From 08f054130f5a57e2928e129131e7609271ec7f40 Mon Sep 17 00:00:00 2001 From: friendica Date: Tue, 24 Feb 2015 16:36:27 -0800 Subject: require access token to view, query, or join directories in private realms, if the realm is so configured. --- mod/directory.php | 8 ++++++-- mod/dirsearch.php | 10 +++++++++- mod/regdir.php | 28 ++++++++++++++++++++++++++-- 3 files changed, 41 insertions(+), 5 deletions(-) (limited to 'mod') diff --git a/mod/directory.php b/mod/directory.php index 329e255cf..bc5aa41e2 100644 --- a/mod/directory.php +++ b/mod/directory.php @@ -92,6 +92,9 @@ function directory_content(&$a) { $url = $directory['url'] . '/dirsearch'; } + $token = get_config('system','realm_token'); + + logger('mod_directory: URL = ' . $url, LOGGER_DEBUG); $contacts = array(); @@ -106,8 +109,6 @@ function directory_content(&$a) { } } - - if($url) { // We might want to make the tagadelic count (&kw=) configurable or turn it off completely. @@ -116,6 +117,9 @@ function directory_content(&$a) { $kw = ((intval($numtags)) ? $numtags : 24); $query = $url . '?f=&kw=' . $kw . (($safe_mode != 1) ? '&safe=' . $safe_mode : ''); + if($token) + $query .= '&t=' . $token; + if($search) $query .= '&name=' . urlencode($search) . '&keywords=' . urlencode($search); if(strpos($search,'@')) diff --git a/mod/dirsearch.php b/mod/dirsearch.php index 5a0a7cee8..12abfafb8 100644 --- a/mod/dirsearch.php +++ b/mod/dirsearch.php @@ -13,7 +13,6 @@ function dirsearch_content(&$a) { $ret = array('success' => false); - $dirmode = intval(get_config('system','directory_mode')); if($dirmode == DIRECTORY_MODE_NORMAL) { @@ -21,6 +20,15 @@ function dirsearch_content(&$a) { json_return_and_die($ret); } + $access_token = $_REQUEST['t']; + + $token = get_config('system','realm_token'); + if($token && $access_token != $token) { + $result['message'] = t('This directory server requires an access token'); + return; + } + + if(argc() > 1 && argv(1) === 'sites') { $ret = list_public_sites(); json_return_and_die($ret); diff --git a/mod/regdir.php b/mod/regdir.php index f24ee3951..f12659dad 100644 --- a/mod/regdir.php +++ b/mod/regdir.php @@ -18,7 +18,8 @@ function regdir_init(&$a) { $result = array('success' => false); $url = $_REQUEST['url']; - + $access_token = $_REQUEST['t']; + $valid = 0; // we probably don't need the realm as we will find out in the probe. // What we may want to die is throw an error if you're trying to register in a different realm @@ -28,6 +29,18 @@ function regdir_init(&$a) { if(! $realm) $realm = DIRECTORY_REALM; + if($realm === DIRECTORY_REALM) { + $valid = 1; + } + else { + $token = get_config('system','realm_token'); + if($token && $access_token != $token) { + $result['message'] = 'This realm requires an access token'; + return; + } + $valid = 1; + } + $dirmode = intval(get_config('system','directory_mode')); if($dirmode == DIRECTORY_MODE_NORMAL) { @@ -56,14 +69,25 @@ function regdir_init(&$a) { } } + q("update site set site_valid = %d where site_url = '%s' limit 1", + intval($valid), + strtolower($url) + ); + json_return_and_die($result); } else { + + // We can put this in the sql without the condition after 31 march 2015 assuming + // most directory servers will have updated by then + // This just makes sure it happens if I forget + + $sql_extra = ((datetime_convert() > datetime_convert('UTC','UTC','2015-03-31')) ? ' and site_valid = 1 ' : '' ); if($dirmode == DIRECTORY_MODE_STANDALONE) { $r = array(array('site_url' => z_root())); } else { - $r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s'", + $r = q("select site_url from site where site_flags in ( 1, 2 ) and site_realm = '%s' $sql_extra ", dbesc(get_directory_realm()) ); } -- cgit v1.2.3