From 304c393f38bb06b0346fe8bb5d082a039d803a85 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 4 Sep 2017 21:49:44 -0700 Subject: some preliminary work on Zot VI --- Zotlabs/Module/Zfinger.php | 3 ++- Zotlabs/Zot/Finger.php | 22 +++++++++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/Zotlabs/Module/Zfinger.php b/Zotlabs/Module/Zfinger.php index b978b9769..0f7f6a64b 100644 --- a/Zotlabs/Module/Zfinger.php +++ b/Zotlabs/Module/Zfinger.php @@ -25,7 +25,8 @@ class Zfinger extends \Zotlabs\Web\Controller { if($chan) { $hash = \Zotlabs\Web\HTTPSig::generate_digest($ret,false); $headers['Digest'] = 'SHA-256=' . $hash; - \Zotlabs\Web\HTTPSig::create_sig('',$headers,$chan['channel_prvkey'],z_root() . '/channel/' . $chan['channel_address'],true); + \Zotlabs\Web\HTTPSig::create_sig('',$headers,$chan['channel_prvkey'], + 'acct:' . $chan['channel_address'] . '@' . \App::get_hostname(),true); } else { foreach($headers as $k => $v) { diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index 9871b5bbd..865e78517 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -22,6 +22,7 @@ class Finger { * * @return zotinfo array (with 'success' => true) or array('success' => false); */ + static public function run($webbie, $channel = null, $autofallback = true) { $ret = array('success' => false); @@ -84,18 +85,27 @@ class Finger { 'token' => self::$token ); - $result = z_post_url($url . $rhs,$postvars); + $headers = []; + $headers['X-Zot-Channel'] = $channel['channel_address'] . '@' . \App::get_hostname(); + $headers['X-Zot-Nonce'] = random_string(); + $xhead = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], + 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false); + + $retries = 0; + + $result = z_post_url($url . $rhs,$postvars,$retries, [ 'headers' => $xhead ]); if ((! $result['success']) && ($autofallback)) { if ($https) { logger('zot_finger: https failed. falling back to http'); - $result = z_post_url('http://' . $host . $rhs,$postvars); + $result = z_post_url('http://' . $host . $rhs,$postvars, $retries, [ 'headers' => $xhead ]); } } - } else { + } + else { $rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token; - $result = z_fetch_url($url . $rhs); + $result = z_fetch_url($url . $rhs); if((! $result['success']) && ($autofallback)) { if($https) { logger('zot_finger: https failed. falling back to http'); @@ -110,8 +120,10 @@ class Finger { return $ret; } + $verify = \Zotlabs\Web\HTTPSig::verify($result); + $x = json_decode($result['body'], true); - if($x) { + if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); if($signed_token) { $valid = rsa_verify('token.' . self::$token, base64url_decode($signed_token), $x['key']); -- cgit v1.2.3 From 0956dcadd36331a532e2e8c358ec8bdaf4a7967d Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 4 Sep 2017 22:30:55 -0700 Subject: some more prep work for Zot VI - some of this will need to be undone or at least re-arranged later but we need to bootstrap a test environment. --- Zotlabs/Web/HTTPSig.php | 13 ++++++++++--- Zotlabs/Zot/Finger.php | 5 +++-- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index e9e262125..2b139a2a1 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -126,9 +126,16 @@ class HTTPSig { function get_activitypub_key($id) { - $x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ", - dbesc($id) - ); + if(strpos($id,'acct:') === 0) { + $x = q("select xchan_pubkey from xchan left join hubloc on xchan_hash = hubloc_hash where hubloc_addr = '%s' limit 1", + dbesc(str_replace('acct:','',$id)) + ); + } + else { + $x = q("select xchan_pubkey from xchan where xchan_hash = '%s' and xchan_network = 'activitypub' ", + dbesc($id) + ); + } if($x && $x[0]['xchan_pubkey']) { return ($x[0]['xchan_pubkey']); diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php index 865e78517..e205b136f 100644 --- a/Zotlabs/Zot/Finger.php +++ b/Zotlabs/Zot/Finger.php @@ -120,9 +120,10 @@ class Finger { return $ret; } - $verify = \Zotlabs\Web\HTTPSig::verify($result); - $x = json_decode($result['body'], true); + + $verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : ''); + if($x && (! $verify['header_valid'])) { $signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null); if($signed_token) { -- cgit v1.2.3 From 4dd05dc4e88171fb2bcaacde8c0699f64f6bb7e5 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 16 Oct 2017 15:20:45 -0700 Subject: regression in zot site info after zot6 work --- include/zot.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/include/zot.php b/include/zot.php index b6df6bca8..3fa62445c 100644 --- a/include/zot.php +++ b/include/zot.php @@ -4200,8 +4200,7 @@ function zotinfo($arr) { if($x) $ret['locations'] = $x; - $ret['site'] = zot_site_info(); - + $ret['site'] = zot_site_info($e['xchan_pubkey']); check_zotinfo($e,$x,$ret); @@ -4212,7 +4211,7 @@ function zotinfo($arr) { } -function zot_site_info() { +function zot_site_info($channel_key = '') { $signing_key = get_config('system','prvkey'); $sig_method = get_config('system','signature_algorithm','sha256'); @@ -4220,7 +4219,10 @@ function zot_site_info() { $ret = []; $ret['site'] = []; $ret['site']['url'] = z_root(); - $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); + if($channel_key) { + $ret['site']['url_sig'] = base64url_encode(rsa_sign(z_root(),$channel_key,$sig_method)); + } + $ret['site']['url_site_sig'] = base64url_encode(rsa_sign(z_root(),$signing_key,$sig_method)); $ret['site']['post'] = z_root() . '/post'; $ret['site']['openWebAuth'] = z_root() . '/owa'; $ret['site']['authRedirect'] = z_root() . '/magic'; -- cgit v1.2.3 From 25988ddefa201eb031fac97d5046c19184d8d015 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Mon, 23 Oct 2017 21:03:18 -0700 Subject: not sure when but the hcard went missing in webfinger --- Zotlabs/Module/Wfinger.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 9db95f181..753721d27 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -164,6 +164,13 @@ class Wfinger extends \Zotlabs\Web\Controller { 'href' => $r[0]['xchan_photo_l'] ], + [ + 'rel' => 'http://microformats.org/profile/hcard', + 'type' => 'text/html', + 'href' => z_root() . '/hcard/' . $r[0]['channel_address'] + ], + + [ 'rel' => 'http://webfinger.net/rel/profile-page', 'href' => z_root() . '/profile/' . $r[0]['channel_address'], -- cgit v1.2.3 From 4a3149d1ba9ad08c4603b727c1e9411eaa1bbde0 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 25 Oct 2017 22:33:03 -0700 Subject: hubzilla issue #890, separate the pdl preview feature from the mod_page webpage query so that the webpage will always win if a webpage and pdl have the same name. --- Zotlabs/Module/Page.php | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/Zotlabs/Module/Page.php b/Zotlabs/Module/Page.php index c142afe77..d794a43a1 100644 --- a/Zotlabs/Module/Page.php +++ b/Zotlabs/Module/Page.php @@ -89,22 +89,30 @@ class Page extends \Zotlabs\Web\Controller { if(! $ignore_language) { $r = q("select item.* from item left join iconfig on item.id = iconfig.iid where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 - and (( iconfig.k = 'WEBPAGE' and item_type = %d ) - OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1", + and iconfig.k = 'WEBPAGE' and item_type = %d + $sql_options $revision limit 1", intval($u[0]['channel_id']), dbesc($lang_page_id), - intval(ITEM_TYPE_WEBPAGE), - intval(ITEM_TYPE_PDL) + intval(ITEM_TYPE_WEBPAGE) ); } if(! $r) { $r = q("select item.* from item left join iconfig on item.id = iconfig.iid where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 - and (( iconfig.k = 'WEBPAGE' and item_type = %d ) + and iconfig.k = 'WEBPAGE' and item_type = %d OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1", intval($u[0]['channel_id']), dbesc($page_id), - intval(ITEM_TYPE_WEBPAGE), + intval(ITEM_TYPE_WEBPAGE) + ); + } + if(! $r) { + // no webpage by that name, but we do allow you to load/preview a layout using this module. Try that. + $r = q("select item.* from item left join iconfig on item.id = iconfig.iid + where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 + and iconfig.k = 'PDL' AND item_type = %d $sql_options $revision limit 1", + intval($u[0]['channel_id']), + dbesc($page_id), intval(ITEM_TYPE_PDL) ); } @@ -129,7 +137,7 @@ class Page extends \Zotlabs\Web\Controller { } return; } - + if($r[0]['title']) \App::$page['title'] = escape_tags($r[0]['title']); -- cgit v1.2.3 From e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 26 Oct 2017 15:23:04 -0700 Subject: encrypt the owa token --- Zotlabs/Module/Magic.php | 13 ++++++++++--- Zotlabs/Module/Owa.php | 4 +++- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 879085f96..9ad9c951c 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -146,10 +146,17 @@ class Magic extends \Zotlabs\Web\Controller { if($x['success']) { $j = json_decode($x['body'],true); - if($j['success'] && $j['token']) { - $x = strpbrk($dest,'?&'); - $args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : ''); + if($j['success']) { + $token = ''; + if($j['encrypted_token']) { + openssl_private_decrypt(base64url_decode($j['encrypted_token']),$token,$channel['channel_prvkey']); + } + else { + $token = $j['token']; + } + $x = strpbrk($dest,'?&'); + $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); goaway($dest . $args); } } diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 4b0d855c5..d58fd7a41 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -41,7 +41,9 @@ class Owa extends \Zotlabs\Web\Controller { $ret['success'] = true; $token = random_string(32); \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); - $ret['token'] = $token; + $result = ''; + openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); + $ret['encrypted_token'] = base64url_encode($result); } } } -- cgit v1.2.3 From 6823f0aa52a76e57297f6658091fb47ebc30bb96 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 26 Oct 2017 22:45:54 -0700 Subject: 1/2 of hubzilla issue #893 --- view/pdl/mod_sources.pdl | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 view/pdl/mod_sources.pdl diff --git a/view/pdl/mod_sources.pdl b/view/pdl/mod_sources.pdl new file mode 100644 index 000000000..53a3ac9e5 --- /dev/null +++ b/view/pdl/mod_sources.pdl @@ -0,0 +1,6 @@ +[region=aside] +[widget=settings_menu][/widget] +[/region] +[region=right_aside] +[widget=notifications][/widget] +[/region] -- cgit v1.2.3 From fe2a937cf2e2cc723d930eaae885a4f8bbabe53c Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 28 Oct 2017 15:24:37 -0700 Subject: fix "unstar" --- Zotlabs/Module/Starred.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Zotlabs/Module/Starred.php b/Zotlabs/Module/Starred.php index 4f1d99ec6..8349ae25c 100644 --- a/Zotlabs/Module/Starred.php +++ b/Zotlabs/Module/Starred.php @@ -16,7 +16,7 @@ class Starred extends \Zotlabs\Web\Controller { if(! $message_id) killme(); - $r = q("SELECT item_flags FROM item WHERE uid = %d AND id = %d LIMIT 1", + $r = q("SELECT item_starred FROM item WHERE uid = %d AND id = %d LIMIT 1", intval(local_channel()), intval($message_id) ); -- cgit v1.2.3 From ceed0f7a1b6d7ee713c23937a9449bd84324caf6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 29 Oct 2017 19:52:00 -0700 Subject: allow plugin class widgets, fix sql error in page module --- Zotlabs/Module/Page.php | 2 +- Zotlabs/Render/Comanche.php | 3 +++ util/add_widget_repo | 11 ----------- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/Zotlabs/Module/Page.php b/Zotlabs/Module/Page.php index d794a43a1..5fdd32825 100644 --- a/Zotlabs/Module/Page.php +++ b/Zotlabs/Module/Page.php @@ -100,7 +100,7 @@ class Page extends \Zotlabs\Web\Controller { $r = q("select item.* from item left join iconfig on item.id = iconfig.iid where item.uid = %d and iconfig.cat = 'system' and iconfig.v = '%s' and item.item_delayed = 0 and iconfig.k = 'WEBPAGE' and item_type = %d - OR ( iconfig.k = 'PDL' AND item_type = %d )) $sql_options $revision limit 1", + $sql_options $revision limit 1", intval($u[0]['channel_id']), dbesc($page_id), intval(ITEM_TYPE_WEBPAGE) diff --git a/Zotlabs/Render/Comanche.php b/Zotlabs/Render/Comanche.php index 8831bd117..78ca870a7 100644 --- a/Zotlabs/Render/Comanche.php +++ b/Zotlabs/Render/Comanche.php @@ -469,8 +469,11 @@ class Comanche { if(file_exists('Zotlabs/SiteWidget/' . $clsname . '.php')) require_once('Zotlabs/SiteWidget/' . $clsname . '.php'); + elseif(file_exists('widget/' . $clsname . '/' . $clsname . '.php')) + require_once('widget/' . $clsname . '/' . $clsname . '.php'); elseif(file_exists('Zotlabs/Widget/' . $clsname . '.php')) require_once('Zotlabs/Widget/' . $clsname . '.php'); + if(class_exists($nsname)) { $x = new $nsname; $f = 'widget'; diff --git a/util/add_widget_repo b/util/add_widget_repo index cb3112626..4cfd6a170 100755 --- a/util/add_widget_repo +++ b/util/add_widget_repo @@ -5,17 +5,6 @@ if [ $# -lt 2 ]; then exit 1 fi -#if [[ $1 != *"//github.com/redmatrix"* && $3 != 'insecure' ]]; then -# echo ""; -# echo "This is NOT an official project repository."; -# echo "In order to protect you from unverified and"; -# echo "possibly malicious content, this repository"; -# echo "will not be linked to your site unless you"; -# echo "append the word 'insecure' to the command."; -# echo ""; -# exit 1 -#fi - mkdir -p extend/widget/$2 mkdir widget > /dev/null 2>&1 git clone $1 extend/widget/$2 -- cgit v1.2.3 From 56c3d5dbcbdbaef9df7cb03d24e67ad8c4a157d0 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sun, 29 Oct 2017 22:00:03 -0700 Subject: add some documentation about shareable widgets --- doc/Widgets.md | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/doc/Widgets.md b/doc/Widgets.md index 4ad899a0f..7761b1833 100644 --- a/doc/Widgets.md +++ b/doc/Widgets.md @@ -129,14 +129,44 @@ Some/many of these widgets have restrictions which may restrict the type of page Creating New Widgets ==================== -If you want a widget named 'slugfish', create widget/slugfish.php containing +### Class Widgets + +To create a class-based widget named 'slugfish' create a file with the following contents: + +```` + 3 ] + + } + +```` + +The resultant file may be placed in widget/Slugfish/Slugfish.php , or Zotlabs/SiteWidgets/Slugfish.php . It also may be linked from a git repository using util/add_widget_repo. + + + +Traditional function based widget: + +If you want a widget named 'slugfish', create widget/widget_slugfish.php containing Date: Sun, 29 Oct 2017 22:21:52 -0700 Subject: memory overflow trying to delete a connection with a very high noise to signal ratio --- include/connections.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/connections.php b/include/connections.php index 60bce018e..e9d7daa2d 100644 --- a/include/connections.php +++ b/include/connections.php @@ -369,7 +369,7 @@ function contact_remove($channel_id, $abook_id) { return false; - $r = q("select * from item where (owner_xchan = '%s' or author_xchan = '%s') and uid = %d", + $r = q("select id from item where (owner_xchan = '%s' or author_xchan = '%s') and uid = %d", dbesc($abook['abook_xchan']), dbesc($abook['abook_xchan']), intval($channel_id) -- cgit v1.2.3