]> git.mxchange.org Git - friendica.git/blob - mod/pubsubhubbub.php
The central item fetch does work now and the API now uses these functions
[friendica.git] / mod / pubsubhubbub.php
1 <?php
2
3 use Friendica\App;
4 use Friendica\Core\Config;
5 use Friendica\Core\System;
6 use Friendica\Database\DBM;
7 use Friendica\Util\Network;
8 use Friendica\Model\PushSubscriber;
9
10 function post_var($name) {
11         return (x($_POST, $name)) ? notags(trim($_POST[$name])) : '';
12 }
13
14 function pubsubhubbub_init(App $a) {
15         // PuSH subscription must be considered "public" so just block it
16         // if public access isn't enabled.
17         if (Config::get('system', 'block_public')) {
18                 System::httpExit(403);
19         }
20
21         // Subscription request from subscriber
22         // https://pubsubhubbub.googlecode.com/git/pubsubhubbub-core-0.4.html#anchor4
23         // Example from GNU Social:
24         // [hub_mode] => subscribe
25         // [hub_callback] => http://status.local/main/push/callback/1
26         // [hub_verify] => sync
27         // [hub_verify_token] => af11...
28         // [hub_secret] => af11...
29         // [hub_topic] => http://friendica.local/dfrn_poll/sazius
30
31         if ($_SERVER['REQUEST_METHOD'] === 'POST') {
32                 $hub_mode = post_var('hub_mode');
33                 $hub_callback = post_var('hub_callback');
34                 $hub_verify = post_var('hub_verify');
35                 $hub_verify_token = post_var('hub_verify_token');
36                 $hub_secret = post_var('hub_secret');
37                 $hub_topic = post_var('hub_topic');
38
39                 // check for valid hub_mode
40                 if ($hub_mode === 'subscribe') {
41                         $subscribe = 1;
42                 } elseif ($hub_mode === 'unsubscribe') {
43                         $subscribe = 0;
44                 } else {
45                         logger("Invalid hub_mode=$hub_mode, ignoring.");
46                         System::httpExit(404);
47                 }
48
49                 logger("$hub_mode request from " . $_SERVER['REMOTE_ADDR']);
50
51                 // get the nick name from the topic, a bit hacky but needed as a fallback
52                 $nick = substr(strrchr($hub_topic, "/"), 1);
53
54                 // Normally the url should now contain the nick name as last part of the url
55                 if ($a->argc > 1) {
56                         $nick = $a->argv[1];
57                 }
58
59                 if (!$nick) {
60                         logger('Bad hub_topic=$hub_topic, ignoring.');
61                         System::httpExit(404);
62                 }
63
64                 // fetch user from database given the nickname
65                 $condition = ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false];
66                 $owner = dba::selectFirst('user', ['uid', 'hidewall'], $condition);
67                 if (!DBM::is_result($owner)) {
68                         logger('Local account not found: ' . $nick . ' - topic: ' . $hub_topic . ' - callback: ' . $hub_callback);
69                         System::httpExit(404);
70                 }
71
72                 // abort if user's wall is supposed to be private
73                 if ($owner['hidewall']) {
74                         logger('Local user ' . $nick . 'has chosen to hide wall, ignoring.');
75                         System::httpExit(403);
76                 }
77
78                 // get corresponding row from contact table
79                 $condition = ['uid' => $owner['uid'], 'blocked' => false,
80                         'pending' => false, 'self' => true];
81                 $contact = dba::selectFirst('contact', ['poll'], $condition);
82                 if (!DBM::is_result($contact)) {
83                         logger('Self contact for user ' . $owner['uid'] . ' not found.');
84                         System::httpExit(404);
85                 }
86
87                 // sanity check that topic URLs are the same
88                 $hub_topic2 = str_replace('/feed/', '/dfrn_poll/', $hub_topic);
89                 if (!link_compare($hub_topic, $contact['poll']) && !link_compare($hub_topic2, $contact['poll'])) {
90                         logger('Hub topic ' . $hub_topic . ' != ' . $contact['poll']);
91                         System::httpExit(404);
92                 }
93
94                 // do subscriber verification according to the PuSH protocol
95                 $hub_challenge = random_string(40);
96                 $params = 'hub.mode=' .
97                         ($subscribe == 1 ? 'subscribe' : 'unsubscribe') .
98                         '&hub.topic=' . urlencode($hub_topic) .
99                         '&hub.challenge=' . $hub_challenge .
100                         '&hub.lease_seconds=604800' .
101                         '&hub.verify_token=' . $hub_verify_token;
102
103                 // lease time is hard coded to one week (in seconds)
104                 // we don't actually enforce the lease time because GNU
105                 // Social/StatusNet doesn't honour it (yet)
106
107                 $body = Network::fetchUrl($hub_callback . "?" . $params);
108                 $ret = $a->get_curl_code();
109
110                 // give up if the HTTP return code wasn't a success (2xx)
111                 if ($ret < 200 || $ret > 299) {
112                         logger("Subscriber verification for $hub_topic at $hub_callback returned $ret, ignoring.");
113                         System::httpExit(404);
114                 }
115
116                 // check that the correct hub_challenge code was echoed back
117                 if (trim($body) !== $hub_challenge) {
118                         logger("Subscriber did not echo back hub.challenge, ignoring.");
119                         logger("\"$hub_challenge\" != \"".trim($body)."\"");
120                         System::httpExit(404);
121                 }
122
123                 PushSubscriber::renew($owner['uid'], $nick, $subscribe, $hub_callback, $hub_topic, $hub_secret);
124
125                 System::httpExit(202);
126         }
127         killme();
128 }