From 9d83369d88bb49ce44acf973fc600856f2b87b4b Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 23 Mar 2018 05:08:47 +0000 Subject: [PATCH 1/5] DFRN payload is receivable via the Diaspora transport layer --- mod/dfrn_notify.php | 50 ++++++++++++++++++++++++++++++++++++++++++--- mod/salmon.php | 6 ++++-- 2 files changed, 51 insertions(+), 5 deletions(-) diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index db9672906..0743b2143 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -12,6 +12,7 @@ use Friendica\Core\System; use Friendica\Database\DBM; use Friendica\Model\Contact; use Friendica\Protocol\DFRN; +use Friendica\Protocol\Diaspora; require_once 'include/items.php'; require_once 'include/event.php'; @@ -19,9 +20,52 @@ require_once 'include/event.php'; function dfrn_notify_post(App $a) { logger(__function__, LOGGER_TRACE); - if (empty($_POST)) { - require_once 'mod/salmon.php'; - salmon_post($a); + $postdata = file_get_contents('php://input'); + + if (empty($_POST) || !empty($postdata)) { + $data = json_decode($postdata); + if (is_object($data)) { + $nick = defaults($a->argv, 1, ''); + $user = dba::selectFirst('user', [], ['nickname' => $nick, 'account_expired' => false, 'account_removed' => false]); + if (!DBM::is_result($user)) { + System::httpExit(500); + } + $msg = Diaspora::decodeRaw($user, $postdata); + + // Check if the user has got this contact + $cid = getIdForURL($msg['author'], $user['uid']); + if (!$cid) { + // Otherwise there should be a public contact + $cid = getIdForURL($msg['author']); + if (!$cid) { + logger('Contact not found for address ' . $msg['author']); + System::xmlExit(3, 'Contact not found'); + } + } + + // We now have some contact, so we fetch it + $importer = dba::fetch_first("SELECT *, `name` as `senderName` + FROM `contact` + WHERE NOT `blocked` AND `id` = ? LIMIT 1", + $cid); + + // This should never fail + if (!DBM::is_result($importer)) { + logger('Contact not found for address ' . $msg['author']); + System::xmlExit(3, 'Contact not found'); + } + + // Set the user id. This is important if this is a public contact + $importer['uid'] = $user['uid']; + $importer['importer_uid'] = $user['uid']; + + // Now we should be able to import it + $ret = DFRN::import($msg['message'], $importer); + System::xmlExit($ret, 'Processed'); + } else { + require_once 'mod/salmon.php'; + salmon_post($a, $postdata); + } } $dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : ''); diff --git a/mod/salmon.php b/mod/salmon.php index 2b6014adf..22da151cf 100644 --- a/mod/salmon.php +++ b/mod/salmon.php @@ -13,9 +13,11 @@ use Friendica\Util\Crypto; require_once 'include/items.php'; -function salmon_post(App $a) { +function salmon_post(App $a, $xml = '') { - $xml = file_get_contents('php://input'); + if (empty($xml)) { + $xml = file_get_contents('php://input'); + } logger('new salmon ' . $xml, LOGGER_DATA); From 1613f2a1c48db54e8841a286dd60013fd7859b48 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 30 Mar 2018 06:20:00 +0000 Subject: [PATCH 2/5] Ensure that public contacts can't create toplevel posts --- mod/dfrn_notify.php | 1 - src/Protocol/DFRN.php | 26 +++++++++++++++----------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index a9dbcd263..a43c316b0 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -55,7 +55,6 @@ function dfrn_notify_post(App $a) { } // Set the user id. This is important if this is a public contact - $importer['uid'] = $user['uid']; $importer['importer_uid'] = $user['uid']; // Now we should be able to import it diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index 429c5051f..3d836acf9 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -1433,7 +1433,7 @@ class DFRN $contact_old = dba::fetch_first("SELECT `id`, `uid`, `url`, `network`, `avatar-date`, `avatar`, `name-date`, `uri-date`, `addr`, `name`, `nick`, `about`, `location`, `keywords`, `xmpp`, `bdyear`, `bd`, `hidden`, `contact-type` FROM `contact` WHERE `uid` = ? AND `nurl` = ? AND `network` != ?", - $importer["uid"], + $importer["importer_uid"], normalise_link($author["link"]), NETWORK_STATUSNET ); @@ -1443,7 +1443,7 @@ class DFRN $author["network"] = $contact_old["network"]; } else { if (!$onlyfetch) { - logger("Contact ".$author["link"]." wasn't found for user ".$importer["uid"]." XML: ".$xml, LOGGER_DEBUG); + logger("Contact ".$author["link"]." wasn't found for user ".$importer["importer_uid"]." XML: ".$xml, LOGGER_DEBUG); } $author["contact-id"] = $importer["id"]; @@ -1639,7 +1639,7 @@ class DFRN Contact::updateAvatar( $author['avatar'], - $importer['uid'], + $importer['importer_uid'], $contact['id'], (strtotime($contact['avatar-date']) > strtotime($contact_old['avatar-date']) || ($author['avatar'] != $contact_old['avatar'])) ); @@ -1657,7 +1657,7 @@ class DFRN $poco["contact-type"] = $contact["contact-type"]; $gcid = GContact::update($poco); - GContact::link($gcid, $importer["uid"], $contact["id"]); + GContact::link($gcid, $importer["importer_uid"], $contact["id"]); } return $author; @@ -2617,7 +2617,7 @@ class DFRN if ((x($ev, "desc") || x($ev, "summary")) && x($ev, "start")) { logger("Event in item ".$item["uri"]." was found.", LOGGER_DEBUG); $ev["cid"] = $importer["id"]; - $ev["uid"] = $importer["uid"]; + $ev["uid"] = $importer["importer_uid"]; $ev["uri"] = $item["uri"]; $ev["edited"] = $item["edited"]; $ev["private"] = $item["private"]; @@ -2626,7 +2626,7 @@ class DFRN $r = q( "SELECT `id` FROM `event` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1", dbesc($item["uri"]), - intval($importer["uid"]) + intval($importer["importer_uid"]) ); if (DBM::is_result($r)) { $ev["id"] = $r[0]["id"]; @@ -2681,6 +2681,10 @@ class DFRN return true; } } else { // $entrytype == DFRN_TOP_LEVEL + if ($importer["uid"] == 0) { + logger("Contact ".$importer["id"]." isn't known to user ".$importer["importer_uid"].". The post will be ignored.", LOGGER_DEBUG); + return; + } if (!link_compare($item["owner-link"], $importer["url"])) { /* * The item owner info is not our contact. It's OK and is to be expected if this is a tgroup delivery, @@ -2736,10 +2740,10 @@ class DFRN return false; } - $condition = ["`uri` = ? AND `uid` = ? AND NOT `file` LIKE '%[%'", $uri, $importer["uid"]]; + $condition = ["`uri` = ? AND `uid` = ? AND NOT `file` LIKE '%[%'", $uri, $importer["importer_uid"]]; $item = dba::selectFirst('item', ['id', 'parent', 'contact-id'], $condition); if (!DBM::is_result($item)) { - logger("Item with uri " . $uri . " for user " . $importer["uid"] . " wasn't found.", LOGGER_DEBUG); + logger("Item with uri " . $uri . " for user " . $importer["importer_uid"] . " wasn't found.", LOGGER_DEBUG); return; } @@ -2808,7 +2812,7 @@ class DFRN $xpath->registerNamespace("statusnet", NAMESPACE_STATUSNET); $header = []; - $header["uid"] = $importer["uid"]; + $header["uid"] = $importer["importer_uid"]; $header["network"] = NETWORK_DFRN; $header["type"] = "remote"; $header["wall"] = 0; @@ -2827,7 +2831,7 @@ class DFRN self::fetchauthor($xpath, $doc->firstChild, $importer, "dfrn:owner", false, $xml); } - logger("Import DFRN message for user " . $importer["uid"] . " from contact " . $importer["id"], LOGGER_DEBUG); + logger("Import DFRN message for user " . $importer["importer_uid"] . " from contact " . $importer["id"], LOGGER_DEBUG); // The account type is new since 3.5.1 if ($xpath->query("/atom:feed/dfrn:account_type")->length > 0) { @@ -2895,7 +2899,7 @@ class DFRN self::processEntry($header, $xpath, $entry, $importer, $xml); } } - logger("Import done for user " . $importer["uid"] . " from contact " . $importer["id"], LOGGER_DEBUG); + logger("Import done for user " . $importer["importer_uid"] . " from contact " . $importer["id"], LOGGER_DEBUG); return 200; } From f51a254ed0abe480d0cefcd8ff41de9bec4fa7f6 Mon Sep 17 00:00:00 2001 From: Michael Date: Sun, 1 Apr 2018 05:07:35 +0000 Subject: [PATCH 3/5] Public contacts are not permitted for suggestions or mails --- src/Protocol/DFRN.php | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index 3d836acf9..cb23c4bf1 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -2681,6 +2681,10 @@ class DFRN return true; } } else { // $entrytype == DFRN_TOP_LEVEL + if ($importer["readonly"]) { + logger('ignoring read-only contact '.$importer["id"]); + return; + } if ($importer["uid"] == 0) { logger("Contact ".$importer["id"]." isn't known to user ".$importer["importer_uid"].". The post will be ignored.", LOGGER_DEBUG); return; @@ -2857,21 +2861,16 @@ class DFRN self::processRelocation($xpath, $relocation, $importer); } - if ($importer["readonly"]) { - // We aren't receiving stuff from this person. But we will quietly ignore them - // rather than a blatant "go away" message. - logger('ignoring contact '.$importer["id"]); - return 403; - } + if (($importer["uid"] != 0) && !$importer["readonly"]) { + $mails = $xpath->query("/atom:feed/dfrn:mail"); + foreach ($mails as $mail) { + self::processMail($xpath, $mail, $importer); + } - $mails = $xpath->query("/atom:feed/dfrn:mail"); - foreach ($mails as $mail) { - self::processMail($xpath, $mail, $importer); - } - - $suggestions = $xpath->query("/atom:feed/dfrn:suggest"); - foreach ($suggestions as $suggestion) { - self::processSuggestion($xpath, $suggestion, $importer); + $suggestions = $xpath->query("/atom:feed/dfrn:suggest"); + foreach ($suggestions as $suggestion) { + self::processSuggestion($xpath, $suggestion, $importer); + } } $deletions = $xpath->query("/atom:feed/at:deleted-entry"); From 0594f13c35d53363fc36b31b23867331c1a9c35c Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 2 Apr 2018 12:53:48 +0000 Subject: [PATCH 4/5] Receiving was tested, sending is implemented and tested as well, currently unused --- mod/dfrn_notify.php | 6 +++--- src/Protocol/DFRN.php | 38 ++++++++++++++++++++++++++++++++++++++ src/Protocol/Diaspora.php | 2 +- 3 files changed, 42 insertions(+), 4 deletions(-) diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index a43c316b0..7eddd4f3d 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -32,10 +32,10 @@ function dfrn_notify_post(App $a) { $msg = Diaspora::decodeRaw($user, $postdata); // Check if the user has got this contact - $cid = getIdForURL($msg['author'], $user['uid']); + $cid = Contact::getIdForURL($msg['author'], $user['uid']); if (!$cid) { // Otherwise there should be a public contact - $cid = getIdForURL($msg['author']); + $cid = Contact::getIdForURL($msg['author']); if (!$cid) { logger('Contact not found for address ' . $msg['author']); System::xmlExit(3, 'Contact not found'); @@ -59,7 +59,7 @@ function dfrn_notify_post(App $a) { // Now we should be able to import it $ret = DFRN::import($msg['message'], $importer); - System::xmlExit($ret, 'Processed'); + System::xmlExit($ret, 'Done'); } else { require_once 'mod/salmon.php'; salmon_post($a, $postdata); diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index cb23c4bf1..43fe16c31 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -31,6 +31,7 @@ use Friendica\Util\Crypto; use Friendica\Util\DateTimeFormat; use Friendica\Util\Network; use Friendica\Util\XML; +use Friendica\Protocol\Diaspora; use dba; use DOMDocument; use DOMXPath; @@ -1368,6 +1369,43 @@ class DFRN return intval($res->status); } + /** + * @brief Delivers items to the contacts via the Diaspora transport layer + * + * @param array $owner Owner record + * @param array $contact Contact record of the receiver + * @param array $items Items that will be transmitted + * + * @return int HTTP Deliver status + */ + public static function buildAndTransmit($owner, $contact, $items) + { + $a = get_app(); + + // Currently disabled, at first we will not use the batch delivery + // $public_batch = !$items[0]['private']; + $public_batch = false; + + $msg = DFRN::entries($items, $owner); + + $fcontact = Diaspora::personByHandle($contact['addr']); + if (empty($fcontact)) { + logger("unable to find contact details"); + return; + } + + $envelope = Diaspora::buildMessage($msg, $owner, $contact, $owner['uprvkey'], $fcontact['pubkey'], $public_batch); + + $dest_url = ($public_batch ? $fcontact["batch"] : $contact["notify"]); + + $content_type = ($public_batch ? "application/magic-envelope+xml" : "application/json"); + + $ret = Network::post($dest_url, $envelope, ["Content-Type: ".$content_type]); + + /// @ToDo: Add better treating of return codes + return $a->get_curl_code(); + } + /** * @brief Add new birthday event for this person * diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php index 23bc575dd..4b8ae2110 100644 --- a/src/Protocol/Diaspora.php +++ b/src/Protocol/Diaspora.php @@ -3205,7 +3205,7 @@ class Diaspora * * @return string The message that will be transmitted to other servers */ - private static function buildMessage($msg, $user, $contact, $prvkey, $pubkey, $public = false) + public static function buildMessage($msg, $user, $contact, $prvkey, $pubkey, $public = false) { // The message is put into an envelope with the sender's signature $envelope = self::buildMagicEnvelope($msg, $user); From f89904ed7786d9259f0e87c11db0358a298181ad Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 2 Apr 2018 13:44:45 +0000 Subject: [PATCH 5/5] Treatment, Treating, whatever :-) --- src/Protocol/DFRN.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index 43fe16c31..ea867a84d 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -1402,7 +1402,7 @@ class DFRN $ret = Network::post($dest_url, $envelope, ["Content-Type: ".$content_type]); - /// @ToDo: Add better treating of return codes + /// @ToDo: Add better treatment of return codes return $a->get_curl_code(); }