diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/diaspora.php | 146 |
1 files changed, 94 insertions, 52 deletions
diff --git a/include/diaspora.php b/include/diaspora.php index 69d2dff19..0764dfa4a 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -223,6 +223,7 @@ function diaspora_decode($importer,$xml) { logger('mod-diaspora: Fetching key for ' . $author_link ); // Get diaspora public key (pkcs#1) and convert to pkcs#8 + $key = get_diaspora_key($author_link); if(! $key) { @@ -239,7 +240,7 @@ function diaspora_decode($importer,$xml) { logger('mod-diaspora: Message verified.'); - return $inner_decrypted; + return array('message' => $inner_decrypted, 'author' => $author_link, 'key' => $key); } @@ -412,7 +413,7 @@ function diaspora_post($importer,$xml) { } -function diaspora_comment($importer,$xml) { +function diaspora_comment($importer,$xml,$msg) { $guid = notags(unxmlify($xml->guid)); $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); @@ -430,12 +431,11 @@ function diaspora_comment($importer,$xml) { $message_id = $diaspora_handle . ':' . $guid; - $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `uri` = '%s' AND `guid` = '%s' LIMIT 1", + $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", intval($importer['uid']), - dbesc($message_id), dbesc($guid) ); - if(count($r)) + if(! count($r)) return; $owner = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", @@ -449,13 +449,21 @@ function diaspora_comment($importer,$xml) { } -function diaspora_like($importer,$xml) { +function diaspora_like($importer,$xml,$msg) { $guid = notags(unxmlify($xml->guid)); + $parent_guid = notags(unxmlify($xml->parent_guid)); $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + $target_type = notags(unxmlify($xml->target_type)); + $positive = notags(unxmlify($xml->positive)); + $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : ''); - $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); + // likes on comments not supported here + if($target_type !== 'Post') + return; + + $contact = diaspora_get_contact_by_handle($importer['uid'],$msg->author); if(! $contact) return; @@ -465,95 +473,129 @@ function diaspora_like($importer,$xml) { // NOTREACHED } - - $message_id = $diaspora_handle . ':' . $guid; - $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `uri` = '%s' AND `guid` = '%s' LIMIT 1", + $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", intval($importer['uid']), - dbesc($message_id), - dbesc($guid) + dbesc($parent_guid) ); - if(count($r)) + if(! count($r)) { + logger('diaspora_like: parent item not found: ' . $guid); return; + } - $owner = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1", - intval($importer['uid']) + $parent_item = $r[0]; + + $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '$s' LIMIT 1", + intval($importer['uid']), + dbesc($guid) ); - if(! count($owner)) + if(count($r)) { + if($positive === 'true') { + logger('diaspora_like: duplicate like: ' . $guid); + return; + } + if($positive === 'false') { + q("UPDATE `item` SET `deleted` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($r[0]['id']), + intval($importer['uid']) + ); + // FIXME + // send notification via proc_run() + return; + } + } + if($positive === 'false') { + logger('diaspora_like: unlike received with no corresponding like'); + return; + } + + $author_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $diaspora_handle; + + $author_signature = base64_decode($author_signature); + + if(stricmp($diaspora_handle,$msg['author']) == 0) + $key = $msg['key']; + else + $key = get_diaspora_key($diaspora_handle); + + if(! rsa_verify($author_signed_data,$author_signature,$key)) { + logger('diaspora_like: verification failed.'); return; + } - $created = unxmlify($xml->created_at); - $private = ((unxmlify($xml->public) == 'false') ? 1 : 0); + if($parent_author_signature) { + $owner_signed_data = $guid . ';' . $parent_guid . ';' . $target_type . ';' . $positive . ';' . $msg['author']; - $uri = item_new_uri($a->get_hostname(),$owner_uid); + $parent_author_signature = base64_decode($parent_author_signature); - $post_type = (($item['resource-id']) ? t('photo') : t('status')); - $objtype = (($item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); - $link = xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . '" />' . "\n") ; - $body = $item['body']; + $key = $msg['key']; + + if(! rsa_verify($owner_signed_data,$parent_author_signature,$key)) { + logger('diaspora_like: owner verification failed.'); + return; + } + } + + // Phew! Everything checks out. Now create an item. + + $uri = $diaspora_handle . ':' . $guid; + + $post_type = (($parent_item['resource-id']) ? t('photo') : t('status')); + $objtype = (($parent_item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); + $link = xmlify('<link rel="alternate" type="text/html" href="' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . '" />' . "\n") ; + $body = $parent_item['body']; $obj = <<< EOT <object> <type>$objtype</type> <local>1</local> - <id>{$item['uri']}</id> + <id>{$parent_item['uri']}</id> <link>$link</link> <title></title> <content>$body</content> </object> EOT; - if($verb === 'like') - $bodyverb = t('%1$s likes %2$s\'s %3$s'); - if($verb === 'dislike') - $bodyverb = t('%1$s doesn\'t like %2$s\'s %3$s'); - - if(! isset($bodyverb)) - return; + $bodyverb = t('%1$s likes %2$s\'s %3$s'); $arr = array(); $arr['uri'] = $uri; - $arr['uid'] = $owner_uid; + $arr['uid'] = $importer['uid']; $arr['contact-id'] = $contact['id']; $arr['type'] = 'activity'; - $arr['wall'] = 1; + $arr['wall'] = $parent_item['wall']; $arr['gravity'] = GRAVITY_LIKE; - $arr['parent'] = $item['id']; - $arr['parent-uri'] = $item['uri']; - $arr['owner-name'] = $owner['name']; - $arr['owner-link'] = $owner['url']; - $arr['owner-avatar'] = $owner['thumb']; + $arr['parent'] = $parent_item['id']; + $arr['parent-uri'] = $parent_item['uri']; + +// $arr['owner-name'] = $owner['name']; // FIXME +// $arr['owner-link'] = $owner['url']; +// $arr['owner-avatar'] = $owner['thumb']; + $arr['author-name'] = $contact['name']; $arr['author-link'] = $contact['url']; $arr['author-avatar'] = $contact['thumb']; $ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]'; - $alink = '[url=' . $item['author-link'] . ']' . $item['author-name'] . '[/url]'; - $plink = '[url=' . $a->get_baseurl() . '/display/' . $owner['nickname'] . '/' . $item['id'] . ']' . $post_type . '[/url]'; + $alink = '[url=' . $parent_item['author-link'] . ']' . $parent_item['author-name'] . '[/url]'; + $plink = '[url=' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . ']' . $post_type . '[/url]'; $arr['body'] = sprintf( $bodyverb, $ulink, $alink, $plink ); $arr['verb'] = $activity; $arr['object-type'] = $objtype; $arr['object'] = $obj; - $arr['allow_cid'] = $item['allow_cid']; - $arr['allow_gid'] = $item['allow_gid']; - $arr['deny_cid'] = $item['deny_cid']; - $arr['deny_gid'] = $item['deny_gid']; + $arr['allow_cid'] = $parent_item['allow_cid']; + $arr['allow_gid'] = $parent_item['allow_gid']; + $arr['deny_cid'] = $parent_item['deny_cid']; + $arr['deny_gid'] = $parent_item['deny_gid']; $arr['visible'] = 1; $arr['unseen'] = 1; $arr['last-child'] = 0; $post_id = item_store($arr); - if(! $item['visible']) { - $r = q("UPDATE `item` SET `visible` = 1 WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($item['id']), - intval($owner_uid) - ); - } - - $arr['id'] = $post_id; + // FIXME send notification } |