TheRON/kane-diagnostics
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
Files
e3128639df36532da4a631a50ec9d4d236e84ed2
kane-diagnostics/hubzilla/addon/g1wallet/g1wallet.php
TheRON 987e7f2521 Updated
2026-06-14 07:06:51 -04:00

175 lines
6.2 KiB
PHP
Raw Blame History

<?php
/**
* Name: Ğ1 Wallet
* Description: Self-sovereign Ğ1 wallet for SASE-verified participants. Key derivation and signing in the browser. The platform never touches your keys.
* Version: 0.2.0
* MinVersion: 11.0
* MaxVersion: 12.0
*/
use Zotlabs\Extend\Widget;
require_once 'addon/g1wallet/g1wallet_renderer.php';
require_once 'addon/g1wallet/g1wallet_spool.php';
function g1wallet_module() {}
function g1wallet_load() {
register_hook('load_pdl', 'addon/g1wallet/g1wallet.php', 'g1wallet_load_pdl');
Widget::register('addon/g1wallet/Widget/G1wallet.php', 'g1wallet');
}
function g1wallet_unload() {
unregister_hook('load_pdl', 'addon/g1wallet/g1wallet.php', 'g1wallet_load_pdl');
Widget::unregister('addon/g1wallet/Widget/G1wallet.php', 'g1wallet');
}
function g1wallet_load_pdl(&$b) {
// Loads the g1wallet PDL layout for g1wallet module pages.
if (!is_array($b) || empty($b['module']) || $b['module'] !== 'g1wallet') {
return;
}
$layout = @file_get_contents('addon/g1wallet/mod_g1wallet.pdl');
if ($layout !== false) {
$b['layout'] = $layout;
}
}
// -----------------------------------------------------------------------------
// HELPERS
// -----------------------------------------------------------------------------
function g1wallet_h($value) {
// HTML-escapes a value for safe output.
return htmlspecialchars((string) $value, ENT_QUOTES, 'UTF-8');
}
function g1wallet_load_config() {
// Loads config.json from the addon directory. Returns array or empty array on failure.
$raw = @file_get_contents('addon/g1wallet/config.json');
if ($raw === false) return [];
$cfg = json_decode($raw, true);
return (json_last_error() === JSON_ERROR_NONE) ? $cfg : [];
}
// -----------------------------------------------------------------------------
// ACCESS
// -----------------------------------------------------------------------------
function g1wallet_access_state() {
// Returns operator, participant, or public.
// Does not call local_channel() for group checks — safe for guest tokens.
// Operator: local channel whose channel_id matches local_channel().
if (local_channel()) {
$channel = App::get_channel();
if (local_channel() === intval($channel['channel_id'])) {
return 'operator';
}
}
$observer = get_observer_hash();
if (!$observer) return 'public';
// Load all registered associations from vs01 config and check group membership.
$raw = @file_get_contents('addon/vs01/config.json');
if ($raw === false) return 'public';
$cfg = json_decode($raw, true);
if (json_last_error() !== JSON_ERROR_NONE) return 'public';
$associations = $cfg['associations'] ?? [];
if (empty($associations)) return 'public';
// Direct pggrp_member query — works for guest tokens.
foreach ($associations as $slug => $assoc) {
$groups = $assoc['groups'] ?? [];
foreach (['corpus_builder', 'sase_participant', 'civic_professional'] as $group_key) {
$gid = intval($groups[$group_key] ?? 0);
if ($gid) {
$r = q("SELECT xchan FROM pggrp_member WHERE gid = %d AND xchan = '%s' LIMIT 1",
intval($gid),
dbesc($observer)
);
if ($r) return 'participant';
}
}
}
return 'public';
}
// -----------------------------------------------------------------------------
// CONTENT ROUTER
// -----------------------------------------------------------------------------
function g1wallet_content() {
if (function_exists('head_add_css')) {
head_add_css('/addon/g1wallet/view/css/g1wallet.css');
}
if (function_exists('head_add_js')) {
// Load order: tweetnacl → bip39 → g1wallet.js
head_add_js('/addon/g1wallet/vendor/tweetnacl-1.0.3.min.js');
head_add_js('/addon/g1wallet/vendor/bip39-3.1.0.min.js');
head_add_js('/addon/g1wallet/view/js/g1wallet.js');
// Note: vendor/scrypt-js-3.0.1.min.js is NOT loaded (obsolete Cesium1 algorithm).
}
$access = g1wallet_access_state();
$sub_route = strtolower(argv(1) ?? '');
if ($access === 'public') {
return g1wallet_render_access_wall();
}
switch ($sub_route) {
case 'balance':
// GET: return cached balance for the current session pubkey.
// Placeholder — orchestrator query not yet implemented.
return g1wallet_render_error('Balance fetch not yet implemented.');
case 'broadcast':
// POST: relay signed Duniter transaction to orchestrator.
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
return g1wallet_render_error('POST required.');
}
if (!g1wallet_verify_csrf()) {
return g1wallet_render_error('Invalid form token. Please reload and try again.');
}
return g1wallet_handle_broadcast_post();
case 'pubkey':
// POST: store public key in channel settings after unlock.
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
return g1wallet_render_error('POST required.');
}
if (!g1wallet_verify_csrf()) {
return g1wallet_render_error('Invalid form token. Please reload and try again.');
}
return g1wallet_handle_pubkey_post($access);
default:
// Wallet landing: unlock form or unlocked interface.
return g1wallet_render_landing($access);
}
}
// -----------------------------------------------------------------------------
// CSRF
// -----------------------------------------------------------------------------
function g1wallet_csrf_token() {
// Generates and stores a CSRF token for the current session.
if (empty($_SESSION['g1wallet_csrf'])) {
$_SESSION['g1wallet_csrf'] = bin2hex(random_bytes(16));
}
return '<input type="hidden" name="g1wallet_csrf" value="'
. g1wallet_h($_SESSION['g1wallet_csrf']) . '">';
}
function g1wallet_verify_csrf() {
// Returns true if the CSRF token in POST matches the session token.
return isset($_POST['g1wallet_csrf'], $_SESSION['g1wallet_csrf'])
&& hash_equals($_SESSION['g1wallet_csrf'], $_POST['g1wallet_csrf']);
}
Reference in New Issue View Git Blame Copy Permalink