3 files changed, 65 insertions, 37 deletions

diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 63033ce5e..a27edb73d 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -137,7 +137,22 @@ class HTTPSig {
 			}
 		}
 
-		logger('Content_Valid: ' . $result['content_valid']);
+
+		if(in_array('x-zot-digest',$signed_headers)) {
+			$result['content_signed'] = true;
+			$digest = explode('=', $headers['x-zot-digest']);
+			if($digest[0] === 'SHA-256')
+				$hashalg = 'sha256';
+			if($digest[0] === 'SHA-512')
+				$hashalg = 'sha512';
+
+			// The explode operation will have stripped the '=' padding, so compare against unpadded base64 
+			if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) {
+				$result['content_valid'] = true;
+			}
+		}
+
+		logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false'));
 
 		return $result;
 
@@ -194,8 +209,8 @@ class HTTPSig {
 			. '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
 
 		if($crypt_key) {
-			$x = crypto_encapsulate($headerval,$crypt_key,$crypt_alg);
-			$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'];
+			$x = crypto_encapsulate($headerval,$crypt_key,$crypt_algo);
+			$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"';
 		}
 			
 		if($auth) {
diff --git a/Zotlabs/Web/Router.php b/Zotlabs/Web/Router.php
index a6b780cdc..fb551e36f 100644
--- a/Zotlabs/Web/Router.php
+++ b/Zotlabs/Web/Router.php
@@ -38,10 +38,9 @@ class Router {
 	/**
 	 * @brief Router constructor.
 	 *
-	 * @param[in,out] App &$a
 	 * @throws Exception module not found
 	 */
-	function __construct(&$a) {
+	function __construct() {
 
 		$module = \App::$module;
 		$modname = "Zotlabs\\Module\\" . ucfirst($module);
@@ -179,9 +178,8 @@ class Router {
 	/**
 	 * @brief
 	 *
-	 * @param[in,out] App &$a
 	 */
-	function Dispatch(&$a) {
+	function Dispatch() {
 
 		/**
 		 * Call module functions
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index 9e6af8c4c..5183fb2b0 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -58,11 +58,10 @@ class WebServer {
 		if((x($_GET,'zid')) && (! \App::$install)) {
 			\App::$query_string = strip_zids(\App::$query_string);
 			if(! local_channel()) {
-                                if ($_SESSION['my_address']!=$_GET['zid'])
-                                {
-                                        $_SESSION['my_address'] = $_GET['zid'];
-                                        $_SESSION['authenticated'] = 0;
-                                }
+				if ($_SESSION['my_address']!=$_GET['zid']) {
+					$_SESSION['my_address'] = $_GET['zid'];
+					$_SESSION['authenticated'] = 0;
+				}
 				zid_init();
 			}
 		}
@@ -107,9 +106,43 @@ class WebServer {
 			check_config();
 		}
 
-		//nav_set_selected('nothing');
+		$this->create_channel_links();
 
-		$Router = new Router($a);
+		$Router = new Router();
+
+		$this->initialise_content();
+
+		$Router->Dispatch();
+
+		$this->set_homebase();
+
+		// now that we've been through the module content, see if the page reported
+		// a permission problem and if so, a 403 response would seem to be in order.
+
+		if(is_array($_SESSION['sysmsg']) && stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) {
+			header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.'));
+		}
+
+		call_hooks('page_end', \App::$page['content']);
+
+		construct_page();
+
+		killme();
+	}
+
+
+	private function initialise_content() {
+
+		/* initialise content region */
+
+		if(! x(\App::$page, 'content'))
+			\App::$page['content'] = '';
+
+		call_hooks('page_content_top', \App::$page['content']);
+
+	}
+
+	private function create_channel_links() {
 
 		/* Initialise the Link: response header if this is a channel page. 
 		 * This cannot be done inside the channel module because some protocol
@@ -135,26 +168,17 @@ class WebServer {
 			\App::$channel_links = $x['channel_links'];
 			header('Link: ' . \App::get_channel_links());
 		}
+	}
 
 
-
-
-		/* initialise content region */
-
-		if(! x(\App::$page, 'content'))
-			\App::$page['content'] = '';
-
-		call_hooks('page_content_top', \App::$page['content']);
-
-
-		$Router->Dispatch($a);
-
+	private function set_homebase() {
 
 		// If you're just visiting, let javascript take you home
 
 		if(x($_SESSION, 'visitor_home')) {
 			$homebase = $_SESSION['visitor_home'];
-		} elseif(local_channel()) {
+		}
+		elseif(local_channel()) {
 			$homebase = z_root() . '/channel/' . \App::$channel['channel_address'];
 		}
 
@@ -162,17 +186,8 @@ class WebServer {
 			\App::$page['content'] .= '<script>var homebase = "' . $homebase . '";</script>';
 		}
 
-		// now that we've been through the module content, see if the page reported
-		// a permission problem and if so, a 403 response would seem to be in order.
-
-		if(is_array($_SESSION['sysmsg']) && stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) {
-			header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.'));
-		}
+	}
 
-		call_hooks('page_end', \App::$page['content']);
 
-		construct_page();
 
-		killme();
-	}
 }