aboutsummaryrefslogtreecommitdiffstats
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/post.php93
1 files changed, 84 insertions, 9 deletions
diff --git a/mod/post.php b/mod/post.php
index 320e9fdd9..bdb50ac48 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -13,18 +13,85 @@ function post_post(&$a) {
$ret = array('result' => false);
- if(array_key_exists('iv',$_REQUEST)) {
- // hush-hush ultra top secret mode
- $data = json_decode(aes_unencapsulate($_REQUEST['data'],get_config('system','site_prvkey')),true);
- }
- else {
- $data = json_decode($_REQUEST['data'],true);
- }
+ $data = json_decode($_REQUEST['data'],true);
+ logger('mod_zot: data: ' . print_r($data,true), LOGGER_DATA);
+
+ if(array_key_exists('iv',$data)) {
+ $data = aes_unencapsulate($data,get_config('system','prvkey'));
+ logger('mod_zot: decrypt1: ' . $data);
+ $data = json_decode($data,true);
+ }
+ logger('mod_zot: decoded data: ' . print_r($data,true), LOGGER_DATA);
$msgtype = ((array_key_exists('type',$data)) ? $data['type'] : '');
+
+ if($msgtype === 'pickup') {
+
+ if((! $data['secret']) || (! $data['secret_sig'])) {
+ $ret['message'] = 'no verification signature';
+ logger('mod_zot: pickup: ' . $ret['message']);
+ json_return_and_die($ret);
+ }
+ $r = q("select hubloc_sitekey from hubloc where hubloc_url = '%s' and hubloc_callback = '%s' and hubloc_sitekey != '' limit 1",
+ dbesc($data['url']),
+ dbesc($data['callback'])
+ );
+ if(! $r) {
+ $ret['message'] = 'site not found';
+ logger('mod_zot: pickup: ' . $ret['message']);
+ json_return_and_die($ret);
+ }
+ // verify the url_sig
+ $sitekey = $r[0]['hubloc_sitekey'];
+ logger('sitekey: ' . $sitekey);
+
+ if(! rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
+ $ret['message'] = 'possible site forgery';
+ logger('mod_zot: pickup: ' . $ret['message']);
+ json_return_and_die($ret);
+ }
+
+ if(! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
+ $ret['message'] = 'secret validation failed';
+ logger('mod_zot: pickup: ' . $ret['message']);
+ json_return_and_die($ret);
+ }
+
+ // If we made it to here, we've got a valid pickup. Grab everything for this host and send it.
+
+ $r = q("select outq_posturl from outq where outq_hash = '%s' and outq_posturl = '%s' limit 1",
+ dbesc($data['secret']),
+ dbesc($data['callback'])
+ );
+ if(! $r) {
+ $ret['message'] = 'nothing to pick up';
+ logger('mod_zot: pickup: ' . $ret['message']);
+ json_return_and_die($ret);
+ }
+
+ $r = q("select * from outq where outq_posturl = '%s'",
+ dbesc($data['callback'])
+ );
+ if($r) {
+ $ret['success'] = true;
+ $ret['pickup'] = array();
+ foreach($r as $rr) {
+ $ret['pickup'][] = array('notify' => $rr['outq_notify'],'message' => $rr['outq_msg']);
+
+ $x = q("delete from outq where outq_hash = '%s' limit 1",
+ dbesc($rr['outq_hash'])
+ );
+ }
+ }
+ $encrypted = aes_encapsulate(json_encode($ret),$sitekey);
+ json_return_and_die($encrypted);
+ }
+
+
+
if(array_key_exists('sender',$data)) {
$sender = $data['sender'];
}
@@ -84,8 +151,16 @@ function post_post(&$a) {
}
if($msgtype === 'notify') {
- // add to receive queue
- // qreceive_add($data);
+ $async = get_config('system','queued_fetch');
+
+
+ if($async) {
+ // add to receive queue
+ // qreceive_add($data);
+ }
+ else {
+ $x = zot_fetch($data);
+ }
$ret['result'] = true;
json_return_and_die($ret);