3 * StatusNet - the distributed open-source microblogging tool
4 * Copyright (C) 2009-2010, StatusNet, Inc.
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU Affero General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU Affero General Public License for more details.
16 * You should have received a copy of the GNU Affero General Public License
17 * along with this program. If not, see <http://www.gnu.org/licenses/>.
20 if (!defined('STATUSNET')) {
25 * @package OStatusPlugin
26 * @maintainer Brion Vibber <brion@status.net>
30 PuSH subscription flow:
33 generate random verification token
35 sends a sub request to the hub...
38 hub sends confirmation back to us via GET
39 We verify the request, then echo back the challenge.
40 On our end, we save the time we subscribed and the lease expiration
43 hub sends us updates via POST
46 class FeedDBException extends FeedSubException
50 function __construct($obj)
52 parent::__construct('Database insert failure');
58 * FeedSub handles low-level PubHubSubbub (PuSH) subscriptions.
59 * Higher-level behavior building OStatus stuff on top is handled
60 * under Ostatus_profile.
62 class FeedSub extends Managed_DataObject
64 public $__table = 'feedsub';
69 // PuSH subscription data
73 public $sub_state; // subscribe, active, unsubscribe, inactive
82 * return table definition for DB_DataObject
84 * DB_DataObject needs to know something about the table to manipulate
85 * instances. This method provides all the DB_DataObject needs to know.
87 * @return array array of column definitions
91 return array('id' => DB_DATAOBJECT_INT + DB_DATAOBJECT_NOTNULL,
92 'uri' => DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL,
93 'huburi' => DB_DATAOBJECT_STR,
94 'secret' => DB_DATAOBJECT_STR,
95 'verify_token' => DB_DATAOBJECT_STR,
96 'sub_state' => DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL,
97 'sub_start' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME,
98 'sub_end' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME,
99 'last_update' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME,
100 'created' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME + DB_DATAOBJECT_NOTNULL,
101 'modified' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME + DB_DATAOBJECT_NOTNULL);
104 static function schemaDef()
106 return array(new ColumnDef('id', 'integer',
112 /*auto_increment*/ true),
113 new ColumnDef('uri', 'varchar',
115 new ColumnDef('huburi', 'text',
117 new ColumnDef('verify_token', 'text',
119 new ColumnDef('secret', 'text',
121 new ColumnDef('sub_state', "enum('subscribe','active','unsubscribe','inactive')",
123 new ColumnDef('sub_start', 'datetime',
125 new ColumnDef('sub_end', 'datetime',
127 new ColumnDef('last_update', 'datetime',
129 new ColumnDef('created', 'datetime',
131 new ColumnDef('modified', 'datetime',
136 * return key definitions for DB_DataObject
138 * DB_DataObject needs to know about keys that the table has; this function
141 * @return array key definitions
145 return array_keys($this->keyTypes());
149 * return key definitions for Memcached_DataObject
151 * Our caching system uses the same key definitions, but uses a different
152 * method to get them.
154 * @return array key definitions
158 return array('id' => 'K', 'uri' => 'U');
161 function sequenceKey()
163 return array('id', true, false);
167 * Fetch the StatusNet-side profile for this feed
170 public function localProfile()
172 if ($this->profile_id) {
173 return Profile::staticGet('id', $this->profile_id);
179 * Fetch the StatusNet-side profile for this feed
182 public function localGroup()
184 if ($this->group_id) {
185 return User_group::staticGet('id', $this->group_id);
191 * @param string $feeduri
193 * @throws FeedSubException if feed is invalid or lacks PuSH setup
195 public static function ensureFeed($feeduri)
197 $current = self::staticGet('uri', $feeduri);
202 $discover = new FeedDiscovery();
203 $discover->discoverFromFeedURL($feeduri);
205 $huburi = $discover->getHubLink();
206 if (!$huburi && !common_config('feedsub', 'fallback_hub')) {
207 throw new FeedSubNoHubException();
210 $feedsub = new FeedSub();
211 $feedsub->uri = $feeduri;
212 $feedsub->huburi = $huburi;
213 $feedsub->sub_state = 'inactive';
215 $feedsub->created = common_sql_now();
216 $feedsub->modified = common_sql_now();
218 $result = $feedsub->insert();
219 if (empty($result)) {
220 throw new FeedDBException($feedsub);
227 * Send a subscription request to the hub for this feed.
228 * The hub will later send us a confirmation POST to /main/push/callback.
230 * @return bool true on success, false on failure
231 * @throws ServerException if feed state is not valid
233 public function subscribe($mode='subscribe')
235 if ($this->sub_state && $this->sub_state != 'inactive') {
236 common_log(LOG_WARNING, "Attempting to (re)start PuSH subscription to $this->uri in unexpected state $this->sub_state");
238 if (empty($this->huburi)) {
239 if (common_config('feedsub', 'fallback_hub')) {
240 // No native hub on this feed?
241 // Use our fallback hub, which handles polling on our behalf.
242 } else if (common_config('feedsub', 'nohub')) {
243 // Fake it! We're just testing remote feeds w/o hubs.
244 // We'll never actually get updates in this mode.
247 // TRANS: Server exception.
248 throw new ServerException(_m('Attempting to start PuSH subscription for feed with no hub.'));
252 return $this->doSubscribe('subscribe');
256 * Send a PuSH unsubscription request to the hub for this feed.
257 * The hub will later send us a confirmation POST to /main/push/callback.
258 * Warning: this will cancel the subscription even if someone else in
259 * the system is using it. Most callers will want garbageCollect() instead,
260 * which confirms there's no uses left.
262 * @return bool true on success, false on failure
263 * @throws ServerException if feed state is not valid
265 public function unsubscribe() {
266 if ($this->sub_state != 'active') {
267 common_log(LOG_WARNING, "Attempting to (re)end PuSH subscription to $this->uri in unexpected state $this->sub_state");
269 if (empty($this->huburi)) {
270 if (common_config('feedsub', 'fallback_hub')) {
271 // No native hub on this feed?
272 // Use our fallback hub, which handles polling on our behalf.
273 } else if (common_config('feedsub', 'nohub')) {
274 // Fake it! We're just testing remote feeds w/o hubs.
275 // We'll never actually get updates in this mode.
278 // TRANS: Server exception.
279 throw new ServerException(_m('Attempting to end PuSH subscription for feed with no hub.'));
283 return $this->doSubscribe('unsubscribe');
287 * Check if there are any active local uses of this feed, and if not then
288 * make sure it's inactive, unsubscribing if necessary.
290 * @return boolean true if the subscription is now inactive, false if still active.
292 public function garbageCollect()
294 if ($this->sub_state == '' || $this->sub_state == 'inactive') {
295 // No active PuSH subscription, we can just leave it be.
298 // PuSH subscription is either active or in an indeterminate state.
299 // Check if we're out of subscribers, and if so send an unsubscribe.
301 Event::handle('FeedSubSubscriberCount', array($this, &$count));
304 common_log(LOG_INFO, __METHOD__ . ': ok, ' . $count . ' user(s) left for ' . $this->uri);
307 common_log(LOG_INFO, __METHOD__ . ': unsubscribing, no users left for ' . $this->uri);
308 return $this->unsubscribe();
313 protected function doSubscribe($mode)
315 $orig = clone($this);
316 $this->verify_token = common_good_rand(16);
317 if ($mode == 'subscribe') {
318 $this->secret = common_good_rand(32);
320 $this->sub_state = $mode;
321 $this->update($orig);
325 $callback = common_local_url('pushcallback', array('feed' => $this->id));
326 $headers = array('Content-Type: application/x-www-form-urlencoded');
327 $post = array('hub.mode' => $mode,
328 'hub.callback' => $callback,
329 'hub.verify' => 'sync',
330 'hub.verify_token' => $this->verify_token,
331 'hub.secret' => $this->secret,
332 'hub.topic' => $this->uri);
333 $client = new HTTPClient();
335 $hub = $this->huburi;
337 if (common_config('feedsub', 'fallback_hub')) {
338 $hub = common_config('feedsub', 'fallback_hub');
339 if (common_config('feedsub', 'hub_user')) {
340 $u = common_config('feedsub', 'hub_user');
341 $p = common_config('feedsub', 'hub_pass');
342 $client->setAuth($u, $p);
345 throw new FeedSubException('WTF?');
348 $response = $client->post($hub, $headers, $post);
349 $status = $response->getStatus();
350 if ($status == 202) {
351 common_log(LOG_INFO, __METHOD__ . ': sub req ok, awaiting verification callback');
353 } else if ($status == 204) {
354 common_log(LOG_INFO, __METHOD__ . ': sub req ok and verified');
356 } else if ($status >= 200 && $status < 300) {
357 common_log(LOG_ERR, __METHOD__ . ": sub req returned unexpected HTTP $status: " . $response->getBody());
360 common_log(LOG_ERR, __METHOD__ . ": sub req failed with HTTP $status: " . $response->getBody());
363 } catch (Exception $e) {
365 common_log(LOG_ERR, __METHOD__ . ": error \"{$e->getMessage()}\" hitting hub $this->huburi subscribing to $this->uri");
367 $orig = clone($this);
368 $this->verify_token = '';
369 $this->sub_state = 'inactive';
370 $this->update($orig);
378 * Save PuSH subscription confirmation.
379 * Sets approximate lease start and end times and finalizes state.
381 * @param int $lease_seconds provided hub.lease_seconds parameter, if given
383 public function confirmSubscribe($lease_seconds=0)
385 $original = clone($this);
387 $this->sub_state = 'active';
388 $this->sub_start = common_sql_date(time());
389 if ($lease_seconds > 0) {
390 $this->sub_end = common_sql_date(time() + $lease_seconds);
392 $this->sub_end = null;
394 $this->modified = common_sql_now();
396 return $this->update($original);
400 * Save PuSH unsubscription confirmation.
401 * Wipes active PuSH sub info and resets state.
403 public function confirmUnsubscribe()
405 $original = clone($this);
407 // @fixme these should all be null, but DB_DataObject doesn't save null values...?????
408 $this->verify_token = '';
410 $this->sub_state = '';
411 $this->sub_start = '';
413 $this->modified = common_sql_now();
415 return $this->update($original);
419 * Accept updates from a PuSH feed. If validated, this object and the
420 * feed (as a DOMDocument) will be passed to the StartFeedSubHandleFeed
421 * and EndFeedSubHandleFeed events for processing.
423 * Not guaranteed to be running in an immediate POST context; may be run
424 * from a queue handler.
426 * Side effects: the feedsub record's lastupdate field will be updated
427 * to the current time (not published time) if we got a legit update.
429 * @param string $post source of Atom or RSS feed
430 * @param string $hmac X-Hub-Signature header, if present
432 public function receive($post, $hmac)
434 common_log(LOG_INFO, __METHOD__ . ": packet for \"$this->uri\"! $hmac $post");
436 if ($this->sub_state != 'active') {
437 common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH for inactive feed $this->uri (in state '$this->sub_state')");
442 common_log(LOG_ERR, __METHOD__ . ": ignoring empty post");
446 if (!$this->validatePushSig($post, $hmac)) {
447 // Per spec we silently drop input with a bad sig,
448 // while reporting receipt to the server.
452 $feed = new DOMDocument();
453 if (!$feed->loadXML($post)) {
454 // @fixme might help to include the err message
455 common_log(LOG_ERR, __METHOD__ . ": ignoring invalid XML");
459 $orig = clone($this);
460 $this->last_update = common_sql_now();
461 $this->update($orig);
463 Event::handle('StartFeedSubReceive', array($this, $feed));
464 Event::handle('EndFeedSubReceive', array($this, $feed));
468 * Validate the given Atom chunk and HMAC signature against our
469 * shared secret that was set up at subscription time.
471 * If we don't have a shared secret, there should be no signature.
472 * If we we do, our the calculated HMAC should match theirs.
474 * @param string $post raw XML source as POSTed to us
475 * @param string $hmac X-Hub-Signature HTTP header value, or empty
476 * @return boolean true for a match
478 protected function validatePushSig($post, $hmac)
481 if (preg_match('/^sha1=([0-9a-fA-F]{40})$/', $hmac, $matches)) {
482 $their_hmac = strtolower($matches[1]);
483 $our_hmac = hash_hmac('sha1', $post, $this->secret);
484 if ($their_hmac === $our_hmac) {
487 if (common_config('feedsub', 'debug')) {
488 $tempfile = tempnam(sys_get_temp_dir(), 'feedsub-receive');
490 file_put_contents($tempfile, $post);
492 common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with bad SHA-1 HMAC: got $their_hmac, expected $our_hmac for feed $this->uri on $this->huburi; saved to $tempfile");
494 common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with bad SHA-1 HMAC: got $their_hmac, expected $our_hmac for feed $this->uri on $this->huburi");
497 common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with bogus HMAC '$hmac'");
503 common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with unexpected HMAC '$hmac'");