diff options
Diffstat (limited to 'Zotlabs')
43 files changed, 1112 insertions, 1172 deletions
diff --git a/Zotlabs/Daemon/Cron.php b/Zotlabs/Daemon/Cron.php index 8b6b42c8a..fe356bcbf 100644 --- a/Zotlabs/Daemon/Cron.php +++ b/Zotlabs/Daemon/Cron.php @@ -108,6 +108,7 @@ class Cron { $file = dbunescbin($rr['content']); if(is_file($file)) { @unlink($file); + @rmdir(dirname($file)); logger('info: deleted cached photo file ' . $file, LOGGER_DEBUG); } } @@ -187,7 +188,7 @@ class Cron { if($r) { require_once('include/photo/photo_driver.php'); foreach($r as $rr) { - $photos = import_xchan_photo($rr['xchan_photo_l'],$rr['xchan_hash']); + $photos = import_xchan_photo($rr['xchan_photo_l'], $rr['xchan_hash'], false, true); $x = q("update xchan set xchan_photo_l = '%s', xchan_photo_m = '%s', xchan_photo_s = '%s', xchan_photo_mimetype = '%s' where xchan_hash = '%s'", dbesc($photos[0]), diff --git a/Zotlabs/Daemon/Master.php b/Zotlabs/Daemon/Master.php index 857d47243..67a3acc0a 100644 --- a/Zotlabs/Daemon/Master.php +++ b/Zotlabs/Daemon/Master.php @@ -17,7 +17,22 @@ if(array_search( __file__ , get_included_files()) === 0) { class Master { static public function Summon($arr) { - proc_run('php','Zotlabs/Daemon/Master.php',$arr); + $hookinfo = [ + 'argv'=>$arr + ]; + + call_hooks ('daemon_master_summon',$hookinfo); + + $arr = $hookinfo['argv']; + $argc = count($arr); + + if ((!is_array($arr) || (count($arr) < 1))) { + logger("Summon handled by hook.",LOGGER_DEBUG); + return; + } + + $phpbin = get_config('system','phpbin','php'); + proc_run($phpbin,'Zotlabs/Daemon/Master.php',$arr); } static public function Release($argc,$argv) { @@ -33,6 +48,7 @@ class Master { $argc = count($argv); if ((!is_array($argv) || (count($argv) < 1))) { + logger("Release handled by hook.",LOGGER_DEBUG); return; } diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index 232d845c7..f86dc1604 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -3,7 +3,9 @@ namespace Zotlabs\Lib; use Zotlabs\Daemon\Master; -use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\HTTPSig; + +require_once('include/event.php'); class Activity { @@ -73,7 +75,7 @@ class Activity { if($x['success']) { $y = json_decode($x['body'],true); - logger('returned: ' . json_encode($y,JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES)); + logger('returned: ' . json_encode($y,JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES), LOGGER_DEBUG); return json_decode($x['body'], true); } else { @@ -149,7 +151,6 @@ class Activity { static function fetch_image($x) { - $ret = [ 'type' => 'Image', 'id' => $x['id'], @@ -292,8 +293,12 @@ class Activity { $ret['published'] = datetime_convert('UTC','UTC',$i['created'],ATOM_TIME); if($i['created'] !== $i['edited']) $ret['updated'] = datetime_convert('UTC','UTC',$i['edited'],ATOM_TIME); + if ($i['expires'] <= NULL_DATE) { + $ret['expires'] = datetime_convert('UTC','UTC',$i['expires'],ATOM_TIME); + } + if($i['app']) { - $ret['instrument'] = [ 'type' => 'Service', 'name' => $i['app'] ]; + $ret['generator'] = [ 'type' => 'Application', 'name' => $i['app'] ]; } if($i['location'] || $i['coord']) { $ret['location'] = [ 'type' => 'Place' ]; @@ -307,6 +312,10 @@ class Activity { } } + if (intval($i['item_private']) === 2) { + $ret['directMessage'] = true; + } + $ret['attributedTo'] = $i['author']['xchan_url']; if($i['id'] != $i['parent']) { @@ -352,7 +361,7 @@ class Activity { switch($t['type']) { case 'Hashtag': - $ret[] = [ 'ttype' => TERM_HASHTAG, 'url' => $t['href'], 'term' => escape_tags((substr($t['name'],0,1) === '#') ? substr($t['name'],1) : $t['name']) ]; + $ret[] = [ 'ttype' => TERM_HASHTAG, 'url' => ((isset($t['href'])) ? $t['href'] : $t['id']), 'term' => escape_tags((substr($t['name'],0,1) === '#') ? substr($t['name'],1) : $t['name']) ]; break; case 'Mention': @@ -383,9 +392,9 @@ class Activity { foreach($item['term'] as $t) { switch($t['ttype']) { case TERM_HASHTAG: - // An id is required so if we don't have a url in the taxonomy, ignore it and keep going. + // href is required so if we don't have a url in the taxonomy, ignore it and keep going. if($t['url']) { - $ret[] = [ 'id' => $t['url'], 'name' => '#' . $t['term'] ]; + $ret[] = [ 'type' => 'Hashtag', 'href' => $t['url'], 'name' => '#' . $t['term'] ]; } break; @@ -470,8 +479,27 @@ class Activity { return $ret; } + if($i['verb'] === ACTIVITY_FRIEND) { + // Hubzilla 'make-friend' activity, no direct mapping from AS1 to AS2 - make it a note + $ret['obj_type'] = ACTIVITY_OBJ_NOTE; + $ret['obj'] = []; + } + $ret['type'] = self::activity_mapper($i['verb']); + if($ret['type'] === 'emojiReaction') { + // There may not be an object for these items for legacy reasons - it should be the conversation parent. + $p = q("select * from item where mid = '%s' and uid = %d", + dbesc($i['parent_mid']), + intval($i['uid']) + ); + if($p) { + xchan_query($p,true); + $p = fetch_post_tags($p,true); + $i['obj'] = self::encode_item($p[0]); + } + } + $ret['id'] = ((strpos($i['mid'],'http') === 0) ? $i['mid'] : z_root() . '/activity/' . urlencode($i['mid'])); @@ -494,7 +522,7 @@ class Activity { if($i['created'] !== $i['edited']) $ret['updated'] = datetime_convert('UTC','UTC',$i['edited'],ATOM_TIME); if($i['app']) { - $ret['instrument'] = [ 'type' => 'Service', 'name' => $i['app'] ]; + $ret['generator'] = [ 'type' => 'Application', 'name' => $i['app'] ]; } if($i['location'] || $i['coord']) { $ret['location'] = [ 'type' => 'Place' ]; @@ -1301,6 +1329,12 @@ class Activity { elseif($act->obj['updated']) { $s['edited'] = datetime_convert('UTC','UTC',$act->obj['updated']); } + if ($act->data['expires']) { + $s['expires'] = datetime_convert('UTC','UTC',$act->data['expires']); + } + elseif ($act->obj['expires']) { + $s['expires'] = datetime_convert('UTC','UTC',$act->obj['expires']); + } if(! $s['created']) $s['created'] = datetime_convert(); @@ -1319,13 +1353,13 @@ class Activity { $s['verb'] = ACTIVITY_POST; $s['obj_type'] = ACTIVITY_OBJ_NOTE; - $instrument = $act->get_property_obj('instrument'); - if(! $instrument) - $instrument = $act->get_property_obj('instrument',$act->obj); + $generator = $act->get_property_obj('generator'); + if(! $generator) + $generator = $act->get_property_obj('generator',$act->obj); - if($instrument && array_key_exists('type',$instrument) - && $instrument['type'] === 'Service' && array_key_exists('name',$instrument)) { - $s['app'] = escape_tags($instrument['name']); + if($generator && array_key_exists('type',$generator) + && in_array($generator['type'], [ 'Application','Service' ] ) && array_key_exists('name',$generator)) { + $s['app'] = escape_tags($generator['name']); } if($channel['channel_system']) { @@ -1398,6 +1432,11 @@ class Activity { if($act->recips && (! in_array(ACTIVITY_PUBLIC_INBOX,$act->recips))) $s['item_private'] = 1; + + if (array_key_exists('directMessage',$act->obj) && intval($act->obj['directMessage'])) { + $s['item_private'] = 2; + } + set_iconfig($s,'activitypub','recips',$act->raw_recips); if($parent) { set_iconfig($s,'activitypub','rawmsg',$act->raw,1); @@ -1485,6 +1524,12 @@ class Activity { elseif($act->obj['updated']) { $s['edited'] = datetime_convert('UTC','UTC',$act->obj['updated']); } + if ($act->data['expires']) { + $s['expires'] = datetime_convert('UTC','UTC',$act->data['expires']); + } + elseif ($act->obj['expires']) { + $s['expires'] = datetime_convert('UTC','UTC',$act->obj['expires']); + } if(in_array($act->type, [ 'Like', 'Dislike', 'Flag', 'Block', 'Announce', 'Accept', 'Reject', 'TentativeAccept', 'emojiReaction' ])) { @@ -1546,7 +1591,7 @@ class Activity { $s['verb'] = self::activity_decode_mapper($act->type); - if($act->type === 'Tombstone' || ($act->type === 'Create' && $act->obj['type'] === 'Tombstone')) { + if($act->type === 'Tombstone' || $act->type === 'Delete' || ($act->type === 'Create' && $act->obj['type'] === 'Tombstone')) { $s['item_deleted'] = 1; } @@ -1582,14 +1627,14 @@ class Activity { $s['obj'] = $act->obj; } - $instrument = $act->get_property_obj('instrument'); - if((! $instrument) && (! $response_activity)) { - $instrument = $act->get_property_obj('instrument',$act->obj); + $generator = $act->get_property_obj('generator'); + if((! $generator) && (! $response_activity)) { + $generator = $act->get_property_obj('generator',$act->obj); } - if($instrument && array_key_exists('type',$instrument) - && $instrument['type'] === 'Service' && array_key_exists('name',$instrument)) { - $s['app'] = escape_tags($instrument['name']); + if($generator && array_key_exists('type',$generator) + && in_array($generator['type'], [ 'Application', 'Service' ] ) && array_key_exists('name',$generator)) { + $s['app'] = escape_tags($generator['name']); } @@ -1724,14 +1769,14 @@ class Activity { } foreach($ptr as $vurl) { if(strpos($s['body'],$vurl['href']) === false) { - $s['body'] .= "\n\n" . '[zmg]' . $vurl['href'] . '[/zmg]'; + $s['body'] .= '[zmg]' . $vurl['href'] . '[/zmg]' . "\n\n" . $s['body']; break; } } } elseif(is_string($act->obj['url'])) { if(strpos($s['body'],$act->obj['url']) === false) { - $s['body'] .= "\n\n" . '[zmg]' . $act->obj['url'] . '[/zmg]'; + $s['body'] .= '[zmg]' . $act->obj['url'] . '[/zmg]' . "\n\n" . $s['body']; } } } @@ -1812,7 +1857,8 @@ class Activity { $s['item_private'] = 1; set_iconfig($s,'activitypub','recips',$act->raw_recips); - // @FIXME: $parent is not defined + + $parent = (($s['parent_mid'] && $s['parent_mid'] === $s['mid']) ? true : false); if($parent) { set_iconfig($s,'activitypub','rawmsg',$act->raw,1); } @@ -1821,6 +1867,265 @@ class Activity { } + static function store($channel,$observer_hash,$act,$item,$fetch_parents = true) { + + $is_sys_channel = is_sys_channel($channel['channel_id']); + + // Mastodon only allows visibility in public timelines if the public inbox is listed in the 'to' field. + // They are hidden in the public timeline if the public inbox is listed in the 'cc' field. + // This is not part of the activitypub protocol - we might change this to show all public posts in pubstream at some point. + + $pubstream = ((is_array($act->obj) && array_key_exists('to', $act->obj) && in_array(ACTIVITY_PUBLIC_INBOX, $act->obj['to'])) ? true : false); + $is_parent = (($item['parent_mid'] && $item['parent_mid'] === $item['mid']) ? true : false); + + if($is_parent && (! perm_is_allowed($channel['channel_id'],$observer_hash,'send_stream') && ! ($is_sys_channel && $pubstream))) { + logger('no permission'); + return; + } + + if(is_array($act->obj)) { + $content = self::get_content($act->obj); + } + if(! $content) { + logger('no content'); + return; + } + + $item['aid'] = $channel['channel_account_id']; + $item['uid'] = $channel['channel_id']; + $s['uuid'] = ''; + + // Friendica sends the diaspora guid in a nonstandard field via AP + if($act->obj['diaspora:guid']) + $s['uuid'] = $act->obj['diaspora:guid']; + + if(! ( $item['author_xchan'] && $item['owner_xchan'])) { + logger('owner or author missing.'); + return; + } + + if($channel['channel_system']) { + if(! MessageFilter::evaluate($item,get_config('system','pubstream_incl'),get_config('system','pubstream_excl'))) { + logger('post is filtered'); + return; + } + } + + $abook = q("select * from abook where abook_xchan = '%s' and abook_channel = %d limit 1", + dbesc($observer_hash), + intval($channel['channel_id']) + ); + + if($abook) { + if(! post_is_importable($item,$abook[0])) { + logger('post is filtered'); + return; + } + } + + + if($act->obj['conversation']) { + set_iconfig($item,'ostatus','conversation',$act->obj['conversation'],1); + } + + // This isn't perfect but the best we can do for now. + + $item['comment_policy'] = 'authenticated'; + + set_iconfig($item,'activitypub','recips',$act->raw_recips); + + if(! $is_parent) { + $p = q("select parent_mid from item where mid = '%s' and uid = %d limit 1", + dbesc($item['parent_mid']), + intval($item['uid']) + ); + if(! $p) { + $a = (($fetch_parents) ? self::fetch_and_store_parents($channel,$act,$item) : false); + if($a) { + $p = q("select parent_mid from item where mid = '%s' and uid = %d limit 1", + dbesc($item['parent_mid']), + intval($item['uid']) + ); + } + else { + logger('could not fetch parents'); + return; + + // @TODO we maybe could accept these is we formatted the body correctly with share_bb() + // or at least provided a link to the object + // if(in_array($act->type,[ 'Like','Dislike' ])) { + // return; + // } + + // @TODO do we actually want that? + // if no parent was fetched, turn into a top-level post + + // turn into a top level post + // $s['parent_mid'] = $s['mid']; + // $s['thr_parent'] = $s['mid']; + } + } + if($p[0]['parent_mid'] !== $item['parent_mid']) { + $item['thr_parent'] = $item['parent_mid']; + } + else { + $item['thr_parent'] = $p[0]['parent_mid']; + } + $item['parent_mid'] = $p[0]['parent_mid']; + } + + $r = q("select id, created, edited from item where mid = '%s' and uid = %d limit 1", + dbesc($item['mid']), + intval($item['uid']) + ); + if($r) { + if($item['edited'] > $r[0]['edited']) { + $item['id'] = $r[0]['id']; + $x = item_store_update($item); + } + else { + return; + } + } + else { + $x = item_store($item); + } + + if(is_array($x) && $x['item_id']) { + if($is_parent) { + if($item['owner_xchan'] === $channel['channel_hash']) { + // We are the owner of this conversation, so send all received comments back downstream + Master::Summon(array('Notifier','comment-import',$x['item_id'])); + } + $r = q("select * from item where id = %d limit 1", + intval($x['item_id']) + ); + if($r) { + send_status_notifications($x['item_id'],$r[0]); + } + } + sync_an_item($channel['channel_id'],$x['item_id']); + } + + } + + static public function fetch_and_store_parents($channel,$act,$item) { + + logger('fetching parents'); + + $p = []; + + $current_act = $act; + $current_item = $item; + + while($current_item['parent_mid'] !== $current_item['mid']) { + $n = ActivityStreams::fetch($current_item['parent_mid'], $channel); + if(! $n) { + break; + } + $a = new ActivityStreams($n); + + //logger($a->debug()); + + if(! $a->is_valid()) { + break; + } + + $replies = null; + if(isset($a->obj['replies']['first']['items'])) { + $replies = $a->obj['replies']['first']['items']; + // we already have this one + array_diff($replies, [$current_item['mid']]); + } + + $item = null; + + switch($a->type) { + case 'Create': + case 'Update': + case 'Like': + case 'Dislike': + case 'Announce': + $item = self::decode_note($a); + break; + default: + break; + + } + if(! $item) { + break; + } + + array_unshift($p,[ $a, $item, $replies]); + + if($item['parent_mid'] === $item['mid'] || count($p) > 20) { + break; + } + + $current_act = $a; + $current_item = $item; + } + + if($p) { + foreach($p as $pv) { + self::store($channel,$pv[0]->actor['id'],$pv[0],$pv[1],false); + if($pv[2]) + self::fetch_and_store_replies($channel, $pv[2]); + } + return true; + } + + return false; + } + + static public function fetch_and_store_replies($channel, $arr) { + + logger('fetching replies'); + + $p = []; + + foreach($arr as $url) { + + $n = ActivityStreams::fetch($url, $channel); + if(! $n) { + break; + } + + $a = new ActivityStreams($n); + + if(! $a->is_valid()) { + break; + } + + $item = null; + + switch($a->type) { + case 'Create': + case 'Update': + case 'Like': + case 'Dislike': + case 'Announce': + $item = self::decode_note($a); + break; + default: + break; + } + if(! $item) { + break; + } + + array_unshift($p,[ $a, $item ]); + + } + + if($p) { + foreach($p as $pv) { + self::store($channel,$pv[0]->actor['id'],$pv[0],$pv[1],false); + } + } + + } + static function announce_note($channel,$observer_hash,$act) { $s = []; @@ -1941,25 +2246,21 @@ class Activity { $x = item_store($s); } - if(is_array($x) && $x['item_id']) { - // @FIXME: $parent is not defined - if($parent) { - if($s['owner_xchan'] === $channel['channel_hash']) { - // We are the owner of this conversation, so send all received comments back downstream - Master::Summon(array('Notifier','comment-import',$x['item_id'])); - } - $r = q("select * from item where id = %d limit 1", - intval($x['item_id']) - ); - if($r) { - send_status_notifications($x['item_id'],$r[0]); - } + if($s['owner_xchan'] === $channel['channel_hash']) { + // We are the owner of this conversation, so send all received comments back downstream + Master::Summon(array('Notifier','comment-import',$x['item_id'])); } + $r = q("select * from item where id = %d limit 1", + intval($x['item_id']) + ); + if($r) { + send_status_notifications($x['item_id'],$r[0]); + } + sync_an_item($channel['channel_id'],$x['item_id']); } - } static function like_note($channel,$observer_hash,$act) { @@ -2229,4 +2530,4 @@ class Activity { } -}
\ No newline at end of file +} diff --git a/Zotlabs/Lib/Enotify.php b/Zotlabs/Lib/Enotify.php index a7082f45a..92a488f67 100644 --- a/Zotlabs/Lib/Enotify.php +++ b/Zotlabs/Lib/Enotify.php @@ -807,6 +807,11 @@ class Enotify { $itemem_text = (($item['item_thread_top']) ? t('created a new post') : sprintf( t('commented on %s\'s post'), $item['owner']['xchan_name'])); + + if($item['verb'] === ACTIVITY_SHARE) { + $itemem_text = sprintf( t('repeated %s\'s post'), $item['author']['xchan_name']); + } + } $edit = false; @@ -825,12 +830,14 @@ class Enotify { // convert this logic into a json array just like the system notifications + $who = (($item['verb'] === ACTIVITY_SHARE) ? 'owner' : 'author'); + $x = array( 'notify_link' => $item['llink'], - 'name' => $item['author']['xchan_name'], - 'addr' => (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']), - 'url' => $item['author']['xchan_url'], - 'photo' => $item['author']['xchan_photo_s'], + 'name' => $item[$who]['xchan_name'], + 'addr' => (($item[$who]['xchan_addr']) ? $item[$who]['xchan_addr'] : $item[$who]['xchan_url']), + 'url' => $item[$who]['xchan_url'], + 'photo' => $item[$who]['xchan_photo_s'], 'when' => relative_date(($edit)? $item['edited'] : $item['created']), 'class' => (intval($item['item_unseen']) ? 'notify-unseen' : 'notify-seen'), 'b64mid' => ((in_array($item['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) ? 'b64.' . base64url_encode($item['thr_parent']) : 'b64.' . base64url_encode($item['mid'])), @@ -838,7 +845,7 @@ class Enotify { 'thread_top' => (($item['item_thread_top']) ? true : false), 'message' => strip_tags(bbcode($itemem_text)), // these are for the superblock addon - 'hash' => $item['author']['xchan_hash'], + 'hash' => $item[$who]['xchan_hash'], 'uid' => local_channel(), 'display' => true ); diff --git a/Zotlabs/Lib/JSalmon.php b/Zotlabs/Lib/JSalmon.php index f35bf6235..bed748432 100644 --- a/Zotlabs/Lib/JSalmon.php +++ b/Zotlabs/Lib/JSalmon.php @@ -2,7 +2,7 @@ namespace Zotlabs\Lib; -use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\HTTPSig; class JSalmon { diff --git a/Zotlabs/Lib/LDSignatures.php b/Zotlabs/Lib/LDSignatures.php index 6d7127cde..b13c4cf4a 100644 --- a/Zotlabs/Lib/LDSignatures.php +++ b/Zotlabs/Lib/LDSignatures.php @@ -29,7 +29,7 @@ class LDSignatures { $options = [ 'type' => 'RsaSignature2017', 'nonce' => random_string(64), - 'creator' => z_root() . '/channel/' . $channel['channel_address'] . '/public_key_pem', + 'creator' => z_root() . '/channel/' . $channel['channel_address'], 'created' => datetime_convert('UTC','UTC', 'now', 'Y-m-d\Th:i:s\Z') ]; @@ -124,7 +124,7 @@ class LDSignatures { 'meDataType' => $data_type, 'meEncoding' => $encoding, 'meAlgorithm' => $algorithm, - 'meCreator' => z_root() . '/channel/' . $channel['channel_address'] . '/public_key_pem', + 'meCreator' => z_root() . '/channel/' . $channel['channel_address'], 'meSignatureValue' => $signature ]); @@ -132,4 +132,4 @@ class LDSignatures { -}
\ No newline at end of file +} diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 9bf987027..2a13744a3 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -2,7 +2,7 @@ namespace Zotlabs\Lib; -use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\HTTPSig; use Zotlabs\Access\Permissions; use Zotlabs\Access\PermissionLimits; use Zotlabs\Daemon\Master; @@ -2037,7 +2037,7 @@ class Libzot { $item_found = false; $post_id = 0; - $r = q("select id, author_xchan, owner_xchan, source_xchan, item_deleted from item where ( author_xchan = '%s' or owner_xchan = '%s' or source_xchan = '%s' ) + $r = q("select * from item where ( author_xchan = '%s' or owner_xchan = '%s' or source_xchan = '%s' ) and mid = '%s' and uid = %d limit 1", dbesc($sender), dbesc($sender), @@ -2047,10 +2047,12 @@ class Libzot { ); if($r) { - if($r[0]['author_xchan'] === $sender || $r[0]['owner_xchan'] === $sender || $r[0]['source_xchan'] === $sender) + $stored = $r[0]; + + if($stored['author_xchan'] === $sender || $stored['owner_xchan'] === $sender || $stored['source_xchan'] === $sender) $ownership_valid = true; - $post_id = $r[0]['id']; + $post_id = $stored['id']; $item_found = true; } else { @@ -2074,8 +2076,27 @@ class Libzot { return false; } + if ($stored['resource_type'] === 'event') { + $i = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", + dbesc($stored['resource_id']), + intval($uid) + ); + if ($i) { + if ($i[0]['event_xchan'] === $sender) { + q("delete from event where event_hash = '%s' and uid = %d", + dbesc($stored['resource_id']), + intval($uid) + ); + } + else { + logger('delete linked event: not owner'); + return; + } + } + } + if($item_found) { - if(intval($r[0]['item_deleted'])) { + if(intval($stored['item_deleted'])) { logger('delete_imported_item: item was already deleted'); if(! $relay) return false; @@ -2087,10 +2108,10 @@ class Libzot { // back, and we aren't going to (or shouldn't at any rate) delete it again in the future - so losing // this information from the metadata should have no other discernible impact. - if (($r[0]['id'] != $r[0]['parent']) && intval($r[0]['item_origin'])) { + if (($stored['id'] != $stored['parent']) && intval($stored['item_origin'])) { q("update item set item_origin = 0 where id = %d and uid = %d", - intval($r[0]['id']), - intval($r[0]['uid']) + intval($stored['id']), + intval($stored['uid']) ); } } @@ -2766,7 +2787,7 @@ class Libzot { $profile['description'] = $p[0]['pdesc']; $profile['birthday'] = $p[0]['dob']; - if(($profile['birthday'] != '0000-00-00') && (($bd = z_birthday($p[0]['dob'],$e['channel_timezone'])) !== '')) + if(($profile['birthday'] != '0000-00-00') && (($bd = z_birthday($p[0]['dob'],'UTC')) !== '')) $profile['next_birthday'] = $bd; if($age = age($p[0]['dob'],$e['channel_timezone'],'')) diff --git a/Zotlabs/Lib/NativeWiki.php b/Zotlabs/Lib/NativeWiki.php index e2bd07c0d..662fddad0 100644 --- a/Zotlabs/Lib/NativeWiki.php +++ b/Zotlabs/Lib/NativeWiki.php @@ -191,7 +191,7 @@ class NativeWiki { return array('item' => null, 'success' => false); } else { - $drop = drop_item($item['id'], false, DROPITEM_NORMAL, true); + $drop = drop_item($item['id'], false, DROPITEM_NORMAL); } info( t('Wiki files deleted successfully')); diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index 9161aa182..5e4600df2 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -98,7 +98,7 @@ class ThreadItem { $conv = $this->get_conversation(); $observer = $conv->get_observer(); - $lock = ((($item['item_private'] == 1) || (($item['uid'] == local_channel()) && (strlen($item['allow_cid']) || strlen($item['allow_gid']) + $lock = (((intval($item['item_private'])) || (($item['uid'] == local_channel()) && (strlen($item['allow_cid']) || strlen($item['allow_gid']) || strlen($item['deny_cid']) || strlen($item['deny_gid'])))) ? t('Private Message') : false); @@ -110,7 +110,7 @@ class ThreadItem { $shareable = true; $privacy_warning = false; - if(($item['item_private'] == 1) && ($item['owner']['xchan_network'] === 'activitypub')) { + if(intval($item['item_private']) && ($item['owner']['xchan_network'] === 'activitypub')) { $recips = get_iconfig($item['parent'], 'activitypub', 'recips'); if(! in_array($observer['xchan_url'], $recips['to'])) diff --git a/Zotlabs/Lib/ZotURL.php b/Zotlabs/Lib/ZotURL.php index bc14c516a..98d1febe5 100644 --- a/Zotlabs/Lib/ZotURL.php +++ b/Zotlabs/Lib/ZotURL.php @@ -2,7 +2,7 @@ namespace Zotlabs\Lib; -use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\HTTPSig; class ZotURL { diff --git a/Zotlabs/Lib/Zotfinger.php b/Zotlabs/Lib/Zotfinger.php index d094fdc8d..2d2e6796b 100644 --- a/Zotlabs/Lib/Zotfinger.php +++ b/Zotlabs/Lib/Zotfinger.php @@ -2,7 +2,7 @@ namespace Zotlabs\Lib; -use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\HTTPSig; class Zotfinger { diff --git a/Zotlabs/Module/Apschema.php b/Zotlabs/Module/Apschema.php index 5b249bfe8..756057a8a 100644 --- a/Zotlabs/Module/Apschema.php +++ b/Zotlabs/Module/Apschema.php @@ -27,7 +27,9 @@ class Apschema extends \Zotlabs\Web\Controller { 'nomadicLocation' => 'zot:nomadicLocation', 'nomadicHubs' => 'zot:nomadicHubs', 'emojiReaction' => 'zot:emojiReaction', - + 'expires' => 'zot:expires', + 'directMessage' => 'zot:directMessage', + 'magicEnv' => [ '@id' => 'zot:magicEnv', '@type' => '@id' @@ -39,8 +41,13 @@ class Apschema extends \Zotlabs\Web\Controller { ], 'ostatus' => 'http://ostatus.org#', - 'conversation' => 'ostatus:conversation' + 'conversation' => 'ostatus:conversation', + + 'diaspora' => 'https://diasporafoundation.org/ns/', + 'guid' => 'diaspora:guid', + 'Hashtag' => 'as:Hashtag' + ] ]; @@ -53,4 +60,4 @@ class Apschema extends \Zotlabs\Web\Controller { -}
\ No newline at end of file +} diff --git a/Zotlabs/Module/Cal.php b/Zotlabs/Module/Cal.php index 70098a2a1..07bee38bd 100644 --- a/Zotlabs/Module/Cal.php +++ b/Zotlabs/Module/Cal.php @@ -1,6 +1,10 @@ <?php namespace Zotlabs\Module; + +use App; +use Zotlabs\Web\Controller; + require_once('include/conversation.php'); require_once('include/bbcode.php'); require_once('include/datetime.php'); @@ -9,15 +13,13 @@ require_once('include/items.php'); require_once('include/html2plain.php'); -class Cal extends \Zotlabs\Web\Controller { +class Cal extends Controller { function init() { if(observer_prohibited()) { return; } - $o = ''; - if(argc() > 1) { $nick = argv(1); @@ -25,19 +27,21 @@ class Cal extends \Zotlabs\Web\Controller { $channelx = channelx_by_nick($nick); - if(! $channelx) + if(! $channelx) { + notice( t('Channel not found.') . EOL); return; + } - \App::$data['channel'] = $channelx; + App::$data['channel'] = $channelx; - $observer = \App::get_observer(); - \App::$data['observer'] = $observer; + $observer = App::get_observer(); + App::$data['observer'] = $observer; $observer_xchan = (($observer) ? $observer['xchan_hash'] : ''); - head_set_icon(\App::$data['channel']['xchan_photo_s']); + head_set_icon(App::$data['channel']['xchan_photo_s']); - \App::$page['htmlhead'] .= "<script> var profile_uid = " . ((\App::$data['channel']) ? \App::$data['channel']['channel_id'] : 0) . "; </script>" ; + App::$page['htmlhead'] .= "<script> var profile_uid = " . ((App::$data['channel']) ? App::$data['channel']['channel_id'] : 0) . "; </script>" ; } @@ -52,18 +56,8 @@ class Cal extends \Zotlabs\Web\Controller { return; } - $channel = null; - - if(argc() > 1) { - $channel = channelx_by_nick(argv(1)); - } - - - if(! $channel) { - notice( t('Channel not found.') . EOL); - return; - } - + $channel = App::$data['channel']; + // since we don't currently have an event permission - use the stream permission if(! perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_stream')) { @@ -72,287 +66,152 @@ class Cal extends \Zotlabs\Web\Controller { } nav_set_selected('Calendar'); + + head_add_css('/library/fullcalendar/packages/core/main.min.css'); + head_add_css('/library/fullcalendar/packages/daygrid/main.min.css'); + head_add_css('cdav_calendar.css'); + + head_add_js('/library/fullcalendar/packages/core/main.min.js'); + head_add_js('/library/fullcalendar/packages/daygrid/main.min.js'); + + $sql_extra = permissions_sql($channel['channel_id'], get_observer_hash(), 'event'); + + if(! perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_contacts') || App::$profile['hide_friends']) + $sql_extra .= " and etype != 'birthday' "; - $sql_extra = permissions_sql($channel['channel_id'],get_observer_hash(),'event'); - - $first_day = feature_enabled($channel['channel_id'], 'events_cal_first_day'); + $first_day = feature_enabled($channel['channel_id'], 'cal_first_day'); $first_day = (($first_day) ? $first_day : 0); - $htpl = get_markup_template('event_head.tpl'); - \App::$page['htmlhead'] .= replace_macros($htpl,array( - '$baseurl' => z_root(), - '$module_url' => '/cal/' . $channel['channel_address'], - '$modparams' => 2, - '$lang' => \App::$language, - '$first_day' => $first_day - )); - - $o = ''; - - $mode = 'view'; - $y = 0; - $m = 0; - $ignored = ((x($_REQUEST,'ignored')) ? " and dismissed = " . intval($_REQUEST['ignored']) . " " : ''); - - // logger('args: ' . print_r(\App::$argv,true)); + $start = ''; + $finish = ''; + + if (argv(2) === 'json') { + if (x($_GET,'start')) $start = $_GET['start']; + if (x($_GET,'end')) $finish = $_GET['end']; + } - if(argc() > 3 && intval(argv(2)) && intval(argv(3))) { - $mode = 'view'; - $y = intval(argv(2)); - $m = intval(argv(3)); + $start = datetime_convert('UTC','UTC',$start); + $finish = datetime_convert('UTC','UTC',$finish); + $adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start); + $adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish); + + if (x($_GET, 'id')) { + $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id + from event left join item on item.resource_id = event.event_hash + where item.resource_type = 'event' and event.uid = %d and event.id = %d $sql_extra limit 1", + intval($channel['channel_id']), + intval($_GET['id']) + ); } - if(argc() <= 3) { - $mode = 'view'; - $event_id = argv(2); + else { + // fixed an issue with "nofinish" events not showing up in the calendar. + // There's still an issue if the finish date crosses the end of month. + // Noting this for now - it will need to be fixed here and in Friendica. + // Ultimately the finish date shouldn't be involved in the query. + $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id + from event left join item on event.event_hash = item.resource_id + where item.resource_type = 'event' and event.uid = %d and event.uid = item.uid + AND (( event.adjust = 0 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' ) + OR ( event.adjust = 1 AND ( event.dtend >= '%s' or event.nofinish = 1 ) AND event.dtstart <= '%s' )) + $sql_extra", + intval($channel['channel_id']), + dbesc($start), + dbesc($finish), + dbesc($adjust_start), + dbesc($adjust_finish) + ); } - if($mode == 'view') { - - /* edit/create form */ - if($event_id) { - $r = q("SELECT * FROM event WHERE event_hash = '%s' AND uid = %d LIMIT 1", - dbesc($event_id), - intval($channel['channel_id']) - ); - if(count($r)) - $orig_event = $r[0]; - } - - - // Passed parameters overrides anything found in the DB - if(!x($orig_event)) - $orig_event = array(); - - - - $tz = date_default_timezone_get(); - if(x($orig_event)) - $tz = (($orig_event['adjust']) ? date_default_timezone_get() : 'UTC'); - - $syear = datetime_convert('UTC', $tz, $sdt, 'Y'); - $smonth = datetime_convert('UTC', $tz, $sdt, 'm'); - $sday = datetime_convert('UTC', $tz, $sdt, 'd'); - $shour = datetime_convert('UTC', $tz, $sdt, 'H'); - $sminute = datetime_convert('UTC', $tz, $sdt, 'i'); - - $stext = datetime_convert('UTC',$tz,$sdt); - $stext = substr($stext,0,14) . "00:00"; - - $fyear = datetime_convert('UTC', $tz, $fdt, 'Y'); - $fmonth = datetime_convert('UTC', $tz, $fdt, 'm'); - $fday = datetime_convert('UTC', $tz, $fdt, 'd'); - $fhour = datetime_convert('UTC', $tz, $fdt, 'H'); - $fminute = datetime_convert('UTC', $tz, $fdt, 'i'); - - $ftext = datetime_convert('UTC',$tz,$fdt); - $ftext = substr($ftext,0,14) . "00:00"; - - $type = ((x($orig_event)) ? $orig_event['etype'] : 'event'); - - $f = get_config('system','event_input_format'); - if(! $f) - $f = 'ymd'; - - $catsenabled = feature_enabled($channel['channel_id'],'categories'); - - - $show_bd = perm_is_allowed($channel['channel_id'], get_observer_hash(), 'view_contacts'); - if(! $show_bd) { - $sql_extra .= " and event.etype != 'birthday' "; - } - - - $category = ''; - - $thisyear = datetime_convert('UTC',date_default_timezone_get(),'now','Y'); - $thismonth = datetime_convert('UTC',date_default_timezone_get(),'now','m'); - if(! $y) - $y = intval($thisyear); - if(! $m) - $m = intval($thismonth); - - // Put some limits on dates. The PHP date functions don't seem to do so well before 1900. - // An upper limit was chosen to keep search engines from exploring links millions of years in the future. - - if($y < 1901) - $y = 1900; - if($y > 2099) - $y = 2100; - - $nextyear = $y; - $nextmonth = $m + 1; - if($nextmonth > 12) { - $nextmonth = 1; - $nextyear ++; - } - - $prevyear = $y; - if($m > 1) - $prevmonth = $m - 1; - else { - $prevmonth = 12; - $prevyear --; - } - - $dim = get_dim($y,$m); - $start = sprintf('%d-%d-%d %d:%d:%d',$y,$m,1,0,0,0); - $finish = sprintf('%d-%d-%d %d:%d:%d',$y,$m,$dim,23,59,59); - - - if (argv(2) === 'json'){ - if (x($_GET,'start')) $start = $_GET['start']; - if (x($_GET,'end')) $finish = $_GET['end']; - } - - $start = datetime_convert('UTC','UTC',$start); - $finish = datetime_convert('UTC','UTC',$finish); - - $adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start); - $adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish); + if($r) { + xchan_query($r); + $r = fetch_post_tags($r,true); + $r = sort_by_date($r); + } + + $events = []; + if($r) { - if(! perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'view_contacts')) - $sql_extra .= " and etype != 'birthday' "; + foreach($r as $rr) { - if (x($_GET,'id')){ - $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan - from event left join item on resource_id = event_hash where resource_type = 'event' and event.uid = %d and event.id = %d $sql_extra limit 1", - intval($channel['channel_id']), - intval($_GET['id']) - ); - } - else { - // fixed an issue with "nofinish" events not showing up in the calendar. - // There's still an issue if the finish date crosses the end of month. - // Noting this for now - it will need to be fixed here and in Friendica. - // Ultimately the finish date shouldn't be involved in the query. - - $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan - from event left join item on event_hash = resource_id - where resource_type = 'event' and event.uid = %d and event.uid = item.uid $ignored - AND (( adjust = 0 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' ) - OR ( adjust = 1 AND ( dtend >= '%s' or nofinish = 1 ) AND dtstart <= '%s' )) $sql_extra ", - intval($channel['channel_id']), - dbesc($start), - dbesc($finish), - dbesc($adjust_start), - dbesc($adjust_finish) - ); - - } - - $links = array(); - - if($r) { - xchan_query($r); - $r = fetch_post_tags($r,true); - - $r = sort_by_date($r); - } - - if($r) { - foreach($r as $rr) { - $j = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtstart'], 'j') : datetime_convert('UTC','UTC',$rr['dtstart'],'j')); - if(! x($links,$j)) - $links[$j] = z_root() . '/' . \App::$cmd . '#link-' . $j; + $tz = get_iconfig($rr, 'event', 'timezone'); + if(! $tz) + $tz = 'UTC'; + + $start = (($rr['adjust']) ? datetime_convert($tz, date_default_timezone_get(), $rr['dtstart'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtstart'], 'c')); + if ($rr['nofinish']){ + $end = null; + } else { + $end = (($rr['adjust']) ? datetime_convert($tz, date_default_timezone_get(), $rr['dtend'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtend'], 'c')); } - } - - $events=array(); - - $last_date = ''; - $fmt = t('l, F j'); - - if($r) { - - foreach($r as $rr) { - - $j = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtstart'], 'j') : datetime_convert('UTC','UTC',$rr['dtstart'],'j')); - $d = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtstart'], $fmt) : datetime_convert('UTC','UTC',$rr['dtstart'],$fmt)); - $d = day_translate($d); - - $start = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtstart'], 'c') : datetime_convert('UTC','UTC',$rr['dtstart'],'c')); - if ($rr['nofinish']){ - $end = null; - } else { - $end = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtend'], 'c') : datetime_convert('UTC','UTC',$rr['dtend'],'c')); - } - - - $is_first = ($d !== $last_date); - - $last_date = $d; - - $edit = false; - - $drop = false; - - $title = strip_tags(html_entity_decode(bbcode($rr['summary']),ENT_QUOTES,'UTF-8')); - if(! $title) { - list($title, $_trash) = explode("<br",bbcode($rr['desc']),2); - $title = strip_tags(html_entity_decode($title,ENT_QUOTES,'UTF-8')); - } + + $html = ''; + if (x($_GET,'id')) { + $rr['timezone'] = $tz; $html = format_event_html($rr); - $rr['desc'] = zidify_links(smilies(bbcode($rr['desc']))); - $rr['description'] = htmlentities(html2plain(bbcode($rr['description'])),ENT_COMPAT,'UTF-8',false); - $rr['location'] = zidify_links(smilies(bbcode($rr['location']))); - $events[] = array( - 'id'=>$rr['id'], - 'hash' => $rr['event_hash'], - 'start'=> $start, - 'end' => $end, - 'drop' => $drop, - 'allDay' => false, - 'title' => $title, - - 'j' => $j, - 'd' => $d, - 'edit' => $edit, - 'is_first'=>$is_first, - 'item'=>$rr, - 'html'=>$html, - 'plink' => array($rr['plink'],t('Link to Source'),'',''), - ); - - } + + $events[] = array( + 'calendar_id' => 'channel_calendar', + 'rw' => true, + 'id'=>$rr['id'], + 'uri' => $rr['event_hash'], + 'timezone' => $tz, + 'start'=> $start, + 'end' => $end, + 'drop' => $drop, + 'allDay' => (($rr['adjust']) ? 0 : 1), + 'title' => html_entity_decode($rr['summary'], ENT_COMPAT, 'UTF-8'), + 'editable' => $edit ? true : false, + 'item' => $rr, + 'plink' => [$rr['plink'], t('Link to source')], + 'description' => html_entity_decode($rr['description'], ENT_COMPAT, 'UTF-8'), + 'location' => html_entity_decode($rr['location'], ENT_COMPAT, 'UTF-8'), + 'allow_cid' => expand_acl($rr['allow_cid']), + 'allow_gid' => expand_acl($rr['allow_gid']), + 'deny_cid' => expand_acl($rr['deny_cid']), + 'deny_gid' => expand_acl($rr['deny_gid']), + 'html' => $html + ); } + } + + if (argv(2) === 'json') { + echo json_encode($events); + killme(); + } - if (argv(2) === 'json'){ - echo json_encode($events); killme(); - } - - // links: array('href', 'text', 'extra css classes', 'title') - if (x($_GET,'id')){ - $tpl = get_markup_template("event_cal.tpl"); - } - else { - $tpl = get_markup_template("events_cal-js.tpl"); - } - - $nick = $channel['channel_address']; - - $o = replace_macros($tpl, array( - '$baseurl' => z_root(), - '$new_event' => array(z_root().'/cal',(($event_id) ? t('Edit Event') : t('Create Event')),'',''), - '$previus' => array(z_root()."/cal/$nick/$prevyear/$prevmonth",t('Previous'),'',''), - '$next' => array(z_root()."/cal/$nick/$nextyear/$nextmonth",t('Next'),'',''), - '$export' => array(z_root()."/cal/$nick/$y/$m/export",t('Export'),'',''), - '$calendar' => cal($y,$m,$links, ' eventcal'), - '$events' => $events, - '$upload' => t('Import'), - '$submit' => t('Submit'), - '$prev' => t('Previous'), - '$next' => t('Next'), - '$today' => t('Today'), - '$form' => $form, - '$expandform' => ((x($_GET,'expandform')) ? true : false) - )); - - if (x($_GET,'id')){ echo $o; killme(); } - - return $o; + if (x($_GET,'id')) { + $o = replace_macros(get_markup_template("cal_event.tpl"), [ + '$events' => $events + ]); + echo $o; + killme(); } + + $nick = $channel['channel_address']; + + $sources = '{ + id: \'channel_calendar\', + url: \'/cal/' . $nick . '/json/\', + color: \'#3a87ad\' + }'; + + $o = replace_macros(get_markup_template("cal_calendar.tpl"), [ + '$sources' => $sources, + '$lang' => App::$language, + '$timezone' => date_default_timezone_get(), + '$first_day' => $first_day, + '$prev' => t('Previous'), + '$next' => t('Next'), + '$today' => t('Today'), + '$title' => $title, + '$dtstart' => $dtstart, + '$dtend' => $dtend, + '$nick' => $nick + ]); + + return $o; } diff --git a/Zotlabs/Module/Cdav.php b/Zotlabs/Module/Cdav.php index 6b4f57ea5..e2855d2b6 100644 --- a/Zotlabs/Module/Cdav.php +++ b/Zotlabs/Module/Cdav.php @@ -4,6 +4,7 @@ namespace Zotlabs\Module; use App; use Zotlabs\Lib\Apps; use Zotlabs\Web\Controller; +use Zotlabs\Web\HTTPSig; require_once('include/event.php'); @@ -41,7 +42,7 @@ class Cdav extends Controller { continue; } - $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + $sigblock = HTTPSig::parse_sigheader($_SERVER[$head]); if($sigblock) { $keyId = str_replace('acct:','',$sigblock['keyId']); if($keyId) { @@ -64,7 +65,7 @@ class Cdav extends Controller { continue; if($record) { - $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); + $verified = HTTPSig::verify('',$record['channel']['channel_pubkey']); if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { $record = null; } @@ -271,11 +272,17 @@ class Cdav extends Controller { if(!cdav_perms($id[0],$calendars,true)) return; + $timezone = ((x($_POST,'timezone_select')) ? escape_tags(trim($_POST['timezone_select'])) : ''); + $tz = (($timezone) ? $timezone : date_default_timezone_get()); + + $allday = $_REQUEST['allday']; + $title = $_REQUEST['title']; - $start = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtstart']); + $start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']); $dtstart = new \DateTime($start); + if($_REQUEST['dtend']) { - $end = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtend']); + $end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']); $dtend = new \DateTime($end); } $description = $_REQUEST['description']; @@ -301,16 +308,23 @@ class Cdav extends Controller { 'DTSTART' => $dtstart ] ]); + if($dtend) { $vcalendar->VEVENT->add('DTEND', $dtend); - $vcalendar->VEVENT->DTEND['TZID'] = App::$timezone; + if($allday) + $vcalendar->VEVENT->DTEND['VALUE'] = 'DATE'; + else + $vcalendar->VEVENT->DTEND['TZID'] = $tz; } if($description) $vcalendar->VEVENT->add('DESCRIPTION', $description); if($location) $vcalendar->VEVENT->add('LOCATION', $location); - $vcalendar->VEVENT->DTSTART['TZID'] = App::$timezone; + if($allday) + $vcalendar->VEVENT->DTSTART['VALUE'] = 'DATE'; + else + $vcalendar->VEVENT->DTSTART['TZID'] = $tz; $calendarData = $vcalendar->serialize(); @@ -348,12 +362,17 @@ class Cdav extends Controller { if(!cdav_perms($id[0],$calendars,true)) return; + $timezone = ((x($_POST,'timezone_select')) ? escape_tags(trim($_POST['timezone_select'])) : ''); + $tz = (($timezone) ? $timezone : date_default_timezone_get()); + + $allday = $_REQUEST['allday']; + $uri = $_REQUEST['uri']; $title = $_REQUEST['title']; - $start = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtstart']); + $start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']); $dtstart = new \DateTime($start); if($_REQUEST['dtend']) { - $end = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtend']); + $end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']); $dtend = new \DateTime($end); } $description = $_REQUEST['description']; @@ -365,12 +384,23 @@ class Cdav extends Controller { if($title) $vcalendar->VEVENT->SUMMARY = $title; - if($dtstart) + if($dtstart) { $vcalendar->VEVENT->DTSTART = $dtstart; - if($dtend) + if($allday) + $vcalendar->VEVENT->DTSTART['VALUE'] = 'DATE'; + else + $vcalendar->VEVENT->DTSTART['TZID'] = $tz; + } + if($dtend) { $vcalendar->VEVENT->DTEND = $dtend; + if($allday) + $vcalendar->VEVENT->DTEND['VALUE'] = 'DATE'; + else + $vcalendar->VEVENT->DTEND['TZID'] = $tz; + } else unset($vcalendar->VEVENT->DTEND); + if($description) $vcalendar->VEVENT->DESCRIPTION = $description; if($location) @@ -406,11 +436,16 @@ class Cdav extends Controller { if(!cdav_perms($id[0],$calendars,true)) return; + $timezone = ((x($_POST,'timezone_select')) ? escape_tags(trim($_POST['timezone_select'])) : ''); + $tz = (($timezone) ? $timezone : date_default_timezone_get()); + + $allday = $_REQUEST['allday']; + $uri = $_REQUEST['uri']; - $start = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtstart']); + $start = datetime_convert('UTC', 'UTC', $_REQUEST['dtstart']); $dtstart = new \DateTime($start); if($_REQUEST['dtend']) { - $end = datetime_convert(App::$timezone, 'UTC', $_REQUEST['dtend']); + $end = datetime_convert('UTC', 'UTC', $_REQUEST['dtend']); $dtend = new \DateTime($end); } @@ -420,13 +455,20 @@ class Cdav extends Controller { if($dtstart) { $vcalendar->VEVENT->DTSTART = $dtstart; + if($allday) + $vcalendar->VEVENT->DTSTART['VALUE'] = 'DATE'; + else + $vcalendar->VEVENT->DTSTART['TZID'] = $tz; } if($dtend) { $vcalendar->VEVENT->DTEND = $dtend; + if($allday) + $vcalendar->VEVENT->DTEND['VALUE'] = 'DATE'; + else + $vcalendar->VEVENT->DTEND['TZID'] = $tz; } - else { + else unset($vcalendar->VEVENT->DTEND); - } $calendarData = $vcalendar->serialize(); @@ -915,8 +957,13 @@ class Cdav extends Controller { xchan_query($r); $r = fetch_post_tags($r,true); - $r[0]['dtstart'] = (($r[0]['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$r[0]['dtstart'], 'c') : datetime_convert('UTC','UTC',$r[0]['dtstart'],'c')); - $r[0]['dtend'] = (($r[0]['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$r[0]['dtend'], 'c') : datetime_convert('UTC','UTC',$r[0]['dtend'],'c')); + $tz = get_iconfig($r[0], 'event', 'timezone'); + if(! $tz) + $tz = 'UTC'; + + $r[0]['timezone'] = $tz; + $r[0]['dtstart'] = (($r[0]['adjust']) ? datetime_convert('UTC', date_default_timezone_get(), $r[0]['dtstart'], 'c') : datetime_convert('UTC', 'UTC', $r[0]['dtstart'], 'c')); + $r[0]['dtend'] = (($r[0]['adjust']) ? datetime_convert('UTC', date_default_timezone_get(), $r[0]['dtend'], 'c') : datetime_convert('UTC', 'UTC' ,$r[0]['dtend'], 'c')); $r[0]['plink'] = [$r[0]['plink'], t('Link to source')]; @@ -984,9 +1031,11 @@ class Cdav extends Controller { $first_day = feature_enabled(local_channel(), 'cal_first_day'); $first_day = (($first_day) ? $first_day : 0); - $title = ['title', t('Event title')]; + $title = ['title', t('Event title') ]; $dtstart = ['dtstart', t('Start date and time')]; $dtend = ['dtend', t('End date and time')]; + $timezone_select = ['timezone_select' , t('Timezone:'), date_default_timezone_get(), '', get_timezones()]; + $description = ['description', t('Description')]; $location = ['location', t('Location')]; @@ -1000,14 +1049,13 @@ class Cdav extends Controller { //$acl = (($orig_event['event_xchan']) ? '' : populate_acl(((x($orig_event)) ? $orig_event : $perm_defaults), false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream'))); $acl = populate_acl($perm_defaults, false, \Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_stream')); - //$permissions = ((x($orig_event)) ? $orig_event : $perm_defaults); - $permissions = $perm_defaults; + $permissions = (($resource_id) ? $resource : $perm_defaults); $o .= replace_macros(get_markup_template('cdav_calendar.tpl'), [ '$sources' => $sources, '$color' => $color, '$lang' => App::$language, - '$timezone' => App::$timezone, + '$timezone' => date_default_timezone_get(), '$first_day' => $first_day, '$prev' => t('Previous'), '$next' => t('Next'), @@ -1047,7 +1095,8 @@ class Cdav extends Controller { '$categories_label' => t('Categories'), '$resource' => json_encode($resource), - '$categories' => $categories + '$categories' => $categories, + '$timezone_select' => ((feature_enabled(local_channel(),'event_tz_select')) ? $timezone_select : '') ]); return $o; @@ -1076,8 +1125,8 @@ class Cdav extends Controller { $filters['comp-filters'][0]['time-range']['end'] = $end; $uris = $caldavBackend->calendarQuery($id, $filters); - if($uris) { + $objects = $caldavBackend->getMultipleCalendarObjects($id, $uris); foreach($objects as $object) { @@ -1096,30 +1145,33 @@ class Cdav extends Controller { $dtend = (string)$vevent->DTEND; $description = (string)$vevent->DESCRIPTION; $location = (string)$vevent->LOCATION; - $timezone = (string)$vevent->DTSTART['TZID']; + $timezone_str = (string)$vevent->DTSTART['TZID']; $rw = ((cdav_perms($id[0],$calendars,true)) ? true : false); $editable = $rw ? true : false; $recurrent = ((isset($vevent->{'RECURRENCE-ID'})) ? true : false); if($recurrent) { $editable = false; - $timezone = $recurrent_timezone; + $timezone_str = $recurrent_timezone; } - $allDay = false; + // Try to get an usable olson format timezone + $timezone_obj = \Sabre\VObject\TimeZoneUtil::getTimeZone($timezone_str, $vcalendar); + $timezone = $timezone_obj->getName(); + + // If we got nothing fallback to UTC + if(! $timezone) + $timezone = 'UTC'; - // allDay event rules - if(!strpos($dtstart, 'T') && !strpos($dtend, 'T')) - $allDay = true; - if(strpos($dtstart, 'T000000') && strpos($dtend, 'T000000')) - $allDay = true; + $allDay = (((string)$vevent->DTSTART['VALUE'] == 'DATE') ? true : false); $events[] = [ 'calendar_id' => $id, 'uri' => $object['uri'], 'title' => $title, - 'start' => datetime_convert($timezone, $timezone, $dtstart, 'c'), - 'end' => (($dtend) ? datetime_convert($timezone, $timezone, $dtend, 'c') : ''), + 'timezone' => $timezone, + 'start' => datetime_convert($timezone, date_default_timezone_get(), $dtstart, 'c'), + 'end' => (($dtend) ? datetime_convert($timezone, date_default_timezone_get(), $dtend, 'c') : ''), 'description' => $description, 'location' => $location, 'allDay' => $allDay, diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index 144c2472a..b1639b213 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -6,7 +6,7 @@ namespace Zotlabs\Module; use App; use Zotlabs\Web\Controller; use Zotlabs\Lib\PermissionDescription; -use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\HTTPSig; use Zotlabs\Lib\Libzot; require_once('include/items.php'); @@ -111,6 +111,17 @@ class Channel extends Controller { // we start loading content profile_load($which,$profile); + + App::$page['htmlhead'] .= '<meta property="og:title" content="' . htmlspecialchars($channel['channel_name']) . '">' . "\r\n"; + App::$page['htmlhead'] .= '<meta property="og:image" content="' . $channel['xchan_photo_l'] . '">' . "\r\n"; + + if(App::$profile['about'] && perm_is_allowed($channel['channel_id'],get_observer_hash(),'view_profile')) { + App::$page['htmlhead'] .= '<meta property="og:description" content="' . htmlspecialchars(App::$profile['about']) . '">' . "\r\n"; + } + else { + App::$page['htmlhead'] .= '<meta property="og:description" content="' . htmlspecialchars(sprintf( t('This is the home page of %s.'), $channel['channel_name'])) . '">' . "\r\n"; + } + } function get($update = 0, $load = false) { diff --git a/Zotlabs/Module/Channel_calendar.php b/Zotlabs/Module/Channel_calendar.php index 9229e6eb2..7d75a7e41 100644 --- a/Zotlabs/Module/Channel_calendar.php +++ b/Zotlabs/Module/Channel_calendar.php @@ -21,53 +21,21 @@ class Channel_calendar extends \Zotlabs\Web\Controller { $event_hash = ((x($_POST,'event_hash')) ? $_POST['event_hash'] : ''); $xchan = ((x($_POST,'xchan')) ? dbesc($_POST['xchan']) : ''); - $uid = local_channel(); - - $start_text = escape_tags($_REQUEST['dtstart']); - $finish_text = escape_tags($_REQUEST['dtend']); - - $adjust = intval($_POST['adjust']); - $nofinish = intval($_POST['nofinish']); - - $timezone = ((x($_POST,'timezone_select')) ? notags(trim($_POST['timezone_select'])) : ''); - - $tz = (($timezone) ? $timezone : date_default_timezone_get()); + $uid = local_channel(); - $categories = escape_tags(trim($_POST['categories'])); - // only allow editing your own events. - if(($xchan) && ($xchan !== get_observer_hash())) return; - - if($start_text) { - $start = $start_text; - } - else { - $start = sprintf('%d-%d-%d %d:%d:0',$startyear,$startmonth,$startday,$starthour,$startminute); - } - if($finish_text) { - $finish = $finish_text; - } - else { - $finish = sprintf('%d-%d-%d %d:%d:0',$finishyear,$finishmonth,$finishday,$finishhour,$finishminute); - } + $timezone = ((x($_POST,'timezone_select')) ? escape_tags(trim($_POST['timezone_select'])) : ''); + $tz = (($timezone) ? $timezone : date_default_timezone_get()); - if($nofinish) { - $finish = NULL_DATE; - } + $categories = escape_tags(trim($_POST['categories'])); + + $adjust = intval($_POST['adjust']); - if($adjust) { - $start = datetime_convert($tz,'UTC',$start); - if(! $nofinish) - $finish = datetime_convert($tz,'UTC',$finish); - } - else { - $start = datetime_convert('UTC','UTC',$start); - if(! $nofinish) - $finish = datetime_convert('UTC','UTC',$finish); - } + $start = datetime_convert('UTC', 'UTC', escape_tags($_REQUEST['dtstart'])); + $finish = datetime_convert('UTC', 'UTC', escape_tags($_REQUEST['dtend'])); $summary = escape_tags(trim($_POST['summary'])); $desc = escape_tags(trim($_POST['desc'])); @@ -176,7 +144,7 @@ class Channel_calendar extends \Zotlabs\Web\Controller { $datarray['location'] = $location; $datarray['etype'] = $type; $datarray['adjust'] = $adjust; - $datarray['nofinish'] = $nofinish; + $datarray['nofinish'] = 0; $datarray['uid'] = local_channel(); $datarray['account'] = get_account_id(); $datarray['event_xchan'] = $channel['channel_hash']; @@ -188,6 +156,8 @@ class Channel_calendar extends \Zotlabs\Web\Controller { $datarray['id'] = $event_id; $datarray['created'] = $created; $datarray['edited'] = $edited; + $datarray['timezone'] = $tz; + if(intval($_REQUEST['preview'])) { $html = format_event_html($datarray); @@ -322,10 +292,9 @@ class Channel_calendar extends \Zotlabs\Web\Controller { $start = datetime_convert('UTC','UTC',$start); $finish = datetime_convert('UTC','UTC',$finish); - $adjust_start = datetime_convert('UTC', date_default_timezone_get(), $start); $adjust_finish = datetime_convert('UTC', date_default_timezone_get(), $finish); - + if (x($_GET,'id')){ $r = q("SELECT event.*, item.plink, item.item_flags, item.author_xchan, item.owner_xchan, item.id as item_id from event left join item on item.resource_id = event.event_hash @@ -335,7 +304,9 @@ class Channel_calendar extends \Zotlabs\Web\Controller { ); } elseif($export) { - $r = q("SELECT * from event where uid = %d and dtstart > '%s' and dtend > dtstart", + $r = q("SELECT event.*, item.id as item_id + from event left join item on item.resource_id = event.event_hash + where event.uid = %d and event.dtstart > '%s' and event.dtend > event.dtstart", intval(local_channel()), dbesc(NULL_DATE) ); @@ -357,13 +328,11 @@ class Channel_calendar extends \Zotlabs\Web\Controller { dbesc($adjust_start), dbesc($adjust_finish) ); - } if($r && ! $export) { xchan_query($r); $r = fetch_post_tags($r,true); - $r = sort_by_date($r); } @@ -373,17 +342,16 @@ class Channel_calendar extends \Zotlabs\Web\Controller { foreach($r as $rr) { - $start = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtstart'], 'c') : datetime_convert('UTC','UTC',$rr['dtstart'],'c')); + $tz = get_iconfig($rr, 'event', 'timezone'); + + if(! $tz) + $tz = 'UTC'; + + $start = (($rr['adjust']) ? datetime_convert($tz, date_default_timezone_get(), $rr['dtstart'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtstart'], 'c')); if ($rr['nofinish']){ $end = null; } else { - $end = (($rr['adjust']) ? datetime_convert('UTC',date_default_timezone_get(),$rr['dtend'], 'c') : datetime_convert('UTC','UTC',$rr['dtend'],'c')); - - // give a fake end to birthdays so they get crammed into a - // single day on the calendar - - if($rr['etype'] === 'birthday') - $end = null; + $end = (($rr['adjust']) ? datetime_convert($tz, date_default_timezone_get(), $rr['dtend'], 'c') : datetime_convert('UTC', 'UTC', $rr['dtend'], 'c')); } $catsenabled = feature_enabled(local_channel(),'categories'); @@ -399,14 +367,6 @@ class Channel_calendar extends \Zotlabs\Web\Controller { } } - $allDay = false; - - // allDay event rules - if(!strpos($start, 'T') && !strpos($end, 'T')) - $allDay = true; - if(strpos($start, 'T00:00:00') && strpos($end, 'T00:00:00')) - $allDay = true; - $edit = ((local_channel() && $rr['author_xchan'] == get_observer_hash()) ? array(z_root().'/events/'.$rr['event_hash'].'?expandform=1',t('Edit event'),'','') : false); $drop = array(z_root().'/events/drop/'.$rr['event_hash'],t('Delete event'),'',''); @@ -416,16 +376,17 @@ class Channel_calendar extends \Zotlabs\Web\Controller { 'rw' => true, 'id'=>$rr['id'], 'uri' => $rr['event_hash'], + 'timezone' => $tz, 'start'=> $start, 'end' => $end, 'drop' => $drop, - 'allDay' => $allDay, - 'title' => htmlentities($rr['summary'], ENT_COMPAT, 'UTF-8', false), + 'allDay' => (($rr['adjust']) ? 0 : 1), + 'title' => html_entity_decode($rr['summary'], ENT_COMPAT, 'UTF-8'), 'editable' => $edit ? true : false, - 'item'=>$rr, + 'item' => $rr, 'plink' => [$rr['plink'], t('Link to source')], - 'description' => htmlentities($rr['description'], ENT_COMPAT, 'UTF-8', false), - 'location' => htmlentities($rr['location'], ENT_COMPAT, 'UTF-8', false), + 'description' => html_entity_decode($rr['description'], ENT_COMPAT, 'UTF-8'), + 'location' => html_entity_decode($rr['location'], ENT_COMPAT, 'UTF-8'), 'allow_cid' => expand_acl($rr['allow_cid']), 'allow_gid' => expand_acl($rr['allow_gid']), 'deny_cid' => expand_acl($rr['deny_cid']), @@ -441,7 +402,7 @@ class Channel_calendar extends \Zotlabs\Web\Controller { echo ical_wrapper($r); killme(); } - + if (\App::$argv[1] === 'json'){ json_return_and_die($events); } @@ -461,13 +422,67 @@ class Channel_calendar extends \Zotlabs\Web\Controller { dbesc($event_id), intval(local_channel()) ); + if($r) { - $r = q("update item set resource_type = '', resource_id = '' where resource_type = 'event' and resource_id = '%s' and uid = %d", + + $sync_event['event_deleted'] = 1; + build_sync_packet(0,array('event' => array($sync_event))); + + $i = q("select * from item where resource_type = 'event' and resource_id = '%s' and uid = %d", dbesc($event_id), intval(local_channel()) ); - $sync_event['event_deleted'] = 1; - build_sync_packet(0,array('event' => array($sync_event))); + + if ($i) { + + $can_delete = false; + $local_delete = true; + + $ob_hash = get_observer_hash(); + if($ob_hash && ($ob_hash === $i[0]['author_xchan'] || $ob_hash === $i[0]['owner_xchan'] || $ob_hash === $i[0]['source_xchan'])) { + $can_delete = true; + } + + // The site admin can delete any post/item on the site. + // If the item originated on this site+channel the deletion will propagate downstream. + // Otherwise just the local copy is removed. + + if(is_site_admin()) { + $local_delete = true; + if(intval($i[0]['item_origin'])) + $can_delete = true; + } + + if($can_delete || $local_delete) { + + // if this is a different page type or it's just a local delete + // but not by the item author or owner, do a simple deletion + + $complex = false; + + if(intval($i[0]['item_type']) || ($local_delete && (! $can_delete))) { + drop_item($i[0]['id']); + } + else { + // complex deletion that needs to propagate and be performed in phases + drop_item($i[0]['id'],true,DROPITEM_PHASE1); + $complex = true; + } + + $ii = q("select * from item where id = %d", + intval($i[0]['id']) + ); + if($ii) { + xchan_query($ii); + $sync_item = fetch_post_tags($ii); + build_sync_packet($i[0]['uid'],array('item' => array(encode_item($sync_item[0],true)))); + } + + if($complex) { + tag_deliver($i[0]['uid'],$i[0]['id']); + } + } + } killme(); } notice( t('Failed to remove event' ) . EOL); diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php index 9f64e2fea..866520461 100644 --- a/Zotlabs/Module/Dav.php +++ b/Zotlabs/Module/Dav.php @@ -8,8 +8,9 @@ namespace Zotlabs\Module; -use \Sabre\DAV as SDAV; -use \Zotlabs\Storage; +use Sabre\DAV as SDAV; +use Zotlabs\Storage; +use Zotlabs\Web\HTTPSig; require_once('include/attach.php'); require_once('include/auth.php'); @@ -46,7 +47,7 @@ class Dav extends \Zotlabs\Web\Controller { continue; } - $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + $sigblock = HTTPSig::parse_sigheader($_SERVER[$head]); if($sigblock) { $keyId = str_replace('acct:','',$sigblock['keyId']); if($keyId) { @@ -69,7 +70,7 @@ class Dav extends \Zotlabs\Web\Controller { continue; if($record) { - $verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']); + $verified = HTTPSig::verify('',$record['channel']['channel_pubkey']); if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) { $record = null; } diff --git a/Zotlabs/Module/Dirsearch.php b/Zotlabs/Module/Dirsearch.php index 26cb82044..92b33df0c 100644 --- a/Zotlabs/Module/Dirsearch.php +++ b/Zotlabs/Module/Dirsearch.php @@ -394,7 +394,7 @@ class Dirsearch extends \Zotlabs\Web\Controller { $quoted_string = false; } else - $curr['value'] .= ' ' . trim(q); + $curr['value'] .= ' ' . trim($q); } } } diff --git a/Zotlabs/Module/Embedphotos.php b/Zotlabs/Module/Embedphotos.php index 8b0421457..6a88513dc 100644 --- a/Zotlabs/Module/Embedphotos.php +++ b/Zotlabs/Module/Embedphotos.php @@ -53,7 +53,7 @@ class Embedphotos extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $output = EMPTY_STR; if($channel) { - $resolution = ((feature_enabled($channel['channel_id'],'large_photos')) ? 2 : 3); + $resolution = ((feature_enabled($channel['channel_id'],'large_photos')) ? 1 : 2); $r = q("select mimetype, height, width from photo where resource_id = '%s' and $resolution = %d and uid = %d limit 1", dbesc($resource), intval($resolution), diff --git a/Zotlabs/Module/Events.php b/Zotlabs/Module/Events.php index e883db49f..681d6887d 100644 --- a/Zotlabs/Module/Events.php +++ b/Zotlabs/Module/Events.php @@ -11,6 +11,9 @@ require_once('include/html2plain.php'); class Events extends \Zotlabs\Web\Controller { function post() { + + // this module is deprecated + return; logger('post: ' . print_r($_REQUEST,true), LOGGER_DATA); @@ -245,6 +248,9 @@ class Events extends \Zotlabs\Web\Controller { function get() { + + // this module is deprecated + return; if(argc() > 2 && argv(1) == 'ical') { $event_id = argv(2); @@ -662,9 +668,10 @@ class Events extends \Zotlabs\Web\Controller { 'html'=>$html, 'plink' => array($rr['plink'],t('Link to Source'),'',''), ); + } } - + if($export) { header('Content-type: text/calendar'); header('content-disposition: attachment; filename="' . t('calendar') . '-' . $channel['channel_address'] . '.ics"' ); diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 583cf38f0..6d31d23fd 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -1,6 +1,8 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Web\HTTPSig; + /** * module: getfile * @@ -46,7 +48,7 @@ class Getfile extends \Zotlabs\Web\Controller { continue; } - $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + $sigblock = HTTPSig::parse_sigheader($_SERVER[$head]); if($sigblock) { $keyId = $sigblock['keyId']; @@ -57,7 +59,7 @@ class Getfile extends \Zotlabs\Web\Controller { ); if($r) { $hubloc = $r[0]; - $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); + $verified = HTTPSig::verify('',$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid'] && $hash == $hubloc['hubloc_hash']) { $header_verified = true; } diff --git a/Zotlabs/Module/Group.php b/Zotlabs/Module/Group.php index 12edf8428..f836978ee 100644 --- a/Zotlabs/Module/Group.php +++ b/Zotlabs/Module/Group.php @@ -177,7 +177,7 @@ class Group extends Controller { if($r) $result = group_rmv(local_channel(),$r[0]['gname']); if($result) { - $hookinfo = [ 'pgrp_extras' => '', 'group'=>$argv(2) ]; + $hookinfo = [ 'pgrp_extras' => '', 'group' => argv(2) ]; call_hooks ('privacygroup_extras_drop',$hookinfo); info( t('Privacy group removed.') . EOL); } diff --git a/Zotlabs/Module/Id.php b/Zotlabs/Module/Id.php index 15abfa2a3..e08568d00 100644 --- a/Zotlabs/Module/Id.php +++ b/Zotlabs/Module/Id.php @@ -12,7 +12,7 @@ namespace Zotlabs\Module; use Zotlabs\Lib\Activity; use Zotlabs\Lib\ActivityStreams; use Zotlabs\Lib\LDSignatures; -use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\HTTPSig; use Zotlabs\Web\Controller; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\ThreadListener; diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 6bc8c645f..d03b6ee30 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -9,7 +9,7 @@ use Zotlabs\Daemon\Master; use Zotlabs\Lib\Activity; use Zotlabs\Lib\ActivityStreams; use Zotlabs\Lib\LDSignatures; -use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\HTTPSig; use Zotlabs\Lib\Libzot; use Zotlabs\Lib\ThreadListener; use App; @@ -96,11 +96,12 @@ class Item extends Controller { } // if we don't have a parent id belonging to the signer see if we can obtain one as a visitor that we have permission to access + // with a bias towards those items owned by channels on this site (item_wall = 1) $sql_extra = item_permissions_sql(0); if (! $i) { - $i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra limit 1", + $i = q("select id as item_id from item where mid = '%s' $item_normal $sql_extra order by item_wall desc limit 1", dbesc($r[0]['parent_mid']) ); } @@ -192,6 +193,25 @@ class Item extends Controller { killme(); } + + if(argc() > 1 && argv(1) !== 'drop') { + $x = q("select uid, item_wall, llink, mid from item where mid = '%s' ", + dbesc(z_root() . '/item/' . argv(1)) + ); + if($x) { + foreach($x as $xv) { + if (intval($xv['item_wall'])) { + $c = channelx_by_n($xv['uid']); + if ($c) { + goaway($c['xchan_url'] . '?mid=' . gen_link_id($xv['mid'])); + } + } + } + goaway($x[0]['llink']); + } + http_status_exit(404, 'Not found'); + } + } @@ -550,10 +570,10 @@ class Item extends Controller { $public_policy = $orig_post['public_policy']; $private = $orig_post['item_private']; } - - if($private || $public_policy || $acl->is_private()) - $private = 1; - + + if($public_policy || $acl->is_private()) { + $private = (($private) ? $private : 1); + } $location = $orig_post['location']; $coord = $orig_post['coord']; @@ -630,12 +650,11 @@ class Item extends Controller { $allow_empty = ((array_key_exists('allow_empty',$_REQUEST)) ? intval($_REQUEST['allow_empty']) : 0); - $private = intval($acl->is_private() || ($public_policy)); + $private = (($private) ? $private : intval($acl->is_private() || ($public_policy))); // If this is a comment, set the permissions from the parent. if($parent_item) { - $private = 0; $acl->set($parent_item); $private = intval($acl->is_private() || $parent_item['item_private']); $public_policy = $parent_item['public_policy']; @@ -741,7 +760,12 @@ class Item extends Controller { } } } - + + if(($str_contact_allow) && (! $str_group_allow)) { + // direct message - private between individual channels but not groups + $private = 2; + } + /** * diff --git a/Zotlabs/Module/Linkinfo.php b/Zotlabs/Module/Linkinfo.php index b9f90deec..fcf8a6aa1 100644 --- a/Zotlabs/Module/Linkinfo.php +++ b/Zotlabs/Module/Linkinfo.php @@ -2,9 +2,6 @@ namespace Zotlabs\Module; - - - class Linkinfo extends \Zotlabs\Web\Controller { function get() { @@ -48,7 +45,22 @@ class Linkinfo extends \Zotlabs\Web\Controller { } logger('linkinfo: ' . $url); - + + // Replace plink URL with 'share' tag if possible + preg_match("/(mid=b64\.|display\/|posts\/)([\w\-]+)(&.+)?$/", $url, $mid); + + if (!empty($mid) && $mid[1] == 'mid=b64.') + $mid[2] = base64_decode($mid[2]); + + $r = q("SELECT id FROM item WHERE mid = '%s' AND uid = %d LIMIT 1", + dbesc((empty($mid) ? $url : $mid[2])), + intval(local_channel()) + ); + if ($r) { + echo "[share=" . $r[0]['id'] . "][/share]"; + killme(); + } + $result = z_fetch_url($url,false,0,array('novalidate' => true, 'nobody' => true)); if($result['success']) { $hdrs=array(); @@ -275,7 +287,7 @@ class Linkinfo extends \Zotlabs\Web\Controller { // Check codepage in HTTP headers or HTML if not exist $cp = (preg_match('/Content-Type: text\/html; charset=(.+)\r\n/i', $header, $o) ? $o[1] : ''); if(empty($cp)) - $cp = (preg_match('/meta.+content=["|\']text\/html; charset=([^"|\']+)/i', $body, $o) ? $o[1] : 'AUTO'); + $cp = (preg_match('/meta.+content=["\']text\/html; charset=([^"\']+)/i', $body, $o) ? $o[1] : 'AUTO'); $body = mb_convert_encoding($body, 'UTF-8', $cp); $body = mb_convert_encoding($body, 'HTML-ENTITIES', "UTF-8"); @@ -444,8 +456,9 @@ class Linkinfo extends \Zotlabs\Web\Controller { while (strpos($text, " ")) $text = trim(str_replace(" ", " ", $text)); - - $siteinfo["text"] = html_entity_decode(substr($text,0,350), ENT_QUOTES, "UTF-8").'...'; + + $text = substr(html_entity_decode($text, ENT_QUOTES, "UTF-8"), 0, 350); + $siteinfo["text"] = rtrim(substr($text, 0, strrpos($text, " ")), "?.,:;!-") . '...'; } } diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php index d7ed07a53..8c8519c57 100644 --- a/Zotlabs/Module/Lockview.php +++ b/Zotlabs/Module/Lockview.php @@ -76,7 +76,7 @@ class Lockview extends \Zotlabs\Web\Controller { killme(); } - if(($item['item_private'] == 1) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) + if(intval($item['item_private']) && (! strlen($item['allow_cid'])) && (! strlen($item['allow_gid'])) && (! strlen($item['deny_cid'])) && (! strlen($item['deny_gid']))) { // if the post is private, but public_policy is blank ("visible to the internet"), and there aren't any diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index e8e960574..6ac656a04 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -1,6 +1,8 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Web\HTTPSig; + @require_once('include/zot.php'); @@ -152,10 +154,9 @@ class Magic extends \Zotlabs\Web\Controller { $headers['Accept'] = 'application/x-zot+json' ; $headers['X-Open-Web-Auth'] = random_string(); $headers['Host'] = $parsed['host']; - $headers['Digest'] = 'SHA-256=' . \Zotlabs\Web\HTTPSig::generate_digest($data,false); + $headers['Digest'] = HTTPSig::generate_digest_header($data); - $headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], - 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512'); + $headers = HTTPSig::create_sig($headers,$channel['channel_prvkey'], 'acct:' . channel_reddress($channel),true,'sha512'); $x = z_post_url($basepath . '/owa',$data,$redirects,[ 'headers' => $headers ]); if($x['success']) { diff --git a/Zotlabs/Module/Mail.php b/Zotlabs/Module/Mail.php index 3202d38a5..7c344966b 100644 --- a/Zotlabs/Module/Mail.php +++ b/Zotlabs/Module/Mail.php @@ -25,6 +25,10 @@ class Mail extends \Zotlabs\Web\Controller { $expires = ((x($_REQUEST,'expires')) ? datetime_convert(date_default_timezone_get(),'UTC', $_REQUEST['expires']) : NULL_DATE); $raw = ((x($_REQUEST,'raw')) ? intval($_REQUEST['raw']) : 0); $mimetype = ((x($_REQUEST,'mimetype')) ? notags(trim($_REQUEST['mimetype'])) : 'text/bbcode'); + + $sig = ((x($_REQUEST,'signature')) ? trim($_REQUEST['signature']) : ''); + if(strpos($sig,'b64.') === 0) + $sig = base64_decode(str_replace('b64.', '', $sig)); if($preview) { @@ -123,7 +127,7 @@ class Mail extends \Zotlabs\Web\Controller { // We have a local_channel, let send_message use the session channel and save a lookup - $ret = send_message(0, $recipient, $body, $subject, $replyto, $expires, $mimetype, $raw); + $ret = send_message(0, $recipient, $body, $subject, $replyto, $expires, $mimetype, $raw, $sig); if($ret['success']) { xchan_mail_query($ret['mail']); @@ -396,8 +400,9 @@ class Mail extends \Zotlabs\Web\Controller { 'can_recall' => ($channel['channel_hash'] == $message['from_xchan']), 'is_recalled' => (intval($message['mail_recalled']) ? t('Message has been recalled.') : ''), 'date' => datetime_convert('UTC',date_default_timezone_get(),$message['created'], 'c'), + 'sig' => base64_encode($message['sig']) ); - + $seen = $message['seen']; } diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index cf116a96c..89f83bf8f 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -2,6 +2,8 @@ namespace Zotlabs\Module; +use Zotlabs\Web\HTTPSig; + /** * OpenWebAuth verifier and token generator * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home @@ -25,7 +27,7 @@ class Owa extends \Zotlabs\Web\Controller { continue; } - $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]); + $sigblock = HTTPSig::parse_sigheader($_SERVER[$head]); if($sigblock) { $keyId = $sigblock['keyId']; @@ -65,7 +67,7 @@ class Owa extends \Zotlabs\Web\Controller { if ($r) { foreach($r as $hubloc) { - $verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']); + $verified = HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid']) { logger('OWA header: ' . print_r($verified,true),LOGGER_DATA); logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); diff --git a/Zotlabs/Module/Photo.php b/Zotlabs/Module/Photo.php index 0dc6d0194..59dc709e1 100644 --- a/Zotlabs/Module/Photo.php +++ b/Zotlabs/Module/Photo.php @@ -169,7 +169,7 @@ class Photo extends \Zotlabs\Web\Controller { ); call_hooks('cache_url_hook', $cache); if(! $cache['status']) { - $url = htmlspecialchars_decode($r[0]['display_path']); + $url = html_entity_decode($r[0]['display_path'], ENT_QUOTES); // SSLify if needed if(strpos(z_root(),'https:') !== false && strpos($url,'https:') === false) $url = z_root() . '/sslify/' . $filename . '?f=&url=' . urlencode($url); @@ -222,7 +222,7 @@ class Photo extends \Zotlabs\Web\Controller { if(! $data) killme(); - $etag = md5($data . $modified); + $etag = '"' . md5($data . $modified) . '"'; if($modified == 0) $modified = time(); diff --git a/Zotlabs/Module/Ping.php b/Zotlabs/Module/Ping.php index 3dabe0f7b..6e8042eaf 100644 --- a/Zotlabs/Module/Ping.php +++ b/Zotlabs/Module/Ping.php @@ -282,8 +282,8 @@ class Ping extends \Zotlabs\Web\Controller { if(strpos($message, $tt['xname']) === 0) $message = substr($message, strlen($tt['xname']) + 1); - $mid = basename($tt['link']); + $mid = ((strpos($mid, 'b64.') === 0) ? @base64url_decode(substr($mid, 4)) : $mid); if(in_array($tt['verb'], [ACTIVITY_LIKE, ACTIVITY_DISLIKE])) { // we need the thread parent @@ -291,7 +291,6 @@ class Ping extends \Zotlabs\Web\Controller { dbesc($mid), intval(local_channel()) ); - $b64mid = ((strpos($r[0]['thr_parent'], 'b64.') === 0) ? $r[0]['thr_parent'] : 'b64.' . base64url_encode($r[0]['thr_parent'])); } else { diff --git a/Zotlabs/Module/Search.php b/Zotlabs/Module/Search.php index 838f9d6b9..214ece9a3 100644 --- a/Zotlabs/Module/Search.php +++ b/Zotlabs/Module/Search.php @@ -38,8 +38,8 @@ class Search extends \Zotlabs\Web\Controller { $observer_hash = (($observer) ? $observer['xchan_hash'] : ''); $o = '<div id="live-search"></div>' . "\r\n"; - - $o = '<div class="generic-content-wrapper-styled">' . "\r\n"; + + $o .= '<div class="generic-content-wrapper-styled">' . "\r\n"; $o .= '<h3>' . t('Search') . '</h3>'; diff --git a/Zotlabs/Module/Share.php b/Zotlabs/Module/Share.php index 53a06b072..a18a81937 100644 --- a/Zotlabs/Module/Share.php +++ b/Zotlabs/Module/Share.php @@ -106,7 +106,7 @@ class Share extends \Zotlabs\Web\Controller { $arr['owner_xchan'] = $item['author_xchan']; $arr['obj'] = Activity::encode_item($item); $arr['obj_type'] = $item['obj_type']; - $arr['verb'] = 'Announce'; + $arr['verb'] = ACTIVITY_SHARE; $post = item_store($arr); diff --git a/Zotlabs/Module/Zfinger.php b/Zotlabs/Module/Zfinger.php index 6ed001df5..3a20144a5 100644 --- a/Zotlabs/Module/Zfinger.php +++ b/Zotlabs/Module/Zfinger.php @@ -1,6 +1,7 @@ <?php namespace Zotlabs\Module; +use Zotlabs\Web\HTTPSig; class Zfinger extends \Zotlabs\Web\Controller { @@ -23,10 +24,9 @@ class Zfinger extends \Zotlabs\Web\Controller { $ret = json_encode($x); if($chan) { - $hash = \Zotlabs\Web\HTTPSig::generate_digest($ret,false); - $headers['Digest'] = 'SHA-256=' . $hash; - \Zotlabs\Web\HTTPSig::create_sig('',$headers,$chan['channel_prvkey'], - 'acct:' . $chan['channel_address'] . '@' . \App::get_hostname(),true); + $headers['Digest'] = HTTPSig::generate_digest_header($ret); + $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],'acct:' . channel_reddress($chan)); + HTTPSig::set_headers($h); } else { foreach($headers as $k => $v) { diff --git a/Zotlabs/Module/Zot_probe.php b/Zotlabs/Module/Zot_probe.php index d0c7e688f..648ed2175 100644 --- a/Zotlabs/Module/Zot_probe.php +++ b/Zotlabs/Module/Zot_probe.php @@ -3,7 +3,7 @@ namespace Zotlabs\Module; use Zotlabs\Lib\Zotfinger; -use Zotlabs\Zot6\HTTPSig; +use Zotlabs\Web\HTTPSig; class Zot_probe extends \Zotlabs\Web\Controller { diff --git a/Zotlabs/Photo/PhotoDriver.php b/Zotlabs/Photo/PhotoDriver.php index bacf926ff..94d2c3436 100644 --- a/Zotlabs/Photo/PhotoDriver.php +++ b/Zotlabs/Photo/PhotoDriver.php @@ -502,14 +502,18 @@ abstract class PhotoDriver { * * @param array $arr * @param scale int - * @return boolean|array + * @return boolean */ public function storeThumbnail($arr, $scale = 0) { - + + // We only process thumbnails here + if($scale == 0) + return false; + $arr['imgscale'] = $scale; - if(boolval(get_config('system','filesystem_storage_thumbnails', 0)) && $scale > 0) { - $channel = \App::get_channel(); + if(boolval(get_config('system','filesystem_storage_thumbnails', 0))) { + $channel = channelx_by_n($arr['uid']); $arr['os_storage'] = 1; $arr['os_syspath'] = 'store/' . $channel['channel_address'] . '/' . $arr['os_path'] . '-' . $scale; if(! $this->saveImage($arr['os_syspath'])) diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index fe0b9428f..3d050fd9b 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -2,11 +2,17 @@ namespace Zotlabs\Web; +use Zotlabs\Lib\ActivityStreams; +use Zotlabs\Lib\Webfinger; +use Zotlabs\Web\HTTPHeaders; +use Zotlabs\Lib\Libzot; + /** - * @brief Implements HTTP Signatures per draft-cavage-http-signatures-07. + * @brief Implements HTTP Signatures per draft-cavage-http-signatures-10. * - * @see https://tools.ietf.org/html/draft-cavage-http-signatures-07 + * @see https://tools.ietf.org/html/draft-cavage-http-signatures-10 */ + class HTTPSig { /** @@ -15,41 +21,32 @@ class HTTPSig { * @see https://tools.ietf.org/html/rfc5843 * * @param string $body The value to create the digest for - * @param boolean $set (optional, default true) - * If set send a Digest HTTP header - * @return string The generated digest of $body + * @param string $alg hash algorithm (one of 'sha256','sha512') + * @return string The generated digest header string for $body */ - static function generate_digest($body, $set = true) { - $digest = base64_encode(hash('sha256', $body, true)); - if($set) { - header('Digest: SHA-256=' . $digest); + static function generate_digest_header($body,$alg = 'sha256') { + + $digest = base64_encode(hash($alg, $body, true)); + switch($alg) { + case 'sha512': + return 'SHA-512=' . $digest; + case 'sha256': + default: + return 'SHA-256=' . $digest; + break; } - return $digest; } - // See draft-cavage-http-signatures-08 - - static function verify($data,$key = '') { - - $body = $data; - $headers = null; - $spoofable = false; - - $result = [ - 'signer' => '', - 'header_signed' => false, - 'header_valid' => false, - 'content_signed' => false, - 'content_valid' => false - ]; + static function find_headers($data,&$body) { // decide if $data arrived via controller submission or curl + if(is_array($data) && $data['header']) { if(! $data['success']) - return $result; + return []; - $h = new \Zotlabs\Web\HTTPHeaders($data['header']); + $h = new HTTPHeaders($data['header']); $headers = $h->fetcharr(); $body = $data['body']; $headers['(request-target)'] = $data['request_target']; @@ -57,9 +54,7 @@ class HTTPSig { else { $headers = []; - $headers['(request-target)'] = - strtolower($_SERVER['REQUEST_METHOD']) . ' ' . - $_SERVER['REQUEST_URI']; + $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; $headers['content-type'] = $_SERVER['CONTENT_TYPE']; $headers['content-length'] = $_SERVER['CONTENT_LENGTH']; @@ -71,9 +66,35 @@ class HTTPSig { } } - // logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL); + //logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL); + + //logger('headers: ' . print_r($headers,true), LOGGER_ALL); + + return $headers; + } + + + // See draft-cavage-http-signatures-10 + + static function verify($data,$key = '') { + + $body = $data; + $headers = null; + + $result = [ + 'signer' => '', + 'portable_id' => '', + 'header_signed' => false, + 'header_valid' => false, + 'content_signed' => false, + 'content_valid' => false + ]; + + + $headers = self::find_headers($data,$body); - // logger('headers: ' . print_r($headers,true), LOGGER_ALL); + if(! $headers) + return $result; $sig_block = null; @@ -85,7 +106,7 @@ class HTTPSig { } if(! $sig_block) { - logger('no signature provided.'); + logger('no signature provided.', LOGGER_DEBUG); return $result; } @@ -103,9 +124,6 @@ class HTTPSig { if(array_key_exists($h,$headers)) { $signed_data .= $h . ': ' . $headers[$h] . "\n"; } - if(strpos($h,'.')) { - $spoofable = true; - } if($h === 'date') { $d = new \DateTime($headers[$h]); $d->setTimeZone(new \DateTimeZone('UTC')); @@ -128,63 +146,89 @@ class HTTPSig { $algorithm = 'sha512'; } - if($key && function_exists($key)) { - $result['signer'] = $sig_block['keyId']; - $key = $key($sig_block['keyId']); - } + if(! array_key_exists('keyId',$sig_block)) + return $result; - if(! $key) { - $result['signer'] = $sig_block['keyId']; - $key = self::get_activitypub_key($sig_block['keyId']); - } + $result['signer'] = $sig_block['keyId']; - if(! $key) + $key = self::get_key($key,$result['signer']); + + if(! ($key && $key['public_key'])) { return $result; + } - $x = rsa_verify($signed_data,$sig_block['signature'],$key,$algorithm); + $x = rsa_verify($signed_data,$sig_block['signature'],$key['public_key'],$algorithm); logger('verified: ' . $x, LOGGER_DEBUG); - if(! $x) + if(! $x) { + logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($key['public_key']) ? '' : ' no key')); + $sig_block['signature'] = base64_encode($sig_block['signature']); + logger('affected sigblock: ' . print_r($sig_block,true)); + logger('signed_data: ' . print_r($signed_data,true)); + logger('headers: ' . print_r($headers,true)); + logger('server: ' . print_r($_SERVER,true)); return $result; + } - if(! $spoofable) - $result['header_valid'] = true; + $result['portable_id'] = $key['portable_id']; + $result['header_valid'] = true; if(in_array('digest',$signed_headers)) { $result['content_signed'] = true; - $digest = explode('=', $headers['digest']); + $digest = explode('=', $headers['digest'], 2); if($digest[0] === 'SHA-256') $hashalg = 'sha256'; if($digest[0] === 'SHA-512') $hashalg = 'sha512'; - // The explode operation will have stripped the '=' padding, so compare against unpadded base64 - if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) { + if(base64_encode(hash($hashalg,$body,true)) === $digest[1]) { $result['content_valid'] = true; } + + logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false')); } + return $result; + } - if(in_array('x-zot-digest',$signed_headers)) { - $result['content_signed'] = true; - $digest = explode('=', $headers['x-zot-digest']); - if($digest[0] === 'SHA-256') - $hashalg = 'sha256'; - if($digest[0] === 'SHA-512') - $hashalg = 'sha512'; + static function get_key($key,$id) { - // The explode operation will have stripped the '=' padding, so compare against unpadded base64 - if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) { - $result['content_valid'] = true; + if($key) { + if(function_exists($key)) { + return $key($id); } + return [ 'public_key' => $key ]; } - logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false')); + if(strpos($id,'#') === false) { + $key = self::get_webfinger_key($id); + } + + if(! $key) { + $key = self::get_activitystreams_key($id); + } + + return $key; + + } + + + function convertKey($key) { + + if(strstr($key,'RSA ')) { + return rsatopem($key); + } + elseif(substr($key,0,5) === 'data:') { + return convert_salmon_key($key); + } + else { + return $key; + } - return $result; } + /** * @brief * @@ -192,57 +236,131 @@ class HTTPSig { * @return boolean|string * false if no pub key found, otherwise return the pub key */ - function get_activitypub_key($id) { - if(strpos($id,'acct:') === 0) { - $x = q("select xchan_pubkey from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", - dbesc(str_replace('acct:','',$id)) - ); + function get_activitystreams_key($id) { + + // remove fragment + + $url = ((strpos($id,'#')) ? substr($id,0,strpos($id,'#')) : $id); + + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1", + dbesc(str_replace('acct:','',$url)), + dbesc($url) + ); + + if($x && $x[0]['xchan_pubkey']) { + return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ]; } - else { - $x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ", - dbesc($id) - ); + + $r = ActivityStreams::fetch($id); + + if($r) { + if(array_key_exists('publicKey',$r) && array_key_exists('publicKeyPem',$r['publicKey']) && array_key_exists('id',$r['publicKey'])) { + if($r['publicKey']['id'] === $id || $r['id'] === $id) { + $portable_id = ((array_key_exists('owner',$r['publicKey'])) ? $r['publicKey']['owner'] : EMPTY_STR); + return [ 'public_key' => self::convertKey($r['publicKey']['publicKeyPem']), 'portable_id' => $portable_id, 'hubloc' => [] ]; + } + } } + return false; + } + + + function get_webfinger_key($id) { + + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1", + dbesc(str_replace('acct:','',$id)), + dbesc($id) + ); if($x && $x[0]['xchan_pubkey']) { - return ($x[0]['xchan_pubkey']); + return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ]; } - if(function_exists('as_fetch')) - $r = as_fetch($id); + $wf = Webfinger::exec($id); + $key = [ 'portable_id' => '', 'public_key' => '', 'hubloc' => [] ]; - if($r) { - $j = json_decode($r,true); + if($wf) { + if(array_key_exists('properties',$wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem',$wf['properties'])) { + $key['public_key'] = self::convertKey($wf['properties']['https://w3id.org/security/v1#publicKeyPem']); + } + if(array_key_exists('links', $wf) && is_array($wf['links'])) { + foreach($wf['links'] as $l) { + if(! (is_array($l) && array_key_exists('rel',$l))) { + continue; + } + if($l['rel'] === 'magic-public-key' && array_key_exists('href',$l) && $key['public_key'] === EMPTY_STR) { + $key['public_key'] = self::convertKey($l['href']); + } + } + } + } + + return (($key['public_key']) ? $key : false); + } + + + function get_zotfinger_key($id) { + + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1", + dbesc(str_replace('acct:','',$id)), + dbesc($id) + ); + if($x && $x[0]['xchan_pubkey']) { + return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ]; + } - if(array_key_exists('publicKey',$j) && array_key_exists('publicKeyPem',$j['publicKey'])) { - if((array_key_exists('id',$j['publicKey']) && $j['publicKey']['id'] !== $id) && $j['id'] !== $id) - return false; + $wf = Webfinger::exec($id); + $key = [ 'portable_id' => '', 'public_key' => '', 'hubloc' => [] ]; - return($j['publicKey']['publicKeyPem']); + if($wf) { + if(array_key_exists('properties',$wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem',$wf['properties'])) { + $key['public_key'] = self::convertKey($wf['properties']['https://w3id.org/security/v1#publicKeyPem']); + } + if(array_key_exists('links', $wf) && is_array($wf['links'])) { + foreach($wf['links'] as $l) { + if(! (is_array($l) && array_key_exists('rel',$l))) { + continue; + } + if($l['rel'] === 'http://purl.org/zot/protocol/6.0' && array_key_exists('href',$l) && $l['href'] !== EMPTY_STR) { + $z = \Zotlabs\Lib\Zotfinger::exec($l['href']); + if($z) { + $i = Libzot::import_xchan($z['data']); + if($i['success']) { + $key['portable_id'] = $i['hash']; + + $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' limit 1", + dbesc($l['href']) + ); + if($x) { + $key['hubloc'] = $x[0]; + } + } + } + } + if($l['rel'] === 'magic-public-key' && array_key_exists('href',$l) && $key['public_key'] === EMPTY_STR) { + $key['public_key'] = self::convertKey($l['href']); + } + } } } - return false; + return (($key['public_key']) ? $key : false); } + /** * @brief * - * @param string $request * @param array $head * @param string $prvkey - * @param string $keyid (optional, default 'Key') - * @param boolean $send_headers (optional, default false) - * If set send a HTTP header + * @param string $keyid (optional, default '') * @param boolean $auth (optional, default false) * @param string $alg (optional, default 'sha256') - * @param string $crypt_key (optional, default null) - * @param string $crypt_algo (optional, default 'aes256ctr') + * @param array $encryption [ 'key', 'algorithm' ] or false * @return array */ - static function create_sig($request, $head, $prvkey, $keyid = 'Key', $send_headers = false, $auth = false, - $alg = 'sha256', $crypt_key = null, $crypt_algo = 'aes256ctr') { + static function create_sig($head, $prvkey, $keyid = EMPTY_STR, $auth = false, $alg = 'sha256', $encryption = false ) { $return_headers = []; @@ -253,14 +371,15 @@ class HTTPSig { $algorithm = 'rsa-sha512'; } - $x = self::sign($request,$head,$prvkey,$alg); + $x = self::sign($head,$prvkey,$alg); - $headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm - . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"'; + $headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"'; - if($crypt_key) { - $x = crypto_encapsulate($headerval,$crypt_key,$crypt_algo); - $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"'; + if($encryption) { + $x = crypto_encapsulate($headerval,$encryption['key'],$encryption['algorithm']); + if(is_array($x)) { + $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"'; + } } if($auth) { @@ -272,43 +391,52 @@ class HTTPSig { if($head) { foreach($head as $k => $v) { - if($send_headers) { - header($k . ': ' . $v); - } - else { - $return_headers[] = $k . ': ' . $v; + // strip the request-target virtual header from the output headers + if($k === '(request-target)') { + continue; } + $return_headers[] = $k . ': ' . $v; } } - if($send_headers) { - header($sighead); - } - else { - $return_headers[] = $sighead; - } + $return_headers[] = $sighead; return $return_headers; } /** + * @brief set headers + * + * @param array $headers + * @return void + */ + + + static function set_headers($headers) { + if($headers && is_array($headers)) { + foreach($headers as $h) { + header($h); + } + } + } + + + /** * @brief * - * @param string $request * @param array $head * @param string $prvkey * @param string $alg (optional) default 'sha256' * @return array */ - static function sign($request, $head, $prvkey, $alg = 'sha256') { + + static function sign($head, $prvkey, $alg = 'sha256') { $ret = []; $headers = ''; $fields = ''; - if($request) { - $headers = '(request-target)' . ': ' . trim($request) . "\n"; - $fields = '(request-target)'; - } + + logger('signing: ' . print_r($head,true), LOGGER_DATA); if($head) { foreach($head as $k => $v) { @@ -340,11 +468,8 @@ class HTTPSig { * - \e array \b headers * - \e string \b signature */ - static function parse_sigheader($header) { - if(is_array($header)) { - btlogger('is_array: ' . print_r($header,true)); - } + static function parse_sigheader($header) { $ret = []; $matches = []; @@ -381,6 +506,7 @@ class HTTPSig { * - \e string \b alg * - \e string \b data */ + static function decrypt_sigheader($header, $prvkey = null) { $iv = $key = $alg = $data = null; diff --git a/Zotlabs/Widget/Categories.php b/Zotlabs/Widget/Categories.php index 27d4b5980..82c37cd0c 100644 --- a/Zotlabs/Widget/Categories.php +++ b/Zotlabs/Widget/Categories.php @@ -18,10 +18,9 @@ class Categories { $articles = ((array_key_exists('articles',$arr) && $arr['articles']) ? true : false); - if(($articles) && (! feature_enabled(App::$profile['profile_uid'],'articles'))) + if(($articles) && (! Apps::system_app_installed(App::$profile['profile_uid'],'Articles'))) return ''; - if((! App::$profile['profile_uid']) || (! perm_is_allowed(App::$profile['profile_uid'],get_observer_hash(),(($cards || $articles) ? 'view_pages' : 'view_stream')))) { return ''; diff --git a/Zotlabs/Widget/Notifications.php b/Zotlabs/Widget/Notifications.php index 37d9139ec..077949b4e 100644 --- a/Zotlabs/Widget/Notifications.php +++ b/Zotlabs/Widget/Notifications.php @@ -69,7 +69,7 @@ class Notifications { 'label' => t('New Events'), 'title' => t('New Events Notifications'), 'viewall' => [ - 'url' => 'events', + 'url' => 'cdav/calendar', 'label' => t('View events') ], 'markall' => [ diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index cb38c7f2b..778b701cd 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -2,6 +2,8 @@ namespace Zotlabs\Zot; +use Zotlabs\Web\HTTPSig; + /** * @brief Finger * @@ -95,8 +97,7 @@ class Finger { $headers['X-Zot-Nonce'] = random_string(); $headers['Host'] = $parsed_host; - $xhead = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], - 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false); + $xhead = HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel)); $retries = 0; @@ -129,7 +130,7 @@ class Finger { $x = json_decode($result['body'], true); - $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : '')); + $verify = HTTPSig::verify($result,(($x) ? $x['key'] : '')); if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); diff --git a/Zotlabs/Zot6/Finger.php b/Zotlabs/Zot6/Finger.php index f1fe41352..22ce4685d 100644 --- a/Zotlabs/Zot6/Finger.php +++ b/Zotlabs/Zot6/Finger.php @@ -88,8 +88,7 @@ class Finger { $headers = []; $headers['X-Zot-Channel'] = $channel['channel_address'] . '@' . \App::get_hostname(); $headers['X-Zot-Nonce'] = random_string(); - $xhead = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], - 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false); + $xhead = HTTPSig::create_sig($headers,$channel['channel_prvkey'],'acct:' . channel_reddress($channel)); $retries = 0; @@ -122,7 +121,7 @@ class Finger { $x = json_decode($result['body'], true); - $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : '')); + $verify = HTTPSig::verify($result,(($x) ? $x['key'] : '')); if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); diff --git a/Zotlabs/Zot6/HTTPSig.php b/Zotlabs/Zot6/HTTPSig.php deleted file mode 100644 index d3a09b858..000000000 --- a/Zotlabs/Zot6/HTTPSig.php +++ /dev/null @@ -1,536 +0,0 @@ -<?php - -namespace Zotlabs\Zot6; - -use Zotlabs\Lib\ActivityStreams; -use Zotlabs\Lib\Webfinger; -use Zotlabs\Web\HTTPHeaders; -use Zotlabs\Lib\Libzot; - -/** - * @brief Implements HTTP Signatures per draft-cavage-http-signatures-10. - * - * @see https://tools.ietf.org/html/draft-cavage-http-signatures-10 - */ - -class HTTPSig { - - /** - * @brief RFC5843 - * - * @see https://tools.ietf.org/html/rfc5843 - * - * @param string $body The value to create the digest for - * @param string $alg hash algorithm (one of 'sha256','sha512') - * @return string The generated digest header string for $body - */ - - static function generate_digest_header($body,$alg = 'sha256') { - - $digest = base64_encode(hash($alg, $body, true)); - switch($alg) { - case 'sha512': - return 'SHA-512=' . $digest; - case 'sha256': - default: - return 'SHA-256=' . $digest; - break; - } - } - - static function find_headers($data,&$body) { - - // decide if $data arrived via controller submission or curl - - if(is_array($data) && $data['header']) { - if(! $data['success']) - return []; - - $h = new HTTPHeaders($data['header']); - $headers = $h->fetcharr(); - $body = $data['body']; - $headers['(request-target)'] = $data['request_target']; - } - - else { - $headers = []; - $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; - $headers['content-type'] = $_SERVER['CONTENT_TYPE']; - $headers['content-length'] = $_SERVER['CONTENT_LENGTH']; - - foreach($_SERVER as $k => $v) { - if(strpos($k,'HTTP_') === 0) { - $field = str_replace('_','-',strtolower(substr($k,5))); - $headers[$field] = $v; - } - } - } - - //logger('SERVER: ' . print_r($_SERVER,true), LOGGER_ALL); - - //logger('headers: ' . print_r($headers,true), LOGGER_ALL); - - return $headers; - } - - - // See draft-cavage-http-signatures-10 - - static function verify($data,$key = '') { - - $body = $data; - $headers = null; - - $result = [ - 'signer' => '', - 'portable_id' => '', - 'header_signed' => false, - 'header_valid' => false, - 'content_signed' => false, - 'content_valid' => false - ]; - - - $headers = self::find_headers($data,$body); - - if(! $headers) - return $result; - - $sig_block = null; - - if(array_key_exists('signature',$headers)) { - $sig_block = self::parse_sigheader($headers['signature']); - } - elseif(array_key_exists('authorization',$headers)) { - $sig_block = self::parse_sigheader($headers['authorization']); - } - - if(! $sig_block) { - logger('no signature provided.', LOGGER_DEBUG); - return $result; - } - - // Warning: This log statement includes binary data - // logger('sig_block: ' . print_r($sig_block,true), LOGGER_DATA); - - $result['header_signed'] = true; - - $signed_headers = $sig_block['headers']; - if(! $signed_headers) - $signed_headers = [ 'date' ]; - - $signed_data = ''; - foreach($signed_headers as $h) { - if(array_key_exists($h,$headers)) { - $signed_data .= $h . ': ' . $headers[$h] . "\n"; - } - if($h === 'date') { - $d = new \DateTime($headers[$h]); - $d->setTimeZone(new \DateTimeZone('UTC')); - $dplus = datetime_convert('UTC','UTC','now + 1 day'); - $dminus = datetime_convert('UTC','UTC','now - 1 day'); - $c = $d->format('Y-m-d H:i:s'); - if($c > $dplus || $c < $dminus) { - logger('bad time: ' . $c); - return $result; - } - } - } - $signed_data = rtrim($signed_data,"\n"); - - $algorithm = null; - if($sig_block['algorithm'] === 'rsa-sha256') { - $algorithm = 'sha256'; - } - if($sig_block['algorithm'] === 'rsa-sha512') { - $algorithm = 'sha512'; - } - - if(! array_key_exists('keyId',$sig_block)) - return $result; - - $result['signer'] = $sig_block['keyId']; - - $key = self::get_key($key,$result['signer']); - - if(! ($key && $key['public_key'])) { - return $result; - } - - $x = rsa_verify($signed_data,$sig_block['signature'],$key['public_key'],$algorithm); - - logger('verified: ' . $x, LOGGER_DEBUG); - - if(! $x) { - logger('verify failed for ' . $result['signer'] . ' alg=' . $algorithm . (($key['public_key']) ? '' : ' no key')); - $sig_block['signature'] = base64_encode($sig_block['signature']); - logger('affected sigblock: ' . print_r($sig_block,true)); - logger('signed_data: ' . print_r($signed_data,true)); - logger('headers: ' . print_r($headers,true)); - logger('server: ' . print_r($_SERVER,true)); - return $result; - } - - $result['portable_id'] = $key['portable_id']; - $result['header_valid'] = true; - - if(in_array('digest',$signed_headers)) { - $result['content_signed'] = true; - $digest = explode('=', $headers['digest'], 2); - if($digest[0] === 'SHA-256') - $hashalg = 'sha256'; - if($digest[0] === 'SHA-512') - $hashalg = 'sha512'; - - if(base64_encode(hash($hashalg,$body,true)) === $digest[1]) { - $result['content_valid'] = true; - } - - logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false')); - } - - return $result; - } - - static function get_key($key,$id) { - - if($key) { - if(function_exists($key)) { - return $key($id); - } - return [ 'public_key' => $key ]; - } - - if(strpos($id,'#') === false) { - $key = self::get_webfinger_key($id); - } - - if(! $key) { - $key = self::get_activitystreams_key($id); - } - - return $key; - - } - - - function convertKey($key) { - - if(strstr($key,'RSA ')) { - return rsatopem($key); - } - elseif(substr($key,0,5) === 'data:') { - return convert_salmon_key($key); - } - else { - return $key; - } - - } - - - /** - * @brief - * - * @param string $id - * @return boolean|string - * false if no pub key found, otherwise return the pub key - */ - - function get_activitystreams_key($id) { - - // remove fragment - - $url = ((strpos($id,'#')) ? substr($id,0,strpos($id,'#')) : $id); - - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1", - dbesc(str_replace('acct:','',$url)), - dbesc($url) - ); - - if($x && $x[0]['xchan_pubkey']) { - return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ]; - } - - $r = ActivityStreams::fetch($id); - - if($r) { - if(array_key_exists('publicKey',$r) && array_key_exists('publicKeyPem',$r['publicKey']) && array_key_exists('id',$r['publicKey'])) { - if($r['publicKey']['id'] === $id || $r['id'] === $id) { - $portable_id = ((array_key_exists('owner',$r['publicKey'])) ? $r['publicKey']['owner'] : EMPTY_STR); - return [ 'public_key' => self::convertKey($r['publicKey']['publicKeyPem']), 'portable_id' => $portable_id, 'hubloc' => [] ]; - } - } - } - return false; - } - - - function get_webfinger_key($id) { - - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1", - dbesc(str_replace('acct:','',$id)), - dbesc($id) - ); - - if($x && $x[0]['xchan_pubkey']) { - return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ]; - } - - $wf = Webfinger::exec($id); - $key = [ 'portable_id' => '', 'public_key' => '', 'hubloc' => [] ]; - - if($wf) { - if(array_key_exists('properties',$wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem',$wf['properties'])) { - $key['public_key'] = self::convertKey($wf['properties']['https://w3id.org/security/v1#publicKeyPem']); - } - if(array_key_exists('links', $wf) && is_array($wf['links'])) { - foreach($wf['links'] as $l) { - if(! (is_array($l) && array_key_exists('rel',$l))) { - continue; - } - if($l['rel'] === 'magic-public-key' && array_key_exists('href',$l) && $key['public_key'] === EMPTY_STR) { - $key['public_key'] = self::convertKey($l['href']); - } - } - } - } - - return (($key['public_key']) ? $key : false); - } - - - function get_zotfinger_key($id) { - - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' or hubloc_id_url = '%s' limit 1", - dbesc(str_replace('acct:','',$id)), - dbesc($id) - ); - if($x && $x[0]['xchan_pubkey']) { - return [ 'portable_id' => $x[0]['xchan_hash'], 'public_key' => $x[0]['xchan_pubkey'] , 'hubloc' => $x[0] ]; - } - - $wf = Webfinger::exec($id); - $key = [ 'portable_id' => '', 'public_key' => '', 'hubloc' => [] ]; - - if($wf) { - if(array_key_exists('properties',$wf) && array_key_exists('https://w3id.org/security/v1#publicKeyPem',$wf['properties'])) { - $key['public_key'] = self::convertKey($wf['properties']['https://w3id.org/security/v1#publicKeyPem']); - } - if(array_key_exists('links', $wf) && is_array($wf['links'])) { - foreach($wf['links'] as $l) { - if(! (is_array($l) && array_key_exists('rel',$l))) { - continue; - } - if($l['rel'] === 'http://purl.org/zot/protocol/6.0' && array_key_exists('href',$l) && $l['href'] !== EMPTY_STR) { - $z = \Zotlabs\Lib\Zotfinger::exec($l['href']); - if($z) { - $i = Libzot::import_xchan($z['data']); - if($i['success']) { - $key['portable_id'] = $i['hash']; - - $x = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_id_url = '%s' limit 1", - dbesc($l['href']) - ); - if($x) { - $key['hubloc'] = $x[0]; - } - } - } - } - if($l['rel'] === 'magic-public-key' && array_key_exists('href',$l) && $key['public_key'] === EMPTY_STR) { - $key['public_key'] = self::convertKey($l['href']); - } - } - } - } - - return (($key['public_key']) ? $key : false); - } - - - /** - * @brief - * - * @param array $head - * @param string $prvkey - * @param string $keyid (optional, default '') - * @param boolean $auth (optional, default false) - * @param string $alg (optional, default 'sha256') - * @param array $encryption [ 'key', 'algorithm' ] or false - * @return array - */ - static function create_sig($head, $prvkey, $keyid = EMPTY_STR, $auth = false, $alg = 'sha256', $encryption = false ) { - - $return_headers = []; - - if($alg === 'sha256') { - $algorithm = 'rsa-sha256'; - } - if($alg === 'sha512') { - $algorithm = 'rsa-sha512'; - } - - $x = self::sign($head,$prvkey,$alg); - - $headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm . '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"'; - - if($encryption) { - $x = crypto_encapsulate($headerval,$encryption['key'],$encryption['algorithm']); - if(is_array($x)) { - $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"'; - } - } - - if($auth) { - $sighead = 'Authorization: Signature ' . $headerval; - } - else { - $sighead = 'Signature: ' . $headerval; - } - - if($head) { - foreach($head as $k => $v) { - // strip the request-target virtual header from the output headers - if($k === '(request-target)') { - continue; - } - $return_headers[] = $k . ': ' . $v; - } - } - $return_headers[] = $sighead; - - return $return_headers; - } - - /** - * @brief set headers - * - * @param array $headers - * @return void - */ - - - static function set_headers($headers) { - if($headers && is_array($headers)) { - foreach($headers as $h) { - header($h); - } - } - } - - - /** - * @brief - * - * @param array $head - * @param string $prvkey - * @param string $alg (optional) default 'sha256' - * @return array - */ - - static function sign($head, $prvkey, $alg = 'sha256') { - - $ret = []; - - $headers = ''; - $fields = ''; - - logger('signing: ' . print_r($head,true), LOGGER_DATA); - - if($head) { - foreach($head as $k => $v) { - $headers .= strtolower($k) . ': ' . trim($v) . "\n"; - if($fields) - $fields .= ' '; - - $fields .= strtolower($k); - } - // strip the trailing linefeed - $headers = rtrim($headers,"\n"); - } - - $sig = base64_encode(rsa_sign($headers,$prvkey,$alg)); - - $ret['headers'] = $fields; - $ret['signature'] = $sig; - - return $ret; - } - - /** - * @brief - * - * @param string $header - * @return array associate array with - * - \e string \b keyID - * - \e string \b algorithm - * - \e array \b headers - * - \e string \b signature - */ - - static function parse_sigheader($header) { - - $ret = []; - $matches = []; - - // if the header is encrypted, decrypt with (default) site private key and continue - - if(preg_match('/iv="(.*?)"/ism',$header,$matches)) - $header = self::decrypt_sigheader($header); - - if(preg_match('/keyId="(.*?)"/ism',$header,$matches)) - $ret['keyId'] = $matches[1]; - if(preg_match('/algorithm="(.*?)"/ism',$header,$matches)) - $ret['algorithm'] = $matches[1]; - if(preg_match('/headers="(.*?)"/ism',$header,$matches)) - $ret['headers'] = explode(' ', $matches[1]); - if(preg_match('/signature="(.*?)"/ism',$header,$matches)) - $ret['signature'] = base64_decode(preg_replace('/\s+/','',$matches[1])); - - if(($ret['signature']) && ($ret['algorithm']) && (! $ret['headers'])) - $ret['headers'] = [ 'date' ]; - - return $ret; - } - - - /** - * @brief - * - * @param string $header - * @param string $prvkey (optional), if not set use site private key - * @return array|string associative array, empty string if failue - * - \e string \b iv - * - \e string \b key - * - \e string \b alg - * - \e string \b data - */ - - static function decrypt_sigheader($header, $prvkey = null) { - - $iv = $key = $alg = $data = null; - - if(! $prvkey) { - $prvkey = get_config('system', 'prvkey'); - } - - $matches = []; - - if(preg_match('/iv="(.*?)"/ism',$header,$matches)) - $iv = $matches[1]; - if(preg_match('/key="(.*?)"/ism',$header,$matches)) - $key = $matches[1]; - if(preg_match('/alg="(.*?)"/ism',$header,$matches)) - $alg = $matches[1]; - if(preg_match('/data="(.*?)"/ism',$header,$matches)) - $data = $matches[1]; - - if($iv && $key && $alg && $data) { - return crypto_unencapsulate([ 'encrypted' => true, 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey); - } - - return ''; - } - -} diff --git a/Zotlabs/Zot6/Receiver.php b/Zotlabs/Zot6/Receiver.php index 66559c9a5..9e70ab318 100644 --- a/Zotlabs/Zot6/Receiver.php +++ b/Zotlabs/Zot6/Receiver.php @@ -4,6 +4,7 @@ namespace Zotlabs\Zot6; use Zotlabs\Lib\Config; use Zotlabs\Lib\Libzot; +use Zotlabs\Web\HTTPSig; class Receiver { @@ -193,7 +194,9 @@ class Receiver { case 'response': // upstream message case 'sync': default: - $this->response = $this->handler->Notify($this->data,$this->hub); + if ($this->sender) { + $this->response = $this->handler->Notify($this->data,$this->hub); + } break; } |