From cd4e381aa146dd185021c86ac1ecc9755fa81453 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Mon, 19 Nov 2012 20:45:12 -0800
Subject: "heavy lifting" - zot messages flowing, now just need to be parsed
 and stored at the other end.

---
 mod/post.php | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 84 insertions(+), 9 deletions(-)

(limited to 'mod')

diff --git a/mod/post.php b/mod/post.php
index 320e9fdd9..bdb50ac48 100644
--- a/mod/post.php
+++ b/mod/post.php
@@ -13,18 +13,85 @@ function post_post(&$a) {
 
 	$ret = array('result' => false);
 
-	if(array_key_exists('iv',$_REQUEST)) {
-		// hush-hush ultra top secret mode
-		$data = json_decode(aes_unencapsulate($_REQUEST['data'],get_config('system','site_prvkey')),true);
-	}
-	else {
-		$data = json_decode($_REQUEST['data'],true);
-	}
+	$data = json_decode($_REQUEST['data'],true);
 
+	logger('mod_zot: data: ' . print_r($data,true), LOGGER_DATA);
+
+	if(array_key_exists('iv',$data)) {
+		$data = aes_unencapsulate($data,get_config('system','prvkey'));
+		logger('mod_zot: decrypt1: ' . $data);
+		$data = json_decode($data,true);
+	}
 
+	logger('mod_zot: decoded data: ' . print_r($data,true), LOGGER_DATA);
 
 	$msgtype = ((array_key_exists('type',$data)) ? $data['type'] : '');
 
+
+	if($msgtype === 'pickup') {
+
+		if((! $data['secret']) || (! $data['secret_sig'])) {
+			$ret['message'] = 'no verification signature';
+			logger('mod_zot: pickup: ' . $ret['message']);
+			json_return_and_die($ret);
+		}
+		$r = q("select hubloc_sitekey from hubloc where hubloc_url = '%s' and hubloc_callback = '%s' and hubloc_sitekey != '' limit 1",
+			dbesc($data['url']),
+			dbesc($data['callback'])
+		);
+		if(! $r) {
+			$ret['message'] = 'site not found';
+			logger('mod_zot: pickup: ' . $ret['message']);
+			json_return_and_die($ret);
+		}
+		// verify the url_sig
+		$sitekey = $r[0]['hubloc_sitekey'];
+		logger('sitekey: ' . $sitekey);
+
+		if(! rsa_verify($data['callback'],base64url_decode($data['callback_sig']),$sitekey)) {
+			$ret['message'] = 'possible site forgery';
+			logger('mod_zot: pickup: ' . $ret['message']);
+			json_return_and_die($ret);
+		}
+
+		if(! rsa_verify($data['secret'],base64url_decode($data['secret_sig']),$sitekey)) {
+			$ret['message'] = 'secret validation failed';
+			logger('mod_zot: pickup: ' . $ret['message']);
+			json_return_and_die($ret);
+		}
+
+		// If we made it to here, we've got a valid pickup. Grab everything for this host and send it.
+
+		$r = q("select outq_posturl from outq where outq_hash = '%s' and outq_posturl = '%s' limit 1",
+			dbesc($data['secret']),
+			dbesc($data['callback'])
+		);
+		if(! $r) {
+			$ret['message'] = 'nothing to pick up';
+			logger('mod_zot: pickup: ' . $ret['message']);
+			json_return_and_die($ret);
+		}
+
+		$r = q("select * from outq where outq_posturl = '%s'",
+			dbesc($data['callback'])
+		);
+		if($r) {
+			$ret['success'] = true;
+			$ret['pickup'] = array();
+			foreach($r as $rr) {
+				$ret['pickup'][] = array('notify' => $rr['outq_notify'],'message' => $rr['outq_msg']);
+
+				$x = q("delete from outq where outq_hash = '%s' limit 1",
+					dbesc($rr['outq_hash'])
+				);
+			}
+		}
+		$encrypted = aes_encapsulate(json_encode($ret),$sitekey);
+		json_return_and_die($encrypted);
+	}
+
+
+
 	if(array_key_exists('sender',$data)) {
 		$sender = $data['sender'];
 	}	
@@ -84,8 +151,16 @@ function post_post(&$a) {
 	}
 
 	if($msgtype === 'notify') {
-		// add to receive queue
-		// qreceive_add($data);
+		$async = get_config('system','queued_fetch');
+
+		
+		if($async) {
+			// add to receive queue
+			// qreceive_add($data);
+		}
+		else {
+			$x = zot_fetch($data);
+		}
 
 		$ret['result'] = true;
 		json_return_and_die($ret);
-- 
cgit v1.2.3