From 4d48c3cdd196c99dfeb72d92b19dd5ac8e6f4ba3 Mon Sep 17 00:00:00 2001
From: Aaron Parecki <aaron@parecki.com>
Date: Mon, 8 May 2017 11:19:34 -0700
Subject: [PATCH] support sending signed websub notifications

---
 controllers/push.php |  5 ++++-
 lib/PushTask.php     | 13 ++++++++++---
 schema/0001.sql      |  2 ++
 schema/schema.sql    |  1 +
 4 files changed, 17 insertions(+), 4 deletions(-)
 create mode 100644 schema/0001.sql

diff --git a/controllers/push.php b/controllers/push.php
index 797e03c..f600fc0 100644
--- a/controllers/push.php
+++ b/controllers/push.php
@@ -7,7 +7,7 @@ function push_error(&$app, $msg) {
 }
 
 function push_param($params, $name) {
-  // Look 'mode' first, fall back to 'hub_mode'
+  // Look for 'mode' first, fall back to 'hub_mode'
   if(k($params, $name))
     return k($params, $name);
   return k($params, 'hub_'.$name);
@@ -93,6 +93,9 @@ $app->post('/', function() use($app) {
         $subscription->date_requested = db\now();
         $subscription->challenge = db\random_hash();
         $subscription->namespaced = $namespaced;
+        if($secret=push_param($params, 'secret')) {
+          $subscription->secret = $secret;
+        }
         db\set_updated($subscription);
         $subscription->save();
 
diff --git a/lib/PushTask.php b/lib/PushTask.php
index b668e4f..a172fe4 100644
--- a/lib/PushTask.php
+++ b/lib/PushTask.php
@@ -160,10 +160,17 @@ class PushTask {
 
     echo "Notifying subscriber!\n";
 
-    $subscription->date_last_ping_sent = db\now();
-    $response = request\post($subscription->callback_url, $feed->content, false, [
+    $headers = [
       'Content-Type: ' . ($feed->content_type ?: 'text/plain')
-    ]);
+    ];
+
+    if($subscription->secret) {
+      $signature = hash_hmac('sha256', $feed->content, $subscription->secret);
+      $headers[] = 'X-Hub-Signature: sha256=' . $signature;
+    }
+
+    $subscription->date_last_ping_sent = db\now();
+    $response = request\post($subscription->callback_url, $feed->content, false, $headers);
     $subscription->last_ping_status = $response['status'];
     $subscription->last_ping_headers = $response['headers'];
     $subscription->last_ping_body = $response['body'];
diff --git a/schema/0001.sql b/schema/0001.sql
new file mode 100644
index 0000000..c00d684
--- /dev/null
+++ b/schema/0001.sql
@@ -0,0 +1,2 @@
+ALTER TABLE subscriptions
+ADD COLUMN `secret` varchar(200) DEFAULT '' AFTER `challenge`;
diff --git a/schema/schema.sql b/schema/schema.sql
index 4bebc6f..f2ba438 100644
--- a/schema/schema.sql
+++ b/schema/schema.sql
@@ -4,6 +4,7 @@ CREATE TABLE `subscriptions` (
   `feed_id` bigint(20) DEFAULT NULL,
   `callback_url` text,
   `challenge` varchar(100) DEFAULT '',
+  `secret` varchar(200) DEFAULT '',
   `active` tinyint(4) DEFAULT '0',
   `namespaced` tinyint(4) DEFAULT '1',
   `lease_seconds` int(11) DEFAULT NULL,