From bfd3da43ac9226e53188a03ff1414a18422e91b4 Mon Sep 17 00:00:00 2001
From: Mario <mario@mariovavti.com>
Date: Fri, 17 Dec 2021 19:48:09 +0100
Subject: access token refactor

---
 include/security.php | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

(limited to 'include/security.php')

diff --git a/include/security.php b/include/security.php
index b6c0f1511..f02fb8023 100644
--- a/include/security.php
+++ b/include/security.php
@@ -89,8 +89,20 @@ function authenticate_success($user_record, $channel = null, $login_initial = fa
 }
 
 function atoken_login($atoken) {
-	if (!$atoken)
+	if (! $atoken) {
 		return false;
+	}
+
+	if (App::$cmd === 'channel' && argv(1)) {
+		$channel = channelx_by_nick(argv(1));
+		if (perm_is_allowed($channel['channel_id'],$atoken['xchan_hash'],'delegate')) {
+			$_SESSION['delegate_channel'] = $channel['channel_id'];
+			$_SESSION['delegate'] = $atoken['xchan_hash'];
+			$_SESSION['account_id'] = intval($channel['channel_account_id']);
+			change_channel($channel['channel_id']);
+			return;
+		}
+	}
 
 	$_SESSION['authenticated'] = 1;
 	$_SESSION['visitor_id'] = $atoken['xchan_hash'];
@@ -113,11 +125,11 @@ function atoken_xchan($atoken) {
 	if ($c) {
 		return [
 			'atoken_id' => $atoken['atoken_id'],
-			'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_name'],
+			'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
 			'xchan_name' => $atoken['atoken_name'],
 			'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . App::get_hostname(),
 			'xchan_network' => 'unknown',
-			'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_name'],
+			'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
 			'xchan_hidden' => 1,
 			'xchan_photo_mimetype' => 'image/png',
 			'xchan_photo_l' => z_root() . '/' . get_default_profile_photo(300),
@@ -143,11 +155,17 @@ function atoken_delete($atoken_id) {
 	if (!$c)
 		return;
 
-	$atoken_xchan = substr($c[0]['channel_hash'], 0, 16) . '.' . $r[0]['atoken_name'];
+	$atoken_xchan = substr($c[0]['channel_hash'], 0, 16) . '.' . $r[0]['atoken_guid'];
 
 	q("delete from atoken where atoken_id = %d",
 		intval($atoken_id)
 	);
+
+	q("delete from abook where abook_channel = %d and abook_xchan = '%s'",
+		intval($c[0]['channel_id']),
+		dbesc($atoken_xchan)
+	);
+
 	q("delete from abconfig where chan = %d and xchan = '%s'",
 		intval($c[0]['channel_id']),
 		dbesc($atoken_xchan)
@@ -198,7 +216,7 @@ function atoken_abook($uid, $xchan_hash) {
 	if (!$r)
 		return false;
 
-	$x = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
+	$x = q("select * from atoken where atoken_uid = %d and atoken_guid = '%s'",
 		intval($uid),
 		dbesc(substr($xchan_hash, 17))
 	);
-- 
cgit v1.2.3