harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

some preliminary work on Zot VI

Browse Source
This commit is contained in:
zotlabs 2017-09-04 21:49:44 -07:00
parent ca58ef80ae
commit 83d0e48ebe
2 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Zotlabs/Module/Zfinger.php
View File

@ -25,7 +25,8 @@ class Zfinger extends \Zotlabs\Web\Controller {
if($chan) {
$hash = \Zotlabs\Web\HTTPSig::generate_digest($ret,false);
$headers['Digest'] = 'SHA-256=' . $hash;
\Zotlabs\Web\HTTPSig::create_sig('',$headers,$chan['channel_prvkey'],z_root() . '/channel/' . $chan['channel_address'],true);
\Zotlabs\Web\HTTPSig::create_sig('',$headers,$chan['channel_prvkey'],
'acct:' . $chan['channel_address'] . '@' . \App::get_hostname(),true);
}
else {
foreach($headers as $k => $v) {

20
Zotlabs/Zot/Finger.php
View File

@ -22,6 +22,7 @@ class Finger {
*
* @return zotinfo array (with 'success' => true) or array('success' => false);
*/
static public function run($webbie, $channel = null, $autofallback = true) {
$ret = array('success' => false);
@ -84,15 +85,24 @@ class Finger {
'token' => self::$token
);
$result = z_post_url($url . $rhs,$postvars);
$headers = [];
$headers['X-Zot-Channel'] = $channel['channel_address'] . '@' . \App::get_hostname();
$headers['X-Zot-Nonce'] = random_string();
$xhead = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false);
$retries = 0;
$result = z_post_url($url . $rhs,$postvars,$retries, [ 'headers' => $xhead ]);
if ((! $result['success']) && ($autofallback)) {
if ($https) {
logger('zot_finger: https failed. falling back to http');
$result = z_post_url('http://' . $host . $rhs,$postvars);
$result = z_post_url('http://' . $host . $rhs,$postvars, $retries, [ 'headers' => $xhead ]);
}
}
} else {
}
else {
$rhs .= '?f=&address=' . urlencode($address) . '&token=' . self::$token;
$result = z_fetch_url($url . $rhs);
@ -110,8 +120,10 @@ class Finger {
return $ret;
}
$verify = \Zotlabs\Web\HTTPSig::verify($result);
$x = json_decode($result['body'], true);
if($x) {
if($x && (! $verify['header_valid'])) {
$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);
if($signed_token) {
$valid = rsa_verify('token.' . self::$token, base64url_decode($signed_token), $x['key']);