diff options
Diffstat (limited to 'mod')
-rw-r--r-- | mod/post.php | 93 |
1 files changed, 84 insertions, 9 deletions
diff --git a/mod/post.php b/mod/post.php index 320e9fdd9..bdb50ac48 100644 --- a/mod/post.php +++ b/mod/post.php @@ -13,18 +13,85 @@ function post_post(&$a) { $ret = array('result' => false); - if(array_key_exists('iv',$_REQUEST)) { - // hush-hush ultra top secret mode - $data = json_decode(aes_unencapsulate($_REQUEST['data'],get_config('system','site_prvkey')),true); - } - else { - $data = json_decode($_REQUEST['data'],true); - } + $data = json_decode($_REQUEST['data'],true); + logger('mod_zot: data: ' . print_r($data,true), LOGGER_DATA); + + if(array_key_exists('iv',$data)) { + $data = aes_unencapsulate($data,get_config('system','prvkey')); + logger('mod_zot: decrypt1: ' . $data); + $data = json_decode($data,true); + } + logger('mod_zot: decoded data: ' . print_r($data,true), LOGGER_DATA); $msgtype = ((array_key_exists('type',$data)) ? $data['type'] : ''); + + if($msgtype === 'pickup') { + + if((! $data['secret']) || (! $data['secret_sig'])) { + $ret['message'] = 'no verification signature'; + logger('mod_zot: pickup: ' . $ret['message']); + json_return_and_die($ret); + } + $r = q("select hubloc_sitekey from hubloc where hubloc_url = '%s' and hubloc_callback = '%s' and hubloc_sitekey != '' limit 1", + dbesc($data['url']), + dbesc($data['callback']) + ); + if(! $r) { + $ret['message'] = 'site not found'; + logger('mod_zot: pickup: ' . $ret['message']); + json_return_and_die($ret); + } + // verify the url_sig + $sitekey = $r[0]['hubloc_sitekey']; + logger('sitekey: ' . $sitekey); + + if(! rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) { + $ret['message'] = 'possible site forgery'; + logger('mod_zot: pickup: ' . $ret['message']); + json_return_and_die($ret); + } + + if(! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) { + $ret['message'] = 'secret validation failed'; + logger('mod_zot: pickup: ' . $ret['message']); + json_return_and_die($ret); + } + + // If we made it to here, we've got a valid pickup. Grab everything for this host and send it. + + $r = q("select outq_posturl from outq where outq_hash = '%s' and outq_posturl = '%s' limit 1", + dbesc($data['secret']), + dbesc($data['callback']) + ); + if(! $r) { + $ret['message'] = 'nothing to pick up'; + logger('mod_zot: pickup: ' . $ret['message']); + json_return_and_die($ret); + } + + $r = q("select * from outq where outq_posturl = '%s'", + dbesc($data['callback']) + ); + if($r) { + $ret['success'] = true; + $ret['pickup'] = array(); + foreach($r as $rr) { + $ret['pickup'][] = array('notify' => $rr['outq_notify'],'message' => $rr['outq_msg']); + + $x = q("delete from outq where outq_hash = '%s' limit 1", + dbesc($rr['outq_hash']) + ); + } + } + $encrypted = aes_encapsulate(json_encode($ret),$sitekey); + json_return_and_die($encrypted); + } + + + if(array_key_exists('sender',$data)) { $sender = $data['sender']; } @@ -84,8 +151,16 @@ function post_post(&$a) { } if($msgtype === 'notify') { - // add to receive queue - // qreceive_add($data); + $async = get_config('system','queued_fetch'); + + + if($async) { + // add to receive queue + // qreceive_add($data); + } + else { + $x = zot_fetch($data); + } $ret['result'] = true; json_return_and_die($ret); |