aboutsummaryrefslogtreecommitdiffstats
path: root/mod/post.php
diff options
context:
space:
mode:
Diffstat (limited to 'mod/post.php')
-rw-r--r--mod/post.php185
1 files changed, 156 insertions, 29 deletions
diff --git a/mod/post.php b/mod/post.php
index e5fa1a418..378192cbf 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -1,4 +1,4 @@
-<?php
+<?php /** @file */
/**
* Zot endpoint
@@ -10,16 +10,16 @@ require_once('include/zot.php');
function post_init(&$a) {
- // All other access to this endpoint is via the post method.
+ // Most access to this endpoint is via the post method.
// Here we will pick out the magic auth params which arrive
- // as a get request.
+ // as a get request, and the only communications to arrive this way.
if(argc() > 1) {
$webbie = argv(1);
if(array_key_exists('auth',$_REQUEST)) {
-
+ logger('mod_zot: auth request received.');
$address = $_REQUEST['auth'];
$dest = $_REQUEST['dest'];
$sec = $_REQUEST['sec'];
@@ -49,7 +49,7 @@ function post_init(&$a) {
}
// Try and find a hubloc for the person attempting to auth
- $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+ $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1",
dbesc($address)
);
@@ -60,7 +60,7 @@ function post_init(&$a) {
$j = json_decode($ret['body'],true);
if($j)
import_xchan($j);
- $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1",
+ $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1",
dbesc($address)
);
}
@@ -95,21 +95,44 @@ function post_init(&$a) {
$j = json_decode($result['body'],true);
}
- if($already_authed || $j['result']) {
+ if($already_authed || $j['success']) {
+ if($j['success']) {
+ // legit response, but we do need to check that this wasn't answered by a man-in-middle
+ if(! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) {
+ logger('mod_zot: auth: final confirmation failed.');
+ goaway($desturl);
+ }
+ }
// everything is good... maybe
if(local_user()) {
- notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
+
+ // tell them to logout if they're logged in locally as anything but the target remote account
+ // in which case just shut up because they don't need to be doing this at all.
+
+ if($a->channel['channel_hash'] != $x[0]['xchan_hash']) {
+ logger('mod_zot: auth: already authenticated locally as somebody else.');
+ notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
+ }
goaway($desturl);
}
// log them in
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $x[0]['xchan_hash'];
+ $_SESSION['my_address'] = $address;
+ $arr = array('xchan' => $x[0], 'url' => $desturl, 'channel_address' => $webbie);
+ call_hooks('magic_auth_success',$arr);
$a->set_observer($x[0]);
require_once('include/security.php');
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name']));
logger('mod_zot: auth success from ' . $x[0]['xchan_addr'] . ' for ' . $webbie);
+ } else {
+ logger('mod_zot: still not authenticated: ' . $x[0]['xchan_addr']);
+ q("update hubloc set hubloc_status = (hubloc_status | %d ) where hubloc_addr = '%s'",
+ intval(HUBLOC_RECEIVE_ERROR),
+ $x[0][xchan_addr]
+ );
}
// FIXME - we really want to save the return_url in the session before we visit rmagic.
@@ -137,31 +160,68 @@ function post_post(&$a) {
logger('mod_zot: ' . print_r($_REQUEST,true), LOGGER_DEBUG);
- $ret = array('result' => false);
+ $ret = array('success' => false);
$data = json_decode($_REQUEST['data'],true);
logger('mod_zot: data: ' . print_r($data,true), LOGGER_DATA);
+ /**
+ * Many message packets will arrive encrypted. The existence of an 'iv' element
+ * tells us we need to unencapsulate the AES-256-CBC content using the site private key
+ */
+
if(array_key_exists('iv',$data)) {
$data = aes_unencapsulate($data,get_config('system','prvkey'));
logger('mod_zot: decrypt1: ' . $data, LOGGER_DATA);
+ if(! $data) {
+ $ret['message'] = 'Decryption failed.';
+ json_return_and_die($ret);
+ }
+
$data = json_decode($data,true);
+
+ }
+
+ if(! $data) {
+ $ret['message'] = 'No data received.';
+ json_return_and_die($ret);
}
logger('mod_zot: decoded data: ' . print_r($data,true), LOGGER_DATA);
$msgtype = ((array_key_exists('type',$data)) ? $data['type'] : '');
+ if($msgtype === 'ping') {
+
+ // Useful to get a health check on a remote site.
+ // This will let us know if any important communication details
+ // that we may have stored are no longer valid, regardless of xchan details.
+
+ $ret['success'] = true;
+ $ret['site'] = array();
+ $ret['site']['url'] = z_root();
+ $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),get_config('system','prvkey')));
+ $ret['site']['sitekey'] = get_config('system','pubkey');
+ json_return_and_die($ret);
+ }
if($msgtype === 'pickup') {
+ /**
+ * The 'pickup' message arrives with a tracking ID which is associated with a particular outq_hash
+ * First verify that that the returned signatures verify, then check that we have an outbound queue item
+ * with the correct hash.
+ * If everything verifies, find any/all outbound messages in the queue for this hubloc and send them back
+ *
+ */
+
if((! $data['secret']) || (! $data['secret_sig'])) {
$ret['message'] = 'no verification signature';
logger('mod_zot: pickup: ' . $ret['message'], LOGGER_DEBUG);
json_return_and_die($ret);
}
- $r = q("select hubloc_sitekey from hubloc where hubloc_url = '%s' and hubloc_callback = '%s' and hubloc_sitekey != '' limit 1",
+ $r = q("select distinct hubloc_sitekey from hubloc where hubloc_url = '%s' and hubloc_callback = '%s' and hubloc_sitekey != '' group by hubloc_sitekey ",
dbesc($data['url']),
dbesc($data['callback'])
);
@@ -170,23 +230,46 @@ function post_post(&$a) {
logger('mod_zot: pickup: ' . $ret['message']);
json_return_and_die($ret);
}
- // verify the url_sig
- $sitekey = $r[0]['hubloc_sitekey'];
- logger('sitekey: ' . $sitekey);
- if(! rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
+ foreach ($r as $hubsite) {
+
+ // verify the url_sig
+ // If the server was re-installed at some point, there could be multiple hubs with the same url and callback.
+ // Only one will have a valid key.
+
+ $forgery = true;
+ $secret_fail = true;
+
+ $sitekey = $hubsite['hubloc_sitekey'];
+
+ logger('mod_zot: Checking sitekey: ' . $sitekey);
+
+ if(rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
+ $forgery = false;
+ }
+ if(rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
+ $secret_fail = false;
+ }
+ if((! $forgery) && (! $secret_fail))
+ break;
+ }
+ if($forgery) {
$ret['message'] = 'possible site forgery';
logger('mod_zot: pickup: ' . $ret['message']);
json_return_and_die($ret);
}
- if(! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
+ if($secret_fail) {
$ret['message'] = 'secret validation failed';
logger('mod_zot: pickup: ' . $ret['message']);
json_return_and_die($ret);
}
- // If we made it to here, we've got a valid pickup. Grab everything for this host and send it.
+ /**
+ * If we made it to here, the signatures verify, but we still don't know if the tracking ID is valid.
+ * It wouldn't be an error if the tracking ID isn't found, because we may have sent this particular
+ * queue item with another pickup (after the tracking ID for the other pickup was verified).
+ */
$r = q("select outq_posturl from outq where outq_hash = '%s' and outq_posturl = '%s' limit 1",
dbesc($data['secret']),
@@ -198,6 +281,11 @@ function post_post(&$a) {
json_return_and_die($ret);
}
+ /**
+ * Everything is good if we made it here, so find all messages that are going to this location
+ * and send them all.
+ */
+
$r = q("select * from outq where outq_posturl = '%s'",
dbesc($data['callback'])
);
@@ -214,53 +302,88 @@ function post_post(&$a) {
}
$encrypted = aes_encapsulate(json_encode($ret),$sitekey);
json_return_and_die($encrypted);
+
+ /** pickup: end */
}
+
+ /**
+ * All other message types require us to verify the sender. This is a generic check, so we
+ * will do it once here and bail if anything goes wrong.
+ */
+
if(array_key_exists('sender',$data)) {
$sender = $data['sender'];
}
+ /** Check if the sender is already verified here */
+
$hub = zot_gethub($sender);
+
if(! $hub) {
+
+ /** Have never seen this guid or this guid coming from this location. Check it and register it. */
+
// (!!) this will validate the sender
$result = zot_register_hub($sender);
- if((! $result['success']) || (! zot_gethub($sender))) {
+
+ if((! $result['success']) || (! ($hub = zot_gethub($sender)))) {
$ret['message'] = 'Hub not available.';
logger('mod_zot: no hub');
json_return_and_die($ret);
}
}
+
+ // Update our DB to show when we last communicated successfully with this hub
+ // This will allow us to prune dead hubs from using up resources
+
+ $r = q("update hubloc set hubloc_connected = '%s' where hubloc_id = %d limit 1",
+ dbesc(datetime_convert()),
+ intval($hub['hubloc_id'])
+ );
+
+
// TODO: check which hub is primary and take action if mismatched
if(array_key_exists('recipients',$data))
$recipients = $data['recipients'];
-
if($msgtype === 'purge') {
if($recipients) {
// basically this means "unfriend"
foreach($recipients as $recip) {
-
-
-
+ $r = q("select channel.*,xchan.* from channel
+ left join xchan on channel_hash = xchan_hash
+ where channel_guid = '%s' and channel_guid_sig = '%s' limit 1",
+ dbesc($recip['guid']),
+ dbesc($recip['guid_sig'])
+ );
+ if($r) {
+ $r = q("select abook_id from abook where uid = %d and abook_xchan = '%s' limit 1",
+ intval($r[0]['channel_id']),
+ dbesc(base64url_encode(hash('whirlpool',$sender['guid'] . $sender['guid_sig'], true)))
+ );
+ if($r) {
+ contact_remove($r[0]['channel_id'],$r[0]['abook_id']);
+ }
+ }
}
-
-
}
else {
- // basically this means the channel has committed suicide
+ // Unfriend everybody - basically this means the channel has committed suicide
$arr = $data['sender'];
$sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
require_once('include/Contact.php');
remove_all_xchan_resources($sender_hash);
- $ret['result'] = true;
+ $ret['success'] = true;
json_return_and_die($ret);
}
}
+
if($msgtype === 'refresh') {
// remote channel info (such as permissions or photo or something)
@@ -295,7 +418,7 @@ function post_post(&$a) {
'hubloc_url' => $sender['url']
),null);
}
- $ret['result'] = true;
+ $ret['success'] = true;
json_return_and_die($ret);
}
@@ -311,12 +434,13 @@ function post_post(&$a) {
$ret['delivery_report'] = $x;
}
- $ret['result'] = true;
+ $ret['success'] = true;
json_return_and_die($ret);
}
if($msgtype === 'auth_check') {
+ logger('mod_zot: auth_check');
$arr = $data['sender'];
$sender_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
@@ -340,7 +464,7 @@ function post_post(&$a) {
$arr = $data['recipients'][0];
$recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true));
- $c = q("select channel_id from channel where channel_hash = '%s' limit 1",
+ $c = q("select channel_id, channel_prvkey from channel where channel_hash = '%s' limit 1",
dbesc($recip_hash)
);
if(! $c) {
@@ -348,6 +472,8 @@ function post_post(&$a) {
json_return_and_die($ret);
}
+ $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey']));
+
// This additionally checks for forged senders since we already stored the expected result in meta
// and we've already verified that this is them via zot_gethub() and that their key signed our token
@@ -365,7 +491,8 @@ function post_post(&$a) {
);
logger('mod_zot: auth_check: success', LOGGER_DEBUG);
- $ret['result'] = true;
+ $ret['success'] = true;
+ $ret['confirm'] = $confirm;
json_return_and_die($ret);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-17 06:05:52 +0000