit 1", intval($item['id']) ); if(count($r)) { @@ -2557,13 +2565,12 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { $handle = $orig_sign['signer']; } else { - // Author signature information (for likes, comments, and retractions of likes or comments, // whether from Diaspora or Friendica) must be placed in the `sign` table before this // function is called logger('diaspora_send_relay: original author signature not found, cannot send relayable'); return; - }*/ + } /* Since the author signature is only checked by the parent, not by the relay recipients, * I think it may not be necessary for us to do so much work to preserve all the original @@ -2574,14 +2581,14 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { * versions of Diaspora (diaspora-pistos), but since there are a number of problems with * doing that, let's ignore it for now. * - * Currently, only DFRN contacts are supported. StatusNet shouldn't be hard, but it hasn't - * been done yet + * */ $handle = diaspora_handle_from_contact($item['author_xchan']); - if(! $handle) + if(! $handle) { + logger('diaspora_send_relay: no handle'); return; - + } if($relay_retract) $sender_signed_text = $item['guid'] . ';' . $target_type; @@ -2601,11 +2608,11 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { // markup at the top of this function, which is AFTER we placed the original $signed_text // in the database, it's hazardous to trust the original $signed_text. - $parentauthorsig = base64_encode(rsa_sign($sender_signed_text,$owner['uprvkey'],'sha256')); + $parentauthorsig = base64_encode(rsa_sign($sender_signed_text,$owner['channel_prvkey'],'sha256')); $msg = replace_macros($tpl,array( - '$guid' => xmlify($item['guid']), - '$parent_guid' => xmlify($parent['guid']), + '$guid' => xmlify($item['mid']), + '$parent_guid' => xmlify($parent['mid']), '$target_type' =>xmlify($target_type), '$authorsig' => xmlify($authorsig), '$parentsig' => xmlify($parentauthorsig), @@ -2616,7 +2623,6 @@ function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { logger('diaspora_send_relay: base message: ' . $msg, LOGGER_DATA); - $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['channel_prvkey'],$contact['xchan_pubkey'],$public_batch))); return(diaspora_transmit($owner,$contact,$slap,$public_batch)); @@ -2631,7 +2637,7 @@ function diaspora_send_retraction($item,$owner,$contact,$public_batch = false) { $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); // Check whether the retraction is for a top-level post or whether it's a relayable - if( $item['uri'] !== $item['parent-uri'] ) { + if( $item['mid'] !== $item['parent_mid'] ) { $tpl = get_markup_template('diaspora_relay_retraction.tpl'); $target_type = (($item['verb'] === ACTIVITY_LIKE) ? 'Like' : 'Comment'); @@ -2642,13 +2648,13 @@ function diaspora_send_retraction($item,$owner,$contact,$public_batch = false) { $target_type = 'StatusMessage'; } - $signed_text = $item['guid'] . ';' . $target_type; + $signed_text = $item['mid'] . ';' . $target_type; $msg = replace_macros($tpl, array( - '$guid' => xmlify($item['guid']), + '$guid' => xmlify($item['mid']), '$type' => xmlify($target_type), '$handle' => xmlify($myaddr), - '$signature' => xmlify(base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256'))) + '$signature' => xmlify(base64_encode(rsa_sign($signed_text,$owner['channel_prvkey'],'sha256'))) )); $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['channel_prvkey'],$contact['xchan_pubkey'],$public_batch))); diff --git a/include/items.php b/include/items.php index 2a4242ea6..c0ff2ac81 100755 --- a/include/items.php +++ b/include/items.php @@ -1665,7 +1665,7 @@ function item_store($arr,$allow_exec = false) { if(! $arr['uid']) { logger('item_store: no uid'); $ret['message'] = 'No uid.'; - return ret; + return $ret; } $uplinked_comment = false; @@ -1843,7 +1843,7 @@ function item_store($arr,$allow_exec = false) { if(comments_are_now_closed($r[0])) { logger('item_store: comments closed'); $ret['message'] = 'Comments closed.'; - return ret; + return $ret; } // is the new message multi-level threaded? @@ -2287,6 +2287,52 @@ function item_store_update($arr,$allow_exec = false) { return $ret; } +function store_diaspora_comment_sig($datarray, $channel, $parent_item, $post_id) { + + // We won't be able to sign Diaspora comments for authenticated visitors + // - we don't have their private key + + // since Diaspora doesn't handle edits we can only do this for the original text and not update it. + + $enabled = intval(get_config('system','diaspora_enabled')); + if(! $enabled) { + logger('mod_item: diaspora support disabled, not storing comment signature', LOGGER_DEBUG); + return; + } + + $body = $datarray['body']; + if(array_key_exists('item_flags',$datarray) && ($datarray['item_flags'] & ITEM_OBSCURED)) { + $key = get_config('system','prvkey'); + if($datarray['body']) + $body = crypto_unencapsulate(json_decode($datarray['body'],true),$key); + } + + logger('mod_item: storing diaspora comment signature',LOGGER_DEBUG); + + require_once('include/bb2diaspora.php'); + + $signed_body = html_entity_decode(bb2diaspora($body)); + + $diaspora_handle = $channel['channel_address'] . '@' . get_app()->get_hostname(); + + $signed_text = $datarray['mid'] . ';' . $parent_item['mid'] . ';' . $signed_body . ';' . $diaspora_handle; + + if( $uprvkey !== false ) + $authorsig = base64_encode(rsa_sign($signed_text,$channel['channel_prvkey'],'sha256')); + else + $authorsig = ''; + + $r = q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", + intval($post_id), + dbesc($signed_text), + dbesc(base64_encode($authorsig)), + dbesc($diaspora_handle) + ); + if(! $r) + logger('store_diaspora_comment_sig: DB write failed'); + + return; +} diff --git a/include/queue.php b/include/queue.php index cd81e2aa4..222ebada4 100644 --- a/include/queue.php +++ b/include/queue.php @@ -50,12 +50,13 @@ function queue_run($argv, $argc){ if($rr['outq_driver'] === 'post') { $result = z_post_url($rr['outq_posturl'],$rr['outq_msg']); if($result['success'] && $result['return_code'] < 300) { - logger('deliver: queue post success to ' . $rr['outq_posturl'], LOGGER_DEBUG); + logger('queue: queue post success to ' . $rr['outq_posturl'], LOGGER_DEBUG); $y = q("delete from outq where outq_hash = '%s' limit 1", dbesc($rr['ouq_hash']) ); } else { + logger('queue: queue post returned ' . $result['return_code'] . ' from ' . $rr['outq_posturl'],LOGGER_DEBUG); $y = q("update outq set outq_updated = '%s' where outq_hash = '%s' limit 1", dbesc(datetime_convert()), dbesc($rr['outq_hash']) diff --git a/mod/item.php b/mod/item.php index df51c8a92..c1dd15eb1 100644 --- a/mod/item.php +++ b/mod/item.php @@ -851,6 +851,11 @@ function item_post(&$a) { // NOTREACHED } + if($parent) { + // Store the comment signature information in case we need to relay to Diaspora +//FIXME + store_diaspora_comment_sig($datarray,$channel,$parent_item, $post_id); + } update_remote_id($channel,$post_id,$webpage,$pagetitle,$namespace,$remote_id,$mid); @@ -1312,3 +1317,4 @@ function item_check_service_class($channel_id,$iswebpage) { $ret['success'] = true; return $ret; } + |