diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/post.php | 58 | ||||
-rw-r--r-- | mod/zfinger.php | 25 |
2 files changed, 65 insertions, 18 deletions
diff --git a/mod/post.php b/mod/post.php index fb8885b93..82ffb5817 100644 --- a/mod/post.php +++ b/mod/post.php @@ -9,16 +9,25 @@ require_once('include/zot.php'); function post_post(&$a) { - $ret = array('result' => false, 'message' => ''); + $ret = array('result' => false); - $msgtype = ((array_key_exists('type',$_REQUEST)) ? $_REQUEST['type'] : ''); + if(array_key_exists('iv',$_REQUEST)) { + // hush-hush ultra top secret mode + $data = aes_unencapsulate($_REQUEST,get_config('system','site_prvkey')); + } + else { + $data = $_REQUEST; + } - if(array_key_exists('sender',$_REQUEST)) { - $j_sender = json_decode($_REQUEST['sender']); + $msgtype = ((array_key_exists('type',$data)) ? $data['type'] : ''); + + if(array_key_exists('sender',$data)) { + $j_sender = json_decode($data['sender']); } $hub = zot_gethub($j_sender); if(! $hub) { + // (!!) this will validate the sender $result = zot_register_hub($j_sender); if((! $result['success']) || (! zot_gethub($j_sender))) { $ret['message'] = 'Hub not available.'; @@ -26,27 +35,54 @@ function post_post(&$a) { } } - // check which hub is primary and take action if mismatched + // TODO: check which hub is primary and take action if mismatched + if(array_key_exists('recipients',$data)) + $j_recipients = json_decode($data['recipients']); if($msgtype === 'refresh') { - // Need to pass the recipient in the message + // remote channel info (such as permissions or photo or something) + // has been updated. Grab a fresh copy and sync it. - // look up recipient + if($j_recipients) { - // format args - // $r = zot_refresh($them,$channel); + // This would be a permissions update, typically for one connection - return; + foreach($j_recipients as $recip) { + $r = q("select channel.*,xchan.* from channel + left join xchan on channel_hash = xchan_hash + where channel_guid = '%s' and channel_guid_sig = '%s' limit 1", + dbesc($recip->guid), + dbesc($recip->guid_sig) + ); + $x = zot_refresh(array( + 'xchan_guid' => $j_sender->guid, + 'xchan_guid_sig' => $j_sender->guid_sig, + 'hubloc_url' => $j_sender->url + ),$r[0]); + } + } + else { + + // system wide refresh + + $x = zot_refresh(array( + 'xchan_guid' => $j_sender->guid, + 'xchan_guid_sig' => $j_sender->guid_sig, + 'hubloc_url' => $j_sender->url + ),null); + } + $ret['result'] = true; + json_return_and_die($ret); } if($msgtype === 'notify') { // add to receive queue - // qreceive_add($_REQUEST); + // qreceive_add($data); $ret['result'] = true; json_return_and_die($ret); diff --git a/mod/zfinger.php b/mod/zfinger.php index cc4b8cdd3..e1afdeba4 100644 --- a/mod/zfinger.php +++ b/mod/zfinger.php @@ -7,11 +7,13 @@ function zfinger_init(&$a) { $ret = array('success' => false); - $zhash = ((x($_REQUEST,'guid_hash')) ? $_REQUEST['guid_hash'] : ''); - $zaddr = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : ''); - $ztarget = ((x($_REQUEST,'target')) ? $_REQUEST['target'] : ''); - $zsig = ((x($_REQUEST,'target_sig')) ? $_REQUEST['target_sig'] : ''); - $zkey = ((x($_REQUEST,'key')) ? $_REQUEST['key'] : ''); + $zhash = ((x($_REQUEST,'guid_hash')) ? $_REQUEST['guid_hash'] : ''); + $zguid = ((x($_REQUEST,'guid')) ? $_REQUEST['guid'] : ''); + $zguid_sig = ((x($_REQUEST,'guid_sig')) ? $_REQUEST['guid_sig'] : ''); + $zaddr = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : ''); + $ztarget = ((x($_REQUEST,'target')) ? $_REQUEST['target'] : ''); + $zsig = ((x($_REQUEST,'target_sig')) ? $_REQUEST['target_sig'] : ''); + $zkey = ((x($_REQUEST,'key')) ? $_REQUEST['key'] : ''); if($ztarget) { if((! $zkey) || (! $zsig) || (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) { @@ -23,12 +25,19 @@ function zfinger_init(&$a) { $r = null; - if(strlen($zguid)) { + if(strlen($zhash)) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash where channel_hash = '%s' limit 1", dbesc($zhash) ); } + if(strlen($zguid) && strlen($zguid_sig)) { + $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash + where channel_guid = '%s' and channel_guid_sig = '%s' limit 1", + dbesc($zguid), + dbesc($zguid_sig) + ); + } elseif(strlen($zaddr)) { $r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash where channel_address = '%s' limit 1", @@ -40,7 +49,7 @@ function zfinger_init(&$a) { json_return_and_die($ret); } - if(! ($r && count($r))) { + if(! $r) { $ret['message'] = 'Item not found.'; json_return_and_die($ret); } @@ -48,6 +57,8 @@ function zfinger_init(&$a) { $e = $r[0]; $id = $e['channel_id']; + +// This is for birthdays and keywords, but must check access permissions // $r = q("select contact.*, profile.* // from contact left join profile on contact.uid = profile.uid // where contact.uid = %d && contact.self = 1 and profile.is_default = 1 limit 1", |