X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fsalmon.php;h=3c62a6d8c556bb6eff1676e8987ad601fd69b567;hb=9513f1f1668a33be3fc2b241fe3662e9de42d84b;hp=74377f9e941a70ba8afbda205b3089732955727a;hpb=b41218ca303b9fd8258fd613915d3c4b9fd411c0;p=friendica.git diff --git a/mod/salmon.php b/mod/salmon.php index 74377f9e94..3c62a6d8c5 100644 --- a/mod/salmon.php +++ b/mod/salmon.php @@ -12,11 +12,12 @@ require_once('simplepie/simplepie.inc'); function salmon_return($val) { - if($val >= 500) + if($val >= 400) $err = 'Error'; - if($val == 200) + if($val >= 200 && $val < 300) $err = 'OK'; - + + logger('mod-salmon returns ' . $val); header($_SERVER["SERVER_PROTOCOL"] . ' ' . $val . ' ' . $err); killme(); @@ -25,10 +26,8 @@ function salmon_return($val) { function salmon_post(&$a) { $xml = file_get_contents('php://input'); - - $debugging = get_config('system','debugging'); - if($debugging) - file_put_contents('salmon.out','New Salmon: ' . $xml . "\n",FILE_APPEND); + + logger('mod-salmon: new salmon ' . $xml); $nick = (($a->argc > 1) ? notags(trim($a->argv[1])) : ''); $mentions = (($a->argc > 2 && $a->argv[2] === 'mention') ? true : false); @@ -45,10 +44,6 @@ function salmon_post(&$a) { $dom = simplexml_load_string($xml,'SimpleXMLElement',0,NAMESPACE_SALMON_ME); - - if($debugging) - file_put_contents('salmon.out', "\n" . print_r($dom,true) . "\n" , FILE_APPEND); - // figure out where in the DOM tree our data is hiding if($dom->provenance->data) @@ -59,9 +54,8 @@ function salmon_post(&$a) { $base = $dom; if(! $base) { - if($debugging) - file_put_contents('salmon.out', "\n" . 'Unable to find salmon data in XML' . "\n" , FILE_APPEND); - salmon_return(500); + logger('mod-salmon: unable to locate salmon data in xml '); + salmon_return(400); } // Stash the signature away for now. We have to find their key or it won't be good for anything. @@ -69,9 +63,6 @@ function salmon_post(&$a) { $signature = base64url_decode($base->sig); - if($debugging) - file_put_contents('salmon.out', "\n" . 'Encoded Signature: ' . $base->sig . "\n" , FILE_APPEND); - // unpack the data // strip whitespace so our data element will return to one big base64 blob @@ -104,9 +95,7 @@ function salmon_post(&$a) { $feedxml = $tpl . $base . ''; - if($debugging) { - file_put_contents('salmon.out', 'Processed feed: ' . $feedxml . "\n", FILE_APPEND); - } + logger('mod-salmon: Processed feed: ' . $feedxml); // Now parse it like a normal atom feed to scrape out the author URI @@ -115,10 +104,7 @@ function salmon_post(&$a) { $feed->enable_order_by_date(false); $feed->init(); - if($debugging) { - file_put_contents('salmon.out', "\n" . 'Feed parsed.' . "\n", FILE_APPEND); - } - + logger('mod-salmon: Feed parsed.'); if($feed->get_item_quantity()) { foreach($feed->get_items() as $item) { @@ -129,23 +115,20 @@ function salmon_post(&$a) { } if(! $author_link) { - if($debugging) - file_put_contents('salmon.out',"\n" . 'Could not retrieve author URI.' . "\n", FILE_APPEND); - salmon_return(500); + logger('mod-salmon: Could not retrieve author URI.'); + salmon_return(400); } // Once we have the author URI, go to the web and try to find their public key - if($debugging) { - file_put_contents('salmon.out', "\n" . 'Fetching key for ' . $author_link . "\n", FILE_APPEND); - } + logger('mod-salmon: Fetching key for ' . $author_link ); + $key = get_salmon_key($author_link,$keyhash); if(! $key) { - if($debugging) - file_put_contents('salmon.out',"\n" . 'Could not retrieve author key.' . "\n", FILE_APPEND); - salmon_return(500); + logger('mod-salmon: Could not retrieve author key.'); + salmon_return(400); } // Setup RSA stuff to verify the signature @@ -159,8 +142,7 @@ function salmon_post(&$a) { $m = base64url_decode($key_info[1]); $e = base64url_decode($key_info[2]); - if($debugging) - file_put_contents('salmon.out',"\n" . print_r($key_info,true) . "\n", FILE_APPEND); + logger('mod-salmon: key details: ' . print_r($key_info,true)); $rsa = new CRYPT_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; @@ -176,17 +158,17 @@ function salmon_post(&$a) { $verify = $rsa->verify($signed_data,$signature); - if(! $verify) + if(! $verify) { + logger('mod-salmon: message did not verify using protocol. Trying statusnet hack.'); $verify = $rsa->verify($stnet_signed_data,$signature); + } if(! $verify) { - if($debugging) - file_put_contents('salmon.out',"\n" . 'Message did not verify. Discarding.' . "\n", FILE_APPEND); - salmon_return(500); + logger('mod-salmon: Message did not verify. Discarding.'); + salmon_return(400); } - if($debugging) - file_put_contents('salmon.out',"\n" . 'Message verified.' . "\n", FILE_APPEND); + logger('mod-salmon: Message verified.'); /* @@ -195,17 +177,20 @@ function salmon_post(&$a) { * */ - $r = q("SELECT * FROM `contact` WHERE `network` = 'stat' AND ( `url` = '%s' OR `lrdd` = '%s') AND `uid` = %d - AND `readonly` = 0 LIMIT 1", + $r = q("SELECT * FROM `contact` WHERE `network` = 'stat' AND ( `url` = '%s' OR `lrdd` = '%s') + AND `uid` = %d LIMIT 1", dbesc($author_link), dbesc($author_link), intval($importer['uid']) ); if(! count($r)) { - if($debugging) - file_put_contents('salmon.out',"\n" . 'Author unknown to us.' . "\n", FILE_APPEND); - + logger('mod-salmon: Author unknown to us.'); } + if((count($r)) && ($r[0]['readonly'])) { + logger('mod-salmon: Ignoring this author.'); + salmon_return(202); + // NOTREACHED + } require_once('include/items.php');