Página inicial Explorar Ajuda
Entrar
proofy
/
gnu-social
fork de diogo/gnu-social
Observar 1
Favorito 0
Fork 0
Arquivos
Tree: dbe95c33c4
Branches Tags
gnu-social
/
plugins
/
ActivityPub
/
actions
/
apinbox.php

apinbox.php 5.3 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 
  1. <?php
    2. 

  2. // This file is part of GNU social - https://www.gnu.org/software/social
    3. 

  3. //
    4. 

  4. // GNU social is free software: you can redistribute it and/or modify
    5. 

  5. // it under the terms of the GNU Affero General Public License as published by
    6. 

  6. // the Free Software Foundation, either version 3 of the License, or
    7. 

  7. // (at your option) any later version.
    8. 

  8. //
    9. 

  9. // GNU social is distributed in the hope that it will be useful,
    10. 

  10. // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11. 

  11. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    12. 

  12. // GNU Affero General Public License for more details.
    13. 

  13. //
    14. 

  14. // You should have received a copy of the GNU Affero General Public License
    15. 

  15. // along with GNU social.  If not, see <http://www.gnu.org/licenses/>.
    16. 

  16. 

  17. /**
    18. 

  18.  * ActivityPub implementation for GNU social
    19. 

  19.  *
    20. 

  20.  * @package   GNUsocial
    21. 

  21.  * @author    Diogo Cordeiro <diogo@fc.up.pt>
    22. 

  22.  * @copyright 2018-2019 Free Software Foundation, Inc http://www.fsf.org
    23. 

  23.  * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
    24. 

  24.  * @link      http://www.gnu.org/software/social/
    25. 

  25.  */
    26. 

  26. 

  27. defined('GNUSOCIAL') || die();
    28. 

  28. 

  29. /**
    30. 

  30.  * Inbox Request Handler
    31. 

  31.  *
    32. 

  32.  * @category  Plugin
    33. 

  33.  * @package   GNUsocial
    34. 

  34.  * @author    Diogo Cordeiro <diogo@fc.up.pt>
    35. 

  35.  * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later
    36. 

  36.  */
    37. 

  37. class apInboxAction extends ManagedAction
    38. 

  38. {
    39. 

  39.     protected $needLogin = false;
    40. 

  40.     protected $canPost   = true;
    41. 

  41. 

  42.     /**
    43. 

  43.      * Handle the Inbox request
    44. 

  44.      *
    45. 

  45.      * @return void
    46. 

  46.      * @throws ServerException
    47. 

  47.      * @author Diogo Cordeiro <diogo@fc.up.pt>
    48. 

  48.      */
    49. 

  49.     protected function handle()
    50. 

  50.     {
    51. 

  51.         $path = !empty($this->trimmed('id')) ? common_local_url('apInbox', ['id' => $this->trimmed('id')]) : common_local_url('apInbox');
    52. 

  52.         $path = parse_url($path, PHP_URL_PATH);
    53. 

  53. 

  54.         if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    55. 

  55.             ActivityPubReturn::error('Only POST requests allowed.');
    56. 

  56.         }
    57. 

  57. 

  58.         common_debug('ActivityPub Inbox: Received a POST request.');
    59. 

  59.         $body = $data = file_get_contents('php://input');
    60. 

  60.         common_debug('ActivityPub Inbox: Request contents: '.$data);
    61. 

  61.         $data = json_decode(file_get_contents('php://input'), true);
    62. 

  62. 

  63.         if (!isset($data['actor'])) {
    64. 

  64.             ActivityPubReturn::error('Actor not found in the request.');
    65. 

  65.         }
    66. 

  66. 

  67.         $actor = Activitypub_explorer::get_profile_from_url($data['actor']);
    68. 

  68.         $aprofile = Activitypub_profile::from_profile($actor);
    69. 

  69. 

  70.         $actor_public_key = new Activitypub_rsa();
    71. 

  71.         $actor_public_key = $actor_public_key->ensure_public_key($actor);
    72. 

  72. 

  73.         common_debug('ActivityPub Inbox: HTTP Signature: Validation will now start!');
    74. 

  74. 

  75.         $headers = $this->get_all_headers();
    76. 

  76.         common_debug('ActivityPub Inbox: Request Headers: '.print_r($headers, true));
    77. 

  77. 

  78.         if (!isset($headers['signature'])) {
    79. 

  79.             common_debug('ActivityPub Inbox: HTTP Signature: Missing Signature header.');
    80. 

  80.             ActivityPubReturn::error('Missing Signature header.', 400);
    81. 

  81.         }
    82. 

  82. 

  83.         // Extract the signature properties
    84. 

  84.         $signatureData = HTTPSignature::parseSignatureHeader($headers['signature']);
    85. 

  85.         common_debug('ActivityPub Inbox: HTTP Signature Data: '.print_r($signatureData, true));
    86. 

  86.         if (isset($signatureData['error'])) {
    87. 

  87.             common_debug('ActivityPub Inbox: HTTP Signature: '.json_encode($signatureData, true));
    88. 

  88.             ActivityPubReturn::error(json_encode($signatureData, true), 400);
    89. 

  89.         }
    90. 

  90. 

  91.         list($verified, $headers) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
    92. 

  92. 

  93.         // If the signature fails verification the first time, update profile as it might have change public key
    94. 

  94.         if($verified !== 1) {
    95. 

  95.             $res = Activitypub_explorer::get_remote_user_activity($aprofile->getUri());
    96. 

  96.             $actor = Activitypub_profile::update_profile($aprofile, $res);
    97. 

  97.             $actor_public_key = new Activitypub_rsa();
    98. 

  98.             $actor_public_key = $actor_public_key->ensure_public_key($actor);
    99. 

  99.             list($verified, $headers) = HTTPSignature::verify($actor_public_key, $signatureData, $headers, $path, $body);
    100. 

  100.         }
    101. 

  101. 

  102.         // If it still failed despite profile update
    103. 

  103.         if($verified !== 1) {
    104. 

  104.             common_debug('ActivityPub Inbox: HTTP Signature: Invalid signature.');
    105. 

  105.             ActivityPubReturn::error('Invalid signature.');
    106. 

  106.         }
    107. 

  107. 

  108.         // HTTP signature checked out, make sure the "actor" of the activity matches that of the signature
    109. 

  109.         common_debug('ActivityPub Inbox: HTTP Signature: Authorized request. Will now start the inbox handler.');
    110. 

  110. 

  111.         try {
    112. 

  112.             new Activitypub_inbox_handler($data, $actor);
    113. 

  113.             ActivityPubReturn::answer();
    114. 

  114.         } catch (Exception $e) {
    115. 

  115.             ActivityPubReturn::error($e->getMessage());
    116. 

  116.         }
    117. 

  117.     }
    118. 

  118. 

  119.     /**
    120. 

  120.      * Get all HTTP header key/values as an associative array for the current request.
    121. 

  121.      *
    122. 

  122.      * @return array [string] The HTTP header key/value pairs.
    123. 

  123.      * @author PHP Manual Contributed Notes <joyview@gmail.com>
    124. 

  124.      */
    125. 

  125.     private function get_all_headers()
    126. 

  126.     {
    127. 

  127.         $headers = [];
    128. 

  128.         foreach ($_SERVER as $name => $value) {
    129. 

  129.             if (substr($name, 0, 5) == 'HTTP_') {
    130. 

  130.                 $headers[strtolower(str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5))))))] = $value;
    131. 

  131.             }
    132. 

  132.         }
    133. 

  133.         return $headers;
    134. 

  134.     }
    135. 

  135. }
    136. 

  136.