From 9977591b78210bcd200376e1476809db12384f2e Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 27 May 2008 16:07:21 -0400 Subject: [PATCH] server-side storage model First pass at a server-side storage model. New tables for consumers, tokens, and nonces, with associated classes. An OAuthDataStore class interfaces with the OAuth.php library to enable server logic. Some additional work to get pretty-OK random number generation into the utilities library. Use /dev/urandom if available; else use mt_rand(). darcs-hash:20080527200721-84dde-308c047af2ebc2c4d753c1e1e24af20fef862a7e.gz --- classes/Consumer.php | 23 ++++++++ classes/Nonce.php | 25 +++++++++ classes/Subscription.php | 1 + classes/Token.php | 26 +++++++++ classes/stoica.ini | 36 +++++++++++++ db/stoica.sql | 36 +++++++++++++ lib/oauthstore.php | 111 +++++++++++++++++++++++++++++++++++++++ lib/util.php | 32 +++++++++++ 8 files changed, 290 insertions(+) create mode 100644 classes/Consumer.php create mode 100644 classes/Nonce.php create mode 100644 classes/Token.php create mode 100644 lib/oauthstore.php diff --git a/classes/Consumer.php b/classes/Consumer.php new file mode 100644 index 0000000000..6f4513f332 --- /dev/null +++ b/classes/Consumer.php @@ -0,0 +1,23 @@ +. + */ + +if (!defined('LACONICA')) { exit(1); } + +require_once(INSTALLDIR.'/lib/omb.php'); + +class LaconicaOAuthDataStore extends OAuthDataStore { + + # We just keep a record of who's contacted us + + function lookup_consumer($consumer_key) { + $con = new Consumer('key', $consumer_key); + if (!$con) { + $con = new Consumer(); + $con->consumer_key = $consumer_key; + $con->seed = common_good_rand(16); + $con->created = DB_DataObject_Cast::dateTime(); + if (!$con->insert()) { + return NULL; + } + } + return new OAuthConsumer($con->consumer_key, ''); + } + + function lookup_token($consumer, $token_type, $token) { + $t = new Token(); + $t->consumer_key = $consumer->consumer_key; + $t->tok = $token; + $t->type = ($token_type == 'access') ? 1 : 0; + if ($t->find(true)) { + return new OAuthToken($t->tok, $t->secret); + } else { + return NULL; + } + } + + function lookup_nonce($consumer, $token, $nonce, $timestamp) { + $n = new Nonce(); + $n->consumer_key = $consumer->consumer_key; + $n->tok = $token; + $n->nonce = $nonce; + if ($n->find(TRUE)) { + return TRUE; + } else { + $n->timestamp = $timestamp; + $n->created = DB_DataObject_Cast::dateTime(); + $n->insert(); + return FALSE; + } + } + + function fetch_request_token($consumer) { + $t = new Token(); + $t->consumer_key = $consumer->consumer_key; + $t->tok = common_good_rand(16); + $t->secret = common_good_rand(16); + $t->type = 0; # request + $t->state = 0; + $t->created = DB_DataObject_Cast::dateTime(); + if (!$t->insert()) { + return NULL; + } else { + return new OAuthToken($t->tok, $t->secret); + } + } + + function fetch_access_token($token, $consumer) { + $rt = new Token(); + $rt->consumer_key = $consumer->consumer_key; + $rt->tok = $token; + if ($rt->find(TRUE) && $rt->state == 1) { + $at = new Token(); + $at->consumer_key = $consumer->consumer_key; + $at->tok = common_good_rand(16); + $at->secret = common_good_rand(16); + $at->type = 1; # access + $at->created = DB_DataObject_Cast::dateTime(); + if (!$at->insert()) { + return NULL; + } else { + # burn the old one + $orig_rt = clone($rt); + $rt->state = 2; # used + if (!$rt->update($orig_rt)) { + return NULL; + } else { + return new OAuthToken($at->tok, $at->secret); + } + } + } else { + return NULL; + } + } +} diff --git a/lib/util.php b/lib/util.php index 31a2cbd4f7..52f25c9d3c 100644 --- a/lib/util.php +++ b/lib/util.php @@ -447,6 +447,38 @@ function common_root_url() { return "http://".$config['site']['server'].'/'.$pathpart; } +# returns $bytes bytes of random data as a hexadecimal string +# "good" here is a goal and not a guarantee + +function common_good_rand($bytes) { + # XXX: use random.org...? + if (file_exists('/dev/urandom')) { + return common_urandom($bytes); + } else { # FIXME: this is probably not good enough + return common_mtrand($bytes); + } +} + +function common_urandom($bytes) { + $h = fopen('/dev/urandom', 'rb'); + # should not block + $src = fread($h, $bytes); + fclose($h); + $enc = ''; + for ($i = 0; $i < $bytes; $i++) { + $enc .= sprintf("%02x", (ord($src[$i]))); + } + return $enc; +} + +function common_mtrand($bytes) { + $enc = ''; + for ($i = 0; $i < $bytes; $i++) { + $enc .= sprintf("%02x", mt_rand(0, 255)); + } + return $enc; +} + // XXX: set up gettext function _t($str) {