1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<?php
function zfinger_init(&$a) {
require_once('include/zot.php');
require_once('include/crypto.php');
$ret = array('success' => false);
$zhash = ((x($_REQUEST,'guid_hash')) ? $_REQUEST['guid_hash'] : '');
$zguid = ((x($_REQUEST,'guid')) ? $_REQUEST['guid'] : '');
$zguid_sig = ((x($_REQUEST,'guid_sig')) ? $_REQUEST['guid_sig'] : '');
$zaddr = ((x($_REQUEST,'address')) ? $_REQUEST['address'] : '');
$ztarget = ((x($_REQUEST,'target')) ? $_REQUEST['target'] : '');
$zsig = ((x($_REQUEST,'target_sig')) ? $_REQUEST['target_sig'] : '');
$zkey = ((x($_REQUEST,'key')) ? $_REQUEST['key'] : '');
if($ztarget) {
if((! $zkey) || (! $zsig) || (! rsa_verify($ztarget,base64url_decode($zsig),$zkey))) {
logger('zfinger: invalid target signature');
$ret['message'] = t("invalid target signature");
json_return_and_die($ret);
}
}
$r = null;
if(strlen($zhash)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
where channel_hash = '%s' limit 1",
dbesc($zhash)
);
}
if(strlen($zguid) && strlen($zguid_sig)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
where channel_guid = '%s' and channel_guid_sig = '%s' limit 1",
dbesc($zguid),
dbesc($zguid_sig)
);
}
elseif(strlen($zaddr)) {
$r = q("select channel.*, xchan.* from channel left join xchan on channel_hash = xchan_hash
where channel_address = '%s' limit 1",
dbesc($zaddr)
);
}
else {
$ret['message'] = 'Invalid request';
json_return_and_die($ret);
}
if(! $r) {
$ret['message'] = 'Item not found.';
json_return_and_die($ret);
}
$e = $r[0];
$id = $e['channel_id'];
// This is for birthdays and keywords, but must check access permissions
// $r = q("select contact.*, profile.*
// from contact left join profile on contact.uid = profile.uid
// where contact.uid = %d && contact.self = 1 and profile.is_default = 1 limit 1",
// intval($id)
// );
// if($r && count($r)) {
// $profile = $r[0];
// }
$ret['success'] = true;
// Communication details
$ret['guid'] = $e['xchan_guid'];
$ret['guid_sig'] = $e['xchan_guid_sig'];
$ret['key'] = $e['xchan_pubkey'];
$ret['name'] = $e['xchan_name'];
$ret['name_updated'] = $e['xchan_name_date'];
$ret['address'] = $e['xchan_addr'];
$ret['photo_mimetype'] = $e['xchan_photo_mimetype'];
$ret['photo'] = $e['xchan_photo_l'];
$ret['photo_updated'] = $e['xchan_photo_date'];
$ret['url'] = $e['xchan_url'];
$ret['name_updated'] = $e['xchan_name_date'];
$ret['target'] = $ztarget;
$ret['target_sig'] = $zsig;
// FIXME encrypt permissions when targeted so that only the target can view them, requires sending the pubkey and also checking that the target_sig is signed with that pubkey and isn't a forgery.
$permissions = get_all_perms($e['channel_id'],(($ztarget && $zsig)
? base64url_encode(hash('whirlpool',$ztarget . $zsig,true))
: '' ),false);
$ret['permissions'] = (($ztarget) ? aes_encapsulate(json_encode($permissions),$zkey) : $permissions);
// $ret['profile'] = $profile;
// array of (verified) hubs this channel uses
$ret['locations'] = array();
$x = zot_get_hubloc(array($e['channel_hash']));
if($x && count($x)) {
foreach($x as $hub) {
if(! ($hub['hubloc_flags'] & HUBLOC_FLAGS_UNVERIFIED)) {
$ret['locations'][] = array(
'host' => $hub['hubloc_host'],
'address' => $hub['hubloc_addr'],
'primary' => (($hub['hubloc_flags'] & HUBLOC_FLAGS_PRIMARY) ? true : false),
'url' => $hub['hubloc_url'],
'url_sig' => $hub['hubloc_url_sig'],
'callback' => $hub['hubloc_callback'],
'sitekey' => $hub['hubloc_sitekey']
);
}
}
}
json_return_and_die($ret);
}
|
