diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2016-11-18 14:07:52 +0300 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2016-11-18 14:10:06 +0300 |
commit | 549f82441d45908b6c4d5170b53a667bdb937460 (patch) | |
tree | a2a332ee3cd4a6880224bfa040ee4c73f0a3d4b0 | |
parent | 3ab708dd4c6a66936e295a36600d8e2aca2614b7 (diff) |
Insert data to DB
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
-rwxr-xr-x | mysql.dmp | 2 | ||||
-rw-r--r-- | server/lib/BruteForceMiddleware.php | 1 | ||||
-rw-r--r-- | server/lib/UserManager.php | 129 |
3 files changed, 125 insertions, 7 deletions
@@ -32,3 +32,5 @@ CREATE TABLE `apitraffic` ( `count` int(11) NOT NULL, PRIMARY KEY (`ip`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1; + + diff --git a/server/lib/BruteForceMiddleware.php b/server/lib/BruteForceMiddleware.php index ed7b864..af1080b 100644 --- a/server/lib/BruteForceMiddleware.php +++ b/server/lib/BruteForceMiddleware.php @@ -13,7 +13,6 @@ class BruteForceMiddleware { * @return \Psr\Http\Message\ResponseInterface */ public function __invoke($request, $response, $next) { - $response->getBody()->write('MIDDLE\n'); $response = $next($request, $response); return $response; } diff --git a/server/lib/UserManager.php b/server/lib/UserManager.php index 0744b9e..5c55be5 100644 --- a/server/lib/UserManager.php +++ b/server/lib/UserManager.php @@ -2,6 +2,7 @@ namespace LookupServer; +use GuzzleHttp\Client; use \Psr\Http\Message\ServerRequestInterface as Request; use \Psr\Http\Message\ResponseInterface as Response; @@ -20,18 +21,134 @@ class UserManager { return $response; } - public function register(Request $request, Response $response) { - $response->getBody()->write("WTF DUDEs"); + /** + * Split a cloud id in a user and host post + * + * @param $cloudId + * @return string[] + */ + private function splitCloudId($cloudId) { + $loc = strrpos($cloudId, '@'); + + $user = substr($cloudId, 0, $loc); + $host = substr($cloudId, $loc+1); + return [$user, $host]; + } - $stmt = $this->db->prepare('select * from user'); + /** + * @param $cloudId + * @return bool If we can actually cleanup the server + */ + private function cleanup($cloudId, $timestamp) { + $stmt = $this->db->prepare('SELECT id, timestamp + FROM users + WHERE federationId = :federationId'); + $stmt->bindParam(':federationId', $cloudId, \PDO::PARAM_STR); $stmt->execute(); - $rows = $stmt->rowCount(); - $response->getBody()->write($rows); + $data = $stmt->fetch(); + $stmt->closeCursor(); + + if ($data) { - $response->getBody()->write('OKE'); + if ($timestamp <= (int)$data['timestamp']) { + return false; + } + + $stmt = $this->db->prepare('DELETE FROM store WHERE userId = :id'); + $stmt->bindParam(':id', $data['id'], \PDO::PARAM_INT); + $stmt->execute(); + $stmt->closeCursor(); + + $stmt = $this->db->prepare('DELETE FROM users WHERE id = :id'); + $stmt->bindParam(':id', $data['id'], \PDO::PARAM_INT); + $stmt->execute(); + $stmt->closeCursor(); + } + + return true; + } + private function insertStore($userId, $key, $value) { + if ($value === '') { + return; + } + + $stmt = $this->db->prepare('INSERT INTO store (userId, k, v) VALUES (:userId, :k, :v)'); + $stmt->bindParam(':userId', $userId, \PDO::PARAM_INT); + $stmt->bindParam(':k', $key, \PDO::PARAM_STR); + $stmt->bindParam(':v', $value, \PDO::PARAM_STR); + $stmt->execute(); + $stmt->closeCursor(); + } + + private function insert($data, $timestamp) { + $stmt = $this->db->prepare('INSERT INTO users (federationId, timestamp) VALUES (:federationId, FROM_UNIXTIME(:timestamp))'); + $stmt->bindParam(':federationId', $data['federationId'], \PDO::PARAM_STR); + $stmt->bindParam(':timestamp', $timestamp, \PDO::PARAM_INT); + $stmt->execute(); + $id = $this->db->lastInsertId(); + $stmt->closeCursor(); + + $this->insertStore($id, 'name', $data['name']); + $this->insertStore($id, 'email', $data['email']); + $this->insertStore($id, 'address', $data['address']); + $this->insertStore($id, 'website', $data['website']); + $this->insertStore($id, 'twitter', $data['twitter']); + $this->insertStore($id, 'phone', $data['phone']); + } + + public function register(Request $request, Response $response) { + $body = json_decode($request->getBody(), true); + + //TODO: Error out + + $cloudId = $body['message']['data']['federationId']; + + // Get fed id + list($user, $host) = $this->splitCloudId($cloudId); + + /* + * Retrieve public key && store + * TODO: To HTTPS + * TODO: Cache? + */ + $ocsreq = new \GuzzleHttp\Psr7\Request( + 'GET', + 'http://'.$host . '/ocs/v2.php/identityproof/key/' . $user, + [ + 'OCS-APIREQUEST' => 'true', + 'Accept' => 'application/json', + ]); + + $client = new Client(); + $ocsresponse = $client->send($ocsreq, ['timeout' => 10]); + //TODO: handle timeout + //TODO: handle on 200 status + $ocsresponse = json_decode($ocsresponse->getBody(), true); + + $key = $ocsresponse['ocs']['data']['public']; + + // verify message + $message = json_encode($body['message']); + $signature= base64_decode($body['signature']); + + + $res = openssl_verify($message, $signature, $key, OPENSSL_ALGO_SHA512); + + if ($res === 1) { + $this->cleanup($cloudId, $body['message']['timestamp']); + $this->insert($body['message']['data'], $body['message']['timestamp']); + //Delete old data if it is there + $response->getBody()->write("ALL IS GOOD!"); + } else { + // ERROR OUT + $response->withStatus(403); + } + return $response; + } + public function update(Request $request, Response $response) { return $response; } } |