Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

163 lines
4.9KB

  1. <?php
  2. use Friendica\App;
  3. function post_var($name) {
  4. return (x($_POST, $name)) ? notags(trim($_POST[$name])) : '';
  5. }
  6. function pubsubhubbub_init(App $a) {
  7. // PuSH subscription must be considered "public" so just block it
  8. // if public access isn't enabled.
  9. if (get_config('system', 'block_public')) {
  10. http_status_exit(403);
  11. }
  12. // Subscription request from subscriber
  13. // https://pubsubhubbub.googlecode.com/git/pubsubhubbub-core-0.4.html#anchor4
  14. // Example from GNU Social:
  15. // [hub_mode] => subscribe
  16. // [hub_callback] => http://status.local/main/push/callback/1
  17. // [hub_verify] => sync
  18. // [hub_verify_token] => af11...
  19. // [hub_secret] => af11...
  20. // [hub_topic] => http://friendica.local/dfrn_poll/sazius
  21. if($_SERVER['REQUEST_METHOD'] === 'POST') {
  22. $hub_mode = post_var('hub_mode');
  23. $hub_callback = post_var('hub_callback');
  24. $hub_verify = post_var('hub_verify');
  25. $hub_verify_token = post_var('hub_verify_token');
  26. $hub_secret = post_var('hub_secret');
  27. $hub_topic = post_var('hub_topic');
  28. // check for valid hub_mode
  29. if ($hub_mode === 'subscribe') {
  30. $subscribe = 1;
  31. } else if ($hub_mode === 'unsubscribe') {
  32. $subscribe = 0;
  33. } else {
  34. logger("pubsubhubbub: invalid hub_mode=$hub_mode, ignoring.");
  35. http_status_exit(404);
  36. }
  37. logger("pubsubhubbub: $hub_mode request from " .
  38. $_SERVER['REMOTE_ADDR']);
  39. // get the nick name from the topic, a bit hacky but needed
  40. $nick = substr(strrchr($hub_topic, "/"), 1);
  41. if (!$nick) {
  42. logger('pubsubhubbub: bad hub_topic=$hub_topic, ignoring.');
  43. http_status_exit(404);
  44. }
  45. // fetch user from database given the nickname
  46. $r = q("SELECT * FROM `user` WHERE `nickname` = '%s'" .
  47. " AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1",
  48. dbesc($nick));
  49. if (!dbm::is_result($r)) {
  50. logger('pubsubhubbub: local account not found: ' . $nick);
  51. http_status_exit(404);
  52. }
  53. $owner = $r[0];
  54. // abort if user's wall is supposed to be private
  55. if ($r[0]['hidewall']) {
  56. logger('pubsubhubbub: local user ' . $nick .
  57. 'has chosen to hide wall, ignoring.');
  58. http_status_exit(403);
  59. }
  60. // get corresponding row from contact table
  61. $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND NOT `blocked`".
  62. " AND NOT `pending` AND `self` LIMIT 1",
  63. intval($owner['uid']));
  64. if (!dbm::is_result($r)) {
  65. logger('pubsubhubbub: contact not found.');
  66. http_status_exit(404);
  67. }
  68. $contact = $r[0];
  69. // sanity check that topic URLs are the same
  70. if(!link_compare($hub_topic, $contact['poll'])) {
  71. logger('pubsubhubbub: hub topic ' . $hub_topic . ' != ' .
  72. $contact['poll']);
  73. http_status_exit(404);
  74. }
  75. // do subscriber verification according to the PuSH protocol
  76. $hub_challenge = random_string(40);
  77. $params = 'hub.mode=' .
  78. ($subscribe == 1 ? 'subscribe' : 'unsubscribe') .
  79. '&hub.topic=' . urlencode($hub_topic) .
  80. '&hub.challenge=' . $hub_challenge .
  81. '&hub.lease_seconds=604800' .
  82. '&hub.verify_token=' . $hub_verify_token;
  83. // lease time is hard coded to one week (in seconds)
  84. // we don't actually enforce the lease time because GNU
  85. // Social/StatusNet doesn't honour it (yet)
  86. $body = fetch_url($hub_callback . "?" . $params);
  87. $ret = $a->get_curl_code();
  88. // give up if the HTTP return code wasn't a success (2xx)
  89. if ($ret < 200 || $ret > 299) {
  90. logger("pubsubhubbub: subscriber verification at $hub_callback ".
  91. "returned $ret, ignoring.");
  92. http_status_exit(404);
  93. }
  94. // check that the correct hub_challenge code was echoed back
  95. if (trim($body) !== $hub_challenge) {
  96. logger("pubsubhubbub: subscriber did not echo back ".
  97. "hub.challenge, ignoring.");
  98. logger("\"$hub_challenge\" != \"".trim($body)."\"");
  99. http_status_exit(404);
  100. }
  101. // fetch the old subscription if it exists
  102. $r = q("SELECT * FROM `push_subscriber` WHERE `callback_url` = '%s'",
  103. dbesc($hub_callback));
  104. // delete old subscription if it exists
  105. q("DELETE FROM `push_subscriber` WHERE `callback_url` = '%s'",
  106. dbesc($hub_callback));
  107. if ($subscribe) {
  108. $last_update = datetime_convert('UTC','UTC','now','Y-m-d H:i:s');
  109. $push_flag = 0;
  110. // if we are just updating an old subscription, keep the
  111. // old values for push and last_update
  112. if (dbm::is_result($r)) {
  113. $last_update = $r[0]['last_update'];
  114. $push_flag = $r[0]['push'];
  115. }
  116. // subscribe means adding the row to the table
  117. q("INSERT INTO `push_subscriber` (`uid`, `callback_url`, " .
  118. "`topic`, `nickname`, `push`, `last_update`, `secret`) values " .
  119. "(%d, '%s', '%s', '%s', %d, '%s', '%s')",
  120. intval($owner['uid']),
  121. dbesc($hub_callback),
  122. dbesc($hub_topic),
  123. dbesc($nick),
  124. intval($push_flag),
  125. dbesc($last_update),
  126. dbesc($hub_secret));
  127. logger("pubsubhubbub: successfully subscribed [$hub_callback].");
  128. } else {
  129. logger("pubsubhubbub: successfully unsubscribed [$hub_callback].");
  130. // we do nothing here, since the row was already deleted
  131. }
  132. http_status_exit(202);
  133. }
  134. killme();
  135. }