From 08f054130f5a57e2928e129131e7609271ec7f40 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 24 Feb 2015 16:36:27 -0800
Subject: require access token to view, query, or join directories in private
 realms, if the realm is so configured.

---
 boot.php                    |  2 +-
 include/dir_fns.php         | 18 ++++++++++++------
 install/schema_mysql.sql    |  4 +++-
 install/schema_postgres.sql |  2 ++
 install/update.php          | 10 +++++++++-
 mod/directory.php           |  8 ++++++--
 mod/dirsearch.php           | 10 +++++++++-
 mod/regdir.php              | 28 ++++++++++++++++++++++++++--
 8 files changed, 68 insertions(+), 14 deletions(-)

diff --git a/boot.php b/boot.php
index 4009f63dd..a93f074c4 100755
--- a/boot.php
+++ b/boot.php
@@ -49,7 +49,7 @@ define ( 'RED_PLATFORM',            'redmatrix' );
 define ( 'RED_VERSION',             trim(file_get_contents('version.inc')) . 'R');
 define ( 'ZOT_REVISION',            1     );
 
-define ( 'DB_UPDATE_VERSION',       1137  );
+define ( 'DB_UPDATE_VERSION',       1138  );
 
 /**
  * Constant with a HTML line break.
diff --git a/include/dir_fns.php b/include/dir_fns.php
index 686c5140f..37a7c04e7 100644
--- a/include/dir_fns.php
+++ b/include/dir_fns.php
@@ -48,7 +48,7 @@ function check_upstream_directory() {
 	if($directory) {
 		$h = parse_url($directory);
 		if($h) {
-			$x = zot_finger('sys@' . $h['host']);
+			$x = zot_finger('[system]@' . $h['host']);
 			if($x['success']) {
 				$j = json_decode($x['body'],true);
 				if(array_key_exists('site',$j) && array_key_exists('directory_mode',$j['site'])) {
@@ -166,20 +166,23 @@ function sync_directories($dirmode) {
 	// FIXME - what to do if we're in a different realm?
 
 	if((! $r) && (z_root() != DIRECTORY_FALLBACK_MASTER)) {
-		$r = array(
+		$r = array();
+		$r[] = array(
 			'site_url' => DIRECTORY_FALLBACK_MASTER,
 			'site_flags' => DIRECTORY_MODE_PRIMARY,
 			'site_update' => NULL_DATE, 
 			'site_directory' => DIRECTORY_FALLBACK_MASTER . '/dirsearch',
-			'site_realm' => DIRECTORY_REALM
+			'site_realm' => DIRECTORY_REALM,
+			'site_valid' => 1
 		);
-		$x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm )
+		$x = q("insert into site ( site_url, site_flags, site_update, site_directory, site_realm, site_valid )
 			values ( '%s', %d', '%s', '%s', '%s' ) ",
 			dbesc($r[0]['site_url']),
 			intval($r[0]['site_flags']),
 			dbesc($r[0]['site_update']),
 			dbesc($r[0]['site_directory']),
-			dbesc($r[0]['site_realm'])
+			dbesc($r[0]['site_realm']),
+			intval($r[0]['site_valid'])
 		);
 
 		$r = q("select * from site where (site_flags & %d) > 0 and site_url != '%s'",
@@ -201,8 +204,11 @@ function sync_directories($dirmode) {
 		// It will take about a month for a new directory to obtain the full current repertoire of channels.
 		// FIXME - go back and pick up earlier ratings if this is a new directory server. These do not get refreshed.
 
+		$token = get_config('system','realm_token');
+
+
 		$syncdate = (($rr['site_sync'] === NULL_DATE) ? datetime_convert('UTC','UTC','now - 2 days') : $rr['site_sync']);
-		$x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate));
+		$x = z_fetch_url($rr['site_directory'] . '?f=&sync=' . urlencode($syncdate) . (($token) ? '&t=' . $token : ''));
 
 		if(! $x['success'])
 			continue;
diff --git a/install/schema_mysql.sql b/install/schema_mysql.sql
index 247b33814..da78d9c61 100644
--- a/install/schema_mysql.sql
+++ b/install/schema_mysql.sql
@@ -1256,6 +1256,7 @@ CREATE TABLE IF NOT EXISTS `site` (
   `site_sellpage` char(255) NOT NULL DEFAULT '',
   `site_location` char(255) NOT NULL DEFAULT '',
   `site_realm` char(255) NOT NULL DEFAULT '',
+  `site_valid` smallint NOT NULL DEFAULT '0',
   PRIMARY KEY (`site_url`),
   KEY `site_flags` (`site_flags`),
   KEY `site_update` (`site_update`),
@@ -1264,7 +1265,8 @@ CREATE TABLE IF NOT EXISTS `site` (
   KEY `site_access` (`site_access`),
   KEY `site_sellpage` (`site_sellpage`),
   KEY `site_pull` (`site_pull`),
-  KEY `site_realm` (`site_realm`)
+  KEY `site_realm` (`site_realm`),
+  KEY `site_valid` (`site_valid`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
 
 -- --------------------------------------------------------
diff --git a/install/schema_postgres.sql b/install/schema_postgres.sql
index d852f38e9..1370f3b8a 100644
--- a/install/schema_postgres.sql
+++ b/install/schema_postgres.sql
@@ -959,6 +959,7 @@ CREATE TABLE "site" (
   "site_sellpage" text NOT NULL DEFAULT '',
   "site_location" text NOT NULL DEFAULT '',
   "site_realm" text NOT NULL DEFAULT '',
+  "site_valid" smallint NOT NULL DEFAULT '0',
   PRIMARY KEY ("site_url")
 );
 create index "site_flags" on site ("site_flags");
@@ -968,6 +969,7 @@ create index "site_register" on site ("site_register");
 create index "site_access" on site ("site_access");
 create index "site_sellpage" on site ("site_sellpage");
 create index "site_realm" on site ("site_realm");
+create index "site_valid" on site ("site_valid");
 
 CREATE TABLE "source" (
   "src_id" serial  NOT NULL,
diff --git a/install/update.php b/install/update.php
index 86731e165..ee13bee78 100644
--- a/install/update.php
+++ b/install/update.php
@@ -1,6 +1,6 @@
 <?php
 
-define( 'UPDATE_VERSION' , 1137 );
+define( 'UPDATE_VERSION' , 1138 );
 
 /**
  *
@@ -1568,3 +1568,11 @@ function update_r1136() {
 		return UPDATE_SUCCESS;
 	return UPDATE_FAILED;
 }
+
+function update_r1137() {
+	$r1 = q("alter table site add site_valid smallint not null default '0' ");
+	$r2 = q("create index site_valid on site ( site_valid ) ");
+	if($r1 && $r2)
+		return UPDATE_SUCCESS;
+	return UPDATE_FAILED;
+}
diff --git a/mod/directory.php b/mod/directory.php
index 329e255cf..bc5aa41e2 100644
--- a/mod/directory.php
+++ b/mod/directory.php
@@ -92,6 +92,9 @@ function directory_content(&$a) {
 		$url = $directory['url'] . '/dirsearch';
 	}
 
+	$token = get_config('system','realm_token');
+
+
 	logger('mod_directory: URL = ' . $url, LOGGER_DEBUG);
 
 	$contacts = array();
@@ -106,8 +109,6 @@ function directory_content(&$a) {
 		}
 	}
 
-
-
 	if($url) {
 		// We might want to make the tagadelic count (&kw=) configurable or turn it off completely.
 
@@ -116,6 +117,9 @@ function directory_content(&$a) {
 		$kw = ((intval($numtags)) ? $numtags : 24);
 		$query = $url . '?f=&kw=' . $kw . (($safe_mode != 1) ? '&safe=' . $safe_mode : '');
 
+		if($token)
+			$query .= '&t=' . $token;
+
 		if($search)
 			$query .= '&name=' . urlencode($search) . '&keywords=' . urlencode($search);
 		if(strpos($search,'@'))
diff --git a/mod/dirsearch.php b/mod/dirsearch.php
index 5a0a7cee8..12abfafb8 100644
--- a/mod/dirsearch.php
+++ b/mod/dirsearch.php
@@ -13,7 +13,6 @@ function dirsearch_content(&$a) {
 	$ret = array('success' => false);
 
 
-
 	$dirmode = intval(get_config('system','directory_mode'));
 
 	if($dirmode == DIRECTORY_MODE_NORMAL) {
@@ -21,6 +20,15 @@ function dirsearch_content(&$a) {
 		json_return_and_die($ret);
 	}
 
+	$access_token = $_REQUEST['t'];
+
+	$token = get_config('system','realm_token');
+	if($token && $access_token != $token) {
+		$result['message'] = t('This directory server requires an access token');
+		return;
+	}
+
+
 	if(argc() > 1 && argv(1) === 'sites') {
 		$ret = list_public_sites();
 		json_return_and_die($ret);
diff --git a/mod/regdir.php b/mod/regdir.php
index f24ee3951..f12659dad 100644
--- a/mod/regdir.php
+++ b/mod/regdir.php
@@ -18,7 +18,8 @@ function regdir_init(&$a) {
 	$result = array('success' => false);
 
 	$url = $_REQUEST['url'];
-
+	$access_token = $_REQUEST['t'];
+	$valid = 0;
 
 	// we probably don't need the realm as we will find out in the probe.
 	// What we may want to die is throw an error if you're trying to register in a different realm
@@ -28,6 +29,18 @@ function regdir_init(&$a) {
 	if(! $realm)
 		$realm = DIRECTORY_REALM;
 
+	if($realm === DIRECTORY_REALM) {
+		$valid = 1;
+	}
+	else {
+		$token = get_config('system','realm_token');
+		if($token && $access_token != $token) {
+			$result['message'] = 'This realm requires an access token';
+			return;
+		}
+		$valid = 1;
+	}
+	
 	$dirmode = intval(get_config('system','directory_mode'));
 
 	if($dirmode == DIRECTORY_MODE_NORMAL) {
@@ -56,14 +69,25 @@ function regdir_init(&$a) {
 			}
 		}
 
+		q("update site set site_valid = %d where site_url = '%s' limit 1",
+			intval($valid),
+			strtolower($url)
+		);
+
 		json_return_and_die($result);
 	}
 	else {
+
+		// We can put this in the sql without the condition after 31 march 2015 assuming
+		// most directory servers will have updated by then
+		// This just makes sure it happens if I forget
+
+		$sql_extra = ((datetime_convert() > datetime_convert('UTC','UTC','2015-03-31')) ? ' and site_valid = 1 ' : '' );
 		if($dirmode == DIRECTORY_MODE_STANDALONE) {
 			$r = array(array('site_url' => z_root()));
 		}
 		else {
-			$r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s'",
+			$r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s' $sql_extra ",
 				dbesc(get_directory_realm())
 			);
 		}
-- 
cgit v1.2.3