diff --git a/fun.go b/fun.go index 72f8d42..d49ea46 100644 --- a/fun.go +++ b/fun.go @@ -328,6 +328,21 @@ func thoudostbitethythumb(userid int64, who string) bool { return true } -func keymatch(keyname string, actor string) bool { - return strings.HasPrefix(keyname, actor) +func keymatch(keyname string, actor string, userid int64) bool { + hash := strings.IndexByte(keyname, '#') + if hash == -1 { + hash = len(keyname) + } + owner := keyname[0:hash] + if owner == actor { + return true + } + row := stmtHasHonker.QueryRow(owner, userid) + var id int64 + err := row.Scan(&id) + if err == nil { + log.Printf("allowing resigned content by %s", keyname) + return true + } + return false } diff --git a/honk.go b/honk.go index 0253bd1..49078e2 100644 --- a/honk.go +++ b/honk.go @@ -320,7 +320,7 @@ func inbox(w http.ResponseWriter, r *http.Request) { return } who, _ := jsongetstring(j, "actor") - if !keymatch(keyname, who) { + if !keymatch(keyname, who, user.ID) { log.Printf("keyname actor mismatch: %s <> %s", keyname, who) return } @@ -1158,7 +1158,7 @@ var stmtHonksForUser, stmtHonksForMe, stmtDeleteHonk, stmtSaveDub *sql.Stmt var stmtHonksByHonker, stmtSaveHonk, stmtFileData, stmtWhatAbout *sql.Stmt var stmtFindXonk, stmtSaveDonk, stmtFindFile, stmtSaveFile *sql.Stmt var stmtAddDoover, stmtGetDoovers, stmtLoadDoover, stmtZapDoover *sql.Stmt -var stmtThumbBiter, stmtZonkIt *sql.Stmt +var stmtHasHonker, stmtThumbBiter, stmtZonkIt *sql.Stmt func preparetodie(db *sql.DB, s string) *sql.Stmt { stmt, err := db.Prepare(s) @@ -1172,6 +1172,7 @@ func prepareStatements(db *sql.DB) { stmtHonkers = preparetodie(db, "select honkerid, userid, name, xid, flavor, combos from honkers where userid = ? and flavor = 'sub' or flavor = 'peep'") stmtSaveHonker = preparetodie(db, "insert into honkers (userid, name, xid, flavor, combos) values (?, ?, ?, ?, ?)") stmtUpdateHonker = preparetodie(db, "update honkers set combos = ? where honkerid = ? and userid = ?") + stmtHasHonker = preparetodie(db, "select honkerid from honkers where xid = ? and userid = ?") stmtDubbers = preparetodie(db, "select honkerid, userid, name, xid, flavor from honkers where userid = ? and flavor = 'dub'") stmtOneXonk = preparetodie(db, "select honkid, honks.userid, users.username, what, honker, xid, rid, dt, url, audience, noise, convoy from honks join users on honks.userid = users.userid where xid = ?") stmtHonks = preparetodie(db, "select honkid, honks.userid, users.username, what, honker, xid, rid, dt, url, audience, noise, convoy from honks join users on honks.userid = users.userid where honker = '' order by honkid desc limit 50")