From 5e99f4c74f9ef1f6d3cfd2d1300c7b7afbb50fa8 Mon Sep 17 00:00:00 2001 From: Terence Eden Date: Fri, 1 Mar 2024 23:38:28 +0000 Subject: [PATCH] Sign request for profile data --- index.php | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/index.php b/index.php index 35c22ff..c4891c7 100644 --- a/index.php +++ b/index.php @@ -889,11 +889,35 @@ HTML; if ( !isset( $profileURl ) ) { echo "No profile"; die(); } // Get the user's details - // This request does not need to be signed. But it does need to specify that it wants a JSON response - $context = stream_context_create( - [ "http" => [ "header" => "Accept: application/activity+json" ] ] - ); - $profileJSON = file_get_contents( $profileURl, false, $context ); + // This request does not need to be signed normally. + // Some servers will only respond to signed requests. + // It need to specify that it wants a JSON response + + $profileURl_host = parse_url( $profileURl, PHP_URL_HOST ); + $profileURl_path = parse_url( $profileURl, PHP_URL_PATH ); + + // Request the JSON representation of the the user + $ch = curl_init( $profileURl ); + + // Generate signed headers for this request + $headers = generate_signed_headers( null, $profileURl_host, $profileURl_path, "GET" ); + + // Set cURL options + curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true); + curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers ); + + // Execute the cURL session + $profileJSON = curl_exec( $ch ); + + // Check for errors + if (curl_errno($ch)) { + // Handle cURL error + die(); + } + + // Close cURL session + curl_close($ch); + $profileData = json_decode( $profileJSON, true ); // Get the user's inbox @@ -911,7 +935,7 @@ HTML; "object" => $profileURl ]; - // Sign a request follow + // Sign a request to follow // The Accept is POSTed to the inbox on the server of the user who requested the follow // Get the signed headers $headers = generate_signed_headers( $message, $inbox_host, $inbox_path, "POST" );