From dc2e7a66b3cf9401afbc4cf425fc5a37c66d2d74 Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Mon, 14 Mar 2016 23:11:43 +0100 Subject: [PATCH] The Diaspora class is now productive --- include/diaspora.php | 4504 ++++++++++++++++++----------------------- include/diaspora2.php | 2553 ----------------------- 2 files changed, 1942 insertions(+), 5115 deletions(-) delete mode 100644 include/diaspora2.php diff --git a/include/diaspora.php b/include/diaspora.php index 11fe2c9b57..75cedeccd1 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -1,3173 +1,2553 @@ 0, "page-flags" => PAGE_FREELOVE); - $result = diaspora_dispatch($importer,$msg); - logger("Dispatcher reported ".$result, LOGGER_DEBUG); - - // Now distribute it to the followers - $r = q("SELECT `user`.* FROM `user` WHERE `user`.`uid` IN - ( SELECT `contact`.`uid` FROM `contact` WHERE `contact`.`network` = '%s' AND `contact`.`addr` = '%s' ) - AND `account_expired` = 0 AND `account_removed` = 0 ", - dbesc(NETWORK_DIASPORA), - dbesc($msg['author']) - ); - if(count($r)) { - foreach($r as $rr) { - logger('diaspora_public: delivering to: ' . $rr['username']); - diaspora_dispatch($rr,$msg); - } - } - else - logger('diaspora_public: no subscribers for '.$msg["author"].' '.print_r($msg, true)); -} - +require_once("include/items.php"); +require_once("include/bb2diaspora.php"); +require_once("include/Scrape.php"); +require_once("include/Contact.php"); +require_once("include/Photo.php"); +require_once("include/socgraph.php"); +require_once("include/group.php"); +require_once("include/xml.php"); +require_once("include/datetime.php"); +/** + * @brief This class contain functions to create and send Diaspora XML files + * + */ +class diaspora { -function diaspora_dispatch($importer,$msg,$attempt=1) { - - $ret = 0; - - $enabled = intval(get_config('system','diaspora_enabled')); - if(! $enabled) { - logger('mod-diaspora: disabled'); - return; - } - - $data = $msg; + public static function relay_list() { - // php doesn't like dashes in variable names + $serverdata = get_config("system", "relay_server"); + if ($serverdata == "") + return array(); - $msg['message'] = str_replace( - array('',''), - array('',''), - $msg['message']); + $relay = array(); + $servers = explode(",", $serverdata); - $parsed_xml = parse_xml_string($msg['message'],false); + foreach($servers AS $server) { + $server = trim($server); + $batch = $server."/receive/public"; - $xmlbase = $parsed_xml->post; + $relais = q("SELECT `batch`, `id`, `name`,`network` FROM `contact` WHERE `uid` = 0 AND `batch` = '%s' LIMIT 1", dbesc($batch)); - logger('diaspora_dispatch: ' . print_r($xmlbase,true), LOGGER_DEBUG); + if (!$relais) { + $addr = "relay@".str_replace("http://", "", normalise_link($server)); + + $r = q("INSERT INTO `contact` (`uid`, `created`, `name`, `nick`, `addr`, `url`, `nurl`, `batch`, `network`, `rel`, `blocked`, `pending`, `writable`, `name-date`, `uri-date`, `avatar-date`) + VALUES (0, '%s', '%s', 'relay', '%s', '%s', '%s', '%s', '%s', %d, 0, 0, 1, '%s', '%s', '%s')", + datetime_convert(), + dbesc($addr), + dbesc($addr), + dbesc($server), + dbesc(normalise_link($server)), + dbesc($batch), + dbesc(NETWORK_DIASPORA), + intval(CONTACT_IS_FOLLOWER), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + dbesc(datetime_convert()) + ); + $relais = q("SELECT `batch`, `id`, `name`,`network` FROM `contact` WHERE `uid` = 0 AND `batch` = '%s' LIMIT 1", dbesc($batch)); + if ($relais) + $relay[] = $relais[0]; + } else + $relay[] = $relais[0]; + } - if($xmlbase->request) { - $tempfile = tempnam(get_temppath(), "diaspora-request"); - file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_request($importer,$xmlbase->request); - } - elseif($xmlbase->status_message) { - //$tempfile = tempnam(get_temppath(), "diaspora-status_message"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_post($importer,$xmlbase->status_message,$msg); - } - elseif($xmlbase->profile) { - //$tempfile = tempnam(get_temppath(), "diaspora-profile"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_profile($importer,$xmlbase->profile,$msg); - } - elseif($xmlbase->comment) { - //$tempfile = tempnam(get_temppath(), "diaspora-comment"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_comment($importer,$xmlbase->comment,$msg); - } - elseif($xmlbase->like) { - //$tempfile = tempnam(get_temppath(), "diaspora-like"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_like($importer,$xmlbase->like,$msg); - } - elseif($xmlbase->asphoto) { - $tempfile = tempnam(get_temppath(), "diaspora-asphoto"); - file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_asphoto($importer,$xmlbase->asphoto,$msg); - } - elseif($xmlbase->reshare) { - //$tempfile = tempnam(get_temppath(), "diaspora-reshare"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_reshare($importer,$xmlbase->reshare,$msg); - } - elseif($xmlbase->retraction) { - //$tempfile = tempnam(get_temppath(), "diaspora-retraction"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_retraction($importer,$xmlbase->retraction,$msg); + return $relay; } - elseif($xmlbase->signed_retraction) { - //$tempfile = tempnam(get_temppath(), "diaspora-signed_retraction"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_signed_retraction($importer,$xmlbase->signed_retraction,$msg); - } - elseif($xmlbase->relayable_retraction) { - //$tempfile = tempnam(get_temppath(), "diaspora-relayable_retraction"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_signed_retraction($importer,$xmlbase->relayable_retraction,$msg); - } - elseif($xmlbase->photo) { - //$tempfile = tempnam(get_temppath(), "diaspora-photo"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_photo($importer,$xmlbase->photo,$msg,$attempt); - } - elseif($xmlbase->conversation) { - $tempfile = tempnam(get_temppath(), "diaspora-conversation"); - file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_conversation($importer,$xmlbase->conversation,$msg); - } - elseif($xmlbase->message) { - $tempfile = tempnam(get_temppath(), "diaspora-message"); - file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_message($importer,$xmlbase->message,$msg); - } - elseif($xmlbase->participation) { - //$tempfile = tempnam(get_temppath(), "diaspora-participation"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_participation($importer,$xmlbase->participation); - } - elseif($xmlbase->poll_participation) { - //$tempfile = tempnam(get_temppath(), "diaspora-poll_participation"); - //file_put_contents($tempfile, json_encode($data)); - $ret = diaspora_participation($importer,$xmlbase->poll_participation); - } - else { - $tempfile = tempnam(get_temppath(), "diaspora-unknown"); - file_put_contents($tempfile, json_encode($data)); - logger('diaspora_dispatch: unknown message type: ' . print_r($xmlbase,true)); - } - return $ret; -} - -function diaspora_handle_from_contact($contact_id) { - $handle = False; - - logger("diaspora_handle_from_contact: contact id is " . $contact_id, LOGGER_DEBUG); - $r = q("SELECT network, addr, self, url, nick FROM contact WHERE id = %d", - intval($contact_id) - ); - if($r) { - $contact = $r[0]; + function repair_signature($signature, $handle = "", $level = 1) { - logger("diaspora_handle_from_contact: contact 'self' = " . $contact['self'] . " 'url' = " . $contact['url'], LOGGER_DEBUG); + if ($signature == "") + return ($signature); - if($contact['network'] === NETWORK_DIASPORA) { - $handle = $contact['addr']; + if (base64_encode(base64_decode(base64_decode($signature))) == base64_decode($signature)) { + $signature = base64_decode($signature); + logger("Repaired double encoded signature from Diaspora/Hubzilla handle ".$handle." - level ".$level, LOGGER_DEBUG); -// logger("diaspora_handle_from_contact: contact id is a Diaspora person, handle = " . $handle, LOGGER_DEBUG); + // Do a recursive call to be able to fix even multiple levels + if ($level < 10) + $signature = self::repair_signature($signature, $handle, ++$level); } - elseif(($contact['network'] === NETWORK_DFRN) || ($contact['self'] == 1)) { - $baseurl_start = strpos($contact['url'],'://') + 3; - $baseurl_length = strpos($contact['url'],'/profile') - $baseurl_start; // allows installations in a subdirectory--not sure how Diaspora will handle - $baseurl = substr($contact['url'], $baseurl_start, $baseurl_length); - $handle = $contact['nick'] . '@' . $baseurl; -// logger("diaspora_handle_from_contact: contact id is a DFRN person, handle = " . $handle, LOGGER_DEBUG); - } + return($signature); } - return $handle; -} + /** + * @brief: Decodes incoming Diaspora message + * + * @param array $importer from user table + * @param string $xml urldecoded Diaspora salmon + * + * @return array + * 'message' -> decoded Diaspora XML message + * 'author' -> author diaspora handle + * 'key' -> author public key (converted to pkcs#8) + */ + function decode($importer, $xml) { -function diaspora_get_contact_by_handle($uid,$handle) { - $r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND `uid` = %d AND `addr` = '%s' LIMIT 1", - dbesc(NETWORK_DIASPORA), - intval($uid), - dbesc($handle) - ); - if($r && count($r)) - return $r[0]; - - $handle_parts = explode("@", $handle); - $nurl_sql = '%%://' . $handle_parts[1] . '%%/profile/' . $handle_parts[0]; - $r = q("SELECT * FROM contact WHERE network = '%s' AND uid = %d AND nurl LIKE '%s' LIMIT 1", - dbesc(NETWORK_DFRN), - intval($uid), - dbesc($nurl_sql) - ); - if($r && count($r)) - return $r[0]; - - return false; -} + $public = false; + $basedom = parse_xml_string($xml); -function find_diaspora_person_by_handle($handle) { + if (!is_object($basedom)) + return false; - $person = false; - $update = false; - $got_lock = false; + $children = $basedom->children('https://joindiaspora.com/protocol'); - $endlessloop = 0; - $maxloops = 10; + if($children->header) { + $public = true; + $author_link = str_replace('acct:','',$children->header->author_id); + } else { - do { - $r = q("select * from fcontact where network = '%s' and addr = '%s' limit 1", - dbesc(NETWORK_DIASPORA), - dbesc($handle) - ); - if(count($r)) { - $person = $r[0]; - logger('find_diaspora_person_by handle: in cache ' . print_r($r,true), LOGGER_DEBUG); + $encrypted_header = json_decode(base64_decode($children->encrypted_header)); - // update record occasionally so it doesn't get stale - $d = strtotime($person['updated'] . ' +00:00'); - if($d < strtotime('now - 14 days')) - $update = true; - } + $encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key); + $ciphertext = base64_decode($encrypted_header->ciphertext); + $outer_key_bundle = ''; + openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']); - // FETCHING PERSON INFORMATION FROM REMOTE SERVER - // - // If the person isn't in our 'fcontact' table, or if he/she is but - // his/her information hasn't been updated for more than 14 days, then - // we want to fetch the person's information from the remote server. - // - // Note that $person isn't changed by this block of code unless the - // person's information has been successfully fetched from the remote - // server. So if $person was 'false' to begin with (because he/she wasn't - // in the local cache), it'll stay false, and if $person held the local - // cache information to begin with, it'll keep that information. That way - // if there's a problem with the remote fetch, we can at least use our - // cached information--it's better than nothing. - - if((! $person) || ($update)) { - // Lock the function to prevent race conditions if multiple items - // come in at the same time from a person who doesn't exist in - // fcontact - // - // Don't loop forever. On the last loop, try to create the contact - // whether the function is locked or not. Maybe the locking thread - // has died or something. At any rate, a duplicate in 'fcontact' - // is a much smaller problem than a deadlocked thread - $got_lock = lock_function('find_diaspora_person_by_handle', false); - if(($endlessloop + 1) >= $maxloops) - $got_lock = true; - - if($got_lock) { - logger('find_diaspora_person_by_handle: create or refresh', LOGGER_DEBUG); - require_once('include/Scrape.php'); - $r = probe_url($handle, PROBE_DIASPORA); - - // Note that Friendica contacts can return a "Diaspora person" - // if Diaspora connectivity is enabled on their server - if((count($r)) && ($r['network'] === NETWORK_DIASPORA)) { - add_fcontact($r,$update); - $person = ($r); - } + $j_outer_key_bundle = json_decode($outer_key_bundle); - unlock_function('find_diaspora_person_by_handle'); - } - else { - logger('find_diaspora_person_by_handle: couldn\'t lock function', LOGGER_DEBUG); - if(! $person) - block_on_function_lock('find_diaspora_person_by_handle'); - } - } - } while((! $person) && (! $got_lock) && (++$endlessloop < $maxloops)); - // We need to try again if the person wasn't in 'fcontact' but the function was locked. - // The fact that the function was locked may mean that another process was creating the - // person's record. It could also mean another process was creating or updating an unrelated - // person. - // - // At any rate, we need to keep trying until we've either got the person or had a chance to - // try to fetch his/her remote information. But we don't want to block on locking the - // function, because if the other process is creating the record, then when we acquire the lock - // we'll dive right into creating another, duplicate record. We DO want to at least wait - // until the lock is released, so we don't flood the database with requests. - // - // If the person was in the 'fcontact' table, don't try again. It's not worth the time, since - // we do have some information for the person - - return $person; -} + $outer_iv = base64_decode($j_outer_key_bundle->iv); + $outer_key = base64_decode($j_outer_key_bundle->key); + $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); -function get_diaspora_key($uri) { - logger('Fetching diaspora key for: ' . $uri); - $r = find_diaspora_person_by_handle($uri); - if($r) - return $r['pubkey']; - return ''; -} + $decrypted = pkcs5_unpad($decrypted); + /** + * $decrypted now contains something like + * + * + * 8e+G2+ET8l5BPuW0sVTnQw== + * UvSMb4puPeB14STkcDWq+4QE302Edu15oaprAQSkLKU= + * galaxor@diaspora.priateship.org + * + */ -function diaspora_pubmsg_build($msg,$user,$contact,$prvkey,$pubkey) { - $a = get_app(); + logger('decrypted: '.$decrypted, LOGGER_DEBUG); + $idom = parse_xml_string($decrypted,false); - logger('diaspora_pubmsg_build: ' . $msg, LOGGER_DATA); + $inner_iv = base64_decode($idom->iv); + $inner_aes_key = base64_decode($idom->aes_key); + $author_link = str_replace('acct:','',$idom->author_id); + } - $handle = $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $dom = $basedom->children(NAMESPACE_SALMON_ME); -// $b64_data = base64_encode($msg); -// $b64url_data = base64url_encode($b64_data); + // figure out where in the DOM tree our data is hiding - $b64url_data = base64url_encode($msg); + if($dom->provenance->data) + $base = $dom->provenance; + elseif($dom->env->data) + $base = $dom->env; + elseif($dom->data) + $base = $dom; - $data = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data); + if (!$base) { + logger('unable to locate salmon data in xml'); + http_status_exit(400); + } - $type = 'application/xml'; - $encoding = 'base64url'; - $alg = 'RSA-SHA256'; - $signable_data = $data . '.' . base64url_encode($type) . '.' - . base64url_encode($encoding) . '.' . base64url_encode($alg) ; + // Stash the signature away for now. We have to find their key or it won't be good for anything. + $signature = base64url_decode($base->sig); - $signature = rsa_sign($signable_data,$prvkey); - $sig = base64url_encode($signature); + // unpack the data -$magic_env = <<< EOT - - -
- $handle -
- - base64url - RSA-SHA256 - $data - $sig - -
-EOT; + // strip whitespace so our data element will return to one big base64 blob + $data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data); - logger('diaspora_pubmsg_build: magic_env: ' . $magic_env, LOGGER_DATA); - return $magic_env; -} + // stash away some other stuff for later + $type = $base->data[0]->attributes()->type[0]; + $keyhash = $base->sig[0]->attributes()->keyhash[0]; + $encoding = $base->encoding; + $alg = $base->alg; + $signed_data = $data.'.'.base64url_encode($type).'.'.base64url_encode($encoding).'.'.base64url_encode($alg); -function diaspora_msg_build($msg,$user,$contact,$prvkey,$pubkey,$public = false) { - $a = get_app(); - if($public) - return diaspora_pubmsg_build($msg,$user,$contact,$prvkey,$pubkey); + // decode the data + $data = base64url_decode($data); - logger('diaspora_msg_build: ' . $msg, LOGGER_DATA); - // without a public key nothing will work + if($public) + $inner_decrypted = $data; + else { - if(! $pubkey) { - logger('diaspora_msg_build: pubkey missing: contact id: ' . $contact['id']); - return ''; - } + // Decode the encrypted blob - $inner_aes_key = random_string(32); - $b_inner_aes_key = base64_encode($inner_aes_key); - $inner_iv = random_string(16); - $b_inner_iv = base64_encode($inner_iv); + $inner_encrypted = base64_decode($data); + $inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv); + $inner_decrypted = pkcs5_unpad($inner_decrypted); + } - $outer_aes_key = random_string(32); - $b_outer_aes_key = base64_encode($outer_aes_key); - $outer_iv = random_string(16); - $b_outer_iv = base64_encode($outer_iv); + if (!$author_link) { + logger('Could not retrieve author URI.'); + http_status_exit(400); + } + // Once we have the author URI, go to the web and try to find their public key + // (first this will look it up locally if it is in the fcontact cache) + // This will also convert diaspora public key from pkcs#1 to pkcs#8 - $handle = $user['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + logger('Fetching key for '.$author_link); + $key = self::key($author_link); - $padded_data = pkcs5_pad($msg,16); - $inner_encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $padded_data, MCRYPT_MODE_CBC, $inner_iv); + if (!$key) { + logger('Could not retrieve author key.'); + http_status_exit(400); + } - $b64_data = base64_encode($inner_encrypted); + $verify = rsa_verify($signed_data,$signature,$key); + if (!$verify) { + logger('Message did not verify. Discarding.'); + http_status_exit(400); + } - $b64url_data = base64url_encode($b64_data); - $data = str_replace(array("\n","\r"," ","\t"),array('','','',''),$b64url_data); + logger('Message verified.'); - $type = 'application/xml'; - $encoding = 'base64url'; - $alg = 'RSA-SHA256'; + return array('message' => $inner_decrypted, 'author' => $author_link, 'key' => $key); - $signable_data = $data . '.' . base64url_encode($type) . '.' - . base64url_encode($encoding) . '.' . base64url_encode($alg) ; + } - $signature = rsa_sign($signable_data,$prvkey); - $sig = base64url_encode($signature); -$decrypted_header = <<< EOT - - $b_inner_iv - $b_inner_aes_key - $handle - -EOT; + /** + * @brief Dispatches public messages and find the fitting receivers + * + * @param array $msg The post that will be dispatched + * + * @return bool Was the message accepted? + */ + public static function dispatch_public($msg) { - $decrypted_header = pkcs5_pad($decrypted_header,16); + $enabled = intval(get_config("system", "diaspora_enabled")); + if (!$enabled) { + logger("diaspora is disabled"); + return false; + } - $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv); + // Use a dummy importer to import the data for the public copy + $importer = array("uid" => 0, "page-flags" => PAGE_FREELOVE); + $item_id = self::dispatch($importer,$msg); - $outer_json = json_encode(array('iv' => $b_outer_iv,'key' => $b_outer_aes_key)); + // Now distribute it to the followers + $r = q("SELECT `user`.* FROM `user` WHERE `user`.`uid` IN + (SELECT `contact`.`uid` FROM `contact` WHERE `contact`.`network` = '%s' AND `contact`.`addr` = '%s') + AND NOT `account_expired` AND NOT `account_removed`", + dbesc(NETWORK_DIASPORA), + dbesc($msg["author"]) + ); + if($r) { + foreach($r as $rr) { + logger("delivering to: ".$rr["username"]); + self::dispatch($rr,$msg); + } + } else + logger("No subscribers for ".$msg["author"]." ".print_r($msg, true)); - $encrypted_outer_key_bundle = ''; - openssl_public_encrypt($outer_json,$encrypted_outer_key_bundle,$pubkey); + return $item_id; + } - $b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle); + /** + * @brief Dispatches the different message types to the different functions + * + * @param array $importer Array of the importer user + * @param array $msg The post that will be dispatched + * + * @return bool Was the message accepted? + */ + public static function dispatch($importer, $msg) { - logger('outer_bundle: ' . $b64_encrypted_outer_key_bundle . ' key: ' . $pubkey, LOGGER_DATA); + // The sender is the handle of the contact that sent the message. + // This will often be different with relayed messages (for example "like" and "comment") + $sender = $msg["author"]; - $encrypted_header_json_object = json_encode(array('aes_key' => base64_encode($encrypted_outer_key_bundle), - 'ciphertext' => base64_encode($ciphertext))); - $cipher_json = base64_encode($encrypted_header_json_object); + if (!diaspora::valid_posting($msg, $fields)) { + logger("Invalid posting"); + return false; + } - $encrypted_header = '' . $cipher_json . ''; + $type = $fields->getName(); -$magic_env = <<< EOT - - - $encrypted_header - - base64url - RSA-SHA256 - $data - $sig - - -EOT; + logger("Received message type ".$type." from ".$sender." for user ".$importer["uid"], LOGGER_DEBUG); - logger('diaspora_msg_build: magic_env: ' . $magic_env, LOGGER_DATA); - return $magic_env; + switch ($type) { + case "account_deletion": + return self::receive_account_deletion($importer, $fields); -} + case "comment": + return self::receive_comment($importer, $sender, $fields); -/** - * - * diaspora_decode($importer,$xml) - * array $importer -> from user table - * string $xml -> urldecoded Diaspora salmon - * - * Returns array - * 'message' -> decoded Diaspora XML message - * 'author' -> author diaspora handle - * 'key' -> author public key (converted to pkcs#8) - * - * Author and key are used elsewhere to save a lookup for verifying replies and likes - */ + case "conversation": + return self::receive_conversation($importer, $msg, $fields); + case "like": + return self::receive_like($importer, $sender, $fields); -function diaspora_decode($importer,$xml) { + case "message": + return self::receive_message($importer, $fields); - $tempfile = tempnam(get_temppath(), "diaspora-decode"); - file_put_contents($tempfile, json_encode(array("importer" => $importer, "xml" => $xml))); + case "participation": // Not implemented + return self::receive_participation($importer, $fields); - $public = false; - $basedom = parse_xml_string($xml); + case "photo": // Not implemented + return self::receive_photo($importer, $fields); - $children = $basedom->children('https://joindiaspora.com/protocol'); - - if($children->header) { - $public = true; - $author_link = str_replace('acct:','',$children->header->author_id); - } - else { + case "poll_participation": // Not implemented + return self::receive_poll_participation($importer, $fields); - $encrypted_header = json_decode(base64_decode($children->encrypted_header)); + case "profile": + return self::receive_profile($importer, $fields); - $encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key); - $ciphertext = base64_decode($encrypted_header->ciphertext); + case "request": + return self::receive_request($importer, $fields); - $outer_key_bundle = ''; - openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']); + case "reshare": + return self::receive_reshare($importer, $fields); - $j_outer_key_bundle = json_decode($outer_key_bundle); + case "retraction": + return self::receive_retraction($importer, $sender, $fields); - $outer_iv = base64_decode($j_outer_key_bundle->iv); - $outer_key = base64_decode($j_outer_key_bundle->key); - - $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); + case "status_message": + return self::receive_status_message($importer, $fields); + default: + logger("Unknown message type ".$type); + return false; + } - $decrypted = pkcs5_unpad($decrypted); + return true; + } - /** - * $decrypted now contains something like - * - * - * 8e+G2+ET8l5BPuW0sVTnQw== - * UvSMb4puPeB14STkcDWq+4QE302Edu15oaprAQSkLKU= + /** + * @brief Checks if a posting is valid and fetches the data fields. + * + * This function does not only check the signature. + * It also does the conversion between the old and the new diaspora format. + * + * @param array $msg Array with the XML, the sender handle and the sender signature + * @param object $fields SimpleXML object that contains the posting when it is valid + * + * @return bool Is the posting valid? + */ + private function valid_posting($msg, &$fields) { -***** OBSOLETE + $data = parse_xml_string($msg["message"], false); - * - * Ryan Hughes - * acct:galaxor@diaspora.pirateship.org - * + if (!is_object($data)) + return false; -***** CURRENT + $first_child = $data->getName(); - * galaxor@diaspora.priateship.org + // Is this the new or the old version? + if ($data->getName() == "XML") { + $oldXML = true; + foreach ($data->post->children() as $child) + $element = $child; + } else { + $oldXML = false; + $element = $data; + } -***** END DIFFS + $type = $element->getName(); + $orig_type = $type; - * - */ + // All retractions are handled identically from now on. + // In the new version there will only be "retraction". + if (in_array($type, array("signed_retraction", "relayable_retraction"))) + $type = "retraction"; - logger('decrypted: ' . $decrypted, LOGGER_DEBUG); - $idom = parse_xml_string($decrypted,false); + $fields = new SimpleXMLElement("<".$type."/>"); - $inner_iv = base64_decode($idom->iv); - $inner_aes_key = base64_decode($idom->aes_key); + $signed_data = ""; - $author_link = str_replace('acct:','',$idom->author_id); + foreach ($element->children() AS $fieldname => $entry) { + if ($oldXML) { + // Translation for the old XML structure + if ($fieldname == "diaspora_handle") + $fieldname = "author"; - } + if ($fieldname == "participant_handles") + $fieldname = "participants"; - $dom = $basedom->children(NAMESPACE_SALMON_ME); + if (in_array($type, array("like", "participation"))) { + if ($fieldname == "target_type") + $fieldname = "parent_type"; + } - // figure out where in the DOM tree our data is hiding + if ($fieldname == "sender_handle") + $fieldname = "author"; - if($dom->provenance->data) - $base = $dom->provenance; - elseif($dom->env->data) - $base = $dom->env; - elseif($dom->data) - $base = $dom; + if ($fieldname == "recipient_handle") + $fieldname = "recipient"; - if(! $base) { - logger('mod-diaspora: unable to locate salmon data in xml '); - http_status_exit(400); - } + if ($fieldname == "root_diaspora_id") + $fieldname = "root_author"; + if ($type == "retraction") { + if ($fieldname == "post_guid") + $fieldname = "target_guid"; - // Stash the signature away for now. We have to find their key or it won't be good for anything. - $signature = base64url_decode($base->sig); + if ($fieldname == "type") + $fieldname = "target_type"; + } + } - // unpack the data + if ($fieldname == "author_signature") + $author_signature = base64_decode($entry); + elseif ($fieldname == "parent_author_signature") + $parent_author_signature = base64_decode($entry); + elseif ($fieldname != "target_author_signature") { + if ($signed_data != "") { + $signed_data .= ";"; + $signed_data_parent .= ";"; + } - // strip whitespace so our data element will return to one big base64 blob - $data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data); + $signed_data .= $entry; + } + if (!in_array($fieldname, array("parent_author_signature", "target_author_signature")) OR + ($orig_type == "relayable_retraction")) + xml::copy($entry, $fields, $fieldname); + } + // This is something that shouldn't happen at all. + if (in_array($type, array("status_message", "reshare", "profile"))) + if ($msg["author"] != $fields->author) { + logger("Message handle is not the same as envelope sender. Quitting this message."); + return false; + } - // stash away some other stuff for later + // Only some message types have signatures. So we quit here for the other types. + if (!in_array($type, array("comment", "message", "like"))) + return true; - $type = $base->data[0]->attributes()->type[0]; - $keyhash = $base->sig[0]->attributes()->keyhash[0]; - $encoding = $base->encoding; - $alg = $base->alg; + // No author_signature? This is a must, so we quit. + if (!isset($author_signature)) + return false; + if (isset($parent_author_signature)) { + $key = self::key($msg["author"]); - $signed_data = $data . '.' . base64url_encode($type) . '.' . base64url_encode($encoding) . '.' . base64url_encode($alg); + if (!rsa_verify($signed_data, $parent_author_signature, $key, "sha256")) + return false; + } + $key = self::key($fields->author); - // decode the data - $data = base64url_decode($data); + return rsa_verify($signed_data, $author_signature, $key, "sha256"); + } + /** + * @brief Fetches the public key for a given handle + * + * @param string $handle The handle + * + * @return string The public key + */ + private function key($handle) { + $handle = strval($handle); - if($public) { - $inner_decrypted = $data; - } - else { + logger("Fetching diaspora key for: ".$handle); - // Decode the encrypted blob + $r = self::person_by_handle($handle); + if($r) + return $r["pubkey"]; - $inner_encrypted = base64_decode($data); - $inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv); - $inner_decrypted = pkcs5_unpad($inner_decrypted); + return ""; } - if(! $author_link) { - logger('mod-diaspora: Could not retrieve author URI.'); - http_status_exit(400); - } + /** + * @brief Fetches data for a given handle + * + * @param string $handle The handle + * + * @return array the queried data + */ + private function person_by_handle($handle) { - // Once we have the author URI, go to the web and try to find their public key - // (first this will look it up locally if it is in the fcontact cache) - // This will also convert diaspora public key from pkcs#1 to pkcs#8 + $r = q("SELECT * FROM `fcontact` WHERE `network` = '%s' AND `addr` = '%s' LIMIT 1", + dbesc(NETWORK_DIASPORA), + dbesc($handle) + ); + if ($r) { + $person = $r[0]; + logger("In cache ".print_r($r,true), LOGGER_DEBUG); - logger('mod-diaspora: Fetching key for ' . $author_link ); - $key = get_diaspora_key($author_link); + // update record occasionally so it doesn't get stale + $d = strtotime($person["updated"]." +00:00"); + if ($d < strtotime("now - 14 days")) + $update = true; + } - if(! $key) { - logger('mod-diaspora: Could not retrieve author key.'); - http_status_exit(400); - } + if (!$person OR $update) { + logger("create or refresh", LOGGER_DEBUG); + $r = probe_url($handle, PROBE_DIASPORA); - $verify = rsa_verify($signed_data,$signature,$key); + // Note that Friendica contacts will return a "Diaspora person" + // if Diaspora connectivity is enabled on their server + if ($r AND ($r["network"] === NETWORK_DIASPORA)) { + self::add_fcontact($r, $update); + $person = $r; + } + } + return $person; + } + + /** + * @brief Updates the fcontact table + * + * @param array $arr The fcontact data + * @param bool $update Update or insert? + * + * @return string The id of the fcontact entry + */ + private function add_fcontact($arr, $update = false) { + /// @todo Remove this function from include/network.php + + if($update) { + $r = q("UPDATE `fcontact` SET + `name` = '%s', + `photo` = '%s', + `request` = '%s', + `nick` = '%s', + `addr` = '%s', + `batch` = '%s', + `notify` = '%s', + `poll` = '%s', + `confirm` = '%s', + `alias` = '%s', + `pubkey` = '%s', + `updated` = '%s' + WHERE `url` = '%s' AND `network` = '%s'", + dbesc($arr["name"]), + dbesc($arr["photo"]), + dbesc($arr["request"]), + dbesc($arr["nick"]), + dbesc($arr["addr"]), + dbesc($arr["batch"]), + dbesc($arr["notify"]), + dbesc($arr["poll"]), + dbesc($arr["confirm"]), + dbesc($arr["alias"]), + dbesc($arr["pubkey"]), + dbesc(datetime_convert()), + dbesc($arr["url"]), + dbesc($arr["network"]) + ); + } else { + $r = q("INSERT INTO `fcontact` (`url`,`name`,`photo`,`request`,`nick`,`addr`, + `batch`, `notify`,`poll`,`confirm`,`network`,`alias`,`pubkey`,`updated`) + VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", + dbesc($arr["url"]), + dbesc($arr["name"]), + dbesc($arr["photo"]), + dbesc($arr["request"]), + dbesc($arr["nick"]), + dbesc($arr["addr"]), + dbesc($arr["batch"]), + dbesc($arr["notify"]), + dbesc($arr["poll"]), + dbesc($arr["confirm"]), + dbesc($arr["network"]), + dbesc($arr["alias"]), + dbesc($arr["pubkey"]), + dbesc(datetime_convert()) + ); + } - if(! $verify) { - logger('mod-diaspora: Message did not verify. Discarding.'); - http_status_exit(400); + return $r; } - logger('mod-diaspora: Message verified.'); + public static function handle_from_contact($contact_id) { + $handle = False; - return array('message' => $inner_decrypted, 'author' => $author_link, 'key' => $key); - -} + logger("contact id is ".$contact_id, LOGGER_DEBUG); + $r = q("SELECT `network`, `addr`, `self`, `url`, `nick` FROM `contact` WHERE `id` = %d", + intval($contact_id) + ); + if($r) { + $contact = $r[0]; + + logger("contact 'self' = ".$contact['self']." 'url' = ".$contact['url'], LOGGER_DEBUG); + + if($contact['addr'] != "") + $handle = $contact['addr']; + elseif(($contact['network'] === NETWORK_DFRN) || ($contact['self'] == 1)) { + $baseurl_start = strpos($contact['url'],'://') + 3; + $baseurl_length = strpos($contact['url'],'/profile') - $baseurl_start; // allows installations in a subdirectory--not sure how Diaspora will handle + $baseurl = substr($contact['url'], $baseurl_start, $baseurl_length); + $handle = $contact['nick'].'@'.$baseurl; + } + } -function diaspora_request($importer,$xml) { + return $handle; + } - $a = get_app(); + private function contact_by_handle($uid, $handle) { + $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `addr` = '%s' LIMIT 1", + intval($uid), + dbesc($handle) + ); - $sender_handle = unxmlify($xml->sender_handle); - $recipient_handle = unxmlify($xml->recipient_handle); + if ($r) + return $r[0]; - if(! $sender_handle || ! $recipient_handle) - return; + $handle_parts = explode("@", $handle); + $nurl_sql = "%%://".$handle_parts[1]."%%/profile/".$handle_parts[0]; + $r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND `uid` = %d AND `nurl` LIKE '%s' LIMIT 1", + dbesc(NETWORK_DFRN), + intval($uid), + dbesc($nurl_sql) + ); + if($r) + return $r[0]; - $contact = diaspora_get_contact_by_handle($importer['uid'],$sender_handle); + return false; + } - if($contact) { + private function post_allow($importer, $contact, $is_comment = false) { // perhaps we were already sharing with this person. Now they're sharing with us. // That makes us friends. - - if($contact['rel'] == CONTACT_IS_FOLLOWER && in_array($importer['page-flags'], array(PAGE_FREELOVE))) { + // Normally this should have handled by getting a request - but this could get lost + if($contact["rel"] == CONTACT_IS_FOLLOWER && in_array($importer["page-flags"], array(PAGE_FREELOVE))) { q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d", intval(CONTACT_IS_FRIEND), - intval($contact['id']), - intval($importer['uid']) + intval($contact["id"]), + intval($importer["uid"]) ); + $contact["rel"] = CONTACT_IS_FRIEND; + logger("defining user ".$contact["nick"]." as friend"); } - // send notification - - $r = q("SELECT `hide-friends` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1", - intval($importer['uid']) - ); - if((count($r)) && (!$r[0]['hide-friends']) && (!$contact['hidden']) && intval(get_pconfig($importer['uid'],'system','post_newfriend'))) { - require_once('include/items.php'); - - $self = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1", - intval($importer['uid']) - ); - - // they are not CONTACT_IS_FOLLOWER anymore but that's what we have in the array - - if(count($self) && $contact['rel'] == CONTACT_IS_FOLLOWER) { - - $arr = array(); - $arr['uri'] = $arr['parent-uri'] = item_new_uri($a->get_hostname(), $importer['uid']); - $arr['uid'] = $importer['uid']; - $arr['contact-id'] = $self[0]['id']; - $arr['wall'] = 1; - $arr['type'] = 'wall'; - $arr['gravity'] = 0; - $arr['origin'] = 1; - $arr['author-name'] = $arr['owner-name'] = $self[0]['name']; - $arr['author-link'] = $arr['owner-link'] = $self[0]['url']; - $arr['author-avatar'] = $arr['owner-avatar'] = $self[0]['thumb']; - $arr['verb'] = ACTIVITY_FRIEND; - $arr['object-type'] = ACTIVITY_OBJ_PERSON; - - $A = '[url=' . $self[0]['url'] . ']' . $self[0]['name'] . '[/url]'; - $B = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]'; - $BPhoto = '[url=' . $contact['url'] . ']' . '[img]' . $contact['thumb'] . '[/img][/url]'; - $arr['body'] = sprintf( t('%1$s is now friends with %2$s'), $A, $B)."\n\n\n".$Bphoto; - - $arr['object'] = '' . ACTIVITY_OBJ_PERSON . '' . $contact['name'] . '' - . '' . $contact['url'] . '/' . $contact['name'] . ''; - $arr['object'] .= '' . xmlify('' . "\n"); - $arr['object'] .= xmlify('' . "\n"); - $arr['object'] .= '' . "\n"; - $arr['last-child'] = 1; - - $arr['allow_cid'] = $user[0]['allow_cid']; - $arr['allow_gid'] = $user[0]['allow_gid']; - $arr['deny_cid'] = $user[0]['deny_cid']; - $arr['deny_gid'] = $user[0]['deny_gid']; - - $i = item_store($arr); - if($i) - proc_run('php',"include/notifier.php","activity","$i"); - - } + if(($contact["blocked"]) || ($contact["readonly"]) || ($contact["archive"])) + return false; + if($contact["rel"] == CONTACT_IS_SHARING || $contact["rel"] == CONTACT_IS_FRIEND) + return true; + if($contact["rel"] == CONTACT_IS_FOLLOWER) + if(($importer["page-flags"] == PAGE_COMMUNITY) OR $is_comment) + return true; - } + // Messages for the global users are always accepted + if ($importer["uid"] == 0) + return true; - return; + return false; } - $ret = find_diaspora_person_by_handle($sender_handle); - + private function allowed_contact_by_handle($importer, $handle, $is_comment = false) { + $contact = self::contact_by_handle($importer["uid"], $handle); + if (!$contact) { + logger("A Contact for handle ".$handle." and user ".$importer["uid"]." was not found"); + return false; + } - if((! count($ret)) || ($ret['network'] != NETWORK_DIASPORA)) { - logger('diaspora_request: Cannot resolve diaspora handle ' . $sender_handle . ' for ' . $recipient_handle); - return; + if (!self::post_allow($importer, $contact, $is_comment)) { + logger("The handle: ".$handle." is not allowed to post to user ".$importer["uid"]); + return false; + } + return $contact; } - $batch = (($ret['batch']) ? $ret['batch'] : implode('/', array_slice(explode('/',$ret['url']),0,3)) . '/receive/public'); - - - - $r = q("INSERT INTO `contact` (`uid`, `network`,`addr`,`created`,`url`,`nurl`,`batch`,`name`,`nick`,`photo`,`pubkey`,`notify`,`poll`,`blocked`,`priority`) - VALUES ( %d, '%s', '%s', '%s', '%s','%s','%s','%s','%s','%s','%s','%s','%s',%d,%d) ", - intval($importer['uid']), - dbesc($ret['network']), - dbesc($ret['addr']), - datetime_convert(), - dbesc($ret['url']), - dbesc(normalise_link($ret['url'])), - dbesc($batch), - dbesc($ret['name']), - dbesc($ret['nick']), - dbesc($ret['photo']), - dbesc($ret['pubkey']), - dbesc($ret['notify']), - dbesc($ret['poll']), - 1, - 2 - ); - - // find the contact record we just created + private function message_exists($uid, $guid) { + $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", + intval($uid), + dbesc($guid) + ); - $contact_record = diaspora_get_contact_by_handle($importer['uid'],$sender_handle); + if($r) { + logger("message ".$guid." already exists for user ".$uid); + return true; + } - if(! $contact_record) { - logger('diaspora_request: unable to locate newly created contact record.'); - return; + return false; } - $def_gid = get_default_group($importer['uid'], $ret["network"]); - if (intval($def_gid)) { - require_once('include/group.php'); - group_add_member($importer['uid'], '', $contact_record['id'], $def_gid); + private function fetch_guid($item) { + preg_replace_callback("&\[url=/posts/([^\[\]]*)\](.*)\[\/url\]&Usi", + function ($match) use ($item){ + return(self::fetch_guid_sub($match, $item)); + },$item["body"]); } - if($importer['page-flags'] == PAGE_NORMAL) { - - $hash = random_string() . (string) time(); // Generate a confirm_key - - $ret = q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime` ) - VALUES ( %d, %d, %d, %d, '%s', '%s', '%s' )", - intval($importer['uid']), - intval($contact_record['id']), - 0, - 0, - dbesc( t('Sharing notification from Diaspora network')), - dbesc($hash), - dbesc(datetime_convert()) - ); + private function fetch_guid_sub($match, $item) { + if (!self::store_by_guid($match[1], $item["author-link"])) + self::store_by_guid($match[1], $item["owner-link"]); } - else { - // automatic friend approval + private function store_by_guid($guid, $server, $uid = 0) { + $serverparts = parse_url($server); + $server = $serverparts["scheme"]."://".$serverparts["host"]; - require_once('include/Photo.php'); + logger("Trying to fetch item ".$guid." from ".$server, LOGGER_DEBUG); - update_contact_avatar($contact_record['photo'],$importer['uid'],$contact_record['id']); + $msg = self::message($guid, $server); - // technically they are sharing with us (CONTACT_IS_SHARING), - // but if our page-type is PAGE_COMMUNITY or PAGE_SOAPBOX - // we are going to change the relationship and make them a follower. + if (!$msg) + return false; - if($importer['page-flags'] == PAGE_FREELOVE) - $new_relation = CONTACT_IS_FRIEND; - else - $new_relation = CONTACT_IS_FOLLOWER; - - $r = q("UPDATE `contact` SET `rel` = %d, - `name-date` = '%s', - `uri-date` = '%s', - `blocked` = 0, - `pending` = 0, - `writable` = 1 - WHERE `id` = %d - ", - intval($new_relation), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - intval($contact_record['id']) - ); + logger("Successfully fetched item ".$guid." from ".$server, LOGGER_DEBUG); - $u = q("select * from user where uid = %d limit 1",intval($importer['uid'])); - if($u) - $ret = diaspora_share($u[0],$contact_record); + // Now call the dispatcher + return self::dispatch_public($msg); } - return; -} + private function message($guid, $server, $level = 0) { -function diaspora_post_allow($importer,$contact, $is_comment = false) { - - // perhaps we were already sharing with this person. Now they're sharing with us. - // That makes us friends. - // Normally this should have handled by getting a request - but this could get lost - if($contact['rel'] == CONTACT_IS_FOLLOWER && in_array($importer['page-flags'], array(PAGE_FREELOVE))) { - q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d", - intval(CONTACT_IS_FRIEND), - intval($contact['id']), - intval($importer['uid']) - ); - $contact['rel'] = CONTACT_IS_FRIEND; - logger('diaspora_post_allow: defining user '.$contact["nick"].' as friend'); - } + if ($level > 5) + return false; - if(($contact['blocked']) || ($contact['readonly']) || ($contact['archive'])) - return false; - if($contact['rel'] == CONTACT_IS_SHARING || $contact['rel'] == CONTACT_IS_FRIEND) - return true; - if($contact['rel'] == CONTACT_IS_FOLLOWER) - if(($importer['page-flags'] == PAGE_COMMUNITY) OR $is_comment) - return true; + // This will work for Diaspora and newer Friendica servers + $source_url = $server."/p/".$guid.".xml"; + $x = fetch_url($source_url); + if(!$x) + return false; - // Messages for the global users are always accepted - if ($importer['uid'] == 0) - return true; + $source_xml = parse_xml_string($x, false); - return false; -} + if (!is_object($source_xml)) + return false; -function diaspora_is_redmatrix($url) { - return(strstr($url, "/channel/")); -} + if ($source_xml->post->reshare) { + // Reshare of a reshare - old Diaspora version + return self::message($source_xml->post->reshare->root_guid, $server, ++$level); + } elseif ($source_xml->getName() == "reshare") { + // Reshare of a reshare - new Diaspora version + return self::message($source_xml->root_guid, $server, ++$level); + } -function diaspora_plink($addr, $guid) { - $r = q("SELECT `url`, `nick`, `network` FROM `fcontact` WHERE `addr`='%s' LIMIT 1", dbesc($addr)); + $author = ""; - // Fallback - if (!$r) - return 'https://'.substr($addr,strpos($addr,'@')+1).'/posts/'.$guid; + // Fetch the author - for the old and the new Diaspora version + if ($source_xml->post->status_message->diaspora_handle) + $author = (string)$source_xml->post->status_message->diaspora_handle; + elseif ($source_xml->author AND ($source_xml->getName() == "status_message")) + $author = (string)$source_xml->author; - // Friendica contacts are often detected as Diaspora contacts in the "fcontact" table - // So we try another way as well. - $s = q("SELECT `network` FROM `gcontact` WHERE `nurl`='%s' LIMIT 1", dbesc(normalise_link($r[0]["url"]))); - if ($s) - $r[0]["network"] = $s[0]["network"]; + // If this isn't a "status_message" then quit + if (!$author) + return false; - if ($r[0]["network"] == NETWORK_DFRN) - return(str_replace("/profile/".$r[0]["nick"]."/", "/display/".$guid, $r[0]["url"]."/")); + $msg = array("message" => $x, "author" => $author); - if (diaspora_is_redmatrix($r[0]["url"])) - return $r[0]["url"]."/?f=&mid=".$guid; + $msg["key"] = self::key($msg["author"]); - return 'https://'.substr($addr,strpos($addr,'@')+1).'/posts/'.$guid; -} + return $msg; + } -function diaspora_repair_signature($signature, $handle = "", $level = 1) { + private function parent_item($uid, $guid, $author, $contact) { + $r = q("SELECT `id`, `body`, `wall`, `uri`, `private`, `origin`, + `author-name`, `author-link`, `author-avatar`, + `owner-name`, `owner-link`, `owner-avatar` + FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", + intval($uid), dbesc($guid)); - if ($signature == "") - return($signature); + if(!$r) { + $result = self::store_by_guid($guid, $contact["url"], $uid); - if (base64_encode(base64_decode(base64_decode($signature))) == base64_decode($signature)) { - $signature = base64_decode($signature); - logger("Repaired double encoded signature from Diaspora/Hubzilla handle ".$handle." - level ".$level, LOGGER_DEBUG); + if (!$result) { + $person = self::person_by_handle($author); + $result = self::store_by_guid($guid, $person["url"], $uid); + } - // Do a recursive call to be able to fix even multiple levels - if ($level < 10) - $signature = diaspora_repair_signature($signature, $handle, ++$level); - } + if ($result) { + logger("Fetched missing item ".$guid." - result: ".$result, LOGGER_DEBUG); - return($signature); -} + $r = q("SELECT `id`, `body`, `wall`, `uri`, `private`, `origin`, + `author-name`, `author-link`, `author-avatar`, + `owner-name`, `owner-link`, `owner-avatar` + FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", + intval($uid), dbesc($guid)); + } + } -function diaspora_post($importer,$xml,$msg) { + if (!$r) { + logger("parent item not found: parent: ".$guid." - user: ".$uid); + return false; + } else { + logger("parent item found: parent: ".$guid." - user: ".$uid); + return $r[0]; + } + } - $a = get_app(); - $guid = notags(unxmlify($xml->guid)); - $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + private function author_contact_by_url($contact, $person, $uid) { - if($diaspora_handle != $msg['author']) { - logger('diaspora_post: Potential forgery. Message handle is not the same as envelope sender.'); - return 202; - } + $r = q("SELECT `id`, `network` FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1", + dbesc(normalise_link($person["url"])), intval($uid)); + if ($r) { + $cid = $r[0]["id"]; + $network = $r[0]["network"]; + } else { + $cid = $contact["id"]; + $network = NETWORK_DIASPORA; + } - $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); - if(! $contact) { - logger('diaspora_post: A Contact for handle '.$diaspora_handle.' and user '.$importer['uid'].' was not found'); - return 203; + return (array("cid" => $cid, "network" => $network)); } - if(! diaspora_post_allow($importer,$contact, false)) { - logger('diaspora_post: Ignoring this author.'); - return 202; + public static function is_redmatrix($url) { + return(strstr($url, "/channel/")); } - $message_id = $diaspora_handle . ':' . $guid; - $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($guid) - ); - if(count($r)) { - logger('diaspora_post: message exists: ' . $guid); - return 208; - } + private function plink($addr, $guid) { + $r = q("SELECT `url`, `nick`, `network` FROM `fcontact` WHERE `addr`='%s' LIMIT 1", dbesc($addr)); - $created = unxmlify($xml->created_at); - $private = ((unxmlify($xml->public) == 'false') ? 1 : 0); + // Fallback + if (!$r) + return "https://".substr($addr,strpos($addr,"@")+1)."/posts/".$guid; - $body = diaspora2bb($xml->raw_message); + // Friendica contacts are often detected as Diaspora contacts in the "fcontact" table + // So we try another way as well. + $s = q("SELECT `network` FROM `gcontact` WHERE `nurl`='%s' LIMIT 1", dbesc(normalise_link($r[0]["url"]))); + if ($s) + $r[0]["network"] = $s[0]["network"]; - $datarray = array(); + if ($r[0]["network"] == NETWORK_DFRN) + return(str_replace("/profile/".$r[0]["nick"]."/", "/display/".$guid, $r[0]["url"]."/")); - $datarray["object"] = json_encode($xml); + if (self::is_redmatrix($r[0]["url"])) + return $r[0]["url"]."/?f=&mid=".$guid; - if($xml->photo->remote_photo_path AND $xml->photo->remote_photo_name) - $datarray["object-type"] = ACTIVITY_OBJ_PHOTO; - else { - $datarray['object-type'] = ACTIVITY_OBJ_NOTE; - // Add OEmbed and other information to the body - if (!diaspora_is_redmatrix($contact['url'])) - $body = add_page_info_to_body($body, false, true); + return "https://".substr($addr,strpos($addr,"@")+1)."/posts/".$guid; } - $str_tags = ''; + private function receive_account_deletion($importer, $data) { + $author = notags(unxmlify($data->author)); - $cnt = preg_match_all('/@\[url=(.*?)\[\/url\]/ism',$body,$matches,PREG_SET_ORDER); - if($cnt) { - foreach($matches as $mtch) { - if(strlen($str_tags)) - $str_tags .= ','; - $str_tags .= '@[url=' . $mtch[1] . '[/url]'; + $contact = self::contact_by_handle($importer["uid"], $author); + if (!$contact) { + logger("cannot find contact for author: ".$author); + return false; } - } - - $plink = diaspora_plink($diaspora_handle, $guid); - - $datarray['uid'] = $importer['uid']; - $datarray['contact-id'] = $contact['id']; - $datarray['wall'] = 0; - $datarray['network'] = NETWORK_DIASPORA; - $datarray['verb'] = ACTIVITY_POST; - $datarray['guid'] = $guid; - $datarray['uri'] = $datarray['parent-uri'] = $message_id; - $datarray['changed'] = $datarray['created'] = $datarray['edited'] = datetime_convert('UTC','UTC',$created); - $datarray['private'] = $private; - $datarray['parent'] = 0; - $datarray['plink'] = $plink; - $datarray['owner-name'] = $contact['name']; - $datarray['owner-link'] = $contact['url']; - //$datarray['owner-avatar'] = $contact['thumb']; - $datarray['owner-avatar'] = ((x($contact,'thumb')) ? $contact['thumb'] : $contact['photo']); - $datarray['author-name'] = $contact['name']; - $datarray['author-link'] = $contact['url']; - $datarray['author-avatar'] = $contact['thumb']; - $datarray['body'] = $body; - $datarray['tag'] = $str_tags; - if ($xml->provider_display_name) - $datarray["app"] = unxmlify($xml->provider_display_name); - else - $datarray['app'] = 'Diaspora'; - - // if empty content it might be a photo that hasn't arrived yet. If a photo arrives, we'll make it visible. - - $datarray['visible'] = ((strlen($body)) ? 1 : 0); - - DiasporaFetchGuid($datarray); - $message_id = item_store($datarray); - - logger("Stored item with message id ".$message_id, LOGGER_DEBUG); - - return 201; - -} - -function DiasporaFetchGuid($item) { - preg_replace_callback("&\[url=/posts/([^\[\]]*)\](.*)\[\/url\]&Usi", - function ($match) use ($item){ - return(DiasporaFetchGuidSub($match, $item)); - },$item["body"]); -} - -function DiasporaFetchGuidSub($match, $item) { - $a = get_app(); - if (!diaspora_store_by_guid($match[1], $item["author-link"])) - diaspora_store_by_guid($match[1], $item["owner-link"]); -} + // We now remove the contact + contact_remove($contact["id"]); + return true; + } -function diaspora_store_by_guid($guid, $server, $uid = 0) { - require_once("include/Contact.php"); + private function receive_comment($importer, $sender, $data) { + $guid = notags(unxmlify($data->guid)); + $parent_guid = notags(unxmlify($data->parent_guid)); + $text = unxmlify($data->text); + $author = notags(unxmlify($data->author)); - $serverparts = parse_url($server); - $server = $serverparts["scheme"]."://".$serverparts["host"]; + $contact = self::allowed_contact_by_handle($importer, $sender, true); + if (!$contact) + return false; - logger("Trying to fetch item ".$guid." from ".$server, LOGGER_DEBUG); + if (self::message_exists($importer["uid"], $guid)) + return false; - $item = diaspora_fetch_message($guid, $server); + $parent_item = self::parent_item($importer["uid"], $parent_guid, $author, $contact); + if (!$parent_item) + return false; - if (!$item) - return false; + $person = self::person_by_handle($author); + if (!is_array($person)) { + logger("unable to find author details"); + return false; + } - logger("Successfully fetched item ".$guid." from ".$server, LOGGER_DEBUG); + // Fetch the contact id - if we know this contact + $author_contact = self::author_contact_by_url($contact, $person, $importer["uid"]); - $body = $item["body"]; - $str_tags = $item["tag"]; - $app = $item["app"]; - $created = $item["created"]; - $author = $item["author"]; - $guid = $item["guid"]; - $private = $item["private"]; - $object = $item["object"]; - $objecttype = $item["object-type"]; + $datarray = array(); - $message_id = $author.':'.$guid; - $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($uid), - dbesc($guid) - ); - if(count($r)) - return $r[0]["id"]; + $datarray["uid"] = $importer["uid"]; + $datarray["contact-id"] = $author_contact["cid"]; + $datarray["network"] = $author_contact["network"]; - $person = find_diaspora_person_by_handle($author); + $datarray["author-name"] = $person["name"]; + $datarray["author-link"] = $person["url"]; + $datarray["author-avatar"] = ((x($person,"thumb")) ? $person["thumb"] : $person["photo"]); - $contact_id = get_contact($person['url'], $uid); + $datarray["owner-name"] = $contact["name"]; + $datarray["owner-link"] = $contact["url"]; + $datarray["owner-avatar"] = ((x($contact,"thumb")) ? $contact["thumb"] : $contact["photo"]); - $contacts = q("SELECT * FROM `contact` WHERE `id` = %d", intval($contact_id)); - $importers = q("SELECT * FROM `user` WHERE `uid` = %d", intval($uid)); + $datarray["guid"] = $guid; + $datarray["uri"] = $author.":".$guid; - if ($contacts AND $importers) - if(!diaspora_post_allow($importers[0],$contacts[0], false)) { - logger('Ignoring author '.$person['url'].' for uid '.$uid); - return false; - } else - logger('Author '.$person['url'].' is allowed for uid '.$uid); - - $datarray = array(); - $datarray['uid'] = $uid; - $datarray['contact-id'] = $contact_id; - $datarray['wall'] = 0; - $datarray['network'] = NETWORK_DIASPORA; - $datarray['guid'] = $guid; - $datarray['uri'] = $datarray['parent-uri'] = $message_id; - $datarray['changed'] = $datarray['created'] = $datarray['edited'] = datetime_convert('UTC','UTC',$created); - $datarray['private'] = $private; - $datarray['parent'] = 0; - $datarray['plink'] = diaspora_plink($author, $guid); - $datarray['author-name'] = $person['name']; - $datarray['author-link'] = $person['url']; - $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); - $datarray['owner-name'] = $datarray['author-name']; - $datarray['owner-link'] = $datarray['author-link']; - $datarray['owner-avatar'] = $datarray['author-avatar']; - $datarray['body'] = $body; - $datarray['tag'] = $str_tags; - $datarray['app'] = $app; - $datarray['visible'] = ((strlen($body)) ? 1 : 0); - $datarray['object'] = $object; - $datarray['object-type'] = $objecttype; - - if ($datarray['contact-id'] == 0) - return false; + $datarray["type"] = "remote-comment"; + $datarray["verb"] = ACTIVITY_POST; + $datarray["gravity"] = GRAVITY_COMMENT; + $datarray["parent-uri"] = $parent_item["uri"]; - DiasporaFetchGuid($datarray); - $message_id = item_store($datarray); + $datarray["object-type"] = ACTIVITY_OBJ_COMMENT; + $datarray["object"] = json_encode($data); - /// @TODO - /// Looking if there is some subscribe mechanism in Diaspora to get all comments for this post + $datarray["body"] = diaspora2bb($text); - return $message_id; -} + self::fetch_guid($datarray); -function diaspora_fetch_message($guid, $server, $level = 0) { + $message_id = item_store($datarray); - if ($level > 5) - return false; + if ($message_id) + logger("Stored comment ".$datarray["guid"]." with message id ".$message_id, LOGGER_DEBUG); - $a = get_app(); + // If we are the origin of the parent we store the original data and notify our followers + if($message_id AND $parent_item["origin"]) { - // This will not work if the server is not a Diaspora server - $source_url = $server.'/p/'.$guid.'.xml'; - $x = fetch_url($source_url); - if(!$x) - return false; + // Formerly we stored the signed text, the signature and the author in different fields. + // We now store the raw data so that we are more flexible. + q("INSERT INTO `sign` (`iid`,`signed_text`) VALUES (%d,'%s')", + intval($message_id), + dbesc(json_encode($data)) + ); - $x = str_replace(array('',''),array('',''),$x); - $source_xml = parse_xml_string($x,false); + // notify others + proc_run("php", "include/notifier.php", "comment-import", $message_id); + } - $item = array(); - $item["app"] = 'Diaspora'; - $item["guid"] = $guid; - $body = ""; + return $message_id; + } - if ($source_xml->post->status_message->created_at) - $item["created"] = unxmlify($source_xml->post->status_message->created_at); + private function receive_conversation_message($importer, $contact, $data, $msg, $mesg, $conversation) { + $guid = notags(unxmlify($data->guid)); + $subject = notags(unxmlify($data->subject)); + $author = notags(unxmlify($data->author)); - if ($source_xml->post->status_message->provider_display_name) - $item["app"] = unxmlify($source_xml->post->status_message->provider_display_name); + $reply = 0; - if ($source_xml->post->status_message->diaspora_handle) - $item["author"] = unxmlify($source_xml->post->status_message->diaspora_handle); + $msg_guid = notags(unxmlify($mesg->guid)); + $msg_parent_guid = notags(unxmlify($mesg->parent_guid)); + $msg_parent_author_signature = notags(unxmlify($mesg->parent_author_signature)); + $msg_author_signature = notags(unxmlify($mesg->author_signature)); + $msg_text = unxmlify($mesg->text); + $msg_created_at = datetime_convert("UTC", "UTC", notags(unxmlify($mesg->created_at))); + + // "diaspora_handle" is the element name from the old version + // "author" is the element name from the new version + if ($mesg->author) + $msg_author = notags(unxmlify($mesg->author)); + elseif ($mesg->diaspora_handle) + $msg_author = notags(unxmlify($mesg->diaspora_handle)); + else + return false; - if ($source_xml->post->status_message->guid) - $item["guid"] = unxmlify($source_xml->post->status_message->guid); + $msg_conversation_guid = notags(unxmlify($mesg->conversation_guid)); - $item["private"] = (unxmlify($source_xml->post->status_message->public) == 'false'); - $item["object"] = json_encode($source_xml->post); + if($msg_conversation_guid != $guid) { + logger("message conversation guid does not belong to the current conversation."); + return false; + } - if(strlen($source_xml->post->asphoto->objectId) && ($source_xml->post->asphoto->objectId != 0) && ($source_xml->post->asphoto->image_url)) { - $item["object-type"] = ACTIVITY_OBJ_PHOTO; - $body = '[url=' . notags(unxmlify($source_xml->post->asphoto->image_url)) . '][img]' . notags(unxmlify($source_xml->post->asphoto->objectId)) . '[/img][/url]' . "\n"; - $body = scale_external_images($body,false); - } elseif($source_xml->post->asphoto->image_url) { - $item["object-type"] = ACTIVITY_OBJ_PHOTO; - $body = '[img]' . notags(unxmlify($source_xml->post->asphoto->image_url)) . '[/img]' . "\n"; - $body = scale_external_images($body); - } elseif($source_xml->post->status_message) { - $body = diaspora2bb($source_xml->post->status_message->raw_message); + $body = diaspora2bb($msg_text); + $message_uri = $msg_author.":".$msg_guid; - // Checking for embedded pictures - if($source_xml->post->status_message->photo->remote_photo_path AND - $source_xml->post->status_message->photo->remote_photo_name) { + $author_signed_data = $msg_guid.";".$msg_parent_guid.";".$msg_text.";".unxmlify($mesg->created_at).";".$msg_author.";".$msg_conversation_guid; - $item["object-type"] = ACTIVITY_OBJ_PHOTO; + $author_signature = base64_decode($msg_author_signature); - $remote_photo_path = notags(unxmlify($source_xml->post->status_message->photo->remote_photo_path)); - $remote_photo_name = notags(unxmlify($source_xml->post->status_message->photo->remote_photo_name)); + if(strcasecmp($msg_author,$msg["author"]) == 0) { + $person = $contact; + $key = $msg["key"]; + } else { + $person = self::person_by_handle($msg_author); - $body = '[img]'.$remote_photo_path.$remote_photo_name.'[/img]'."\n".$body; + if (is_array($person) && x($person, "pubkey")) + $key = $person["pubkey"]; + else { + logger("unable to find author details"); + return false; + } + } - logger('embedded picture link found: '.$body, LOGGER_DEBUG); - } else - $item["object-type"] = ACTIVITY_OBJ_NOTE; - - $body = scale_external_images($body); - - // Add OEmbed and other information to the body - /// @TODO It could be a repeated redmatrix item - /// Then we shouldn't add further data to it - if ($item["object-type"] == ACTIVITY_OBJ_NOTE) - $body = add_page_info_to_body($body, false, true); - - } elseif($source_xml->post->reshare) { - // Reshare of a reshare - return diaspora_fetch_message($source_xml->post->reshare->root_guid, $server, ++$level); - } else { - // Maybe it is a reshare of a photo that will be delivered at a later time (testing) - logger('no content found: '.print_r($source_xml,true)); - return false; - } + if (!rsa_verify($author_signed_data, $author_signature, $key, "sha256")) { + logger("verification failed."); + return false; + } - if (trim($body) == "") - return false; + if($msg_parent_author_signature) { + $owner_signed_data = $msg_guid.";".$msg_parent_guid.";".$msg_text.";".unxmlify($mesg->created_at).";".$msg_author.";".$msg_conversation_guid; - $item["tag"] = ''; - $item["body"] = $body; + $parent_author_signature = base64_decode($msg_parent_author_signature); - return $item; -} + $key = $msg["key"]; -function diaspora_reshare($importer,$xml,$msg) { + if (!rsa_verify($owner_signed_data, $parent_author_signature, $key, "sha256")) { + logger("owner verification failed."); + return false; + } + } - logger('diaspora_reshare: init: ' . print_r($xml,true)); + $r = q("SELECT `id` FROM `mail` WHERE `uri` = '%s' LIMIT 1", + dbesc($message_uri) + ); + if($r) { + logger("duplicate message already delivered.", LOGGER_DEBUG); + return false; + } - $a = get_app(); - $guid = notags(unxmlify($xml->guid)); - $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + q("INSERT INTO `mail` (`uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`) + VALUES (%d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')", + intval($importer["uid"]), + dbesc($msg_guid), + intval($conversation["id"]), + dbesc($person["name"]), + dbesc($person["photo"]), + dbesc($person["url"]), + intval($contact["id"]), + dbesc($subject), + dbesc($body), + 0, + 0, + dbesc($message_uri), + dbesc($author.":".$guid), + dbesc($msg_created_at) + ); + q("UPDATE `conv` SET `updated` = '%s' WHERE `id` = %d", + dbesc(datetime_convert()), + intval($conversation["id"]) + ); - if($diaspora_handle != $msg['author']) { - logger('diaspora_post: Potential forgery. Message handle is not the same as envelope sender.'); - return 202; + notification(array( + "type" => NOTIFY_MAIL, + "notify_flags" => $importer["notify-flags"], + "language" => $importer["language"], + "to_name" => $importer["username"], + "to_email" => $importer["email"], + "uid" =>$importer["uid"], + "item" => array("subject" => $subject, "body" => $body), + "source_name" => $person["name"], + "source_link" => $person["url"], + "source_photo" => $person["thumb"], + "verb" => ACTIVITY_POST, + "otype" => "mail" + )); } - $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); - if(! $contact) - return; - - if(! diaspora_post_allow($importer,$contact, false)) { - logger('diaspora_reshare: Ignoring this author: ' . $diaspora_handle . ' ' . print_r($xml,true)); - return 202; - } + private function receive_conversation($importer, $msg, $data) { + $guid = notags(unxmlify($data->guid)); + $subject = notags(unxmlify($data->subject)); + $created_at = datetime_convert("UTC", "UTC", notags(unxmlify($data->created_at))); + $author = notags(unxmlify($data->author)); + $participants = notags(unxmlify($data->participants)); - $message_id = $diaspora_handle . ':' . $guid; - $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($guid) - ); - if(count($r)) { - logger('diaspora_reshare: message exists: ' . $guid); - return; - } + $messages = $data->message; - $orig_author = notags(unxmlify($xml->root_diaspora_id)); - $orig_guid = notags(unxmlify($xml->root_guid)); - $orig_url = $a->get_baseurl()."/display/".$orig_guid; - - $create_original_post = false; - - // Do we already have this item? - $r = q("SELECT `body`, `tag`, `app`, `created`, `plink`, `object`, `object-type`, `uri` FROM `item` WHERE `guid` = '%s' AND `visible` AND NOT `deleted` AND `body` != '' LIMIT 1", - dbesc($orig_guid), - dbesc(NETWORK_DIASPORA) - ); - if(count($r)) { - logger('reshared message '.$orig_guid." reshared by ".$guid.' already exists on system.'); - - // Maybe it is already a reshared item? - // Then refetch the content, since there can be many side effects with reshared posts from other networks or reshares from reshares - require_once('include/api.php'); - if (api_share_as_retweet($r[0])) - $r = array(); - else { - $body = $r[0]["body"]; - $str_tags = $r[0]["tag"]; - $app = $r[0]["app"]; - $orig_created = $r[0]["created"]; - $orig_plink = $r[0]["plink"]; - $orig_uri = $r[0]["uri"]; - $object = $r[0]["object"]; - $objecttype = $r[0]["object-type"]; + if (!count($messages)) { + logger("empty conversation"); + return false; } - } - if (!count($r)) { - $body = ""; - $str_tags = ""; - $app = ""; + $contact = self::allowed_contact_by_handle($importer, $msg["author"], true); + if (!$contact) + return false; - $server = 'https://'.substr($orig_author,strpos($orig_author,'@')+1); - logger('1st try: reshared message '.$orig_guid." reshared by ".$guid.' will be fetched from original server: '.$server); - $item = diaspora_fetch_message($orig_guid, $server); + $conversation = null; - if (!$item) { - $server = 'https://'.substr($diaspora_handle,strpos($diaspora_handle,'@')+1); - logger('2nd try: reshared message '.$orig_guid." reshared by ".$guid." will be fetched from sharer's server: ".$server); - $item = diaspora_fetch_message($orig_guid, $server); - } - if (!$item) { - $server = 'http://'.substr($orig_author,strpos($orig_author,'@')+1); - logger('3rd try: reshared message '.$orig_guid." reshared by ".$guid.' will be fetched from original server: '.$server); - $item = diaspora_fetch_message($orig_guid, $server); + $c = q("SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", + intval($importer["uid"]), + dbesc($guid) + ); + if($c) + $conversation = $c[0]; + else { + $r = q("INSERT INTO `conv` (`uid`, `guid`, `creator`, `created`, `updated`, `subject`, `recips`) + VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s')", + intval($importer["uid"]), + dbesc($guid), + dbesc($author), + dbesc(datetime_convert("UTC", "UTC", $created_at)), + dbesc(datetime_convert()), + dbesc($subject), + dbesc($participants) + ); + if($r) + $c = q("SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", + intval($importer["uid"]), + dbesc($guid) + ); + + if($c) + $conversation = $c[0]; } - if (!$item) { - $server = 'http://'.substr($diaspora_handle,strpos($diaspora_handle,'@')+1); - logger('4th try: reshared message '.$orig_guid." reshared by ".$guid." will be fetched from sharer's server: ".$server); - $item = diaspora_fetch_message($orig_guid, $server); + if (!$conversation) { + logger("unable to create conversation."); + return; } - if ($item) { - $body = $item["body"]; - $str_tags = $item["tag"]; - $app = $item["app"]; - $orig_created = $item["created"]; - $orig_author = $item["author"]; - $orig_guid = $item["guid"]; - $orig_plink = diaspora_plink($orig_author, $orig_guid); - $orig_uri = $orig_author.':'.$orig_guid; - $create_original_post = ($body != ""); - $object = $item["object"]; - $objecttype = $item["object-type"]; - } - } + foreach($messages as $mesg) + self::receive_conversation_message($importer, $contact, $data, $msg, $mesg, $conversation); - $plink = diaspora_plink($diaspora_handle, $guid); - - $person = find_diaspora_person_by_handle($orig_author); - - $created = unxmlify($xml->created_at); - $private = ((unxmlify($xml->public) == 'false') ? 1 : 0); - - $datarray = array(); - - $datarray['uid'] = $importer['uid']; - $datarray['contact-id'] = $contact['id']; - $datarray['wall'] = 0; - $datarray['network'] = NETWORK_DIASPORA; - $datarray['guid'] = $guid; - $datarray['uri'] = $datarray['parent-uri'] = $message_id; - $datarray['changed'] = $datarray['created'] = $datarray['edited'] = datetime_convert('UTC','UTC',$created); - $datarray['private'] = $private; - $datarray['parent'] = 0; - $datarray['plink'] = $plink; - $datarray['owner-name'] = $contact['name']; - $datarray['owner-link'] = $contact['url']; - $datarray['owner-avatar'] = ((x($contact,'thumb')) ? $contact['thumb'] : $contact['photo']); - if (!intval(get_config('system','wall-to-wall_share'))) { - $prefix = share_header($person['name'], $person['url'], ((x($person,'thumb')) ? $person['thumb'] : $person['photo']), $orig_guid, $orig_created, $orig_url); - - $datarray['author-name'] = $contact['name']; - $datarray['author-link'] = $contact['url']; - $datarray['author-avatar'] = $contact['thumb']; - $datarray['body'] = $prefix.$body."[/share]"; - } else { - // Let reshared messages look like wall-to-wall posts - $datarray['author-name'] = $person['name']; - $datarray['author-link'] = $person['url']; - $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); - $datarray['body'] = $body; + return true; } - $datarray["object"] = json_encode($xml); - $datarray['object-type'] = $objecttype; - - $datarray['tag'] = $str_tags; - $datarray['app'] = $app; - - // if empty content it might be a photo that hasn't arrived yet. If a photo arrives, we'll make it visible. (testing) - $datarray['visible'] = ((strlen($body)) ? 1 : 0); - - // Store the original item of a reshare - if ($create_original_post) { - require_once("include/Contact.php"); - - $datarray2 = $datarray; - - $datarray2['uid'] = 0; - $datarray2['contact-id'] = get_contact($person['url'], 0); - $datarray2['guid'] = $orig_guid; - $datarray2['uri'] = $datarray2['parent-uri'] = $orig_uri; - $datarray2['changed'] = $datarray2['created'] = $datarray2['edited'] = $datarray2['commented'] = $datarray2['received'] = datetime_convert('UTC','UTC',$orig_created); - $datarray2['parent'] = 0; - $datarray2['plink'] = $orig_plink; - - $datarray2['author-name'] = $person['name']; - $datarray2['author-link'] = $person['url']; - $datarray2['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); - $datarray2['owner-name'] = $datarray2['author-name']; - $datarray2['owner-link'] = $datarray2['author-link']; - $datarray2['owner-avatar'] = $datarray2['author-avatar']; - $datarray2['body'] = $body; - $datarray2["object"] = $object; + private function construct_like_body($contact, $parent_item, $guid) { + $bodyverb = t('%1$s likes %2$s\'s %3$s'); - DiasporaFetchGuid($datarray2); - $message_id = item_store($datarray2); + $ulink = "[url=".$contact["url"]."]".$contact["name"]."[/url]"; + $alink = "[url=".$parent_item["author-link"]."]".$parent_item["author-name"]."[/url]"; + $plink = "[url=".App::get_baseurl()."/display/".urlencode($guid)."]".t("status")."[/url]"; - logger("Store original item ".$orig_guid." under message id ".$message_id); + return sprintf($bodyverb, $ulink, $alink, $plink); } - DiasporaFetchGuid($datarray); - $message_id = item_store($datarray); + private function construct_like_object($importer, $parent_item) { + $objtype = ACTIVITY_OBJ_NOTE; + $link = ''; + $parent_body = $parent_item["body"]; - return; - -} + $xmldata = array("object" => array("type" => $objtype, + "local" => "1", + "id" => $parent_item["uri"], + "link" => $link, + "title" => "", + "content" => $parent_body)); + return xml::from_array($xmldata, $xml, true); + } -function diaspora_asphoto($importer,$xml,$msg) { - logger('diaspora_asphoto called'); + private function receive_like($importer, $sender, $data) { + $positive = notags(unxmlify($data->positive)); + $guid = notags(unxmlify($data->guid)); + $parent_type = notags(unxmlify($data->parent_type)); + $parent_guid = notags(unxmlify($data->parent_guid)); + $author = notags(unxmlify($data->author)); - $a = get_app(); - $guid = notags(unxmlify($xml->guid)); - $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + // likes on comments aren't supported by Diaspora - only on posts + // But maybe this will be supported in the future, so we will accept it. + if (!in_array($parent_type, array("Post", "Comment"))) + return false; - if($diaspora_handle != $msg['author']) { - logger('diaspora_post: Potential forgery. Message handle is not the same as envelope sender.'); - return 202; - } + $contact = self::allowed_contact_by_handle($importer, $sender, true); + if (!$contact) + return false; - $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); - if(! $contact) - return; + if (self::message_exists($importer["uid"], $guid)) + return false; - if(! diaspora_post_allow($importer,$contact, false)) { - logger('diaspora_asphoto: Ignoring this author.'); - return 202; - } + $parent_item = self::parent_item($importer["uid"], $parent_guid, $author, $contact); + if (!$parent_item) + return false; - $message_id = $diaspora_handle . ':' . $guid; - $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($guid) - ); - if(count($r)) { - logger('diaspora_asphoto: message exists: ' . $guid); - return; - } + $person = self::person_by_handle($author); + if (!is_array($person)) { + logger("unable to find author details"); + return false; + } - $created = unxmlify($xml->created_at); - $private = ((unxmlify($xml->public) == 'false') ? 1 : 0); + // Fetch the contact id - if we know this contact + $author_contact = self::author_contact_by_url($contact, $person, $importer["uid"]); - if(strlen($xml->objectId) && ($xml->objectId != 0) && ($xml->image_url)) { - $body = '[url=' . notags(unxmlify($xml->image_url)) . '][img]' . notags(unxmlify($xml->objectId)) . '[/img][/url]' . "\n"; - $body = scale_external_images($body,false); - } - elseif($xml->image_url) { - $body = '[img]' . notags(unxmlify($xml->image_url)) . '[/img]' . "\n"; - $body = scale_external_images($body); - } - else { - logger('diaspora_asphoto: no photo url found.'); - return; - } + // "positive" = "false" would be a Dislike - wich isn't currently supported by Diaspora + // We would accept this anyhow. + if ($positive === "true") + $verb = ACTIVITY_LIKE; + else + $verb = ACTIVITY_DISLIKE; - $plink = diaspora_plink($diaspora_handle, $guid); - - $datarray = array(); - - $datarray['uid'] = $importer['uid']; - $datarray['contact-id'] = $contact['id']; - $datarray['wall'] = 0; - $datarray['network'] = NETWORK_DIASPORA; - $datarray['guid'] = $guid; - $datarray['uri'] = $datarray['parent-uri'] = $message_id; - $datarray['changed'] = $datarray['created'] = $datarray['edited'] = datetime_convert('UTC','UTC',$created); - $datarray['private'] = $private; - $datarray['parent'] = 0; - $datarray['plink'] = $plink; - $datarray['owner-name'] = $contact['name']; - $datarray['owner-link'] = $contact['url']; - //$datarray['owner-avatar'] = $contact['thumb']; - $datarray['owner-avatar'] = ((x($contact,'thumb')) ? $contact['thumb'] : $contact['photo']); - $datarray['author-name'] = $contact['name']; - $datarray['author-link'] = $contact['url']; - $datarray['author-avatar'] = $contact['thumb']; - $datarray['body'] = $body; - $datarray["object"] = json_encode($xml); - $datarray['object-type'] = ACTIVITY_OBJ_PHOTO; - - $datarray['app'] = 'Diaspora/Cubbi.es'; - - DiasporaFetchGuid($datarray); - $message_id = item_store($datarray); - - //if($message_id) { - // q("update item set plink = '%s' where id = %d", - // dbesc($a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $message_id), - // intval($message_id) - // ); - //} - - return; + $datarray = array(); -} + $datarray["uid"] = $importer["uid"]; + $datarray["contact-id"] = $author_contact["cid"]; + $datarray["network"] = $author_contact["network"]; -function diaspora_comment($importer,$xml,$msg) { + $datarray["author-name"] = $person["name"]; + $datarray["author-link"] = $person["url"]; + $datarray["author-avatar"] = ((x($person,"thumb")) ? $person["thumb"] : $person["photo"]); - $a = get_app(); - $guid = notags(unxmlify($xml->guid)); - $parent_guid = notags(unxmlify($xml->parent_guid)); - $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); - $target_type = notags(unxmlify($xml->target_type)); - $text = unxmlify($xml->text); - $author_signature = notags(unxmlify($xml->author_signature)); + $datarray["owner-name"] = $contact["name"]; + $datarray["owner-link"] = $contact["url"]; + $datarray["owner-avatar"] = ((x($contact,"thumb")) ? $contact["thumb"] : $contact["photo"]); - $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : ''); + $datarray["guid"] = $guid; + $datarray["uri"] = $author.":".$guid; - $contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']); - if(! $contact) { - logger('diaspora_comment: cannot find contact: ' . $msg['author']); - return; - } - - if(! diaspora_post_allow($importer,$contact, true)) { - logger('diaspora_comment: Ignoring this author.'); - return 202; - } + $datarray["type"] = "activity"; + $datarray["verb"] = $verb; + $datarray["gravity"] = GRAVITY_LIKE; + $datarray["parent-uri"] = $parent_item["uri"]; - $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($guid) - ); - if(count($r)) { - logger('diaspora_comment: our comment just got relayed back to us (or there was a guid collision) : ' . $guid); - return; - } + $datarray["object-type"] = ACTIVITY_OBJ_NOTE; + $datarray["object"] = self::construct_like_object($importer, $parent_item); - $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($parent_guid) - ); + $datarray["body"] = self::construct_like_body($contact, $parent_item, $guid); - if(!count($r)) { - $result = diaspora_store_by_guid($parent_guid, $contact['url'], $importer['uid']); + $message_id = item_store($datarray); - if (!$result) { - $person = find_diaspora_person_by_handle($diaspora_handle); - $result = diaspora_store_by_guid($parent_guid, $person['url'], $importer['uid']); - } + if ($message_id) + logger("Stored like ".$datarray["guid"]." with message id ".$message_id, LOGGER_DEBUG); - if ($result) { - logger("Fetched missing item ".$parent_guid." - result: ".$result, LOGGER_DEBUG); + // If we are the origin of the parent we store the original data and notify our followers + if($message_id AND $parent_item["origin"]) { - $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($parent_guid) + // Formerly we stored the signed text, the signature and the author in different fields. + // We now store the raw data so that we are more flexible. + q("INSERT INTO `sign` (`iid`,`signed_text`) VALUES (%d,'%s')", + intval($message_id), + dbesc(json_encode($data)) ); + + // notify others + proc_run("php", "include/notifier.php", "comment-import", $message_id); } - } - if(! count($r)) { - logger('diaspora_comment: parent item not found: parent: ' . $parent_guid . ' item: ' . $guid); - return; + return $message_id; } - $parent_item = $r[0]; + private function receive_message($importer, $data) { + $guid = notags(unxmlify($data->guid)); + $parent_guid = notags(unxmlify($data->parent_guid)); + $text = unxmlify($data->text); + $created_at = datetime_convert("UTC", "UTC", notags(unxmlify($data->created_at))); + $author = notags(unxmlify($data->author)); + $conversation_guid = notags(unxmlify($data->conversation_guid)); - /* How Diaspora performs comment signature checking: + $contact = self::allowed_contact_by_handle($importer, $author, true); + if (!$contact) + return false; - - If an item has been sent by the comment author to the top-level post owner to relay on - to the rest of the contacts on the top-level post, the top-level post owner should check - the author_signature, then create a parent_author_signature before relaying the comment on - - If an item has been relayed on by the top-level post owner, the contacts who receive it - check only the parent_author_signature. Basically, they trust that the top-level post - owner has already verified the authenticity of anything he/she sends out - - In either case, the signature that get checked is the signature created by the person - who sent the salmon - */ + $conversation = null; - $signed_data = $guid . ';' . $parent_guid . ';' . $text . ';' . $diaspora_handle; - $key = $msg['key']; + $c = q("SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", + intval($importer["uid"]), + dbesc($conversation_guid) + ); + if($c) + $conversation = $c[0]; + else { + logger("conversation not available."); + return false; + } - if($parent_author_signature) { - // If a parent_author_signature exists, then we've received the comment - // relayed from the top-level post owner. There's no need to check the - // author_signature if the parent_author_signature is valid + $reply = 0; - $parent_author_signature = base64_decode($parent_author_signature); + $body = diaspora2bb($text); + $message_uri = $author.":".$guid; - if(! rsa_verify($signed_data,$parent_author_signature,$key,'sha256')) { - logger('diaspora_comment: top-level owner verification failed.'); - return; + $person = self::person_by_handle($author); + if (!$person) { + logger("unable to find author details"); + return false; } - } - else { - // If there's no parent_author_signature, then we've received the comment - // from the comment creator. In that case, the person is commenting on - // our post, so he/she must be a contact of ours and his/her public key - // should be in $msg['key'] - - $author_signature = base64_decode($author_signature); - if(! rsa_verify($signed_data,$author_signature,$key,'sha256')) { - logger('diaspora_comment: comment author verification failed.'); - return; + $r = q("SELECT `id` FROM `mail` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", + dbesc($message_uri), + intval($importer["uid"]) + ); + if($r) { + logger("duplicate message already delivered.", LOGGER_DEBUG); + return false; } - } - // Phew! Everything checks out. Now create an item. + q("INSERT INTO `mail` (`uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`) + VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')", + intval($importer["uid"]), + dbesc($guid), + intval($conversation["id"]), + dbesc($person["name"]), + dbesc($person["photo"]), + dbesc($person["url"]), + intval($contact["id"]), + dbesc($conversation["subject"]), + dbesc($body), + 0, + 1, + dbesc($message_uri), + dbesc($author.":".$parent_guid), + dbesc($created_at) + ); - // Find the original comment author information. - // We need this to make sure we display the comment author - // information (name and avatar) correctly. - if(strcasecmp($diaspora_handle,$msg['author']) == 0) - $person = $contact; - else { - $person = find_diaspora_person_by_handle($diaspora_handle); + q("UPDATE `conv` SET `updated` = '%s' WHERE `id` = %d", + dbesc(datetime_convert()), + intval($conversation["id"]) + ); - if(! is_array($person)) { - logger('diaspora_comment: unable to find author details'); - return; - } + return true; } - // Fetch the contact id - if we know this contact - $r = q("SELECT `id`, `network` FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1", - dbesc(normalise_link($person['url'])), intval($importer['uid'])); - if ($r) { - $cid = $r[0]['id']; - $network = $r[0]['network']; - } else { - $cid = $contact['id']; - $network = NETWORK_DIASPORA; + private function receive_participation($importer, $data) { + // I'm not sure if we can fully support this message type + return true; } - $body = diaspora2bb($text); - $message_id = $diaspora_handle . ':' . $guid; - - $datarray = array(); - - $datarray['uid'] = $importer['uid']; - $datarray['contact-id'] = $cid; - $datarray['type'] = 'remote-comment'; - $datarray['wall'] = $parent_item['wall']; - $datarray['network'] = $network; - $datarray['verb'] = ACTIVITY_POST; - $datarray['gravity'] = GRAVITY_COMMENT; - $datarray['guid'] = $guid; - $datarray['uri'] = $message_id; - $datarray['parent-uri'] = $parent_item['uri']; - - // No timestamps for comments? OK, we'll the use current time. - $datarray['changed'] = $datarray['created'] = $datarray['edited'] = datetime_convert(); - $datarray['private'] = $parent_item['private']; - - $datarray['owner-name'] = $parent_item['owner-name']; - $datarray['owner-link'] = $parent_item['owner-link']; - $datarray['owner-avatar'] = $parent_item['owner-avatar']; - - $datarray['author-name'] = $person['name']; - $datarray['author-link'] = $person['url']; - $datarray['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); - $datarray['body'] = $body; - $datarray["object"] = json_encode($xml); - $datarray["object-type"] = ACTIVITY_OBJ_COMMENT; - - // We can't be certain what the original app is if the message is relayed. - if(($parent_item['origin']) && (! $parent_author_signature)) - $datarray['app'] = 'Diaspora'; - - DiasporaFetchGuid($datarray); - $message_id = item_store($datarray); - - $datarray['id'] = $message_id; - - //if($message_id) { - //q("update item set plink = '%s' where id = %d", - // //dbesc($a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $message_id), - // dbesc($a->get_baseurl().'/display/'.$datarray['guid']), - // intval($message_id) - //); - //} - - // If we are the origin of the parent we store the original signature and notify our followers - if($parent_item['origin']) { - $author_signature_base64 = base64_encode($author_signature); - $author_signature_base64 = diaspora_repair_signature($author_signature_base64, $diaspora_handle); - - q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", - intval($message_id), - dbesc($signed_data), - dbesc($author_signature_base64), - dbesc($diaspora_handle) - ); + private function receive_photo($importer, $data) { + // There doesn't seem to be a reason for this function, since the photo data is transmitted in the status message as well + return true; + } - // notify others - proc_run('php','include/notifier.php','comment-import',$message_id); + private function receive_poll_participation($importer, $data) { + // We don't support polls by now + return true; } - return; -} + private function receive_profile($importer, $data) { + $author = notags(unxmlify($data->author)); + $contact = self::contact_by_handle($importer["uid"], $author); + if (!$contact) + return; + $name = unxmlify($data->first_name).((strlen($data->last_name)) ? " ".unxmlify($data->last_name) : ""); + $image_url = unxmlify($data->image_url); + $birthday = unxmlify($data->birthday); + $location = diaspora2bb(unxmlify($data->location)); + $about = diaspora2bb(unxmlify($data->bio)); + $gender = unxmlify($data->gender); + $searchable = (unxmlify($data->searchable) == "true"); + $nsfw = (unxmlify($data->nsfw) == "true"); + $tags = unxmlify($data->tag_string); + + $tags = explode("#", $tags); + + $keywords = array(); + foreach ($tags as $tag) { + $tag = trim(strtolower($tag)); + if ($tag != "") + $keywords[] = $tag; + } + $keywords = implode(", ", $keywords); -function diaspora_conversation($importer,$xml,$msg) { + $handle_parts = explode("@", $author); + $nick = $handle_parts[0]; - $a = get_app(); + if($name === "") + $name = $handle_parts[0]; - $guid = notags(unxmlify($xml->guid)); - $subject = notags(unxmlify($xml->subject)); - $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); - $participant_handles = notags(unxmlify($xml->participant_handles)); - $created_at = datetime_convert('UTC','UTC',notags(unxmlify($xml->created_at))); + if( preg_match("|^https?://|", $image_url) === 0) + $image_url = "http://".$handle_parts[1].$image_url; - $parent_uri = $diaspora_handle . ':' . $guid; + update_contact_avatar($image_url, $importer["uid"], $contact["id"]); - $messages = $xml->message; + // Generic birthday. We don't know the timezone. The year is irrelevant. - if(! count($messages)) { - logger('diaspora_conversation: empty conversation'); - return; - } + $birthday = str_replace("1000", "1901", $birthday); - $contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']); - if(! $contact) { - logger('diaspora_conversation: cannot find contact: ' . $msg['author']); - return; - } + if ($birthday != "") + $birthday = datetime_convert("UTC", "UTC", $birthday, "Y-m-d"); - if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { - logger('diaspora_conversation: Ignoring this author.'); - return 202; - } + // this is to prevent multiple birthday notifications in a single year + // if we already have a stored birthday and the 'm-d' part hasn't changed, preserve the entry, which will preserve the notify year - $conversation = null; - - $c = q("select * from conv where uid = %d and guid = '%s' limit 1", - intval($importer['uid']), - dbesc($guid) - ); - if(count($c)) - $conversation = $c[0]; - else { - $r = q("insert into conv (uid,guid,creator,created,updated,subject,recips) values(%d, '%s', '%s', '%s', '%s', '%s', '%s') ", - intval($importer['uid']), - dbesc($guid), - dbesc($diaspora_handle), - dbesc(datetime_convert('UTC','UTC',$created_at)), + if(substr($birthday,5) === substr($contact["bd"],5)) + $birthday = $contact["bd"]; + + $r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `addr` = '%s', `name-date` = '%s', `bd` = '%s', + `location` = '%s', `about` = '%s', `keywords` = '%s', `gender` = '%s' WHERE `id` = %d AND `uid` = %d", + dbesc($name), + dbesc($nick), + dbesc($author), dbesc(datetime_convert()), - dbesc($subject), - dbesc($participant_handles) + dbesc($birthday), + dbesc($location), + dbesc($about), + dbesc($keywords), + dbesc($gender), + intval($contact["id"]), + intval($importer["uid"]) ); - if($r) - $c = q("select * from conv where uid = %d and guid = '%s' limit 1", - intval($importer['uid']), - dbesc($guid) - ); - if(count($c)) - $conversation = $c[0]; - } - if(! $conversation) { - logger('diaspora_conversation: unable to create conversation.'); - return; - } - - foreach($messages as $mesg) { - - $reply = 0; - $msg_guid = notags(unxmlify($mesg->guid)); - $msg_parent_guid = notags(unxmlify($mesg->parent_guid)); - $msg_parent_author_signature = notags(unxmlify($mesg->parent_author_signature)); - $msg_author_signature = notags(unxmlify($mesg->author_signature)); - $msg_text = unxmlify($mesg->text); - $msg_created_at = datetime_convert('UTC','UTC',notags(unxmlify($mesg->created_at))); - $msg_diaspora_handle = notags(unxmlify($mesg->diaspora_handle)); - $msg_conversation_guid = notags(unxmlify($mesg->conversation_guid)); - if($msg_conversation_guid != $guid) { - logger('diaspora_conversation: message conversation guid does not belong to the current conversation. ' . $xml); - continue; + if ($searchable) { + poco_check($contact["url"], $name, NETWORK_DIASPORA, $image_url, $about, $location, $gender, $keywords, "", + datetime_convert(), 2, $contact["id"], $importer["uid"]); } - $body = diaspora2bb($msg_text); - $message_id = $msg_diaspora_handle . ':' . $msg_guid; - - $author_signed_data = $msg_guid . ';' . $msg_parent_guid . ';' . $msg_text . ';' . unxmlify($mesg->created_at) . ';' . $msg_diaspora_handle . ';' . $msg_conversation_guid; + $gcontact = array("url" => $contact["url"], "network" => NETWORK_DIASPORA, "generation" => 2, + "photo" => $image_url, "name" => $name, "location" => $location, + "about" => $about, "birthday" => $birthday, "gender" => $gender, + "addr" => $author, "nick" => $nick, "keywords" => $keywords, + "hide" => !$searchable, "nsfw" => $nsfw); - $author_signature = base64_decode($msg_author_signature); + update_gcontact($gcontact); - if(strcasecmp($msg_diaspora_handle,$msg['author']) == 0) { - $person = $contact; - $key = $msg['key']; - } - else { - $person = find_diaspora_person_by_handle($msg_diaspora_handle); + logger("Profile of contact ".$contact["id"]." stored for user ".$importer["uid"], LOGGER_DEBUG); - if(is_array($person) && x($person,'pubkey')) - $key = $person['pubkey']; - else { - logger('diaspora_conversation: unable to find author details'); - continue; - } - } - - if(! rsa_verify($author_signed_data,$author_signature,$key,'sha256')) { - logger('diaspora_conversation: verification failed.'); - continue; - } - - if($msg_parent_author_signature) { - $owner_signed_data = $msg_guid . ';' . $msg_parent_guid . ';' . $msg_text . ';' . unxmlify($mesg->created_at) . ';' . $msg_diaspora_handle . ';' . $msg_conversation_guid; - - $parent_author_signature = base64_decode($msg_parent_author_signature); + return true; + } - $key = $msg['key']; + private function receive_request_make_friend($importer, $contact) { - if(! rsa_verify($owner_signed_data,$parent_author_signature,$key,'sha256')) { - logger('diaspora_conversation: owner verification failed.'); - continue; - } - } + $a = get_app(); - $r = q("select id from mail where `uri` = '%s' limit 1", - dbesc($message_id) - ); - if(count($r)) { - logger('diaspora_conversation: duplicate message already delivered.', LOGGER_DEBUG); - continue; + if($contact["rel"] == CONTACT_IS_FOLLOWER && in_array($importer["page-flags"], array(PAGE_FREELOVE))) { + q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d", + intval(CONTACT_IS_FRIEND), + intval($contact["id"]), + intval($importer["uid"]) + ); } + // send notification - q("insert into mail ( `uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`) values ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')", - intval($importer['uid']), - dbesc($msg_guid), - intval($conversation['id']), - dbesc($person['name']), - dbesc($person['photo']), - dbesc($person['url']), - intval($contact['id']), - dbesc($subject), - dbesc($body), - 0, - 0, - dbesc($message_id), - dbesc($parent_uri), - dbesc($msg_created_at) - ); - - q("update conv set updated = '%s' where id = %d", - dbesc(datetime_convert()), - intval($conversation['id']) + $r = q("SELECT `hide-friends` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1", + intval($importer["uid"]) ); - notification(array( - 'type' => NOTIFY_MAIL, - 'notify_flags' => $importer['notify-flags'], - 'language' => $importer['language'], - 'to_name' => $importer['username'], - 'to_email' => $importer['email'], - 'uid' =>$importer['uid'], - 'item' => array('subject' => $subject, 'body' => $body), - 'source_name' => $person['name'], - 'source_link' => $person['url'], - 'source_photo' => $person['thumb'], - 'verb' => ACTIVITY_POST, - 'otype' => 'mail' - )); - } + if($r && !$r[0]["hide-friends"] && !$contact["hidden"] && intval(get_pconfig($importer["uid"], "system", "post_newfriend"))) { - return; -} + $self = q("SELECT * FROM `contact` WHERE `self` AND `uid` = %d LIMIT 1", + intval($importer["uid"]) + ); -function diaspora_message($importer,$xml,$msg) { + // they are not CONTACT_IS_FOLLOWER anymore but that's what we have in the array - $a = get_app(); + if($self && $contact["rel"] == CONTACT_IS_FOLLOWER) { - $msg_guid = notags(unxmlify($xml->guid)); - $msg_parent_guid = notags(unxmlify($xml->parent_guid)); - $msg_parent_author_signature = notags(unxmlify($xml->parent_author_signature)); - $msg_author_signature = notags(unxmlify($xml->author_signature)); - $msg_text = unxmlify($xml->text); - $msg_created_at = datetime_convert('UTC','UTC',notags(unxmlify($xml->created_at))); - $msg_diaspora_handle = notags(unxmlify($xml->diaspora_handle)); - $msg_conversation_guid = notags(unxmlify($xml->conversation_guid)); + $arr = array(); + $arr["uri"] = $arr["parent-uri"] = item_new_uri($a->get_hostname(), $importer["uid"]); + $arr["uid"] = $importer["uid"]; + $arr["contact-id"] = $self[0]["id"]; + $arr["wall"] = 1; + $arr["type"] = 'wall'; + $arr["gravity"] = 0; + $arr["origin"] = 1; + $arr["author-name"] = $arr["owner-name"] = $self[0]["name"]; + $arr["author-link"] = $arr["owner-link"] = $self[0]["url"]; + $arr["author-avatar"] = $arr["owner-avatar"] = $self[0]["thumb"]; + $arr["verb"] = ACTIVITY_FRIEND; + $arr["object-type"] = ACTIVITY_OBJ_PERSON; + + $A = "[url=".$self[0]["url"]."]".$self[0]["name"]."[/url]"; + $B = "[url=".$contact["url"]."]".$contact["name"]."[/url]"; + $BPhoto = "[url=".$contact["url"]."][img]".$contact["thumb"]."[/img][/url]"; + $arr["body"] = sprintf(t("%1$s is now friends with %2$s"), $A, $B)."\n\n\n".$Bphoto; + + $arr["object"] = "".ACTIVITY_OBJ_PERSON."".$contact["name"]."" + ."".$contact["url"]."/".$contact["name"].""; + $arr["object"] .= "".xmlify(''."\n"); + $arr["object"] .= xmlify(''."\n"); + $arr["object"] .= "\n"; + $arr["last-child"] = 1; + + $arr["allow_cid"] = $user[0]["allow_cid"]; + $arr["allow_gid"] = $user[0]["allow_gid"]; + $arr["deny_cid"] = $user[0]["deny_cid"]; + $arr["deny_gid"] = $user[0]["deny_gid"]; - $parent_uri = $msg_diaspora_handle . ':' . $msg_parent_guid; + $i = item_store($arr); + if($i) + proc_run("php", "include/notifier.php", "activity", $i); - $contact = diaspora_get_contact_by_handle($importer['uid'],$msg_diaspora_handle); - if(! $contact) { - logger('diaspora_message: cannot find contact: ' . $msg_diaspora_handle); - return; - } + } - if(($contact['rel'] == CONTACT_IS_FOLLOWER) || ($contact['blocked']) || ($contact['readonly'])) { - logger('diaspora_message: Ignoring this author.'); - return 202; + } } - $conversation = null; - - $c = q("select * from conv where uid = %d and guid = '%s' limit 1", - intval($importer['uid']), - dbesc($msg_conversation_guid) - ); - if(count($c)) - $conversation = $c[0]; - else { - logger('diaspora_message: conversation not available.'); - return; - } + private function receive_request($importer, $data) { + $author = unxmlify($data->author); + $recipient = unxmlify($data->recipient); - $reply = 0; + if (!$author || !$recipient) + return; - $body = diaspora2bb($msg_text); - $message_id = $msg_diaspora_handle . ':' . $msg_guid; + $contact = self::contact_by_handle($importer["uid"],$author); - $author_signed_data = $msg_guid . ';' . $msg_parent_guid . ';' . $msg_text . ';' . unxmlify($xml->created_at) . ';' . $msg_diaspora_handle . ';' . $msg_conversation_guid; + if($contact) { + // perhaps we were already sharing with this person. Now they're sharing with us. + // That makes us friends. - $author_signature = base64_decode($msg_author_signature); + self::receive_request_make_friend($importer, $contact); + return true; + } - $person = find_diaspora_person_by_handle($msg_diaspora_handle); - if(is_array($person) && x($person,'pubkey')) - $key = $person['pubkey']; - else { - logger('diaspora_message: unable to find author details'); - return; - } + $ret = self::person_by_handle($author); - if(! rsa_verify($author_signed_data,$author_signature,$key,'sha256')) { - logger('diaspora_message: verification failed.'); - return; - } + if (!$ret || ($ret["network"] != NETWORK_DIASPORA)) { + logger("Cannot resolve diaspora handle ".$author." for ".$recipient); + return false; + } - $r = q("select id from mail where `uri` = '%s' and uid = %d limit 1", - dbesc($message_id), - intval($importer['uid']) - ); - if(count($r)) { - logger('diaspora_message: duplicate message already delivered.', LOGGER_DEBUG); - return; - } + $batch = (($ret["batch"]) ? $ret["batch"] : implode("/", array_slice(explode("/", $ret["url"]), 0, 3))."/receive/public"); + + $r = q("INSERT INTO `contact` (`uid`, `network`,`addr`,`created`,`url`,`nurl`,`batch`,`name`,`nick`,`photo`,`pubkey`,`notify`,`poll`,`blocked`,`priority`) + VALUES (%d, '%s', '%s', '%s', '%s','%s','%s','%s','%s','%s','%s','%s','%s',%d,%d)", + intval($importer["uid"]), + dbesc($ret["network"]), + dbesc($ret["addr"]), + datetime_convert(), + dbesc($ret["url"]), + dbesc(normalise_link($ret["url"])), + dbesc($batch), + dbesc($ret["name"]), + dbesc($ret["nick"]), + dbesc($ret["photo"]), + dbesc($ret["pubkey"]), + dbesc($ret["notify"]), + dbesc($ret["poll"]), + 1, + 2 + ); - q("insert into mail ( `uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`) values ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')", - intval($importer['uid']), - dbesc($msg_guid), - intval($conversation['id']), - dbesc($person['name']), - dbesc($person['photo']), - dbesc($person['url']), - intval($contact['id']), - dbesc($conversation['subject']), - dbesc($body), - 0, - 1, - dbesc($message_id), - dbesc($parent_uri), - dbesc($msg_created_at) - ); - - q("update conv set updated = '%s' where id = %d", - dbesc(datetime_convert()), - intval($conversation['id']) - ); - - return; -} + // find the contact record we just created -function diaspora_participation($importer,$xml) { - logger("Unsupported message type 'participation' ".print_r($xml, true)); -} + $contact_record = self::contact_by_handle($importer["uid"],$author); -function diaspora_photo($importer,$xml,$msg,$attempt=1) { + if (!$contact_record) { + logger("unable to locate newly created contact record."); + return; + } - $a = get_app(); + $g = q("SELECT `def_gid` FROM `user` WHERE `uid` = %d LIMIT 1", + intval($importer["uid"]) + ); - logger('diaspora_photo: init',LOGGER_DEBUG); + if($g && intval($g[0]["def_gid"])) + group_add_member($importer["uid"], "", $contact_record["id"], $g[0]["def_gid"]); - $remote_photo_path = notags(unxmlify($xml->remote_photo_path)); + if($importer["page-flags"] == PAGE_NORMAL) { - $remote_photo_name = notags(unxmlify($xml->remote_photo_name)); + $hash = random_string().(string)time(); // Generate a confirm_key - $status_message_guid = notags(unxmlify($xml->status_message_guid)); + $ret = q("INSERT INTO `intro` (`uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`) + VALUES (%d, %d, %d, %d, '%s', '%s', '%s')", + intval($importer["uid"]), + intval($contact_record["id"]), + 0, + 0, + dbesc(t("Sharing notification from Diaspora network")), + dbesc($hash), + dbesc(datetime_convert()) + ); + } else { - $guid = notags(unxmlify($xml->guid)); + // automatic friend approval - $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + update_contact_avatar($contact_record["photo"],$importer["uid"],$contact_record["id"]); - $public = notags(unxmlify($xml->public)); + // technically they are sharing with us (CONTACT_IS_SHARING), + // but if our page-type is PAGE_COMMUNITY or PAGE_SOAPBOX + // we are going to change the relationship and make them a follower. - $created_at = notags(unxmlify($xml_created_at)); + if($importer["page-flags"] == PAGE_FREELOVE) + $new_relation = CONTACT_IS_FRIEND; + else + $new_relation = CONTACT_IS_FOLLOWER; - logger('diaspora_photo: status_message_guid: ' . $status_message_guid, LOGGER_DEBUG); + $r = q("UPDATE `contact` SET `rel` = %d, + `name-date` = '%s', + `uri-date` = '%s', + `blocked` = 0, + `pending` = 0, + `writable` = 1 + WHERE `id` = %d + ", + intval($new_relation), + dbesc(datetime_convert()), + dbesc(datetime_convert()), + intval($contact_record["id"]) + ); - $contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']); - if(! $contact) { - logger('diaspora_photo: contact record not found: ' . $msg['author'] . ' handle: ' . $diaspora_handle); - return; - } + $u = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($importer["uid"])); + if($u) + $ret = self::send_share($u[0], $contact_record); + } - if(! diaspora_post_allow($importer,$contact, false)) { - logger('diaspora_photo: Ignoring this author.'); - return 202; + return true; } - $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($status_message_guid) - ); - -/* deactivated by now since it can lead to multiplicated pictures in posts. - if(!count($r)) { - $result = diaspora_store_by_guid($status_message_guid, $contact['url'], $importer['uid']); + private function original_item($guid, $orig_author, $author) { - if (!$result) { - $person = find_diaspora_person_by_handle($diaspora_handle); - $result = diaspora_store_by_guid($status_message_guid, $person['url'], $importer['uid']); - } + // Do we already have this item? + $r = q("SELECT `body`, `tag`, `app`, `created`, `object-type`, `uri`, `guid`, + `author-name`, `author-link`, `author-avatar` + FROM `item` WHERE `guid` = '%s' AND `visible` AND NOT `deleted` AND `body` != '' LIMIT 1", + dbesc($guid)); - if ($result) { - logger("Fetched missing item ".$status_message_guid." - result: ".$result, LOGGER_DEBUG); + if($r) { + logger("reshared message ".$guid." already exists on system."); - $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($status_message_guid) - ); - } - } -*/ - if(!count($r)) { - if($attempt <= 3) { - q("INSERT INTO dsprphotoq (uid, msg, attempt) VALUES (%d, '%s', %d)", - intval($importer['uid']), - dbesc(serialize($msg)), - intval($attempt + 1) - ); + // Maybe it is already a reshared item? + // Then refetch the content, since there can be many side effects with reshared posts from other networks or reshares from reshares + if (self::is_reshare($r[0]["body"])) + $r = array(); + else + return $r[0]; } - logger('diaspora_photo: attempt = ' . $attempt . '; status message not found: ' . $status_message_guid . ' for photo: ' . $guid); - return; - } - - $parent_item = $r[0]; + if (!$r) { + $server = "https://".substr($orig_author, strpos($orig_author, "@") + 1); + logger("1st try: reshared message ".$guid." will be fetched from original server: ".$server); + $item_id = self::store_by_guid($guid, $server); - $link_text = '[img]' . $remote_photo_path . $remote_photo_name . '[/img]' . "\n"; - - $link_text = scale_external_images($link_text, true, - array($remote_photo_name, 'scaled_full_' . $remote_photo_name)); + if (!$item_id) { + $server = "http://".substr($orig_author, strpos($orig_author, "@") + 1); + logger("2nd try: reshared message ".$guid." will be fetched from original server: ".$server); + $item_id = self::store_by_guid($guid, $server); + } - if(strpos($parent_item['body'],$link_text) === false) { + // Deactivated by now since there is a risk that someone could manipulate postings through this method +/* if (!$item_id) { + $server = "https://".substr($author, strpos($author, "@") + 1); + logger("3rd try: reshared message ".$guid." will be fetched from sharer's server: ".$server); + $item_id = self::store_by_guid($guid, $server); + } + if (!$item_id) { + $server = "http://".substr($author, strpos($author, "@") + 1); + logger("4th try: reshared message ".$guid." will be fetched from sharer's server: ".$server); + $item_id = self::store_by_guid($guid, $server); + } +*/ + if ($item_id) { + $r = q("SELECT `body`, `tag`, `app`, `created`, `object-type`, `uri`, `guid`, + `author-name`, `author-link`, `author-avatar` + FROM `item` WHERE `id` = %d AND `visible` AND NOT `deleted` AND `body` != '' LIMIT 1", + intval($item_id)); - $parent_item['body'] = $link_text . $parent_item['body']; + if ($r) + return $r[0]; - $r = q("UPDATE `item` SET `body` = '%s', `visible` = 1 WHERE `id` = %d AND `uid` = %d", - dbesc($parent_item['body']), - intval($parent_item['id']), - intval($parent_item['uid']) - ); - put_item_in_cache($parent_item, true); - update_thread($parent_item['id']); + } + } + return false; } - return; -} + private function receive_reshare($importer, $data) { + $root_author = notags(unxmlify($data->root_author)); + $root_guid = notags(unxmlify($data->root_guid)); + $guid = notags(unxmlify($data->guid)); + $author = notags(unxmlify($data->author)); + $public = notags(unxmlify($data->public)); + $created_at = notags(unxmlify($data->created_at)); + $contact = self::allowed_contact_by_handle($importer, $author, false); + if (!$contact) + return false; + if (self::message_exists($importer["uid"], $guid)) + return false; + $original_item = self::original_item($root_guid, $root_author, $author); + if (!$original_item) + return false; -function diaspora_like($importer,$xml,$msg) { + $orig_url = App::get_baseurl()."/display/".$original_item["guid"]; - $a = get_app(); - $guid = notags(unxmlify($xml->guid)); - $parent_guid = notags(unxmlify($xml->parent_guid)); - $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); - $target_type = notags(unxmlify($xml->target_type)); - $positive = notags(unxmlify($xml->positive)); - $author_signature = notags(unxmlify($xml->author_signature)); + $datarray = array(); - $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : ''); + $datarray["uid"] = $importer["uid"]; + $datarray["contact-id"] = $contact["id"]; + $datarray["network"] = NETWORK_DIASPORA; - // likes on comments not supported here and likes on photos not supported by Diaspora + $datarray["author-name"] = $contact["name"]; + $datarray["author-link"] = $contact["url"]; + $datarray["author-avatar"] = ((x($contact,"thumb")) ? $contact["thumb"] : $contact["photo"]); -// if($target_type !== 'Post') -// return; + $datarray["owner-name"] = $datarray["author-name"]; + $datarray["owner-link"] = $datarray["author-link"]; + $datarray["owner-avatar"] = $datarray["author-avatar"]; - $contact = diaspora_get_contact_by_handle($importer['uid'],$msg['author']); - if(! $contact) { - logger('diaspora_like: cannot find contact: ' . $msg['author']); - return; - } + $datarray["guid"] = $guid; + $datarray["uri"] = $datarray["parent-uri"] = $author.":".$guid; - if(! diaspora_post_allow($importer,$contact, false)) { - logger('diaspora_like: Ignoring this author.'); - return 202; - } + $datarray["verb"] = ACTIVITY_POST; + $datarray["gravity"] = GRAVITY_PARENT; - $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($parent_guid) - ); + $datarray["object"] = json_encode($data); - if(!count($r)) { - $result = diaspora_store_by_guid($parent_guid, $contact['url'], $importer['uid']); + $prefix = share_header($original_item["author-name"], $original_item["author-link"], $original_item["author-avatar"], + $original_item["guid"], $original_item["created"], $orig_url); + $datarray["body"] = $prefix.$original_item["body"]."[/share]"; - if (!$result) { - $person = find_diaspora_person_by_handle($diaspora_handle); - $result = diaspora_store_by_guid($parent_guid, $person['url'], $importer['uid']); - } + $datarray["tag"] = $original_item["tag"]; + $datarray["app"] = $original_item["app"]; - if ($result) { - logger("Fetched missing item ".$parent_guid." - result: ".$result, LOGGER_DEBUG); + $datarray["plink"] = self::plink($author, $guid); + $datarray["private"] = (($public == "false") ? 1 : 0); + $datarray["changed"] = $datarray["created"] = $datarray["edited"] = datetime_convert("UTC", "UTC", $created_at); - $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($parent_guid) - ); - } - } + $datarray["object-type"] = $original_item["object-type"]; - if(! count($r)) { - logger('diaspora_like: parent item not found: ' . $guid); - return; - } + self::fetch_guid($datarray); + $message_id = item_store($datarray); - $parent_item = $r[0]; + if ($message_id) + logger("Stored reshare ".$datarray["guid"]." with message id ".$message_id, LOGGER_DEBUG); - $r = q("SELECT * FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer['uid']), - dbesc($guid) - ); - if(count($r)) { - if($positive === 'true') { - logger('diaspora_like: duplicate like: ' . $guid); - return; - } - // Note: I don't think "Like" objects with positive = "false" are ever actually used - // It looks like "RelayableRetractions" are used for "unlike" instead - if($positive === 'false') { - logger('diaspora_like: received a like with positive set to "false"...ignoring'); -/* q("UPDATE `item` SET `deleted` = 1 WHERE `id` = %d AND `uid` = %d", - intval($r[0]['id']), - intval($importer['uid']) - );*/ - // FIXME--actually don't unless it turns out that Diaspora does indeed send out "false" likes - // send notification via proc_run() - return; - } + return $message_id; } - // Note: I don't think "Like" objects with positive = "false" are ever actually used - // It looks like "RelayableRetractions" are used for "unlike" instead - if($positive === 'false') { - logger('diaspora_like: received a like with positive set to "false"'); - logger('diaspora_like: unlike received with no corresponding like...ignoring'); - return; - } - - /* How Diaspora performs "like" signature checking: + private function item_retraction($importer, $contact, $data) { + $target_type = notags(unxmlify($data->target_type)); + $target_guid = notags(unxmlify($data->target_guid)); + $author = notags(unxmlify($data->author)); - - If an item has been sent by the like author to the top-level post owner to relay on - to the rest of the contacts on the top-level post, the top-level post owner should check - the author_signature, then create a parent_author_signature before relaying the like on - - If an item has been relayed on by the top-level post owner, the contacts who receive it - check only the parent_author_signature. Basically, they trust that the top-level post - owner has already verified the authenticity of anything he/she sends out - - In either case, the signature that get checked is the signature created by the person - who sent the salmon - */ - - // Diaspora has changed the way they are signing the likes. - // Just to make sure that we don't miss any likes we will check the old and the current way. - $old_signed_data = $guid . ';' . $target_type . ';' . $parent_guid . ';' . $positive . ';' . $diaspora_handle; + $person = self::person_by_handle($author); + if (!is_array($person)) { + logger("unable to find author detail for ".$author); + return false; + } - $signed_data = $positive . ';' . $guid . ';' . $target_type . ';' . $parent_guid . ';' . $diaspora_handle; + $r = q("SELECT `id`, `parent`, `parent-uri`, `author-link` FROM `item` WHERE `guid` = '%s' AND `uid` = %d AND NOT `file` LIKE '%%[%%' LIMIT 1", + dbesc($target_guid), + intval($importer["uid"]) + ); + if (!$r) + return false; - $key = $msg['key']; + // Only delete it if the author really fits + if (!link_compare($r[0]["author-link"], $person["url"])) { + logger("Item author ".$r[0]["author-link"]." doesn't fit to expected contact ".$person["url"], LOGGER_DEBUG); + return false; + } - if ($parent_author_signature) { - // If a parent_author_signature exists, then we've received the like - // relayed from the top-level post owner. There's no need to check the - // author_signature if the parent_author_signature is valid + // Check if the sender is the thread owner + $p = q("SELECT `id`, `author-link`, `origin` FROM `item` WHERE `id` = %d", + intval($r[0]["parent"])); - $parent_author_signature = base64_decode($parent_author_signature); + // Only delete it if the parent author really fits + if (!link_compare($p[0]["author-link"], $contact["url"]) AND !link_compare($r[0]["author-link"], $contact["url"])) { + logger("Thread author ".$p[0]["author-link"]." and item author ".$r[0]["author-link"]." don't fit to expected contact ".$contact["url"], LOGGER_DEBUG); + return false; + } - if (!rsa_verify($signed_data,$parent_author_signature,$key,'sha256') AND - !rsa_verify($old_signed_data,$parent_author_signature,$key,'sha256')) { + // Currently we don't have a central deletion function that we could use in this case. The function "item_drop" doesn't work for that case + q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s', `body` = '' , `title` = '' WHERE `id` = %d", + dbesc(datetime_convert()), + dbesc(datetime_convert()), + intval($r[0]["id"]) + ); + delete_thread($r[0]["id"], $r[0]["parent-uri"]); - logger('diaspora_like: top-level owner verification failed.'); - return; - } - } else { - // If there's no parent_author_signature, then we've received the like - // from the like creator. In that case, the person is "like"ing - // our post, so he/she must be a contact of ours and his/her public key - // should be in $msg['key'] + logger("Deleted target ".$target_guid." (".$r[0]["id"].") from user ".$importer["uid"]." parent: ".$p[0]["id"], LOGGER_DEBUG); - $author_signature = base64_decode($author_signature); + // Now check if the retraction needs to be relayed by us + if($p[0]["origin"]) { - if (!rsa_verify($signed_data,$author_signature,$key,'sha256') AND - !rsa_verify($old_signed_data,$author_signature,$key,'sha256')) { + // Formerly we stored the signed text, the signature and the author in different fields. + // We now store the raw data so that we are more flexible. + q("INSERT INTO `sign` (`retract_iid`,`signed_text`) VALUES (%d,'%s')", + intval($r[0]["id"]), + dbesc(json_encode($data)) + ); + $s = q("select * from sign where retract_iid = %d", intval($r[0]["id"])); + logger("Stored signatur for item ".$r[0]["id"]." - ".print_r($s, true), LOGGER_DEBUG); - logger('diaspora_like: like creator verification failed.'); - return; + // notify others + proc_run("php", "include/notifier.php", "drop", $r[0]["id"]); } } - // Phew! Everything checks out. Now create an item. + private function receive_retraction($importer, $sender, $data) { + $target_type = notags(unxmlify($data->target_type)); - // Find the original comment author information. - // We need this to make sure we display the comment author - // information (name and avatar) correctly. - if(strcasecmp($diaspora_handle,$msg['author']) == 0) - $person = $contact; - else { - $person = find_diaspora_person_by_handle($diaspora_handle); + $contact = self::contact_by_handle($importer["uid"], $sender); + if (!$contact) { + logger("cannot find contact for sender: ".$sender." and user ".$importer["uid"]); + return false; + } - if(! is_array($person)) { - logger('diaspora_like: unable to find author details'); - return; + logger("Got retraction for ".$target_type.", sender ".$sender." and user ".$importer["uid"], LOGGER_DEBUG); + + switch ($target_type) { + case "Comment": + case "Like": + case "Post": // "Post" will be supported in a future version + case "Reshare": + case "StatusMessage": + return self::item_retraction($importer, $contact, $data);; + + case "Person": + /// @todo What should we do with an "unshare"? + // Removing the contact isn't correct since we still can read the public items + //contact_remove($contact["id"]); + return true; + + default: + logger("Unknown target type ".$target_type); + return false; } + return true; } - $uri = $diaspora_handle . ':' . $guid; - - $activity = ACTIVITY_LIKE; - $post_type = (($parent_item['resource-id']) ? t('photo') : t('status')); - $objtype = (($parent_item['resource-id']) ? ACTIVITY_OBJ_PHOTO : ACTIVITY_OBJ_NOTE ); - $link = xmlify('' . "\n") ; - $body = $parent_item['body']; - - $obj = <<< EOT - - - $objtype - 1 - {$parent_item['uri']} - $link - - $body - -EOT; - $bodyverb = t('%1$s likes %2$s\'s %3$s'); - - // Fetch the contact id - if we know this contact - $r = q("SELECT `id`, `network` FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1", - dbesc(normalise_link($person['url'])), intval($importer['uid'])); - if ($r) { - $cid = $r[0]['id']; - $network = $r[0]['network']; - } else { - $cid = $contact['id']; - $network = NETWORK_DIASPORA; - } + private function receive_status_message($importer, $data) { - $arr = array(); - - $arr['uri'] = $uri; - $arr['uid'] = $importer['uid']; - $arr['guid'] = $guid; - $arr['network'] = $network; - $arr['contact-id'] = $cid; - $arr['type'] = 'activity'; - $arr['wall'] = $parent_item['wall']; - $arr['gravity'] = GRAVITY_LIKE; - $arr['parent'] = $parent_item['id']; - $arr['parent-uri'] = $parent_item['uri']; - - $arr['owner-name'] = $parent_item['name']; - $arr['owner-link'] = $parent_item['url']; - //$arr['owner-avatar'] = $parent_item['thumb']; - $arr['owner-avatar'] = ((x($parent_item,'thumb')) ? $parent_item['thumb'] : $parent_item['photo']); - - $arr['author-name'] = $person['name']; - $arr['author-link'] = $person['url']; - $arr['author-avatar'] = ((x($person,'thumb')) ? $person['thumb'] : $person['photo']); - - $ulink = '[url=' . $contact['url'] . ']' . $contact['name'] . '[/url]'; - $alink = '[url=' . $parent_item['author-link'] . ']' . $parent_item['author-name'] . '[/url]'; - //$plink = '[url=' . $a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $parent_item['id'] . ']' . $post_type . '[/url]'; - $plink = '[url='.$a->get_baseurl().'/display/'.urlencode($guid).']'.$post_type.'[/url]'; - $arr['body'] = sprintf( $bodyverb, $ulink, $alink, $plink ); - - $arr['app'] = 'Diaspora'; - - $arr['private'] = $parent_item['private']; - $arr['verb'] = $activity; - $arr['object-type'] = $objtype; - $arr['object'] = $obj; - $arr['visible'] = 1; - $arr['unseen'] = 1; - $arr['last-child'] = 0; - - $message_id = item_store($arr); - - - //if($message_id) { - // q("update item set plink = '%s' where id = %d", - // //dbesc($a->get_baseurl() . '/display/' . $importer['nickname'] . '/' . $message_id), - // dbesc($a->get_baseurl().'/display/'.$guid), - // intval($message_id) - // ); - //} - - // If we are the origin of the parent we store the original signature and notify our followers - if($parent_item['origin']) { - $author_signature_base64 = base64_encode($author_signature); - $author_signature_base64 = diaspora_repair_signature($author_signature_base64, $diaspora_handle); - - q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", - intval($message_id), - dbesc($signed_data), - dbesc($author_signature_base64), - dbesc($diaspora_handle) - ); + $raw_message = unxmlify($data->raw_message); + $guid = notags(unxmlify($data->guid)); + $author = notags(unxmlify($data->author)); + $public = notags(unxmlify($data->public)); + $created_at = notags(unxmlify($data->created_at)); + $provider_display_name = notags(unxmlify($data->provider_display_name)); - // notify others - proc_run('php','include/notifier.php','comment-import',$message_id); - } + /// @todo enable support for polls + //if ($data->poll) { + // foreach ($data->poll AS $poll) + // print_r($poll); + // die("poll!\n"); + //} + $contact = self::allowed_contact_by_handle($importer, $author, false); + if (!$contact) + return false; - return; -} + if (self::message_exists($importer["uid"], $guid)) + return false; -function diaspora_retraction($importer,$xml) { + $address = array(); + if ($data->location) + foreach ($data->location->children() AS $fieldname => $data) + $address[$fieldname] = notags(unxmlify($data)); + $body = diaspora2bb($raw_message); - $guid = notags(unxmlify($xml->guid)); - $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); - $type = notags(unxmlify($xml->type)); + $datarray = array(); - $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); - if(! $contact) - return; + if ($data->photo) { + foreach ($data->photo AS $photo) + $body = "[img]".$photo->remote_photo_path.$photo->remote_photo_name."[/img]\n".$body; - if($type === 'Person') { - require_once('include/Contact.php'); - contact_remove($contact['id']); - } elseif($type === 'StatusMessage') { - $guid = notags(unxmlify($xml->post_guid)); + $datarray["object-type"] = ACTIVITY_OBJ_PHOTO; + } else { + $datarray["object-type"] = ACTIVITY_OBJ_NOTE; - $r = q("SELECT * FROM `item` WHERE `guid` = '%s' AND `uid` = %d AND NOT `file` LIKE '%%[%%' LIMIT 1", - dbesc($guid), - intval($importer['uid']) - ); - if(count($r)) { - if(link_compare($r[0]['author-link'],$contact['url'])) { - q("UPDATE `item` SET `deleted` = 1, `changed` = '%s' WHERE `id` = %d", - dbesc(datetime_convert()), - intval($r[0]['id']) - ); - delete_thread($r[0]['id'], $r[0]['parent-uri']); - } - } - } elseif($type === 'Post') { - $r = q("select * from item where guid = '%s' and uid = %d and not file like '%%[%%' limit 1", - dbesc('guid'), - intval($importer['uid']) - ); - if(count($r)) { - if(link_compare($r[0]['author-link'],$contact['url'])) { - q("update item set `deleted` = 1, `changed` = '%s' where `id` = %d", - dbesc(datetime_convert()), - intval($r[0]['id']) - ); - delete_thread($r[0]['id'], $r[0]['parent-uri']); - } + // Add OEmbed and other information to the body + if (!self::is_redmatrix($contact["url"])) + $body = add_page_info_to_body($body, false, true); } - } - return 202; - // NOTREACHED -} + $datarray["uid"] = $importer["uid"]; + $datarray["contact-id"] = $contact["id"]; + $datarray["network"] = NETWORK_DIASPORA; -function diaspora_signed_retraction($importer,$xml,$msg) { + $datarray["author-name"] = $contact["name"]; + $datarray["author-link"] = $contact["url"]; + $datarray["author-avatar"] = ((x($contact,"thumb")) ? $contact["thumb"] : $contact["photo"]); + $datarray["owner-name"] = $datarray["author-name"]; + $datarray["owner-link"] = $datarray["author-link"]; + $datarray["owner-avatar"] = $datarray["author-avatar"]; - $guid = notags(unxmlify($xml->target_guid)); - $diaspora_handle = notags(unxmlify($xml->sender_handle)); - $type = notags(unxmlify($xml->target_type)); - $sig = notags(unxmlify($xml->target_author_signature)); + $datarray["guid"] = $guid; + $datarray["uri"] = $datarray["parent-uri"] = $author.":".$guid; - $parent_author_signature = (($xml->parent_author_signature) ? notags(unxmlify($xml->parent_author_signature)) : ''); + $datarray["verb"] = ACTIVITY_POST; + $datarray["gravity"] = GRAVITY_PARENT; - $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); - if(! $contact) { - logger('diaspora_signed_retraction: no contact ' . $diaspora_handle . ' for ' . $importer['uid']); - return; - } + $datarray["object"] = json_encode($data); + $datarray["body"] = $body; - $signed_data = $guid . ';' . $type ; - $key = $msg['key']; + if ($provider_display_name != "") + $datarray["app"] = $provider_display_name; - /* How Diaspora performs relayable_retraction signature checking: + $datarray["plink"] = self::plink($author, $guid); + $datarray["private"] = (($public == "false") ? 1 : 0); + $datarray["changed"] = $datarray["created"] = $datarray["edited"] = datetime_convert("UTC", "UTC", $created_at); - - If an item has been sent by the item author to the top-level post owner to relay on - to the rest of the contacts on the top-level post, the top-level post owner checks - the author_signature, then creates a parent_author_signature before relaying the item on - - If an item has been relayed on by the top-level post owner, the contacts who receive it - check only the parent_author_signature. Basically, they trust that the top-level post - owner has already verified the authenticity of anything he/she sends out - - In either case, the signature that get checked is the signature created by the person - who sent the salmon - */ + if (isset($address["address"])) + $datarray["location"] = $address["address"]; - if($parent_author_signature) { + if (isset($address["lat"]) AND isset($address["lng"])) + $datarray["coord"] = $address["lat"]." ".$address["lng"]; - $parent_author_signature = base64_decode($parent_author_signature); + self::fetch_guid($datarray); + $message_id = item_store($datarray); - if(! rsa_verify($signed_data,$parent_author_signature,$key,'sha256')) { - logger('diaspora_signed_retraction: top-level post owner verification failed'); - return; - } + if ($message_id) + logger("Stored item ".$datarray["guid"]." with message id ".$message_id, LOGGER_DEBUG); - } else { + return $message_id; + } - $sig_decode = base64_decode($sig); + /****************************************************************************************** + * Here are all the functions that are needed to transmit data with the Diaspora protocol * + ******************************************************************************************/ - if(! rsa_verify($signed_data,$sig_decode,$key,'sha256')) { - logger('diaspora_signed_retraction: retraction owner verification failed.' . print_r($msg,true)); - return; - } - } + private function my_handle($me) { + if ($contact["addr"] != "") + return $contact["addr"]; - if($type === 'StatusMessage' || $type === 'Comment' || $type === 'Like') { - $r = q("select * from item where guid = '%s' and uid = %d and not file like '%%[%%' limit 1", - dbesc($guid), - intval($importer['uid']) - ); - if(count($r)) { - if(link_compare($r[0]['author-link'],$contact['url'])) { - q("update item set `deleted` = 1, `edited` = '%s', `changed` = '%s', `body` = '' , `title` = '' where `id` = %d", - dbesc(datetime_convert()), - dbesc(datetime_convert()), - intval($r[0]['id']) - ); - delete_thread($r[0]['id'], $r[0]['parent-uri']); - - // Now check if the retraction needs to be relayed by us - // - // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always - // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent. - // The only item with `parent` and `id` as the parent id is the parent item. - $p = q("SELECT `origin` FROM `item` WHERE `parent` = %d AND `id` = %d LIMIT 1", - intval($r[0]['parent']), - intval($r[0]['parent']) - ); - if(count($p)) { - if($p[0]['origin']) { - q("insert into sign (`retract_iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ", - $r[0]['id'], - dbesc($signed_data), - dbesc($sig), - dbesc($diaspora_handle) - ); - - // the existence of parent_author_signature would have meant the parent_author or owner - // is already relaying. - logger('diaspora_signed_retraction: relaying relayable_retraction'); - - proc_run('php','include/notifier.php','drop',$r[0]['id']); - } - } - } - } + // Normally we should have a filled "addr" field - but in the past this wasn't the case + // So - just in case - we build the the address here. + return $me["nickname"]."@".substr(App::get_baseurl(), strpos(App::get_baseurl(),"://") + 3); } - else - logger('diaspora_signed_retraction: unknown type: ' . $type); - return 202; - // NOTREACHED -} + private function build_public_message($msg, $user, $contact, $prvkey, $pubkey) { -function diaspora_profile($importer,$xml,$msg) { + logger("Message: ".$msg, LOGGER_DATA); - $a = get_app(); - $diaspora_handle = notags(unxmlify($xml->diaspora_handle)); + $handle = self::my_handle($user); + $b64url_data = base64url_encode($msg); - if($diaspora_handle != $msg['author']) { - logger('diaspora_post: Potential forgery. Message handle is not the same as envelope sender.'); - return 202; - } + $data = str_replace(array("\n", "\r", " ", "\t"), array("", "", "", ""), $b64url_data); - $contact = diaspora_get_contact_by_handle($importer['uid'],$diaspora_handle); - if(! $contact) - return; - - //if($contact['blocked']) { - // logger('diaspora_post: Ignoring this author.'); - // return 202; - //} - - $name = unxmlify($xml->first_name) . ((strlen($xml->last_name)) ? ' ' . unxmlify($xml->last_name) : ''); - $image_url = unxmlify($xml->image_url); - $birthday = unxmlify($xml->birthday); - $location = diaspora2bb(unxmlify($xml->location)); - $about = diaspora2bb(unxmlify($xml->bio)); - $gender = unxmlify($xml->gender); - $searchable = (unxmlify($xml->searchable) == "true"); - $nsfw = (unxmlify($xml->nsfw) == "true"); - $tags = unxmlify($xml->tag_string); - - $tags = explode("#", $tags); - - $keywords = array(); - foreach ($tags as $tag) { - $tag = trim(strtolower($tag)); - if ($tag != "") - $keywords[] = $tag; - } + $type = "application/xml"; + $encoding = "base64url"; + $alg = "RSA-SHA256"; - $keywords = implode(", ", $keywords); + $signable_data = $data.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg); - $handle_parts = explode("@", $diaspora_handle); - $nick = $handle_parts[0]; + $signature = rsa_sign($signable_data,$prvkey); + $sig = base64url_encode($signature); - if($name === '') { - $name = $handle_parts[0]; - } + $xmldata = array("diaspora" => array("header" => array("author_id" => $handle), + "me:env" => array("me:encoding" => "base64url", + "me:alg" => "RSA-SHA256", + "me:data" => $data, + "@attributes" => array("type" => "application/xml"), + "me:sig" => $sig))); - if( preg_match("|^https?://|", $image_url) === 0) { - $image_url = "http://" . $handle_parts[1] . $image_url; + $namespaces = array("" => "https://joindiaspora.com/protocol", + "me" => "http://salmon-protocol.org/ns/magic-env"); + + $magic_env = xml::from_array($xmldata, $xml, false, $namespaces); + + logger("magic_env: ".$magic_env, LOGGER_DATA); + return $magic_env; } -/* $r = q("SELECT DISTINCT ( `resource-id` ) FROM `photo` WHERE `uid` = %d AND `contact-id` = %d AND `album` = 'Contact Photos' ", - intval($importer['uid']), - intval($contact['id']) - ); - $oldphotos = ((count($r)) ? $r : null);*/ + private function build_private_message($msg, $user, $contact, $prvkey, $pubkey) { - require_once('include/Photo.php'); + logger("Message: ".$msg, LOGGER_DATA); - update_contact_avatar($image_url,$importer['uid'],$contact['id']); + // without a public key nothing will work - // Generic birthday. We don't know the timezone. The year is irrelevant. + if (!$pubkey) { + logger("pubkey missing: contact id: ".$contact["id"]); + return false; + } - $birthday = str_replace('1000','1901',$birthday); + $inner_aes_key = random_string(32); + $b_inner_aes_key = base64_encode($inner_aes_key); + $inner_iv = random_string(16); + $b_inner_iv = base64_encode($inner_iv); - if ($birthday != "") - $birthday = datetime_convert('UTC','UTC',$birthday,'Y-m-d'); + $outer_aes_key = random_string(32); + $b_outer_aes_key = base64_encode($outer_aes_key); + $outer_iv = random_string(16); + $b_outer_iv = base64_encode($outer_iv); - // this is to prevent multiple birthday notifications in a single year - // if we already have a stored birthday and the 'm-d' part hasn't changed, preserve the entry, which will preserve the notify year + $handle = self::my_handle($user); - if(substr($birthday,5) === substr($contact['bd'],5)) - $birthday = $contact['bd']; + $padded_data = pkcs5_pad($msg,16); + $inner_encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $padded_data, MCRYPT_MODE_CBC, $inner_iv); - /// @TODO Update name on item['author-name'] if the name changed. See consume_feed() - /// (Not doing this currently because D* protocol is scheduled for revision soon). + $b64_data = base64_encode($inner_encrypted); - $r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `addr` = '%s', `name-date` = '%s', `bd` = '%s', - `location` = '%s', `about` = '%s', `keywords` = '%s', `gender` = '%s' WHERE `id` = %d AND `uid` = %d", - dbesc($name), - dbesc($nick), - dbesc($diaspora_handle), - dbesc(datetime_convert()), - dbesc($birthday), - dbesc($location), - dbesc($about), - dbesc($keywords), - dbesc($gender), - intval($contact['id']), - intval($importer['uid']) - ); - if ($searchable) { - require_once('include/socgraph.php'); - poco_check($contact['url'], $name, NETWORK_DIASPORA, $image_url, $about, $location, $gender, $keywords, "", - datetime_convert(), 2, $contact['id'], $importer['uid']); - } + $b64url_data = base64url_encode($b64_data); + $data = str_replace(array("\n", "\r", " ", "\t"), array("", "", "", ""), $b64url_data); - update_gcontact(array("url" => $contact['url'], "network" => NETWORK_DIASPORA, "generation" => 2, - "photo" => $image_url, "name" => $name, "location" => $location, - "about" => $about, "birthday" => $birthday, "gender" => $gender, - "addr" => $diaspora_handle, "nick" => $nick, "keywords" => $keywords, - "hide" => !$searchable, "nsfw" => $nsfw)); - -/* if($r) { - if($oldphotos) { - foreach($oldphotos as $ph) { - q("DELETE FROM `photo` WHERE `uid` = %d AND `contact-id` = %d AND `album` = 'Contact Photos' AND `resource-id` = '%s' ", - intval($importer['uid']), - intval($contact['id']), - dbesc($ph['resource-id']) - ); - } - } - } */ + $type = "application/xml"; + $encoding = "base64url"; + $alg = "RSA-SHA256"; - return; + $signable_data = $data.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg); -} + $signature = rsa_sign($signable_data,$prvkey); + $sig = base64url_encode($signature); -function diaspora_share($me,$contact) { - $a = get_app(); - $myaddr = $me['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); - $theiraddr = $contact['addr']; + $xmldata = array("decrypted_header" => array("iv" => $b_inner_iv, + "aes_key" => $b_inner_aes_key, + "author_id" => $handle)); - $tpl = get_markup_template('diaspora_share.tpl'); - $msg = replace_macros($tpl, array( - '$sender' => $myaddr, - '$recipient' => $theiraddr - )); + $decrypted_header = xml::from_array($xmldata, $xml, true); + $decrypted_header = pkcs5_pad($decrypted_header,16); - $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey']))); - //$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey'])); + $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv); - return(diaspora_transmit($owner,$contact,$slap, false)); -} + $outer_json = json_encode(array("iv" => $b_outer_iv, "key" => $b_outer_aes_key)); -function diaspora_unshare($me,$contact) { + $encrypted_outer_key_bundle = ""; + openssl_public_encrypt($outer_json, $encrypted_outer_key_bundle, $pubkey); - $a = get_app(); - $myaddr = $me['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + $b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle); - $tpl = get_markup_template('diaspora_retract.tpl'); - $msg = replace_macros($tpl, array( - '$guid' => $me['guid'], - '$type' => 'Person', - '$handle' => $myaddr - )); + logger("outer_bundle: ".$b64_encrypted_outer_key_bundle." key: ".$pubkey, LOGGER_DATA); - $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey']))); - //$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$me,$contact,$me['prvkey'],$contact['pubkey'])); + $encrypted_header_json_object = json_encode(array("aes_key" => base64_encode($encrypted_outer_key_bundle), + "ciphertext" => base64_encode($ciphertext))); + $cipher_json = base64_encode($encrypted_header_json_object); - return(diaspora_transmit($owner,$contact,$slap, false)); + $xmldata = array("diaspora" => array("encrypted_header" => $cipher_json, + "me:env" => array("me:encoding" => "base64url", + "me:alg" => "RSA-SHA256", + "me:data" => $data, + "@attributes" => array("type" => "application/xml"), + "me:sig" => $sig))); -} + $namespaces = array("" => "https://joindiaspora.com/protocol", + "me" => "http://salmon-protocol.org/ns/magic-env"); + + $magic_env = xml::from_array($xmldata, $xml, false, $namespaces); + logger("magic_env: ".$magic_env, LOGGER_DATA); + return $magic_env; + } -function diaspora_send_status($item,$owner,$contact,$public_batch = false) { + private function build_message($msg, $user, $contact, $prvkey, $pubkey, $public = false) { - $a = get_app(); - $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); - $theiraddr = $contact['addr']; + if ($public) + $magic_env = self::build_public_message($msg,$user,$contact,$prvkey,$pubkey); + else + $magic_env = self::build_private_message($msg,$user,$contact,$prvkey,$pubkey); - $images = array(); + // The data that will be transmitted is double encoded via "urlencode", strange ... + $slap = "xml=".urlencode(urlencode($magic_env)); + return $slap; + } - $title = $item['title']; - $body = $item['body']; + private function signature($owner, $message) { + $sigmsg = $message; + unset($sigmsg["author_signature"]); + unset($sigmsg["parent_author_signature"]); -/* - // We're trying to match Diaspora's split message/photo protocol but - // all the photos are displayed on D* as links and not img's - even - // though we're sending pretty much precisely what they send us when - // doing the same operation. - // Commented out for now, we'll use bb2diaspora to convert photos to markdown - // which seems to get through intact. + $signed_text = implode(";", $sigmsg); - $cnt = preg_match_all('|\[img\](.*?)\[\/img\]|',$body,$matches,PREG_SET_ORDER); - if($cnt) { - foreach($matches as $mtch) { - $detail = array(); - $detail['str'] = $mtch[0]; - $detail['path'] = dirname($mtch[1]) . '/'; - $detail['file'] = basename($mtch[1]); - $detail['guid'] = $item['guid']; - $detail['handle'] = $myaddr; - $images[] = $detail; - $body = str_replace($detail['str'],$mtch[1],$body); - } + return base64_encode(rsa_sign($signed_text, $owner["uprvkey"], "sha256")); } -*/ - //if(strlen($title)) - // $body = "[b]".html_entity_decode($title)."[/b]\n\n".$body; + public static function transmit($owner, $contact, $slap, $public_batch, $queue_run=false, $guid = "") { + + $a = get_app(); + + $enabled = intval(get_config("system", "diaspora_enabled")); + if(!$enabled) + return 200; - // convert to markdown - $body = xmlify(html_entity_decode(bb2diaspora($body))); - //$body = bb2diaspora($body); + $logid = random_string(4); + $dest_url = (($public_batch) ? $contact["batch"] : $contact["notify"]); + if (!$dest_url) { + logger("no url for contact: ".$contact["id"]." batch mode =".$public_batch); + return 0; + } - // Adding the title - if(strlen($title)) - $body = "## ".html_entity_decode($title)."\n\n".$body; + logger("transmit: ".$logid."-".$guid." ".$dest_url); - if($item['attach']) { - $cnt = preg_match_all('/href=\"(.*?)\"(.*?)title=\"(.*?)\"/ism',$item['attach'],$matches,PREG_SET_ORDER); - if(cnt) { - $body .= "\n" . t('Attachments:') . "\n"; - foreach($matches as $mtch) { - $body .= '[' . $mtch[3] . '](' . $mtch[1] . ')' . "\n"; + if (!$queue_run && was_recently_delayed($contact["id"])) { + $return_code = 0; + } else { + if (!intval(get_config("system", "diaspora_test"))) { + post_url($dest_url."/", $slap); + $return_code = $a->get_curl_code(); + } else { + logger("test_mode"); + return 200; } } - } + logger("transmit: ".$logid."-".$guid." returns: ".$return_code); - $public = (($item['private']) ? 'false' : 'true'); + if(!$return_code || (($return_code == 503) && (stristr($a->get_curl_headers(), "retry-after")))) { + logger("queue message"); - require_once('include/datetime.php'); - $created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d H:i:s \U\T\C'); + $r = q("SELECT `id` FROM `queue` WHERE `cid` = %d AND `network` = '%s' AND `content` = '%s' AND `batch` = %d LIMIT 1", + intval($contact["id"]), + dbesc(NETWORK_DIASPORA), + dbesc($slap), + intval($public_batch) + ); + if($r) { + logger("add_to_queue ignored - identical item already in queue"); + } else { + // queue message for redelivery + add_to_queue($contact["id"], NETWORK_DIASPORA, $slap, $public_batch); + } + } - // Detect a share element and do a reshare - // see: https://github.com/Raven24/diaspora-federation/blob/master/lib/diaspora-federation/entities/reshare.rb - if (!$item['private'] AND ($ret = diaspora_is_reshare($item["body"]))) { - $tpl = get_markup_template('diaspora_reshare.tpl'); - $msg = replace_macros($tpl, array( - '$root_handle' => xmlify($ret['root_handle']), - '$root_guid' => $ret['root_guid'], - '$guid' => $item['guid'], - '$handle' => xmlify($myaddr), - '$public' => $public, - '$created' => $created, - '$provider' => $item["app"] - )); - } else { - $tpl = get_markup_template('diaspora_post.tpl'); - $msg = replace_macros($tpl, array( - '$body' => $body, - '$guid' => $item['guid'], - '$handle' => xmlify($myaddr), - '$public' => $public, - '$created' => $created, - '$provider' => $item["app"] - )); + return(($return_code) ? $return_code : (-1)); } - logger('diaspora_send_status: '.$owner['username'].' -> '.$contact['name'].' base message: '.$msg, LOGGER_DATA); - logger('send guid '.$item['guid'], LOGGER_DEBUG); - - $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch))); - //$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch)); - $return_code = diaspora_transmit($owner,$contact,$slap,$public_batch,false,$item['guid']); + private function build_and_transmit($owner, $contact, $type, $message, $public_batch = false, $guid = "", $spool = false) { - logger('diaspora_send_status: guid: '.$item['guid'].' result '.$return_code, LOGGER_DEBUG); + $data = array("XML" => array("post" => array($type => $message))); - if(count($images)) { - diaspora_send_images($item,$owner,$contact,$images,$public_batch); - } + $msg = xml::from_array($data, $xml); - return $return_code; -} + logger('message: '.$msg, LOGGER_DATA); + logger('send guid '.$guid, LOGGER_DEBUG); -function diaspora_is_reshare($body) { - $body = trim($body); + $slap = self::build_message($msg, $owner, $contact, $owner['uprvkey'], $contact['pubkey'], $public_batch); - // Skip if it isn't a pure repeated messages - // Does it start with a share? - if (strpos($body, "[share") > 0) - return(false); + if ($spool) { + add_to_queue($contact['id'], NETWORK_DIASPORA, $slap, $public_batch); + return true; + } else + $return_code = self::transmit($owner, $contact, $slap, $public_batch, false, $guid); - // Does it end with a share? - if (strlen($body) > (strrpos($body, "[/share]") + 8)) - return(false); + logger("guid: ".$item["guid"]." result ".$return_code, LOGGER_DEBUG); - $attributes = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism","$1",$body); - // Skip if there is no shared message in there - if ($body == $attributes) - return(false); + return $return_code; + } - $guid = ""; - preg_match("/guid='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") - $guid = $matches[1]; + public static function send_share($owner,$contact) { - preg_match('/guid="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") - $guid = $matches[1]; + $message = array("sender_handle" => self::my_handle($owner), + "recipient_handle" => $contact["addr"]); - if ($guid != "") { - $r = q("SELECT `contact-id` FROM `item` WHERE `guid` = '%s' AND `network` IN ('%s', '%s') LIMIT 1", - dbesc($guid), NETWORK_DFRN, NETWORK_DIASPORA); - if ($r) { - $ret= array(); - $ret["root_handle"] = diaspora_handle_from_contact($r[0]["contact-id"]); - $ret["root_guid"] = $guid; - return($ret); - } + return self::build_and_transmit($owner, $contact, "request", $message); } - $profile = ""; - preg_match("/profile='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") - $profile = $matches[1]; + public static function send_unshare($owner,$contact) { - preg_match('/profile="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") - $profile = $matches[1]; + $message = array("post_guid" => $owner["guid"], + "diaspora_handle" => self::my_handle($owner), + "type" => "Person"); - $ret= array(); + return self::build_and_transmit($owner, $contact, "retraction", $message); + } - $ret["root_handle"] = preg_replace("=https?://(.*)/u/(.*)=ism", "$2@$1", $profile); - if (($ret["root_handle"] == $profile) OR ($ret["root_handle"] == "")) - return(false); + public static function is_reshare($body) { + $body = trim($body); - $link = ""; - preg_match("/link='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") - $link = $matches[1]; + // Skip if it isn't a pure repeated messages + // Does it start with a share? + if (strpos($body, "[share") > 0) + return(false); - preg_match('/link="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") - $link = $matches[1]; + // Does it end with a share? + if (strlen($body) > (strrpos($body, "[/share]") + 8)) + return(false); - $ret["root_guid"] = preg_replace("=https?://(.*)/posts/(.*)=ism", "$2", $link); - if (($ret["root_guid"] == $link) OR ($ret["root_guid"] == "")) - return(false); + $attributes = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism","$1",$body); + // Skip if there is no shared message in there + if ($body == $attributes) + return(false); - return($ret); -} + $guid = ""; + preg_match("/guid='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $guid = $matches[1]; -function diaspora_send_images($item,$owner,$contact,$images,$public_batch = false) { - $a = get_app(); - if(! count($images)) - return; - $mysite = substr($a->get_baseurl(),strpos($a->get_baseurl(),'://') + 3) . '/photo'; - - $tpl = get_markup_template('diaspora_photo.tpl'); - foreach($images as $image) { - if(! stristr($image['path'],$mysite)) - continue; - $resource = str_replace('.jpg','',$image['file']); - $resource = substr($resource,0,strpos($resource,'-')); - - $r = q("select * from photo where `resource-id` = '%s' and `uid` = %d limit 1", - dbesc($resource), - intval($owner['uid']) - ); - if(! count($r)) - continue; - $public = (($r[0]['allow_cid'] || $r[0]['allow_gid'] || $r[0]['deny_cid'] || $r[0]['deny_gid']) ? 'false' : 'true' ); - $msg = replace_macros($tpl,array( - '$path' => xmlify($image['path']), - '$filename' => xmlify($image['file']), - '$msg_guid' => xmlify($image['guid']), - '$guid' => xmlify($r[0]['guid']), - '$handle' => xmlify($image['handle']), - '$public' => xmlify($public), - '$created_at' => xmlify(datetime_convert('UTC','UTC',$r[0]['created'],'Y-m-d H:i:s \U\T\C')) - )); + preg_match('/guid="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") + $guid = $matches[1]; + if ($guid != "") { + $r = q("SELECT `contact-id` FROM `item` WHERE `guid` = '%s' AND `network` IN ('%s', '%s') LIMIT 1", + dbesc($guid), NETWORK_DFRN, NETWORK_DIASPORA); + if ($r) { + $ret= array(); + $ret["root_handle"] = self::handle_from_contact($r[0]["contact-id"]); + $ret["root_guid"] = $guid; + return($ret); + } + } - logger('diaspora_send_photo: base message: ' . $msg, LOGGER_DATA); - logger('send guid '.$r[0]['guid'], LOGGER_DEBUG); + $profile = ""; + preg_match("/profile='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $profile = $matches[1]; - $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch))); - //$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch)); + preg_match('/profile="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") + $profile = $matches[1]; - diaspora_transmit($owner,$contact,$slap,$public_batch,false,$r[0]['guid']); - } + $ret= array(); -} + $ret["root_handle"] = preg_replace("=https?://(.*)/u/(.*)=ism", "$2@$1", $profile); + if (($ret["root_handle"] == $profile) OR ($ret["root_handle"] == "")) + return(false); -function diaspora_send_followup($item,$owner,$contact,$public_batch = false) { + $link = ""; + preg_match("/link='(.*?)'/ism", $attributes, $matches); + if ($matches[1] != "") + $link = $matches[1]; - $a = get_app(); - $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); -// $theiraddr = $contact['addr']; + preg_match('/link="(.*?)"/ism', $attributes, $matches); + if ($matches[1] != "") + $link = $matches[1]; - // Diaspora doesn't support threaded comments, but some - // versions of Diaspora (i.e. Diaspora-pistos) support - // likes on comments - if($item['verb'] === ACTIVITY_LIKE && $item['thr-parent']) { - $p = q("select guid, type, uri, `parent-uri` from item where uri = '%s' limit 1", - dbesc($item['thr-parent']) - ); - } - else { - // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always - // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent. - // The only item with `parent` and `id` as the parent id is the parent item. - $p = q("select guid, type, uri, `parent-uri` from item where parent = %d and id = %d limit 1", - intval($item['parent']), - intval($item['parent']) - ); - } - if(count($p)) - $parent = $p[0]; - else - return; - - if($item['verb'] === ACTIVITY_LIKE) { - $tpl = get_markup_template('diaspora_like.tpl'); - $like = true; - $target_type = ( $parent['uri'] === $parent['parent-uri'] ? 'Post' : 'Comment'); -// $target_type = (strpos($parent['type'], 'comment') ? 'Comment' : 'Post'); -// $positive = (($item['deleted']) ? 'false' : 'true'); - $positive = 'true'; - - if(($item['deleted'])) - logger('diaspora_send_followup: received deleted "like". Those should go to diaspora_send_retraction'); - } - else { - $tpl = get_markup_template('diaspora_comment.tpl'); - $like = false; + $ret["root_guid"] = preg_replace("=https?://(.*)/posts/(.*)=ism", "$2", $link); + if (($ret["root_guid"] == $link) OR ($ret["root_guid"] == "")) + return(false); + return($ret); } - $text = html_entity_decode(bb2diaspora($item['body'])); + public static function send_status($item, $owner, $contact, $public_batch = false) { - // sign it + $myaddr = self::my_handle($owner); - if($like) - $signed_text = $positive . ';' . $item['guid'] . ';' . $target_type . ';' . $parent['guid'] . ';' . $myaddr; - else - $signed_text = $item['guid'] . ';' . $parent['guid'] . ';' . $text . ';' . $myaddr; + $public = (($item["private"]) ? "false" : "true"); - $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); + $created = datetime_convert("UTC", "UTC", $item["created"], 'Y-m-d H:i:s \U\T\C'); - $msg = replace_macros($tpl,array( - '$guid' => xmlify($item['guid']), - '$parent_guid' => xmlify($parent['guid']), - '$target_type' =>xmlify($target_type), - '$authorsig' => xmlify($authorsig), - '$body' => xmlify($text), - '$positive' => xmlify($positive), - '$handle' => xmlify($myaddr) - )); + // Detect a share element and do a reshare + if (!$item['private'] AND ($ret = self::is_reshare($item["body"]))) { + $message = array("root_diaspora_id" => $ret["root_handle"], + "root_guid" => $ret["root_guid"], + "guid" => $item["guid"], + "diaspora_handle" => $myaddr, + "public" => $public, + "created_at" => $created, + "provider_display_name" => $item["app"]); - logger('diaspora_followup: base message: ' . $msg, LOGGER_DATA); - logger('send guid '.$item['guid'], LOGGER_DEBUG); + $type = "reshare"; + } else { + $title = $item["title"]; + $body = $item["body"]; - $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch))); - //$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch)); + // convert to markdown + $body = html_entity_decode(bb2diaspora($body)); - return(diaspora_transmit($owner,$contact,$slap,$public_batch,false,$item['guid'])); -} + // Adding the title + if(strlen($title)) + $body = "## ".html_entity_decode($title)."\n\n".$body; + if ($item["attach"]) { + $cnt = preg_match_all('/href=\"(.*?)\"(.*?)title=\"(.*?)\"/ism', $item["attach"], $matches, PREG_SET_ORDER); + if(cnt) { + $body .= "\n".t("Attachments:")."\n"; + foreach($matches as $mtch) + $body .= "[".$mtch[3]."](".$mtch[1].")\n"; + } + } -function diaspora_send_relay($item,$owner,$contact,$public_batch = false) { + $location = array(); + if ($item["location"] != "") + $location["address"] = $item["location"]; - $a = get_app(); - $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); -// $theiraddr = $contact['addr']; + if ($item["coord"] != "") { + $coord = explode(" ", $item["coord"]); + $location["lat"] = $coord[0]; + $location["lng"] = $coord[1]; + } - // Diaspora doesn't support threaded comments, but some - // versions of Diaspora (i.e. Diaspora-pistos) support - // likes on comments - if($item['verb'] === ACTIVITY_LIKE && $item['thr-parent']) { - $p = q("select guid, type, uri, `parent-uri` from item where uri = '%s' limit 1", - dbesc($item['thr-parent']) - ); - } - else { - // The first item in the `item` table with the parent id is the parent. However, MySQL doesn't always - // return the items ordered by `item`.`id`, in which case the wrong item is chosen as the parent. - // The only item with `parent` and `id` as the parent id is the parent item. - $p = q("select guid, type, uri, `parent-uri` from item where parent = %d and id = %d limit 1", - intval($item['parent']), - intval($item['parent']) - ); - } - if(count($p)) - $parent = $p[0]; - else - return; + $message = array("raw_message" => $body, + "location" => $location, + "guid" => $item["guid"], + "diaspora_handle" => $myaddr, + "public" => $public, + "created_at" => $created, + "provider_display_name" => $item["app"]); - $like = false; - $relay_retract = false; - $sql_sign_id = 'iid'; - if( $item['deleted']) { - $relay_retract = true; + if (count($location) == 0) + unset($message["location"]); - $target_type = ( ($item['verb'] === ACTIVITY_LIKE) ? 'Like' : 'Comment'); + $type = "status_message"; + } - $sql_sign_id = 'retract_iid'; - $tpl = get_markup_template('diaspora_relayable_retraction.tpl'); + return self::build_and_transmit($owner, $contact, $type, $message, $public_batch, $item["guid"]); } - elseif($item['verb'] === ACTIVITY_LIKE) { - $like = true; - $target_type = ( $parent['uri'] === $parent['parent-uri'] ? 'Post' : 'Comment'); -// $positive = (($item['deleted']) ? 'false' : 'true'); - $positive = 'true'; + private function construct_like($item, $owner) { - $tpl = get_markup_template('diaspora_like_relay.tpl'); - } - else { // item is a comment - $tpl = get_markup_template('diaspora_comment_relay.tpl'); - } + $myaddr = self::my_handle($owner); + $p = q("SELECT `guid`, `uri`, `parent-uri` FROM `item` WHERE `uri` = '%s' LIMIT 1", + dbesc($item["thr-parent"])); + if(!$p) + return false; - // fetch the original signature if the relayable was created by a Diaspora - // or DFRN user. Relayables for other networks are not supported. - - $r = q("SELECT `signed_text`, `signature`, `signer` FROM `sign` WHERE " . $sql_sign_id . " = %d LIMIT 1", - intval($item['id']) - ); - if(count($r)) { - $orig_sign = $r[0]; - $signed_text = $orig_sign['signed_text']; - $authorsig = $orig_sign['signature']; - $handle = $orig_sign['signer']; + $parent = $p[0]; - // Split the signed text - $signed_parts = explode(";", $signed_text); + $target_type = ($parent["uri"] === $parent["parent-uri"] ? "Post" : "Comment"); + $positive = "true"; - // Remove the parent guid - array_shift($signed_parts); + return(array("positive" => $positive, + "guid" => $item["guid"], + "target_type" => $target_type, + "parent_guid" => $parent["guid"], + "author_signature" => $authorsig, + "diaspora_handle" => $myaddr)); + } - // Remove the comment guid - array_shift($signed_parts); + private function construct_comment($item, $owner) { - // Remove the handle - array_pop($signed_parts); + $myaddr = self::my_handle($owner); - // Glue the parts together - $text = implode(";", $signed_parts); - } - else { - // This part is meant for cases where we don't have the signatur. (Which shouldn't happen with posts from Diaspora and Friendica) - // This means that the comment won't be accepted by newer Diaspora servers + $p = q("SELECT `guid` FROM `item` WHERE `parent` = %d AND `id` = %d LIMIT 1", + intval($item["parent"]), + intval($item["parent"]) + ); - $body = $item['body']; - $text = html_entity_decode(bb2diaspora($body)); + if (!$p) + return false; - $handle = diaspora_handle_from_contact($item['contact-id']); - if(! $handle) - return; + $parent = $p[0]; - if($relay_retract) - $signed_text = $item['guid'] . ';' . $target_type; - elseif($like) - $signed_text = $item['guid'] . ';' . $target_type . ';' . $parent['guid'] . ';' . $positive . ';' . $handle; - else - $signed_text = $item['guid'] . ';' . $parent['guid'] . ';' . $text . ';' . $handle; + $text = html_entity_decode(bb2diaspora($item["body"])); - $authorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); + return(array("guid" => $item["guid"], + "parent_guid" => $parent["guid"], + "author_signature" => "", + "text" => $text, + "diaspora_handle" => $myaddr)); } - // Sign the relayable with the top-level owner's signature - $parentauthorsig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); - - $msg = replace_macros($tpl,array( - '$guid' => xmlify($item['guid']), - '$parent_guid' => xmlify($parent['guid']), - '$target_type' =>xmlify($target_type), - '$authorsig' => xmlify($authorsig), - '$parentsig' => xmlify($parentauthorsig), - '$body' => xmlify($text), - '$positive' => xmlify($positive), - '$handle' => xmlify($handle) - )); + public static function send_followup($item,$owner,$contact,$public_batch = false) { - logger('diaspora_send_relay: base message: ' . $msg, LOGGER_DATA); - logger('send guid '.$item['guid'], LOGGER_DEBUG); - - $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch))); - //$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch)); + if($item['verb'] === ACTIVITY_LIKE) { + $message = self::construct_like($item, $owner); + $type = "like"; + } else { + $message = self::construct_comment($item, $owner); + $type = "comment"; + } - return(diaspora_transmit($owner,$contact,$slap,$public_batch,false,$item['guid'])); + if (!$message) + return false; -} + $message["author_signature"] = self::signature($owner, $message); + return self::build_and_transmit($owner, $contact, $type, $message, $public_batch, $item["guid"]); + } + private function message_from_signatur($item, $signature) { -function diaspora_send_retraction($item,$owner,$contact,$public_batch = false) { + // Split the signed text + $signed_parts = explode(";", $signature['signed_text']); + + if ($item["deleted"]) + $message = array("parent_author_signature" => "", + "target_guid" => $signed_parts[0], + "target_type" => $signed_parts[1], + "sender_handle" => $signature['signer'], + "target_author_signature" => $signature['signature']); + elseif ($item['verb'] === ACTIVITY_LIKE) + $message = array("positive" => $signed_parts[0], + "guid" => $signed_parts[1], + "target_type" => $signed_parts[2], + "parent_guid" => $signed_parts[3], + "parent_author_signature" => "", + "author_signature" => $signature['signature'], + "diaspora_handle" => $signed_parts[4]); + else { + // Remove the comment guid + $guid = array_shift($signed_parts); - $a = get_app(); - $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + // Remove the parent guid + $parent_guid = array_shift($signed_parts); - // Check whether the retraction is for a top-level post or whether it's a relayable - if( $item['uri'] !== $item['parent-uri'] ) { + // Remove the handle + $handle = array_pop($signed_parts); - $tpl = get_markup_template('diaspora_relay_retraction.tpl'); - $target_type = (($item['verb'] === ACTIVITY_LIKE) ? 'Like' : 'Comment'); - } - else { + // Glue the parts together + $text = implode(";", $signed_parts); - $tpl = get_markup_template('diaspora_signed_retract.tpl'); - $target_type = 'StatusMessage'; + $message = array("guid" => $guid, + "parent_guid" => $parent_guid, + "parent_author_signature" => "", + "author_signature" => $signature['signature'], + "text" => implode(";", $signed_parts), + "diaspora_handle" => $handle); + } + return $message; } - $signed_text = $item['guid'] . ';' . $target_type; + public static function send_relay($item, $owner, $contact, $public_batch = false) { - $msg = replace_macros($tpl, array( - '$guid' => xmlify($item['guid']), - '$type' => xmlify($target_type), - '$handle' => xmlify($myaddr), - '$signature' => xmlify(base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256'))) - )); - - logger('send guid '.$item['guid'], LOGGER_DEBUG); - - $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch))); - //$slap = 'xml=' . urlencode(diaspora_msg_build($msg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],$public_batch)); - - return(diaspora_transmit($owner,$contact,$slap,$public_batch,false,$item['guid'])); -} + if ($item["deleted"]) { + $sql_sign_id = "retract_iid"; + $type = "relayable_retraction"; + } elseif ($item['verb'] === ACTIVITY_LIKE) { + $sql_sign_id = "iid"; + $type = "like"; + } else { + $sql_sign_id = "iid"; + $type = "comment"; + } -function diaspora_send_mail($item,$owner,$contact) { + logger("Got relayable data ".$type." for item ".$item["guid"]." (".$item["id"].")", LOGGER_DEBUG); - $a = get_app(); - $myaddr = $owner['nickname'] . '@' . substr($a->get_baseurl(), strpos($a->get_baseurl(),'://') + 3); + // fetch the original signature - $r = q("select * from conv where id = %d and uid = %d limit 1", - intval($item['convid']), - intval($item['uid']) - ); + $r = q("SELECT `signed_text`, `signature`, `signer` FROM `sign` WHERE `".$sql_sign_id."` = %d LIMIT 1", + intval($item["id"])); - if(! count($r)) { - logger('diaspora_send_mail: conversation not found.'); - return; - } - $cnv = $r[0]; - - $conv = array( - 'guid' => xmlify($cnv['guid']), - 'subject' => xmlify($cnv['subject']), - 'created_at' => xmlify(datetime_convert('UTC','UTC',$cnv['created'],'Y-m-d H:i:s \U\T\C')), - 'diaspora_handle' => xmlify($cnv['creator']), - 'participant_handles' => xmlify($cnv['recips']) - ); - - $body = bb2diaspora($item['body']); - $created = datetime_convert('UTC','UTC',$item['created'],'Y-m-d H:i:s \U\T\C'); - - $signed_text = $item['guid'] . ';' . $cnv['guid'] . ';' . $body . ';' - . $created . ';' . $myaddr . ';' . $cnv['guid']; - - $sig = base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256')); - - $msg = array( - 'guid' => xmlify($item['guid']), - 'parent_guid' => xmlify($cnv['guid']), - 'parent_author_signature' => xmlify($sig), - 'author_signature' => xmlify($sig), - 'text' => xmlify($body), - 'created_at' => xmlify($created), - 'diaspora_handle' => xmlify($myaddr), - 'conversation_guid' => xmlify($cnv['guid']) - ); - - if($item['reply']) { - $tpl = get_markup_template('diaspora_message.tpl'); - $xmsg = replace_macros($tpl, array('$msg' => $msg)); - } - else { - $conv['messages'] = array($msg); - $tpl = get_markup_template('diaspora_conversation.tpl'); - $xmsg = replace_macros($tpl, array('$conv' => $conv)); - } + if (!$r) + return self::send_followup($item, $owner, $contact, $public_batch); - logger('diaspora_conversation: ' . print_r($xmsg,true), LOGGER_DATA); - logger('send guid '.$item['guid'], LOGGER_DEBUG); + $signature = $r[0]; - $slap = 'xml=' . urlencode(urlencode(diaspora_msg_build($xmsg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],false))); - //$slap = 'xml=' . urlencode(diaspora_msg_build($xmsg,$owner,$contact,$owner['uprvkey'],$contact['pubkey'],false)); + // Old way - is used by the internal Friendica functions + /// @todo Change all signatur storing functions to the new format + if ($signature['signed_text'] AND $signature['signature'] AND $signature['signer']) + $message = self::message_from_signatur($item, $signature); + else {// New way + $msg = json_decode($signature['signed_text'], true); - return(diaspora_transmit($owner,$contact,$slap,false,false,$item['guid'])); + $message = array(); + foreach ($msg AS $field => $data) { + if (!$item["deleted"]) { + if ($field == "author") + $field = "diaspora_handle"; + if ($field == "parent_type") + $field = "target_type"; + } + $message[$field] = $data; + } + } -} + if ($item["deleted"]) { + $signed_text = $message["target_guid"].';'.$message["target_type"]; + $message["parent_author_signature"] = base64_encode(rsa_sign($signed_text, $owner["uprvkey"], "sha256")); + } else + $message["parent_author_signature"] = self::signature($owner, $message); -function diaspora_transmit($owner,$contact,$slap,$public_batch,$queue_run=false,$guid = "") { + logger("Relayed data ".print_r($message, true), LOGGER_DEBUG); - $enabled = intval(get_config('system','diaspora_enabled')); - if(! $enabled) { - return 200; + return self::build_and_transmit($owner, $contact, $type, $message, $public_batch, $item["guid"]); } - $a = get_app(); - $logid = random_string(4); - $dest_url = (($public_batch) ? $contact['batch'] : $contact['notify']); - if(! $dest_url) { - logger('diaspora_transmit: no url for contact: ' . $contact['id'] . ' batch mode =' . $public_batch); - return 0; - } + public static function send_retraction($item, $owner, $contact, $public_batch = false) { - logger('diaspora_transmit: '.$logid.'-'.$guid.' '.$dest_url); + $myaddr = self::my_handle($owner); - if( (! $queue_run) && (was_recently_delayed($contact['id'])) ) { - $return_code = 0; - } - else { - if (!intval(get_config('system','diaspora_test'))) { - post_url($dest_url . '/', $slap); - $return_code = $a->get_curl_code(); + // Check whether the retraction is for a top-level post or whether it's a relayable + if ($item["uri"] !== $item["parent-uri"]) { + $msg_type = "relayable_retraction"; + $target_type = (($item["verb"] === ACTIVITY_LIKE) ? "Like" : "Comment"); } else { - logger('diaspora_transmit: test_mode'); - return 200; + $msg_type = "signed_retraction"; + $target_type = "StatusMessage"; } + + $signed_text = $item["guid"].";".$target_type; + + $message = array("target_guid" => $item['guid'], + "target_type" => $target_type, + "sender_handle" => $myaddr, + "target_author_signature" => base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256'))); + + return self::build_and_transmit($owner, $contact, $msg_type, $message, $public_batch, $item["guid"]); } - logger('diaspora_transmit: '.$logid.'-'.$guid.' returns: '.$return_code); + public static function send_mail($item, $owner, $contact) { - if((! $return_code) || (($return_code == 503) && (stristr($a->get_curl_headers(),'retry-after')))) { - logger('diaspora_transmit: queue message'); + $myaddr = self::my_handle($owner); - $r = q("SELECT id from queue where cid = %d and network = '%s' and content = '%s' and batch = %d limit 1", - intval($contact['id']), - dbesc(NETWORK_DIASPORA), - dbesc($slap), - intval($public_batch) + $r = q("SELECT * FROM `conv` WHERE `id` = %d AND `uid` = %d LIMIT 1", + intval($item["convid"]), + intval($item["uid"]) ); - if(count($r)) { - logger('diaspora_transmit: add_to_queue ignored - identical item already in queue'); - } - else { - // queue message for redelivery - add_to_queue($contact['id'],NETWORK_DIASPORA,$slap,$public_batch); - } - } + if (!$r) { + logger("conversation not found."); + return; + } + $cnv = $r[0]; + + $conv = array( + "guid" => $cnv["guid"], + "subject" => $cnv["subject"], + "created_at" => datetime_convert("UTC", "UTC", $cnv['created'], 'Y-m-d H:i:s \U\T\C'), + "diaspora_handle" => $cnv["creator"], + "participant_handles" => $cnv["recips"] + ); - return(($return_code) ? $return_code : (-1)); -} + $body = bb2diaspora($item["body"]); + $created = datetime_convert("UTC", "UTC", $item["created"], 'Y-m-d H:i:s \U\T\C'); + + $signed_text = $item["guid"].";".$cnv["guid"].";".$body.";".$created.";".$myaddr.";".$cnv['guid']; + $sig = base64_encode(rsa_sign($signed_text, $owner["uprvkey"], "sha256")); + + $msg = array( + "guid" => $item["guid"], + "parent_guid" => $cnv["guid"], + "parent_author_signature" => $sig, + "author_signature" => $sig, + "text" => $body, + "created_at" => $created, + "diaspora_handle" => $myaddr, + "conversation_guid" => $cnv["guid"] + ); -function diaspora_fetch_relay() { + if ($item["reply"]) { + $message = $msg; + $type = "message"; + } else { + $message = array("guid" => $cnv["guid"], + "subject" => $cnv["subject"], + "created_at" => datetime_convert("UTC", "UTC", $cnv['created'], 'Y-m-d H:i:s \U\T\C'), + "message" => $msg, + "diaspora_handle" => $cnv["creator"], + "participant_handles" => $cnv["recips"]); + + $type = "conversation"; + } - $serverdata = get_config("system", "relay_server"); - if ($serverdata == "") - return array(); + return self::build_and_transmit($owner, $contact, $type, $message, false, $item["guid"]); + } - $relay = array(); + public static function send_profile($uid) { - $servers = explode(",", $serverdata); + if (!$uid) + return; - foreach($servers AS $server) { - $server = trim($server); - $batch = $server."/receive/public"; + $recips = q("SELECT `id`,`name`,`network`,`pubkey`,`notify` FROM `contact` WHERE `network` = '%s' + AND `uid` = %d AND `rel` != %d", + dbesc(NETWORK_DIASPORA), + intval($uid), + intval(CONTACT_IS_SHARING) + ); + if (!$recips) + return; - $relais = q("SELECT `batch`, `id`, `name`,`network` FROM `contact` WHERE `uid` = 0 AND `batch` = '%s' LIMIT 1", dbesc($batch)); + $r = q("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `user`.*, `user`.`prvkey` AS `uprvkey`, `contact`.`addr` + FROM `profile` + INNER JOIN `user` ON `profile`.`uid` = `user`.`uid` + INNER JOIN `contact` ON `profile`.`uid` = `contact`.`uid` + WHERE `user`.`uid` = %d AND `profile`.`is-default` AND `contact`.`self` LIMIT 1", + intval($uid) + ); - if (!$relais) { - $addr = "relay@".str_replace("http://", "", normalise_link($server)); + if (!$r) + return; - $r = q("INSERT INTO `contact` (`uid`, `created`, `name`, `nick`, `addr`, `url`, `nurl`, `batch`, `network`, `rel`, `blocked`, `pending`, `writable`, `name-date`, `uri-date`, `avatar-date`) - VALUES (0, '%s', '%s', 'relay', '%s', '%s', '%s', '%s', '%s', %d, 0, 0, 1, '%s', '%s', '%s')", - datetime_convert(), - dbesc($addr), - dbesc($addr), - dbesc($server), - dbesc(normalise_link($server)), - dbesc($batch), - dbesc(NETWORK_DIASPORA), - intval(CONTACT_IS_FOLLOWER), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - dbesc(datetime_convert()) - ); + $profile = $r[0]; + + $handle = $profile["addr"]; + $first = ((strpos($profile['name'],' ') + ? trim(substr($profile['name'],0,strpos($profile['name'],' '))) : $profile['name'])); + $last = (($first === $profile['name']) ? '' : trim(substr($profile['name'], strlen($first)))); + $large = App::get_baseurl().'/photo/custom/300/'.$profile['uid'].'.jpg'; + $medium = App::get_baseurl().'/photo/custom/100/'.$profile['uid'].'.jpg'; + $small = App::get_baseurl().'/photo/custom/50/' .$profile['uid'].'.jpg'; + $searchable = (($profile['publish'] && $profile['net-publish']) ? 'true' : 'false'); + + if ($searchable === 'true') { + $dob = '1000-00-00'; + + if (($profile['dob']) && ($profile['dob'] != '0000-00-00')) + $dob = ((intval($profile['dob'])) ? intval($profile['dob']) : '1000') .'-'. datetime_convert('UTC','UTC',$profile['dob'],'m-d'); + + $about = $profile['about']; + $about = strip_tags(bbcode($about)); + + $location = formatted_location($profile); + $tags = ''; + if ($profile['pub_keywords']) { + $kw = str_replace(',',' ',$profile['pub_keywords']); + $kw = str_replace(' ',' ',$kw); + $arr = explode(' ',$profile['pub_keywords']); + if (count($arr)) { + for($x = 0; $x < 5; $x ++) { + if (trim($arr[$x])) + $tags .= '#'. trim($arr[$x]) .' '; + } + } + } + $tags = trim($tags); + } - $relais = q("SELECT `batch`, `id`, `name`,`network` FROM `contact` WHERE `uid` = 0 AND `batch` = '%s' LIMIT 1", dbesc($batch)); - if ($relais) - $relay[] = $relais[0]; - } else - $relay[] = $relais[0]; + $message = array("diaspora_handle" => $handle, + "first_name" => $first, + "last_name" => $last, + "image_url" => $large, + "image_url_medium" => $medium, + "image_url_small" => $small, + "birthday" => $dob, + "gender" => $profile['gender'], + "bio" => $about, + "location" => $location, + "searchable" => $searchable, + "tag_string" => $tags); + + foreach($recips as $recip) + self::build_and_transmit($profile, $recip, "profile", $message, false, "", true); } - - return $relay; } +?> diff --git a/include/diaspora2.php b/include/diaspora2.php deleted file mode 100644 index 75cedeccd1..0000000000 --- a/include/diaspora2.php +++ /dev/null @@ -1,2553 +0,0 @@ - decoded Diaspora XML message - * 'author' -> author diaspora handle - * 'key' -> author public key (converted to pkcs#8) - */ - function decode($importer, $xml) { - - $public = false; - $basedom = parse_xml_string($xml); - - if (!is_object($basedom)) - return false; - - $children = $basedom->children('https://joindiaspora.com/protocol'); - - if($children->header) { - $public = true; - $author_link = str_replace('acct:','',$children->header->author_id); - } else { - - $encrypted_header = json_decode(base64_decode($children->encrypted_header)); - - $encrypted_aes_key_bundle = base64_decode($encrypted_header->aes_key); - $ciphertext = base64_decode($encrypted_header->ciphertext); - - $outer_key_bundle = ''; - openssl_private_decrypt($encrypted_aes_key_bundle,$outer_key_bundle,$importer['prvkey']); - - $j_outer_key_bundle = json_decode($outer_key_bundle); - - $outer_iv = base64_decode($j_outer_key_bundle->iv); - $outer_key = base64_decode($j_outer_key_bundle->key); - - $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $outer_key, $ciphertext, MCRYPT_MODE_CBC, $outer_iv); - - - $decrypted = pkcs5_unpad($decrypted); - - /** - * $decrypted now contains something like - * - * - * 8e+G2+ET8l5BPuW0sVTnQw== - * UvSMb4puPeB14STkcDWq+4QE302Edu15oaprAQSkLKU= - * galaxor@diaspora.priateship.org - * - */ - - logger('decrypted: '.$decrypted, LOGGER_DEBUG); - $idom = parse_xml_string($decrypted,false); - - $inner_iv = base64_decode($idom->iv); - $inner_aes_key = base64_decode($idom->aes_key); - - $author_link = str_replace('acct:','',$idom->author_id); - } - - $dom = $basedom->children(NAMESPACE_SALMON_ME); - - // figure out where in the DOM tree our data is hiding - - if($dom->provenance->data) - $base = $dom->provenance; - elseif($dom->env->data) - $base = $dom->env; - elseif($dom->data) - $base = $dom; - - if (!$base) { - logger('unable to locate salmon data in xml'); - http_status_exit(400); - } - - - // Stash the signature away for now. We have to find their key or it won't be good for anything. - $signature = base64url_decode($base->sig); - - // unpack the data - - // strip whitespace so our data element will return to one big base64 blob - $data = str_replace(array(" ","\t","\r","\n"),array("","","",""),$base->data); - - - // stash away some other stuff for later - - $type = $base->data[0]->attributes()->type[0]; - $keyhash = $base->sig[0]->attributes()->keyhash[0]; - $encoding = $base->encoding; - $alg = $base->alg; - - - $signed_data = $data.'.'.base64url_encode($type).'.'.base64url_encode($encoding).'.'.base64url_encode($alg); - - - // decode the data - $data = base64url_decode($data); - - - if($public) - $inner_decrypted = $data; - else { - - // Decode the encrypted blob - - $inner_encrypted = base64_decode($data); - $inner_decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $inner_encrypted, MCRYPT_MODE_CBC, $inner_iv); - $inner_decrypted = pkcs5_unpad($inner_decrypted); - } - - if (!$author_link) { - logger('Could not retrieve author URI.'); - http_status_exit(400); - } - // Once we have the author URI, go to the web and try to find their public key - // (first this will look it up locally if it is in the fcontact cache) - // This will also convert diaspora public key from pkcs#1 to pkcs#8 - - logger('Fetching key for '.$author_link); - $key = self::key($author_link); - - if (!$key) { - logger('Could not retrieve author key.'); - http_status_exit(400); - } - - $verify = rsa_verify($signed_data,$signature,$key); - - if (!$verify) { - logger('Message did not verify. Discarding.'); - http_status_exit(400); - } - - logger('Message verified.'); - - return array('message' => $inner_decrypted, 'author' => $author_link, 'key' => $key); - - } - - - /** - * @brief Dispatches public messages and find the fitting receivers - * - * @param array $msg The post that will be dispatched - * - * @return bool Was the message accepted? - */ - public static function dispatch_public($msg) { - - $enabled = intval(get_config("system", "diaspora_enabled")); - if (!$enabled) { - logger("diaspora is disabled"); - return false; - } - - // Use a dummy importer to import the data for the public copy - $importer = array("uid" => 0, "page-flags" => PAGE_FREELOVE); - $item_id = self::dispatch($importer,$msg); - - // Now distribute it to the followers - $r = q("SELECT `user`.* FROM `user` WHERE `user`.`uid` IN - (SELECT `contact`.`uid` FROM `contact` WHERE `contact`.`network` = '%s' AND `contact`.`addr` = '%s') - AND NOT `account_expired` AND NOT `account_removed`", - dbesc(NETWORK_DIASPORA), - dbesc($msg["author"]) - ); - if($r) { - foreach($r as $rr) { - logger("delivering to: ".$rr["username"]); - self::dispatch($rr,$msg); - } - } else - logger("No subscribers for ".$msg["author"]." ".print_r($msg, true)); - - return $item_id; - } - - /** - * @brief Dispatches the different message types to the different functions - * - * @param array $importer Array of the importer user - * @param array $msg The post that will be dispatched - * - * @return bool Was the message accepted? - */ - public static function dispatch($importer, $msg) { - - // The sender is the handle of the contact that sent the message. - // This will often be different with relayed messages (for example "like" and "comment") - $sender = $msg["author"]; - - if (!diaspora::valid_posting($msg, $fields)) { - logger("Invalid posting"); - return false; - } - - $type = $fields->getName(); - - logger("Received message type ".$type." from ".$sender." for user ".$importer["uid"], LOGGER_DEBUG); - - switch ($type) { - case "account_deletion": - return self::receive_account_deletion($importer, $fields); - - case "comment": - return self::receive_comment($importer, $sender, $fields); - - case "conversation": - return self::receive_conversation($importer, $msg, $fields); - - case "like": - return self::receive_like($importer, $sender, $fields); - - case "message": - return self::receive_message($importer, $fields); - - case "participation": // Not implemented - return self::receive_participation($importer, $fields); - - case "photo": // Not implemented - return self::receive_photo($importer, $fields); - - case "poll_participation": // Not implemented - return self::receive_poll_participation($importer, $fields); - - case "profile": - return self::receive_profile($importer, $fields); - - case "request": - return self::receive_request($importer, $fields); - - case "reshare": - return self::receive_reshare($importer, $fields); - - case "retraction": - return self::receive_retraction($importer, $sender, $fields); - - case "status_message": - return self::receive_status_message($importer, $fields); - - default: - logger("Unknown message type ".$type); - return false; - } - - return true; - } - - /** - * @brief Checks if a posting is valid and fetches the data fields. - * - * This function does not only check the signature. - * It also does the conversion between the old and the new diaspora format. - * - * @param array $msg Array with the XML, the sender handle and the sender signature - * @param object $fields SimpleXML object that contains the posting when it is valid - * - * @return bool Is the posting valid? - */ - private function valid_posting($msg, &$fields) { - - $data = parse_xml_string($msg["message"], false); - - if (!is_object($data)) - return false; - - $first_child = $data->getName(); - - // Is this the new or the old version? - if ($data->getName() == "XML") { - $oldXML = true; - foreach ($data->post->children() as $child) - $element = $child; - } else { - $oldXML = false; - $element = $data; - } - - $type = $element->getName(); - $orig_type = $type; - - // All retractions are handled identically from now on. - // In the new version there will only be "retraction". - if (in_array($type, array("signed_retraction", "relayable_retraction"))) - $type = "retraction"; - - $fields = new SimpleXMLElement("<".$type."/>"); - - $signed_data = ""; - - foreach ($element->children() AS $fieldname => $entry) { - if ($oldXML) { - // Translation for the old XML structure - if ($fieldname == "diaspora_handle") - $fieldname = "author"; - - if ($fieldname == "participant_handles") - $fieldname = "participants"; - - if (in_array($type, array("like", "participation"))) { - if ($fieldname == "target_type") - $fieldname = "parent_type"; - } - - if ($fieldname == "sender_handle") - $fieldname = "author"; - - if ($fieldname == "recipient_handle") - $fieldname = "recipient"; - - if ($fieldname == "root_diaspora_id") - $fieldname = "root_author"; - - if ($type == "retraction") { - if ($fieldname == "post_guid") - $fieldname = "target_guid"; - - if ($fieldname == "type") - $fieldname = "target_type"; - } - } - - if ($fieldname == "author_signature") - $author_signature = base64_decode($entry); - elseif ($fieldname == "parent_author_signature") - $parent_author_signature = base64_decode($entry); - elseif ($fieldname != "target_author_signature") { - if ($signed_data != "") { - $signed_data .= ";"; - $signed_data_parent .= ";"; - } - - $signed_data .= $entry; - } - if (!in_array($fieldname, array("parent_author_signature", "target_author_signature")) OR - ($orig_type == "relayable_retraction")) - xml::copy($entry, $fields, $fieldname); - } - - // This is something that shouldn't happen at all. - if (in_array($type, array("status_message", "reshare", "profile"))) - if ($msg["author"] != $fields->author) { - logger("Message handle is not the same as envelope sender. Quitting this message."); - return false; - } - - // Only some message types have signatures. So we quit here for the other types. - if (!in_array($type, array("comment", "message", "like"))) - return true; - - // No author_signature? This is a must, so we quit. - if (!isset($author_signature)) - return false; - - if (isset($parent_author_signature)) { - $key = self::key($msg["author"]); - - if (!rsa_verify($signed_data, $parent_author_signature, $key, "sha256")) - return false; - } - - $key = self::key($fields->author); - - return rsa_verify($signed_data, $author_signature, $key, "sha256"); - } - - /** - * @brief Fetches the public key for a given handle - * - * @param string $handle The handle - * - * @return string The public key - */ - private function key($handle) { - $handle = strval($handle); - - logger("Fetching diaspora key for: ".$handle); - - $r = self::person_by_handle($handle); - if($r) - return $r["pubkey"]; - - return ""; - } - - /** - * @brief Fetches data for a given handle - * - * @param string $handle The handle - * - * @return array the queried data - */ - private function person_by_handle($handle) { - - $r = q("SELECT * FROM `fcontact` WHERE `network` = '%s' AND `addr` = '%s' LIMIT 1", - dbesc(NETWORK_DIASPORA), - dbesc($handle) - ); - if ($r) { - $person = $r[0]; - logger("In cache ".print_r($r,true), LOGGER_DEBUG); - - // update record occasionally so it doesn't get stale - $d = strtotime($person["updated"]." +00:00"); - if ($d < strtotime("now - 14 days")) - $update = true; - } - - if (!$person OR $update) { - logger("create or refresh", LOGGER_DEBUG); - $r = probe_url($handle, PROBE_DIASPORA); - - // Note that Friendica contacts will return a "Diaspora person" - // if Diaspora connectivity is enabled on their server - if ($r AND ($r["network"] === NETWORK_DIASPORA)) { - self::add_fcontact($r, $update); - $person = $r; - } - } - return $person; - } - - /** - * @brief Updates the fcontact table - * - * @param array $arr The fcontact data - * @param bool $update Update or insert? - * - * @return string The id of the fcontact entry - */ - private function add_fcontact($arr, $update = false) { - /// @todo Remove this function from include/network.php - - if($update) { - $r = q("UPDATE `fcontact` SET - `name` = '%s', - `photo` = '%s', - `request` = '%s', - `nick` = '%s', - `addr` = '%s', - `batch` = '%s', - `notify` = '%s', - `poll` = '%s', - `confirm` = '%s', - `alias` = '%s', - `pubkey` = '%s', - `updated` = '%s' - WHERE `url` = '%s' AND `network` = '%s'", - dbesc($arr["name"]), - dbesc($arr["photo"]), - dbesc($arr["request"]), - dbesc($arr["nick"]), - dbesc($arr["addr"]), - dbesc($arr["batch"]), - dbesc($arr["notify"]), - dbesc($arr["poll"]), - dbesc($arr["confirm"]), - dbesc($arr["alias"]), - dbesc($arr["pubkey"]), - dbesc(datetime_convert()), - dbesc($arr["url"]), - dbesc($arr["network"]) - ); - } else { - $r = q("INSERT INTO `fcontact` (`url`,`name`,`photo`,`request`,`nick`,`addr`, - `batch`, `notify`,`poll`,`confirm`,`network`,`alias`,`pubkey`,`updated`) - VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')", - dbesc($arr["url"]), - dbesc($arr["name"]), - dbesc($arr["photo"]), - dbesc($arr["request"]), - dbesc($arr["nick"]), - dbesc($arr["addr"]), - dbesc($arr["batch"]), - dbesc($arr["notify"]), - dbesc($arr["poll"]), - dbesc($arr["confirm"]), - dbesc($arr["network"]), - dbesc($arr["alias"]), - dbesc($arr["pubkey"]), - dbesc(datetime_convert()) - ); - } - - return $r; - } - - public static function handle_from_contact($contact_id) { - $handle = False; - - logger("contact id is ".$contact_id, LOGGER_DEBUG); - - $r = q("SELECT `network`, `addr`, `self`, `url`, `nick` FROM `contact` WHERE `id` = %d", - intval($contact_id) - ); - if($r) { - $contact = $r[0]; - - logger("contact 'self' = ".$contact['self']." 'url' = ".$contact['url'], LOGGER_DEBUG); - - if($contact['addr'] != "") - $handle = $contact['addr']; - elseif(($contact['network'] === NETWORK_DFRN) || ($contact['self'] == 1)) { - $baseurl_start = strpos($contact['url'],'://') + 3; - $baseurl_length = strpos($contact['url'],'/profile') - $baseurl_start; // allows installations in a subdirectory--not sure how Diaspora will handle - $baseurl = substr($contact['url'], $baseurl_start, $baseurl_length); - $handle = $contact['nick'].'@'.$baseurl; - } - } - - return $handle; - } - - private function contact_by_handle($uid, $handle) { - $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `addr` = '%s' LIMIT 1", - intval($uid), - dbesc($handle) - ); - - if ($r) - return $r[0]; - - $handle_parts = explode("@", $handle); - $nurl_sql = "%%://".$handle_parts[1]."%%/profile/".$handle_parts[0]; - $r = q("SELECT * FROM `contact` WHERE `network` = '%s' AND `uid` = %d AND `nurl` LIKE '%s' LIMIT 1", - dbesc(NETWORK_DFRN), - intval($uid), - dbesc($nurl_sql) - ); - if($r) - return $r[0]; - - return false; - } - - private function post_allow($importer, $contact, $is_comment = false) { - - // perhaps we were already sharing with this person. Now they're sharing with us. - // That makes us friends. - // Normally this should have handled by getting a request - but this could get lost - if($contact["rel"] == CONTACT_IS_FOLLOWER && in_array($importer["page-flags"], array(PAGE_FREELOVE))) { - q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d", - intval(CONTACT_IS_FRIEND), - intval($contact["id"]), - intval($importer["uid"]) - ); - $contact["rel"] = CONTACT_IS_FRIEND; - logger("defining user ".$contact["nick"]." as friend"); - } - - if(($contact["blocked"]) || ($contact["readonly"]) || ($contact["archive"])) - return false; - if($contact["rel"] == CONTACT_IS_SHARING || $contact["rel"] == CONTACT_IS_FRIEND) - return true; - if($contact["rel"] == CONTACT_IS_FOLLOWER) - if(($importer["page-flags"] == PAGE_COMMUNITY) OR $is_comment) - return true; - - // Messages for the global users are always accepted - if ($importer["uid"] == 0) - return true; - - return false; - } - - private function allowed_contact_by_handle($importer, $handle, $is_comment = false) { - $contact = self::contact_by_handle($importer["uid"], $handle); - if (!$contact) { - logger("A Contact for handle ".$handle." and user ".$importer["uid"]." was not found"); - return false; - } - - if (!self::post_allow($importer, $contact, $is_comment)) { - logger("The handle: ".$handle." is not allowed to post to user ".$importer["uid"]); - return false; - } - return $contact; - } - - private function message_exists($uid, $guid) { - $r = q("SELECT `id` FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($uid), - dbesc($guid) - ); - - if($r) { - logger("message ".$guid." already exists for user ".$uid); - return true; - } - - return false; - } - - private function fetch_guid($item) { - preg_replace_callback("&\[url=/posts/([^\[\]]*)\](.*)\[\/url\]&Usi", - function ($match) use ($item){ - return(self::fetch_guid_sub($match, $item)); - },$item["body"]); - } - - private function fetch_guid_sub($match, $item) { - if (!self::store_by_guid($match[1], $item["author-link"])) - self::store_by_guid($match[1], $item["owner-link"]); - } - - private function store_by_guid($guid, $server, $uid = 0) { - $serverparts = parse_url($server); - $server = $serverparts["scheme"]."://".$serverparts["host"]; - - logger("Trying to fetch item ".$guid." from ".$server, LOGGER_DEBUG); - - $msg = self::message($guid, $server); - - if (!$msg) - return false; - - logger("Successfully fetched item ".$guid." from ".$server, LOGGER_DEBUG); - - // Now call the dispatcher - return self::dispatch_public($msg); - } - - private function message($guid, $server, $level = 0) { - - if ($level > 5) - return false; - - // This will work for Diaspora and newer Friendica servers - $source_url = $server."/p/".$guid.".xml"; - $x = fetch_url($source_url); - if(!$x) - return false; - - $source_xml = parse_xml_string($x, false); - - if (!is_object($source_xml)) - return false; - - if ($source_xml->post->reshare) { - // Reshare of a reshare - old Diaspora version - return self::message($source_xml->post->reshare->root_guid, $server, ++$level); - } elseif ($source_xml->getName() == "reshare") { - // Reshare of a reshare - new Diaspora version - return self::message($source_xml->root_guid, $server, ++$level); - } - - $author = ""; - - // Fetch the author - for the old and the new Diaspora version - if ($source_xml->post->status_message->diaspora_handle) - $author = (string)$source_xml->post->status_message->diaspora_handle; - elseif ($source_xml->author AND ($source_xml->getName() == "status_message")) - $author = (string)$source_xml->author; - - // If this isn't a "status_message" then quit - if (!$author) - return false; - - $msg = array("message" => $x, "author" => $author); - - $msg["key"] = self::key($msg["author"]); - - return $msg; - } - - private function parent_item($uid, $guid, $author, $contact) { - $r = q("SELECT `id`, `body`, `wall`, `uri`, `private`, `origin`, - `author-name`, `author-link`, `author-avatar`, - `owner-name`, `owner-link`, `owner-avatar` - FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($uid), dbesc($guid)); - - if(!$r) { - $result = self::store_by_guid($guid, $contact["url"], $uid); - - if (!$result) { - $person = self::person_by_handle($author); - $result = self::store_by_guid($guid, $person["url"], $uid); - } - - if ($result) { - logger("Fetched missing item ".$guid." - result: ".$result, LOGGER_DEBUG); - - $r = q("SELECT `id`, `body`, `wall`, `uri`, `private`, `origin`, - `author-name`, `author-link`, `author-avatar`, - `owner-name`, `owner-link`, `owner-avatar` - FROM `item` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($uid), dbesc($guid)); - } - } - - if (!$r) { - logger("parent item not found: parent: ".$guid." - user: ".$uid); - return false; - } else { - logger("parent item found: parent: ".$guid." - user: ".$uid); - return $r[0]; - } - } - - private function author_contact_by_url($contact, $person, $uid) { - - $r = q("SELECT `id`, `network` FROM `contact` WHERE `nurl` = '%s' AND `uid` = %d LIMIT 1", - dbesc(normalise_link($person["url"])), intval($uid)); - if ($r) { - $cid = $r[0]["id"]; - $network = $r[0]["network"]; - } else { - $cid = $contact["id"]; - $network = NETWORK_DIASPORA; - } - - return (array("cid" => $cid, "network" => $network)); - } - - public static function is_redmatrix($url) { - return(strstr($url, "/channel/")); - } - - private function plink($addr, $guid) { - $r = q("SELECT `url`, `nick`, `network` FROM `fcontact` WHERE `addr`='%s' LIMIT 1", dbesc($addr)); - - // Fallback - if (!$r) - return "https://".substr($addr,strpos($addr,"@")+1)."/posts/".$guid; - - // Friendica contacts are often detected as Diaspora contacts in the "fcontact" table - // So we try another way as well. - $s = q("SELECT `network` FROM `gcontact` WHERE `nurl`='%s' LIMIT 1", dbesc(normalise_link($r[0]["url"]))); - if ($s) - $r[0]["network"] = $s[0]["network"]; - - if ($r[0]["network"] == NETWORK_DFRN) - return(str_replace("/profile/".$r[0]["nick"]."/", "/display/".$guid, $r[0]["url"]."/")); - - if (self::is_redmatrix($r[0]["url"])) - return $r[0]["url"]."/?f=&mid=".$guid; - - return "https://".substr($addr,strpos($addr,"@")+1)."/posts/".$guid; - } - - private function receive_account_deletion($importer, $data) { - $author = notags(unxmlify($data->author)); - - $contact = self::contact_by_handle($importer["uid"], $author); - if (!$contact) { - logger("cannot find contact for author: ".$author); - return false; - } - - // We now remove the contact - contact_remove($contact["id"]); - return true; - } - - private function receive_comment($importer, $sender, $data) { - $guid = notags(unxmlify($data->guid)); - $parent_guid = notags(unxmlify($data->parent_guid)); - $text = unxmlify($data->text); - $author = notags(unxmlify($data->author)); - - $contact = self::allowed_contact_by_handle($importer, $sender, true); - if (!$contact) - return false; - - if (self::message_exists($importer["uid"], $guid)) - return false; - - $parent_item = self::parent_item($importer["uid"], $parent_guid, $author, $contact); - if (!$parent_item) - return false; - - $person = self::person_by_handle($author); - if (!is_array($person)) { - logger("unable to find author details"); - return false; - } - - // Fetch the contact id - if we know this contact - $author_contact = self::author_contact_by_url($contact, $person, $importer["uid"]); - - $datarray = array(); - - $datarray["uid"] = $importer["uid"]; - $datarray["contact-id"] = $author_contact["cid"]; - $datarray["network"] = $author_contact["network"]; - - $datarray["author-name"] = $person["name"]; - $datarray["author-link"] = $person["url"]; - $datarray["author-avatar"] = ((x($person,"thumb")) ? $person["thumb"] : $person["photo"]); - - $datarray["owner-name"] = $contact["name"]; - $datarray["owner-link"] = $contact["url"]; - $datarray["owner-avatar"] = ((x($contact,"thumb")) ? $contact["thumb"] : $contact["photo"]); - - $datarray["guid"] = $guid; - $datarray["uri"] = $author.":".$guid; - - $datarray["type"] = "remote-comment"; - $datarray["verb"] = ACTIVITY_POST; - $datarray["gravity"] = GRAVITY_COMMENT; - $datarray["parent-uri"] = $parent_item["uri"]; - - $datarray["object-type"] = ACTIVITY_OBJ_COMMENT; - $datarray["object"] = json_encode($data); - - $datarray["body"] = diaspora2bb($text); - - self::fetch_guid($datarray); - - $message_id = item_store($datarray); - - if ($message_id) - logger("Stored comment ".$datarray["guid"]." with message id ".$message_id, LOGGER_DEBUG); - - // If we are the origin of the parent we store the original data and notify our followers - if($message_id AND $parent_item["origin"]) { - - // Formerly we stored the signed text, the signature and the author in different fields. - // We now store the raw data so that we are more flexible. - q("INSERT INTO `sign` (`iid`,`signed_text`) VALUES (%d,'%s')", - intval($message_id), - dbesc(json_encode($data)) - ); - - // notify others - proc_run("php", "include/notifier.php", "comment-import", $message_id); - } - - return $message_id; - } - - private function receive_conversation_message($importer, $contact, $data, $msg, $mesg, $conversation) { - $guid = notags(unxmlify($data->guid)); - $subject = notags(unxmlify($data->subject)); - $author = notags(unxmlify($data->author)); - - $reply = 0; - - $msg_guid = notags(unxmlify($mesg->guid)); - $msg_parent_guid = notags(unxmlify($mesg->parent_guid)); - $msg_parent_author_signature = notags(unxmlify($mesg->parent_author_signature)); - $msg_author_signature = notags(unxmlify($mesg->author_signature)); - $msg_text = unxmlify($mesg->text); - $msg_created_at = datetime_convert("UTC", "UTC", notags(unxmlify($mesg->created_at))); - - // "diaspora_handle" is the element name from the old version - // "author" is the element name from the new version - if ($mesg->author) - $msg_author = notags(unxmlify($mesg->author)); - elseif ($mesg->diaspora_handle) - $msg_author = notags(unxmlify($mesg->diaspora_handle)); - else - return false; - - $msg_conversation_guid = notags(unxmlify($mesg->conversation_guid)); - - if($msg_conversation_guid != $guid) { - logger("message conversation guid does not belong to the current conversation."); - return false; - } - - $body = diaspora2bb($msg_text); - $message_uri = $msg_author.":".$msg_guid; - - $author_signed_data = $msg_guid.";".$msg_parent_guid.";".$msg_text.";".unxmlify($mesg->created_at).";".$msg_author.";".$msg_conversation_guid; - - $author_signature = base64_decode($msg_author_signature); - - if(strcasecmp($msg_author,$msg["author"]) == 0) { - $person = $contact; - $key = $msg["key"]; - } else { - $person = self::person_by_handle($msg_author); - - if (is_array($person) && x($person, "pubkey")) - $key = $person["pubkey"]; - else { - logger("unable to find author details"); - return false; - } - } - - if (!rsa_verify($author_signed_data, $author_signature, $key, "sha256")) { - logger("verification failed."); - return false; - } - - if($msg_parent_author_signature) { - $owner_signed_data = $msg_guid.";".$msg_parent_guid.";".$msg_text.";".unxmlify($mesg->created_at).";".$msg_author.";".$msg_conversation_guid; - - $parent_author_signature = base64_decode($msg_parent_author_signature); - - $key = $msg["key"]; - - if (!rsa_verify($owner_signed_data, $parent_author_signature, $key, "sha256")) { - logger("owner verification failed."); - return false; - } - } - - $r = q("SELECT `id` FROM `mail` WHERE `uri` = '%s' LIMIT 1", - dbesc($message_uri) - ); - if($r) { - logger("duplicate message already delivered.", LOGGER_DEBUG); - return false; - } - - q("INSERT INTO `mail` (`uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`) - VALUES (%d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')", - intval($importer["uid"]), - dbesc($msg_guid), - intval($conversation["id"]), - dbesc($person["name"]), - dbesc($person["photo"]), - dbesc($person["url"]), - intval($contact["id"]), - dbesc($subject), - dbesc($body), - 0, - 0, - dbesc($message_uri), - dbesc($author.":".$guid), - dbesc($msg_created_at) - ); - - q("UPDATE `conv` SET `updated` = '%s' WHERE `id` = %d", - dbesc(datetime_convert()), - intval($conversation["id"]) - ); - - notification(array( - "type" => NOTIFY_MAIL, - "notify_flags" => $importer["notify-flags"], - "language" => $importer["language"], - "to_name" => $importer["username"], - "to_email" => $importer["email"], - "uid" =>$importer["uid"], - "item" => array("subject" => $subject, "body" => $body), - "source_name" => $person["name"], - "source_link" => $person["url"], - "source_photo" => $person["thumb"], - "verb" => ACTIVITY_POST, - "otype" => "mail" - )); - } - - private function receive_conversation($importer, $msg, $data) { - $guid = notags(unxmlify($data->guid)); - $subject = notags(unxmlify($data->subject)); - $created_at = datetime_convert("UTC", "UTC", notags(unxmlify($data->created_at))); - $author = notags(unxmlify($data->author)); - $participants = notags(unxmlify($data->participants)); - - $messages = $data->message; - - if (!count($messages)) { - logger("empty conversation"); - return false; - } - - $contact = self::allowed_contact_by_handle($importer, $msg["author"], true); - if (!$contact) - return false; - - $conversation = null; - - $c = q("SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer["uid"]), - dbesc($guid) - ); - if($c) - $conversation = $c[0]; - else { - $r = q("INSERT INTO `conv` (`uid`, `guid`, `creator`, `created`, `updated`, `subject`, `recips`) - VALUES (%d, '%s', '%s', '%s', '%s', '%s', '%s')", - intval($importer["uid"]), - dbesc($guid), - dbesc($author), - dbesc(datetime_convert("UTC", "UTC", $created_at)), - dbesc(datetime_convert()), - dbesc($subject), - dbesc($participants) - ); - if($r) - $c = q("SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer["uid"]), - dbesc($guid) - ); - - if($c) - $conversation = $c[0]; - } - if (!$conversation) { - logger("unable to create conversation."); - return; - } - - foreach($messages as $mesg) - self::receive_conversation_message($importer, $contact, $data, $msg, $mesg, $conversation); - - return true; - } - - private function construct_like_body($contact, $parent_item, $guid) { - $bodyverb = t('%1$s likes %2$s\'s %3$s'); - - $ulink = "[url=".$contact["url"]."]".$contact["name"]."[/url]"; - $alink = "[url=".$parent_item["author-link"]."]".$parent_item["author-name"]."[/url]"; - $plink = "[url=".App::get_baseurl()."/display/".urlencode($guid)."]".t("status")."[/url]"; - - return sprintf($bodyverb, $ulink, $alink, $plink); - } - - private function construct_like_object($importer, $parent_item) { - $objtype = ACTIVITY_OBJ_NOTE; - $link = ''; - $parent_body = $parent_item["body"]; - - $xmldata = array("object" => array("type" => $objtype, - "local" => "1", - "id" => $parent_item["uri"], - "link" => $link, - "title" => "", - "content" => $parent_body)); - - return xml::from_array($xmldata, $xml, true); - } - - private function receive_like($importer, $sender, $data) { - $positive = notags(unxmlify($data->positive)); - $guid = notags(unxmlify($data->guid)); - $parent_type = notags(unxmlify($data->parent_type)); - $parent_guid = notags(unxmlify($data->parent_guid)); - $author = notags(unxmlify($data->author)); - - // likes on comments aren't supported by Diaspora - only on posts - // But maybe this will be supported in the future, so we will accept it. - if (!in_array($parent_type, array("Post", "Comment"))) - return false; - - $contact = self::allowed_contact_by_handle($importer, $sender, true); - if (!$contact) - return false; - - if (self::message_exists($importer["uid"], $guid)) - return false; - - $parent_item = self::parent_item($importer["uid"], $parent_guid, $author, $contact); - if (!$parent_item) - return false; - - $person = self::person_by_handle($author); - if (!is_array($person)) { - logger("unable to find author details"); - return false; - } - - // Fetch the contact id - if we know this contact - $author_contact = self::author_contact_by_url($contact, $person, $importer["uid"]); - - // "positive" = "false" would be a Dislike - wich isn't currently supported by Diaspora - // We would accept this anyhow. - if ($positive === "true") - $verb = ACTIVITY_LIKE; - else - $verb = ACTIVITY_DISLIKE; - - $datarray = array(); - - $datarray["uid"] = $importer["uid"]; - $datarray["contact-id"] = $author_contact["cid"]; - $datarray["network"] = $author_contact["network"]; - - $datarray["author-name"] = $person["name"]; - $datarray["author-link"] = $person["url"]; - $datarray["author-avatar"] = ((x($person,"thumb")) ? $person["thumb"] : $person["photo"]); - - $datarray["owner-name"] = $contact["name"]; - $datarray["owner-link"] = $contact["url"]; - $datarray["owner-avatar"] = ((x($contact,"thumb")) ? $contact["thumb"] : $contact["photo"]); - - $datarray["guid"] = $guid; - $datarray["uri"] = $author.":".$guid; - - $datarray["type"] = "activity"; - $datarray["verb"] = $verb; - $datarray["gravity"] = GRAVITY_LIKE; - $datarray["parent-uri"] = $parent_item["uri"]; - - $datarray["object-type"] = ACTIVITY_OBJ_NOTE; - $datarray["object"] = self::construct_like_object($importer, $parent_item); - - $datarray["body"] = self::construct_like_body($contact, $parent_item, $guid); - - $message_id = item_store($datarray); - - if ($message_id) - logger("Stored like ".$datarray["guid"]." with message id ".$message_id, LOGGER_DEBUG); - - // If we are the origin of the parent we store the original data and notify our followers - if($message_id AND $parent_item["origin"]) { - - // Formerly we stored the signed text, the signature and the author in different fields. - // We now store the raw data so that we are more flexible. - q("INSERT INTO `sign` (`iid`,`signed_text`) VALUES (%d,'%s')", - intval($message_id), - dbesc(json_encode($data)) - ); - - // notify others - proc_run("php", "include/notifier.php", "comment-import", $message_id); - } - - return $message_id; - } - - private function receive_message($importer, $data) { - $guid = notags(unxmlify($data->guid)); - $parent_guid = notags(unxmlify($data->parent_guid)); - $text = unxmlify($data->text); - $created_at = datetime_convert("UTC", "UTC", notags(unxmlify($data->created_at))); - $author = notags(unxmlify($data->author)); - $conversation_guid = notags(unxmlify($data->conversation_guid)); - - $contact = self::allowed_contact_by_handle($importer, $author, true); - if (!$contact) - return false; - - $conversation = null; - - $c = q("SELECT * FROM `conv` WHERE `uid` = %d AND `guid` = '%s' LIMIT 1", - intval($importer["uid"]), - dbesc($conversation_guid) - ); - if($c) - $conversation = $c[0]; - else { - logger("conversation not available."); - return false; - } - - $reply = 0; - - $body = diaspora2bb($text); - $message_uri = $author.":".$guid; - - $person = self::person_by_handle($author); - if (!$person) { - logger("unable to find author details"); - return false; - } - - $r = q("SELECT `id` FROM `mail` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", - dbesc($message_uri), - intval($importer["uid"]) - ); - if($r) { - logger("duplicate message already delivered.", LOGGER_DEBUG); - return false; - } - - q("INSERT INTO `mail` (`uid`, `guid`, `convid`, `from-name`,`from-photo`,`from-url`,`contact-id`,`title`,`body`,`seen`,`reply`,`uri`,`parent-uri`,`created`) - VALUES ( %d, '%s', %d, '%s', '%s', '%s', %d, '%s', '%s', %d, %d, '%s','%s','%s')", - intval($importer["uid"]), - dbesc($guid), - intval($conversation["id"]), - dbesc($person["name"]), - dbesc($person["photo"]), - dbesc($person["url"]), - intval($contact["id"]), - dbesc($conversation["subject"]), - dbesc($body), - 0, - 1, - dbesc($message_uri), - dbesc($author.":".$parent_guid), - dbesc($created_at) - ); - - q("UPDATE `conv` SET `updated` = '%s' WHERE `id` = %d", - dbesc(datetime_convert()), - intval($conversation["id"]) - ); - - return true; - } - - private function receive_participation($importer, $data) { - // I'm not sure if we can fully support this message type - return true; - } - - private function receive_photo($importer, $data) { - // There doesn't seem to be a reason for this function, since the photo data is transmitted in the status message as well - return true; - } - - private function receive_poll_participation($importer, $data) { - // We don't support polls by now - return true; - } - - private function receive_profile($importer, $data) { - $author = notags(unxmlify($data->author)); - - $contact = self::contact_by_handle($importer["uid"], $author); - if (!$contact) - return; - - $name = unxmlify($data->first_name).((strlen($data->last_name)) ? " ".unxmlify($data->last_name) : ""); - $image_url = unxmlify($data->image_url); - $birthday = unxmlify($data->birthday); - $location = diaspora2bb(unxmlify($data->location)); - $about = diaspora2bb(unxmlify($data->bio)); - $gender = unxmlify($data->gender); - $searchable = (unxmlify($data->searchable) == "true"); - $nsfw = (unxmlify($data->nsfw) == "true"); - $tags = unxmlify($data->tag_string); - - $tags = explode("#", $tags); - - $keywords = array(); - foreach ($tags as $tag) { - $tag = trim(strtolower($tag)); - if ($tag != "") - $keywords[] = $tag; - } - - $keywords = implode(", ", $keywords); - - $handle_parts = explode("@", $author); - $nick = $handle_parts[0]; - - if($name === "") - $name = $handle_parts[0]; - - if( preg_match("|^https?://|", $image_url) === 0) - $image_url = "http://".$handle_parts[1].$image_url; - - update_contact_avatar($image_url, $importer["uid"], $contact["id"]); - - // Generic birthday. We don't know the timezone. The year is irrelevant. - - $birthday = str_replace("1000", "1901", $birthday); - - if ($birthday != "") - $birthday = datetime_convert("UTC", "UTC", $birthday, "Y-m-d"); - - // this is to prevent multiple birthday notifications in a single year - // if we already have a stored birthday and the 'm-d' part hasn't changed, preserve the entry, which will preserve the notify year - - if(substr($birthday,5) === substr($contact["bd"],5)) - $birthday = $contact["bd"]; - - $r = q("UPDATE `contact` SET `name` = '%s', `nick` = '%s', `addr` = '%s', `name-date` = '%s', `bd` = '%s', - `location` = '%s', `about` = '%s', `keywords` = '%s', `gender` = '%s' WHERE `id` = %d AND `uid` = %d", - dbesc($name), - dbesc($nick), - dbesc($author), - dbesc(datetime_convert()), - dbesc($birthday), - dbesc($location), - dbesc($about), - dbesc($keywords), - dbesc($gender), - intval($contact["id"]), - intval($importer["uid"]) - ); - - if ($searchable) { - poco_check($contact["url"], $name, NETWORK_DIASPORA, $image_url, $about, $location, $gender, $keywords, "", - datetime_convert(), 2, $contact["id"], $importer["uid"]); - } - - $gcontact = array("url" => $contact["url"], "network" => NETWORK_DIASPORA, "generation" => 2, - "photo" => $image_url, "name" => $name, "location" => $location, - "about" => $about, "birthday" => $birthday, "gender" => $gender, - "addr" => $author, "nick" => $nick, "keywords" => $keywords, - "hide" => !$searchable, "nsfw" => $nsfw); - - update_gcontact($gcontact); - - logger("Profile of contact ".$contact["id"]." stored for user ".$importer["uid"], LOGGER_DEBUG); - - return true; - } - - private function receive_request_make_friend($importer, $contact) { - - $a = get_app(); - - if($contact["rel"] == CONTACT_IS_FOLLOWER && in_array($importer["page-flags"], array(PAGE_FREELOVE))) { - q("UPDATE `contact` SET `rel` = %d, `writable` = 1 WHERE `id` = %d AND `uid` = %d", - intval(CONTACT_IS_FRIEND), - intval($contact["id"]), - intval($importer["uid"]) - ); - } - // send notification - - $r = q("SELECT `hide-friends` FROM `profile` WHERE `uid` = %d AND `is-default` = 1 LIMIT 1", - intval($importer["uid"]) - ); - - if($r && !$r[0]["hide-friends"] && !$contact["hidden"] && intval(get_pconfig($importer["uid"], "system", "post_newfriend"))) { - - $self = q("SELECT * FROM `contact` WHERE `self` AND `uid` = %d LIMIT 1", - intval($importer["uid"]) - ); - - // they are not CONTACT_IS_FOLLOWER anymore but that's what we have in the array - - if($self && $contact["rel"] == CONTACT_IS_FOLLOWER) { - - $arr = array(); - $arr["uri"] = $arr["parent-uri"] = item_new_uri($a->get_hostname(), $importer["uid"]); - $arr["uid"] = $importer["uid"]; - $arr["contact-id"] = $self[0]["id"]; - $arr["wall"] = 1; - $arr["type"] = 'wall'; - $arr["gravity"] = 0; - $arr["origin"] = 1; - $arr["author-name"] = $arr["owner-name"] = $self[0]["name"]; - $arr["author-link"] = $arr["owner-link"] = $self[0]["url"]; - $arr["author-avatar"] = $arr["owner-avatar"] = $self[0]["thumb"]; - $arr["verb"] = ACTIVITY_FRIEND; - $arr["object-type"] = ACTIVITY_OBJ_PERSON; - - $A = "[url=".$self[0]["url"]."]".$self[0]["name"]."[/url]"; - $B = "[url=".$contact["url"]."]".$contact["name"]."[/url]"; - $BPhoto = "[url=".$contact["url"]."][img]".$contact["thumb"]."[/img][/url]"; - $arr["body"] = sprintf(t("%1$s is now friends with %2$s"), $A, $B)."\n\n\n".$Bphoto; - - $arr["object"] = "".ACTIVITY_OBJ_PERSON."".$contact["name"]."" - ."".$contact["url"]."/".$contact["name"].""; - $arr["object"] .= "".xmlify(''."\n"); - $arr["object"] .= xmlify(''."\n"); - $arr["object"] .= "\n"; - $arr["last-child"] = 1; - - $arr["allow_cid"] = $user[0]["allow_cid"]; - $arr["allow_gid"] = $user[0]["allow_gid"]; - $arr["deny_cid"] = $user[0]["deny_cid"]; - $arr["deny_gid"] = $user[0]["deny_gid"]; - - $i = item_store($arr); - if($i) - proc_run("php", "include/notifier.php", "activity", $i); - - } - - } - } - - private function receive_request($importer, $data) { - $author = unxmlify($data->author); - $recipient = unxmlify($data->recipient); - - if (!$author || !$recipient) - return; - - $contact = self::contact_by_handle($importer["uid"],$author); - - if($contact) { - - // perhaps we were already sharing with this person. Now they're sharing with us. - // That makes us friends. - - self::receive_request_make_friend($importer, $contact); - return true; - } - - $ret = self::person_by_handle($author); - - if (!$ret || ($ret["network"] != NETWORK_DIASPORA)) { - logger("Cannot resolve diaspora handle ".$author." for ".$recipient); - return false; - } - - $batch = (($ret["batch"]) ? $ret["batch"] : implode("/", array_slice(explode("/", $ret["url"]), 0, 3))."/receive/public"); - - $r = q("INSERT INTO `contact` (`uid`, `network`,`addr`,`created`,`url`,`nurl`,`batch`,`name`,`nick`,`photo`,`pubkey`,`notify`,`poll`,`blocked`,`priority`) - VALUES (%d, '%s', '%s', '%s', '%s','%s','%s','%s','%s','%s','%s','%s','%s',%d,%d)", - intval($importer["uid"]), - dbesc($ret["network"]), - dbesc($ret["addr"]), - datetime_convert(), - dbesc($ret["url"]), - dbesc(normalise_link($ret["url"])), - dbesc($batch), - dbesc($ret["name"]), - dbesc($ret["nick"]), - dbesc($ret["photo"]), - dbesc($ret["pubkey"]), - dbesc($ret["notify"]), - dbesc($ret["poll"]), - 1, - 2 - ); - - // find the contact record we just created - - $contact_record = self::contact_by_handle($importer["uid"],$author); - - if (!$contact_record) { - logger("unable to locate newly created contact record."); - return; - } - - $g = q("SELECT `def_gid` FROM `user` WHERE `uid` = %d LIMIT 1", - intval($importer["uid"]) - ); - - if($g && intval($g[0]["def_gid"])) - group_add_member($importer["uid"], "", $contact_record["id"], $g[0]["def_gid"]); - - if($importer["page-flags"] == PAGE_NORMAL) { - - $hash = random_string().(string)time(); // Generate a confirm_key - - $ret = q("INSERT INTO `intro` (`uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`) - VALUES (%d, %d, %d, %d, '%s', '%s', '%s')", - intval($importer["uid"]), - intval($contact_record["id"]), - 0, - 0, - dbesc(t("Sharing notification from Diaspora network")), - dbesc($hash), - dbesc(datetime_convert()) - ); - } else { - - // automatic friend approval - - update_contact_avatar($contact_record["photo"],$importer["uid"],$contact_record["id"]); - - // technically they are sharing with us (CONTACT_IS_SHARING), - // but if our page-type is PAGE_COMMUNITY or PAGE_SOAPBOX - // we are going to change the relationship and make them a follower. - - if($importer["page-flags"] == PAGE_FREELOVE) - $new_relation = CONTACT_IS_FRIEND; - else - $new_relation = CONTACT_IS_FOLLOWER; - - $r = q("UPDATE `contact` SET `rel` = %d, - `name-date` = '%s', - `uri-date` = '%s', - `blocked` = 0, - `pending` = 0, - `writable` = 1 - WHERE `id` = %d - ", - intval($new_relation), - dbesc(datetime_convert()), - dbesc(datetime_convert()), - intval($contact_record["id"]) - ); - - $u = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", intval($importer["uid"])); - if($u) - $ret = self::send_share($u[0], $contact_record); - } - - return true; - } - - private function original_item($guid, $orig_author, $author) { - - // Do we already have this item? - $r = q("SELECT `body`, `tag`, `app`, `created`, `object-type`, `uri`, `guid`, - `author-name`, `author-link`, `author-avatar` - FROM `item` WHERE `guid` = '%s' AND `visible` AND NOT `deleted` AND `body` != '' LIMIT 1", - dbesc($guid)); - - if($r) { - logger("reshared message ".$guid." already exists on system."); - - // Maybe it is already a reshared item? - // Then refetch the content, since there can be many side effects with reshared posts from other networks or reshares from reshares - if (self::is_reshare($r[0]["body"])) - $r = array(); - else - return $r[0]; - } - - if (!$r) { - $server = "https://".substr($orig_author, strpos($orig_author, "@") + 1); - logger("1st try: reshared message ".$guid." will be fetched from original server: ".$server); - $item_id = self::store_by_guid($guid, $server); - - if (!$item_id) { - $server = "http://".substr($orig_author, strpos($orig_author, "@") + 1); - logger("2nd try: reshared message ".$guid." will be fetched from original server: ".$server); - $item_id = self::store_by_guid($guid, $server); - } - - // Deactivated by now since there is a risk that someone could manipulate postings through this method -/* if (!$item_id) { - $server = "https://".substr($author, strpos($author, "@") + 1); - logger("3rd try: reshared message ".$guid." will be fetched from sharer's server: ".$server); - $item_id = self::store_by_guid($guid, $server); - } - if (!$item_id) { - $server = "http://".substr($author, strpos($author, "@") + 1); - logger("4th try: reshared message ".$guid." will be fetched from sharer's server: ".$server); - $item_id = self::store_by_guid($guid, $server); - } -*/ - if ($item_id) { - $r = q("SELECT `body`, `tag`, `app`, `created`, `object-type`, `uri`, `guid`, - `author-name`, `author-link`, `author-avatar` - FROM `item` WHERE `id` = %d AND `visible` AND NOT `deleted` AND `body` != '' LIMIT 1", - intval($item_id)); - - if ($r) - return $r[0]; - - } - } - return false; - } - - private function receive_reshare($importer, $data) { - $root_author = notags(unxmlify($data->root_author)); - $root_guid = notags(unxmlify($data->root_guid)); - $guid = notags(unxmlify($data->guid)); - $author = notags(unxmlify($data->author)); - $public = notags(unxmlify($data->public)); - $created_at = notags(unxmlify($data->created_at)); - - $contact = self::allowed_contact_by_handle($importer, $author, false); - if (!$contact) - return false; - - if (self::message_exists($importer["uid"], $guid)) - return false; - - $original_item = self::original_item($root_guid, $root_author, $author); - if (!$original_item) - return false; - - $orig_url = App::get_baseurl()."/display/".$original_item["guid"]; - - $datarray = array(); - - $datarray["uid"] = $importer["uid"]; - $datarray["contact-id"] = $contact["id"]; - $datarray["network"] = NETWORK_DIASPORA; - - $datarray["author-name"] = $contact["name"]; - $datarray["author-link"] = $contact["url"]; - $datarray["author-avatar"] = ((x($contact,"thumb")) ? $contact["thumb"] : $contact["photo"]); - - $datarray["owner-name"] = $datarray["author-name"]; - $datarray["owner-link"] = $datarray["author-link"]; - $datarray["owner-avatar"] = $datarray["author-avatar"]; - - $datarray["guid"] = $guid; - $datarray["uri"] = $datarray["parent-uri"] = $author.":".$guid; - - $datarray["verb"] = ACTIVITY_POST; - $datarray["gravity"] = GRAVITY_PARENT; - - $datarray["object"] = json_encode($data); - - $prefix = share_header($original_item["author-name"], $original_item["author-link"], $original_item["author-avatar"], - $original_item["guid"], $original_item["created"], $orig_url); - $datarray["body"] = $prefix.$original_item["body"]."[/share]"; - - $datarray["tag"] = $original_item["tag"]; - $datarray["app"] = $original_item["app"]; - - $datarray["plink"] = self::plink($author, $guid); - $datarray["private"] = (($public == "false") ? 1 : 0); - $datarray["changed"] = $datarray["created"] = $datarray["edited"] = datetime_convert("UTC", "UTC", $created_at); - - $datarray["object-type"] = $original_item["object-type"]; - - self::fetch_guid($datarray); - $message_id = item_store($datarray); - - if ($message_id) - logger("Stored reshare ".$datarray["guid"]." with message id ".$message_id, LOGGER_DEBUG); - - return $message_id; - } - - private function item_retraction($importer, $contact, $data) { - $target_type = notags(unxmlify($data->target_type)); - $target_guid = notags(unxmlify($data->target_guid)); - $author = notags(unxmlify($data->author)); - - $person = self::person_by_handle($author); - if (!is_array($person)) { - logger("unable to find author detail for ".$author); - return false; - } - - $r = q("SELECT `id`, `parent`, `parent-uri`, `author-link` FROM `item` WHERE `guid` = '%s' AND `uid` = %d AND NOT `file` LIKE '%%[%%' LIMIT 1", - dbesc($target_guid), - intval($importer["uid"]) - ); - if (!$r) - return false; - - // Only delete it if the author really fits - if (!link_compare($r[0]["author-link"], $person["url"])) { - logger("Item author ".$r[0]["author-link"]." doesn't fit to expected contact ".$person["url"], LOGGER_DEBUG); - return false; - } - - // Check if the sender is the thread owner - $p = q("SELECT `id`, `author-link`, `origin` FROM `item` WHERE `id` = %d", - intval($r[0]["parent"])); - - // Only delete it if the parent author really fits - if (!link_compare($p[0]["author-link"], $contact["url"]) AND !link_compare($r[0]["author-link"], $contact["url"])) { - logger("Thread author ".$p[0]["author-link"]." and item author ".$r[0]["author-link"]." don't fit to expected contact ".$contact["url"], LOGGER_DEBUG); - return false; - } - - // Currently we don't have a central deletion function that we could use in this case. The function "item_drop" doesn't work for that case - q("UPDATE `item` SET `deleted` = 1, `edited` = '%s', `changed` = '%s', `body` = '' , `title` = '' WHERE `id` = %d", - dbesc(datetime_convert()), - dbesc(datetime_convert()), - intval($r[0]["id"]) - ); - delete_thread($r[0]["id"], $r[0]["parent-uri"]); - - logger("Deleted target ".$target_guid." (".$r[0]["id"].") from user ".$importer["uid"]." parent: ".$p[0]["id"], LOGGER_DEBUG); - - // Now check if the retraction needs to be relayed by us - if($p[0]["origin"]) { - - // Formerly we stored the signed text, the signature and the author in different fields. - // We now store the raw data so that we are more flexible. - q("INSERT INTO `sign` (`retract_iid`,`signed_text`) VALUES (%d,'%s')", - intval($r[0]["id"]), - dbesc(json_encode($data)) - ); - $s = q("select * from sign where retract_iid = %d", intval($r[0]["id"])); - logger("Stored signatur for item ".$r[0]["id"]." - ".print_r($s, true), LOGGER_DEBUG); - - // notify others - proc_run("php", "include/notifier.php", "drop", $r[0]["id"]); - } - } - - private function receive_retraction($importer, $sender, $data) { - $target_type = notags(unxmlify($data->target_type)); - - $contact = self::contact_by_handle($importer["uid"], $sender); - if (!$contact) { - logger("cannot find contact for sender: ".$sender." and user ".$importer["uid"]); - return false; - } - - logger("Got retraction for ".$target_type.", sender ".$sender." and user ".$importer["uid"], LOGGER_DEBUG); - - switch ($target_type) { - case "Comment": - case "Like": - case "Post": // "Post" will be supported in a future version - case "Reshare": - case "StatusMessage": - return self::item_retraction($importer, $contact, $data);; - - case "Person": - /// @todo What should we do with an "unshare"? - // Removing the contact isn't correct since we still can read the public items - //contact_remove($contact["id"]); - return true; - - default: - logger("Unknown target type ".$target_type); - return false; - } - return true; - } - - private function receive_status_message($importer, $data) { - - $raw_message = unxmlify($data->raw_message); - $guid = notags(unxmlify($data->guid)); - $author = notags(unxmlify($data->author)); - $public = notags(unxmlify($data->public)); - $created_at = notags(unxmlify($data->created_at)); - $provider_display_name = notags(unxmlify($data->provider_display_name)); - - /// @todo enable support for polls - //if ($data->poll) { - // foreach ($data->poll AS $poll) - // print_r($poll); - // die("poll!\n"); - //} - $contact = self::allowed_contact_by_handle($importer, $author, false); - if (!$contact) - return false; - - if (self::message_exists($importer["uid"], $guid)) - return false; - - $address = array(); - if ($data->location) - foreach ($data->location->children() AS $fieldname => $data) - $address[$fieldname] = notags(unxmlify($data)); - - $body = diaspora2bb($raw_message); - - $datarray = array(); - - if ($data->photo) { - foreach ($data->photo AS $photo) - $body = "[img]".$photo->remote_photo_path.$photo->remote_photo_name."[/img]\n".$body; - - $datarray["object-type"] = ACTIVITY_OBJ_PHOTO; - } else { - $datarray["object-type"] = ACTIVITY_OBJ_NOTE; - - // Add OEmbed and other information to the body - if (!self::is_redmatrix($contact["url"])) - $body = add_page_info_to_body($body, false, true); - } - - $datarray["uid"] = $importer["uid"]; - $datarray["contact-id"] = $contact["id"]; - $datarray["network"] = NETWORK_DIASPORA; - - $datarray["author-name"] = $contact["name"]; - $datarray["author-link"] = $contact["url"]; - $datarray["author-avatar"] = ((x($contact,"thumb")) ? $contact["thumb"] : $contact["photo"]); - - $datarray["owner-name"] = $datarray["author-name"]; - $datarray["owner-link"] = $datarray["author-link"]; - $datarray["owner-avatar"] = $datarray["author-avatar"]; - - $datarray["guid"] = $guid; - $datarray["uri"] = $datarray["parent-uri"] = $author.":".$guid; - - $datarray["verb"] = ACTIVITY_POST; - $datarray["gravity"] = GRAVITY_PARENT; - - $datarray["object"] = json_encode($data); - - $datarray["body"] = $body; - - if ($provider_display_name != "") - $datarray["app"] = $provider_display_name; - - $datarray["plink"] = self::plink($author, $guid); - $datarray["private"] = (($public == "false") ? 1 : 0); - $datarray["changed"] = $datarray["created"] = $datarray["edited"] = datetime_convert("UTC", "UTC", $created_at); - - if (isset($address["address"])) - $datarray["location"] = $address["address"]; - - if (isset($address["lat"]) AND isset($address["lng"])) - $datarray["coord"] = $address["lat"]." ".$address["lng"]; - - self::fetch_guid($datarray); - $message_id = item_store($datarray); - - if ($message_id) - logger("Stored item ".$datarray["guid"]." with message id ".$message_id, LOGGER_DEBUG); - - return $message_id; - } - - /****************************************************************************************** - * Here are all the functions that are needed to transmit data with the Diaspora protocol * - ******************************************************************************************/ - - private function my_handle($me) { - if ($contact["addr"] != "") - return $contact["addr"]; - - // Normally we should have a filled "addr" field - but in the past this wasn't the case - // So - just in case - we build the the address here. - return $me["nickname"]."@".substr(App::get_baseurl(), strpos(App::get_baseurl(),"://") + 3); - } - - private function build_public_message($msg, $user, $contact, $prvkey, $pubkey) { - - logger("Message: ".$msg, LOGGER_DATA); - - $handle = self::my_handle($user); - - $b64url_data = base64url_encode($msg); - - $data = str_replace(array("\n", "\r", " ", "\t"), array("", "", "", ""), $b64url_data); - - $type = "application/xml"; - $encoding = "base64url"; - $alg = "RSA-SHA256"; - - $signable_data = $data.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg); - - $signature = rsa_sign($signable_data,$prvkey); - $sig = base64url_encode($signature); - - $xmldata = array("diaspora" => array("header" => array("author_id" => $handle), - "me:env" => array("me:encoding" => "base64url", - "me:alg" => "RSA-SHA256", - "me:data" => $data, - "@attributes" => array("type" => "application/xml"), - "me:sig" => $sig))); - - $namespaces = array("" => "https://joindiaspora.com/protocol", - "me" => "http://salmon-protocol.org/ns/magic-env"); - - $magic_env = xml::from_array($xmldata, $xml, false, $namespaces); - - logger("magic_env: ".$magic_env, LOGGER_DATA); - return $magic_env; - } - - private function build_private_message($msg, $user, $contact, $prvkey, $pubkey) { - - logger("Message: ".$msg, LOGGER_DATA); - - // without a public key nothing will work - - if (!$pubkey) { - logger("pubkey missing: contact id: ".$contact["id"]); - return false; - } - - $inner_aes_key = random_string(32); - $b_inner_aes_key = base64_encode($inner_aes_key); - $inner_iv = random_string(16); - $b_inner_iv = base64_encode($inner_iv); - - $outer_aes_key = random_string(32); - $b_outer_aes_key = base64_encode($outer_aes_key); - $outer_iv = random_string(16); - $b_outer_iv = base64_encode($outer_iv); - - $handle = self::my_handle($user); - - $padded_data = pkcs5_pad($msg,16); - $inner_encrypted = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $inner_aes_key, $padded_data, MCRYPT_MODE_CBC, $inner_iv); - - $b64_data = base64_encode($inner_encrypted); - - - $b64url_data = base64url_encode($b64_data); - $data = str_replace(array("\n", "\r", " ", "\t"), array("", "", "", ""), $b64url_data); - - $type = "application/xml"; - $encoding = "base64url"; - $alg = "RSA-SHA256"; - - $signable_data = $data.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg); - - $signature = rsa_sign($signable_data,$prvkey); - $sig = base64url_encode($signature); - - $xmldata = array("decrypted_header" => array("iv" => $b_inner_iv, - "aes_key" => $b_inner_aes_key, - "author_id" => $handle)); - - $decrypted_header = xml::from_array($xmldata, $xml, true); - $decrypted_header = pkcs5_pad($decrypted_header,16); - - $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $outer_aes_key, $decrypted_header, MCRYPT_MODE_CBC, $outer_iv); - - $outer_json = json_encode(array("iv" => $b_outer_iv, "key" => $b_outer_aes_key)); - - $encrypted_outer_key_bundle = ""; - openssl_public_encrypt($outer_json, $encrypted_outer_key_bundle, $pubkey); - - $b64_encrypted_outer_key_bundle = base64_encode($encrypted_outer_key_bundle); - - logger("outer_bundle: ".$b64_encrypted_outer_key_bundle." key: ".$pubkey, LOGGER_DATA); - - $encrypted_header_json_object = json_encode(array("aes_key" => base64_encode($encrypted_outer_key_bundle), - "ciphertext" => base64_encode($ciphertext))); - $cipher_json = base64_encode($encrypted_header_json_object); - - $xmldata = array("diaspora" => array("encrypted_header" => $cipher_json, - "me:env" => array("me:encoding" => "base64url", - "me:alg" => "RSA-SHA256", - "me:data" => $data, - "@attributes" => array("type" => "application/xml"), - "me:sig" => $sig))); - - $namespaces = array("" => "https://joindiaspora.com/protocol", - "me" => "http://salmon-protocol.org/ns/magic-env"); - - $magic_env = xml::from_array($xmldata, $xml, false, $namespaces); - - logger("magic_env: ".$magic_env, LOGGER_DATA); - return $magic_env; - } - - private function build_message($msg, $user, $contact, $prvkey, $pubkey, $public = false) { - - if ($public) - $magic_env = self::build_public_message($msg,$user,$contact,$prvkey,$pubkey); - else - $magic_env = self::build_private_message($msg,$user,$contact,$prvkey,$pubkey); - - // The data that will be transmitted is double encoded via "urlencode", strange ... - $slap = "xml=".urlencode(urlencode($magic_env)); - return $slap; - } - - private function signature($owner, $message) { - $sigmsg = $message; - unset($sigmsg["author_signature"]); - unset($sigmsg["parent_author_signature"]); - - $signed_text = implode(";", $sigmsg); - - return base64_encode(rsa_sign($signed_text, $owner["uprvkey"], "sha256")); - } - - public static function transmit($owner, $contact, $slap, $public_batch, $queue_run=false, $guid = "") { - - $a = get_app(); - - $enabled = intval(get_config("system", "diaspora_enabled")); - if(!$enabled) - return 200; - - $logid = random_string(4); - $dest_url = (($public_batch) ? $contact["batch"] : $contact["notify"]); - if (!$dest_url) { - logger("no url for contact: ".$contact["id"]." batch mode =".$public_batch); - return 0; - } - - logger("transmit: ".$logid."-".$guid." ".$dest_url); - - if (!$queue_run && was_recently_delayed($contact["id"])) { - $return_code = 0; - } else { - if (!intval(get_config("system", "diaspora_test"))) { - post_url($dest_url."/", $slap); - $return_code = $a->get_curl_code(); - } else { - logger("test_mode"); - return 200; - } - } - - logger("transmit: ".$logid."-".$guid." returns: ".$return_code); - - if(!$return_code || (($return_code == 503) && (stristr($a->get_curl_headers(), "retry-after")))) { - logger("queue message"); - - $r = q("SELECT `id` FROM `queue` WHERE `cid` = %d AND `network` = '%s' AND `content` = '%s' AND `batch` = %d LIMIT 1", - intval($contact["id"]), - dbesc(NETWORK_DIASPORA), - dbesc($slap), - intval($public_batch) - ); - if($r) { - logger("add_to_queue ignored - identical item already in queue"); - } else { - // queue message for redelivery - add_to_queue($contact["id"], NETWORK_DIASPORA, $slap, $public_batch); - } - } - - return(($return_code) ? $return_code : (-1)); - } - - - private function build_and_transmit($owner, $contact, $type, $message, $public_batch = false, $guid = "", $spool = false) { - - $data = array("XML" => array("post" => array($type => $message))); - - $msg = xml::from_array($data, $xml); - - logger('message: '.$msg, LOGGER_DATA); - logger('send guid '.$guid, LOGGER_DEBUG); - - $slap = self::build_message($msg, $owner, $contact, $owner['uprvkey'], $contact['pubkey'], $public_batch); - - if ($spool) { - add_to_queue($contact['id'], NETWORK_DIASPORA, $slap, $public_batch); - return true; - } else - $return_code = self::transmit($owner, $contact, $slap, $public_batch, false, $guid); - - logger("guid: ".$item["guid"]." result ".$return_code, LOGGER_DEBUG); - - return $return_code; - } - - public static function send_share($owner,$contact) { - - $message = array("sender_handle" => self::my_handle($owner), - "recipient_handle" => $contact["addr"]); - - return self::build_and_transmit($owner, $contact, "request", $message); - } - - public static function send_unshare($owner,$contact) { - - $message = array("post_guid" => $owner["guid"], - "diaspora_handle" => self::my_handle($owner), - "type" => "Person"); - - return self::build_and_transmit($owner, $contact, "retraction", $message); - } - - public static function is_reshare($body) { - $body = trim($body); - - // Skip if it isn't a pure repeated messages - // Does it start with a share? - if (strpos($body, "[share") > 0) - return(false); - - // Does it end with a share? - if (strlen($body) > (strrpos($body, "[/share]") + 8)) - return(false); - - $attributes = preg_replace("/\[share(.*?)\]\s?(.*?)\s?\[\/share\]\s?/ism","$1",$body); - // Skip if there is no shared message in there - if ($body == $attributes) - return(false); - - $guid = ""; - preg_match("/guid='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") - $guid = $matches[1]; - - preg_match('/guid="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") - $guid = $matches[1]; - - if ($guid != "") { - $r = q("SELECT `contact-id` FROM `item` WHERE `guid` = '%s' AND `network` IN ('%s', '%s') LIMIT 1", - dbesc($guid), NETWORK_DFRN, NETWORK_DIASPORA); - if ($r) { - $ret= array(); - $ret["root_handle"] = self::handle_from_contact($r[0]["contact-id"]); - $ret["root_guid"] = $guid; - return($ret); - } - } - - $profile = ""; - preg_match("/profile='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") - $profile = $matches[1]; - - preg_match('/profile="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") - $profile = $matches[1]; - - $ret= array(); - - $ret["root_handle"] = preg_replace("=https?://(.*)/u/(.*)=ism", "$2@$1", $profile); - if (($ret["root_handle"] == $profile) OR ($ret["root_handle"] == "")) - return(false); - - $link = ""; - preg_match("/link='(.*?)'/ism", $attributes, $matches); - if ($matches[1] != "") - $link = $matches[1]; - - preg_match('/link="(.*?)"/ism', $attributes, $matches); - if ($matches[1] != "") - $link = $matches[1]; - - $ret["root_guid"] = preg_replace("=https?://(.*)/posts/(.*)=ism", "$2", $link); - if (($ret["root_guid"] == $link) OR ($ret["root_guid"] == "")) - return(false); - return($ret); - } - - public static function send_status($item, $owner, $contact, $public_batch = false) { - - $myaddr = self::my_handle($owner); - - $public = (($item["private"]) ? "false" : "true"); - - $created = datetime_convert("UTC", "UTC", $item["created"], 'Y-m-d H:i:s \U\T\C'); - - // Detect a share element and do a reshare - if (!$item['private'] AND ($ret = self::is_reshare($item["body"]))) { - $message = array("root_diaspora_id" => $ret["root_handle"], - "root_guid" => $ret["root_guid"], - "guid" => $item["guid"], - "diaspora_handle" => $myaddr, - "public" => $public, - "created_at" => $created, - "provider_display_name" => $item["app"]); - - $type = "reshare"; - } else { - $title = $item["title"]; - $body = $item["body"]; - - // convert to markdown - $body = html_entity_decode(bb2diaspora($body)); - - // Adding the title - if(strlen($title)) - $body = "## ".html_entity_decode($title)."\n\n".$body; - - if ($item["attach"]) { - $cnt = preg_match_all('/href=\"(.*?)\"(.*?)title=\"(.*?)\"/ism', $item["attach"], $matches, PREG_SET_ORDER); - if(cnt) { - $body .= "\n".t("Attachments:")."\n"; - foreach($matches as $mtch) - $body .= "[".$mtch[3]."](".$mtch[1].")\n"; - } - } - - $location = array(); - - if ($item["location"] != "") - $location["address"] = $item["location"]; - - if ($item["coord"] != "") { - $coord = explode(" ", $item["coord"]); - $location["lat"] = $coord[0]; - $location["lng"] = $coord[1]; - } - - $message = array("raw_message" => $body, - "location" => $location, - "guid" => $item["guid"], - "diaspora_handle" => $myaddr, - "public" => $public, - "created_at" => $created, - "provider_display_name" => $item["app"]); - - if (count($location) == 0) - unset($message["location"]); - - $type = "status_message"; - } - - return self::build_and_transmit($owner, $contact, $type, $message, $public_batch, $item["guid"]); - } - - private function construct_like($item, $owner) { - - $myaddr = self::my_handle($owner); - - $p = q("SELECT `guid`, `uri`, `parent-uri` FROM `item` WHERE `uri` = '%s' LIMIT 1", - dbesc($item["thr-parent"])); - if(!$p) - return false; - - $parent = $p[0]; - - $target_type = ($parent["uri"] === $parent["parent-uri"] ? "Post" : "Comment"); - $positive = "true"; - - return(array("positive" => $positive, - "guid" => $item["guid"], - "target_type" => $target_type, - "parent_guid" => $parent["guid"], - "author_signature" => $authorsig, - "diaspora_handle" => $myaddr)); - } - - private function construct_comment($item, $owner) { - - $myaddr = self::my_handle($owner); - - $p = q("SELECT `guid` FROM `item` WHERE `parent` = %d AND `id` = %d LIMIT 1", - intval($item["parent"]), - intval($item["parent"]) - ); - - if (!$p) - return false; - - $parent = $p[0]; - - $text = html_entity_decode(bb2diaspora($item["body"])); - - return(array("guid" => $item["guid"], - "parent_guid" => $parent["guid"], - "author_signature" => "", - "text" => $text, - "diaspora_handle" => $myaddr)); - } - - public static function send_followup($item,$owner,$contact,$public_batch = false) { - - if($item['verb'] === ACTIVITY_LIKE) { - $message = self::construct_like($item, $owner); - $type = "like"; - } else { - $message = self::construct_comment($item, $owner); - $type = "comment"; - } - - if (!$message) - return false; - - $message["author_signature"] = self::signature($owner, $message); - - return self::build_and_transmit($owner, $contact, $type, $message, $public_batch, $item["guid"]); - } - - private function message_from_signatur($item, $signature) { - - // Split the signed text - $signed_parts = explode(";", $signature['signed_text']); - - if ($item["deleted"]) - $message = array("parent_author_signature" => "", - "target_guid" => $signed_parts[0], - "target_type" => $signed_parts[1], - "sender_handle" => $signature['signer'], - "target_author_signature" => $signature['signature']); - elseif ($item['verb'] === ACTIVITY_LIKE) - $message = array("positive" => $signed_parts[0], - "guid" => $signed_parts[1], - "target_type" => $signed_parts[2], - "parent_guid" => $signed_parts[3], - "parent_author_signature" => "", - "author_signature" => $signature['signature'], - "diaspora_handle" => $signed_parts[4]); - else { - // Remove the comment guid - $guid = array_shift($signed_parts); - - // Remove the parent guid - $parent_guid = array_shift($signed_parts); - - // Remove the handle - $handle = array_pop($signed_parts); - - // Glue the parts together - $text = implode(";", $signed_parts); - - $message = array("guid" => $guid, - "parent_guid" => $parent_guid, - "parent_author_signature" => "", - "author_signature" => $signature['signature'], - "text" => implode(";", $signed_parts), - "diaspora_handle" => $handle); - } - return $message; - } - - public static function send_relay($item, $owner, $contact, $public_batch = false) { - - if ($item["deleted"]) { - $sql_sign_id = "retract_iid"; - $type = "relayable_retraction"; - } elseif ($item['verb'] === ACTIVITY_LIKE) { - $sql_sign_id = "iid"; - $type = "like"; - } else { - $sql_sign_id = "iid"; - $type = "comment"; - } - - logger("Got relayable data ".$type." for item ".$item["guid"]." (".$item["id"].")", LOGGER_DEBUG); - - // fetch the original signature - - $r = q("SELECT `signed_text`, `signature`, `signer` FROM `sign` WHERE `".$sql_sign_id."` = %d LIMIT 1", - intval($item["id"])); - - if (!$r) - return self::send_followup($item, $owner, $contact, $public_batch); - - $signature = $r[0]; - - // Old way - is used by the internal Friendica functions - /// @todo Change all signatur storing functions to the new format - if ($signature['signed_text'] AND $signature['signature'] AND $signature['signer']) - $message = self::message_from_signatur($item, $signature); - else {// New way - $msg = json_decode($signature['signed_text'], true); - - $message = array(); - foreach ($msg AS $field => $data) { - if (!$item["deleted"]) { - if ($field == "author") - $field = "diaspora_handle"; - if ($field == "parent_type") - $field = "target_type"; - } - - $message[$field] = $data; - } - } - - if ($item["deleted"]) { - $signed_text = $message["target_guid"].';'.$message["target_type"]; - $message["parent_author_signature"] = base64_encode(rsa_sign($signed_text, $owner["uprvkey"], "sha256")); - } else - $message["parent_author_signature"] = self::signature($owner, $message); - - logger("Relayed data ".print_r($message, true), LOGGER_DEBUG); - - return self::build_and_transmit($owner, $contact, $type, $message, $public_batch, $item["guid"]); - } - - public static function send_retraction($item, $owner, $contact, $public_batch = false) { - - $myaddr = self::my_handle($owner); - - // Check whether the retraction is for a top-level post or whether it's a relayable - if ($item["uri"] !== $item["parent-uri"]) { - $msg_type = "relayable_retraction"; - $target_type = (($item["verb"] === ACTIVITY_LIKE) ? "Like" : "Comment"); - } else { - $msg_type = "signed_retraction"; - $target_type = "StatusMessage"; - } - - $signed_text = $item["guid"].";".$target_type; - - $message = array("target_guid" => $item['guid'], - "target_type" => $target_type, - "sender_handle" => $myaddr, - "target_author_signature" => base64_encode(rsa_sign($signed_text,$owner['uprvkey'],'sha256'))); - - return self::build_and_transmit($owner, $contact, $msg_type, $message, $public_batch, $item["guid"]); - } - - public static function send_mail($item, $owner, $contact) { - - $myaddr = self::my_handle($owner); - - $r = q("SELECT * FROM `conv` WHERE `id` = %d AND `uid` = %d LIMIT 1", - intval($item["convid"]), - intval($item["uid"]) - ); - - if (!$r) { - logger("conversation not found."); - return; - } - $cnv = $r[0]; - - $conv = array( - "guid" => $cnv["guid"], - "subject" => $cnv["subject"], - "created_at" => datetime_convert("UTC", "UTC", $cnv['created'], 'Y-m-d H:i:s \U\T\C'), - "diaspora_handle" => $cnv["creator"], - "participant_handles" => $cnv["recips"] - ); - - $body = bb2diaspora($item["body"]); - $created = datetime_convert("UTC", "UTC", $item["created"], 'Y-m-d H:i:s \U\T\C'); - - $signed_text = $item["guid"].";".$cnv["guid"].";".$body.";".$created.";".$myaddr.";".$cnv['guid']; - $sig = base64_encode(rsa_sign($signed_text, $owner["uprvkey"], "sha256")); - - $msg = array( - "guid" => $item["guid"], - "parent_guid" => $cnv["guid"], - "parent_author_signature" => $sig, - "author_signature" => $sig, - "text" => $body, - "created_at" => $created, - "diaspora_handle" => $myaddr, - "conversation_guid" => $cnv["guid"] - ); - - if ($item["reply"]) { - $message = $msg; - $type = "message"; - } else { - $message = array("guid" => $cnv["guid"], - "subject" => $cnv["subject"], - "created_at" => datetime_convert("UTC", "UTC", $cnv['created'], 'Y-m-d H:i:s \U\T\C'), - "message" => $msg, - "diaspora_handle" => $cnv["creator"], - "participant_handles" => $cnv["recips"]); - - $type = "conversation"; - } - - return self::build_and_transmit($owner, $contact, $type, $message, false, $item["guid"]); - } - - public static function send_profile($uid) { - - if (!$uid) - return; - - $recips = q("SELECT `id`,`name`,`network`,`pubkey`,`notify` FROM `contact` WHERE `network` = '%s' - AND `uid` = %d AND `rel` != %d", - dbesc(NETWORK_DIASPORA), - intval($uid), - intval(CONTACT_IS_SHARING) - ); - if (!$recips) - return; - - $r = q("SELECT `profile`.`uid` AS `profile_uid`, `profile`.* , `user`.*, `user`.`prvkey` AS `uprvkey`, `contact`.`addr` - FROM `profile` - INNER JOIN `user` ON `profile`.`uid` = `user`.`uid` - INNER JOIN `contact` ON `profile`.`uid` = `contact`.`uid` - WHERE `user`.`uid` = %d AND `profile`.`is-default` AND `contact`.`self` LIMIT 1", - intval($uid) - ); - - if (!$r) - return; - - $profile = $r[0]; - - $handle = $profile["addr"]; - $first = ((strpos($profile['name'],' ') - ? trim(substr($profile['name'],0,strpos($profile['name'],' '))) : $profile['name'])); - $last = (($first === $profile['name']) ? '' : trim(substr($profile['name'], strlen($first)))); - $large = App::get_baseurl().'/photo/custom/300/'.$profile['uid'].'.jpg'; - $medium = App::get_baseurl().'/photo/custom/100/'.$profile['uid'].'.jpg'; - $small = App::get_baseurl().'/photo/custom/50/' .$profile['uid'].'.jpg'; - $searchable = (($profile['publish'] && $profile['net-publish']) ? 'true' : 'false'); - - if ($searchable === 'true') { - $dob = '1000-00-00'; - - if (($profile['dob']) && ($profile['dob'] != '0000-00-00')) - $dob = ((intval($profile['dob'])) ? intval($profile['dob']) : '1000') .'-'. datetime_convert('UTC','UTC',$profile['dob'],'m-d'); - - $about = $profile['about']; - $about = strip_tags(bbcode($about)); - - $location = formatted_location($profile); - $tags = ''; - if ($profile['pub_keywords']) { - $kw = str_replace(',',' ',$profile['pub_keywords']); - $kw = str_replace(' ',' ',$kw); - $arr = explode(' ',$profile['pub_keywords']); - if (count($arr)) { - for($x = 0; $x < 5; $x ++) { - if (trim($arr[$x])) - $tags .= '#'. trim($arr[$x]) .' '; - } - } - } - $tags = trim($tags); - } - - $message = array("diaspora_handle" => $handle, - "first_name" => $first, - "last_name" => $last, - "image_url" => $large, - "image_url_medium" => $medium, - "image_url_small" => $small, - "birthday" => $dob, - "gender" => $profile['gender'], - "bio" => $about, - "location" => $location, - "searchable" => $searchable, - "tag_string" => $tags); - - foreach($recips as $recip) - self::build_and_transmit($profile, $recip, "profile", $message, false, "", true); - } -} -?> -- 2.39.5