201 lines
9.6 KiB
PHP
201 lines
9.6 KiB
PHP
<?php
|
||
|
||
/*
|
||
This program is free software: you can redistribute it and/or modify
|
||
it under the terms of the GNU General Public License as published by
|
||
the Free Software Foundation, either version 3 of the License, or
|
||
(at your option) any later version.
|
||
|
||
This program is distributed in the hope that it will be useful,
|
||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
GNU General Public License for more details.
|
||
|
||
You should have received a copy of the GNU General Public License
|
||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||
*/
|
||
|
||
// example of a post censored by mastodon.uno: https://livellosegreto.it/@xabacadabra/110662830871887169
|
||
|
||
require 'lib/ght.php';
|
||
require 'lib/ckratelimit.php';
|
||
|
||
const SNAME='unocck';
|
||
const SVERS='0.1.1';
|
||
const SREPO='https://git.lattuga.net/jones/unocck';
|
||
const MULEN=1024;
|
||
const INIFP='sec/conf.ini';
|
||
const RLFP='sec/rl.state';
|
||
|
||
header('Content-Language: en');
|
||
|
||
$usname=ucfirst(SNAME);
|
||
$timeout=5;
|
||
$cjr=rand(0,999999);
|
||
|
||
$conf=@parse_ini_file(INIFP,false,INI_SCANNER_RAW);
|
||
if ($conf===false)
|
||
die('Could not open configuration file.');
|
||
elseif (!isset($conf['host']) || !isset($conf['hostdesc']) || !isset($conf['token']) || !isset($conf['maintref']))
|
||
die('Configuration file is malformed.');
|
||
|
||
if (file_exists(RLFP)) {
|
||
$buf=@file(RLFP,FILE_IGNORE_NEW_LINES);
|
||
if ($buf===false)
|
||
die('Could not open rate limiting state file.');
|
||
if (count($buf)!=2 || preg_match('#^\d+$#',$buf[0])!==1 || preg_match('#^\d+$#',$buf[1])!==1)
|
||
die('Malformed rate limiting state file.');
|
||
$rl=['remaining'=>$buf[0]+0,'restime'=>$buf[1]+0];
|
||
} else {
|
||
$rl=['remaining'=>400,'restime'=>0];
|
||
}
|
||
|
||
$now=time();
|
||
if ($rl['remaining']==10 && $now<=$rl['restime'])// ten to leave a margin for "many people using it"
|
||
die("Sorry, this {$usname} instance has reached rate limit on «{$conf['host']}», please wait at least ".ght($rl['restime']-$now,null,0).'.');
|
||
|
||
$errors=[];
|
||
|
||
if (isset($argv[1]))
|
||
$_GET=['purl'=>$argv[1]];
|
||
|
||
if (isset($_GET['purl'])) {
|
||
if (strlen($_GET['purl'])>MULEN) {
|
||
$_GET['purl']='';
|
||
$errors[]='“Post URL” is too long';
|
||
}
|
||
$_GET['purl']=trim($_GET['purl']);
|
||
if ($_GET['purl']!='' && preg_match('#^https?://#',$_GET['purl'])!==1)// todo: make it better
|
||
$errors[]='“Post URL” is not a valid http(s) address';
|
||
} else {
|
||
$_GET['purl']='';
|
||
}
|
||
|
||
if ($_GET['purl']!=='')
|
||
$purlhn=preg_replace('#^https?://([^/]+).*$#','$1',$_GET['purl']);
|
||
|
||
if (count($errors)>0)
|
||
$errors='<div class="warning">There are some errors in the values you submitted<ul><li>'.implode('</li><li>',$errors).'</li></ul></div><div class="horsep"></div>';
|
||
else
|
||
$errors='';
|
||
|
||
echo "<!DOCTYPE HTML>
|
||
<html lang=\"en\">
|
||
<head>
|
||
<title>{$usname}</title>
|
||
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
|
||
<meta name=\"description\" content=\"A tool to check if {$conf['host']} is censoring a given post\">
|
||
<meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no\">
|
||
<meta property=\"og:image\" content=\"imgs/ogimage.png\">
|
||
<link rel=\"icon\" type=\"image/png\" href=\"imgs/icon-16.png\" sizes=\"16x16\">
|
||
<link rel=\"icon\" type=\"image/png\" href=\"imgs/icon-32.png\" sizes=\"32x32\">
|
||
<link rel=\"icon\" type=\"image/png\" href=\"imgs/icon-192.png\" sizes=\"192x192\">
|
||
<link rel=\"icon\" type=\"image/png\" href=\"imgs/icon-512.png\" sizes=\"512x512\">
|
||
<link rel=\"apple-touch-icon-precomposed\" href=\"imgs/icon-180.png\">
|
||
<link rel=\"stylesheet\" type=\"text/css\" href=\"css/main.css?v={$cjr}\">
|
||
</head>
|
||
<body>
|
||
<div id=\"main\">
|
||
<h1>{$usname}</h1>
|
||
<div class=\"normtext\">
|
||
<p class=\"firstp\">Hello, this is a {$usname} instance. {$usname} is a tool to easily check if a Mastodon instance is censoring a given fediverse post. This {$usname} instance is set to check «{$conf['host']}», {$conf['hostdesc']}. It works by querying {$conf['host']}’s <a href=\"https://docs.joinmastodon.org/methods/search/#v2\">/api/v2/search</a> API endpoint with the credentials of an application defined inside a {$conf['host']} account, but to avoid false positives it does so only after it has verified that the URL you passed to it actually points to a publicly accessible ActivityPub object.</p>
|
||
<p>{$usname} does not use cookies or Javascript and does not store any data about you anywhere.</p>
|
||
<p>You can find {$usname}’s code <a href=\"".SREPO."\">here</a>.</p>
|
||
<p>This {$usname} instance is maintained by {$conf['maintref']}.</p>
|
||
</div>
|
||
<div class=\"horsep\"></div>
|
||
".$errors."
|
||
<h2>Check</h2>
|
||
<form method=\"get\" id=\"mainform\" name=\"mainform\">
|
||
<div class=\"inputdiv\"><label for=\"purl\">Post URL</label><input type=\"text\" id=\"purl\" name=\"purl\" class=\"input\" placeholder=\"Example: https://mastodon.whatever.net/@user/110123412349306591\" value=\"{$_GET['purl']}\" maxlength=\"".MULEN."\" required></div>
|
||
<div class=\"lastinputdiv\"><button type=\"submit\" id=\"button\" class=\"button\">Check</button></div>\n</form>\n";
|
||
|
||
if ($errors=='' && $_GET['purl']!='') {
|
||
echo "<div class=\"horsep\"></div>\n";
|
||
$context=[
|
||
'http'=>[
|
||
'header'=>"Content-type: application/x-www-form-urlencoded\r\nAccept: application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"\r\n",
|
||
'method'=>'GET',
|
||
'ignore_errors'=>true,
|
||
'user_agent'=>'Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0',
|
||
'timeout'=>5
|
||
]
|
||
];
|
||
if (isset($conf['proxy']))
|
||
$context['http']['proxy']=$conf['proxy'];
|
||
$http_response_header=null;
|
||
$res=@file_get_contents($_GET['purl'],false,stream_context_create($context));
|
||
/*$xres=json_decode($res,true);
|
||
echo preprint($xres);*/
|
||
if (isset($http_response_header))
|
||
$hcode=gethttpcode($http_response_header);
|
||
if ($res===false || !isset($http_response_header)) {
|
||
echo "<div class=\"error\">Error: {$usname} could not connect to «{$purlhn}» and won’t proceed with the check.</div>\n";
|
||
} elseif ($hcode[0]!='2') {
|
||
if ($hcode[0]=='5')
|
||
echo "<div class=\"error\">«{$purlhn}» returned a server error. {$usname} won’t proceed with the check.</div>\n";
|
||
elseif ($hcode[0]=='4')
|
||
echo "<div class=\"error\">Error: {$usname} could not access the “Post URL” you passed to it: probably the post visibility is not public/unlisted, or you passed a wrong URL. {$usname} won’t proceed with the check.</div>\n";
|
||
elseif ($hcode[0]=='3')
|
||
echo "<div class=\"error\">Error: the “Post URL” you passed to {$usname} redirects, and since its programmer is lazy, {$usname} currently only accepts URLs which point to original posts (on Mastodon web you can copy a post’s original URL by opening the “three vertical dots” menu you find on every post and selecting “Copy link to post”). {$usname} won’t proceed with the check.</div>\n";
|
||
elseif ($hcode[0]=='1')
|
||
echo "<div class=\"error\">«{$purlhn}» returned an unexpected and useless informational message. {$usname} won’t proceed with the check.</div>\n";
|
||
else
|
||
echo "<div class=\"error\">«{$purlhn}» returned an unexpected HTTP code. {$usname} won’t proceed with the check.</div>\n";
|
||
} elseif (null===$res=@json_decode($res,true)) {
|
||
echo "<div class=\"error\">Error: «{$purlhn}» returned data which could not be parsed as JSON (".json_last_error().': '.json_last_error_msg().").</div>\n";
|
||
} elseif (isset($res['error'])) {
|
||
echo "<div class=\"error\">Error: «{$purlhn}» returned «".htmlentities($res['error'])."». {$usname} won’t proceed with the check.</div>\n";
|
||
} elseif (!isset($res['@context'][0]) || $res['@context'][0]!='https://www.w3.org/ns/activitystreams') {
|
||
echo "<div class=\"error\">Error: the “Post URL” you passed to {$usname} doesn’t point to an ActivityPub post. {$usname} won’t proceed with the check.</div>\n";
|
||
} else {
|
||
$context['http']['header']="Content-type: application/x-www-form-urlencoded\r\nAccept: application/json\r\nAuthorization: Bearer {$conf['token']}\r\n";
|
||
$http_response_header=null;
|
||
$hhost=htmlentities($conf['host']);
|
||
$url=$conf['host'].'/api/v2/search?q='.urlencode($_GET['purl']).'&type=statuses&resolve=1&limit=1';
|
||
$hurl=htmlentities($url);
|
||
//while (true) {
|
||
$res=@file_get_contents('https://'.$url,false,stream_context_create($context));
|
||
if (isset($http_response_header))
|
||
$rl=ckratelimit($http_response_header);
|
||
//echo preprint($rl);
|
||
if (isset($rl['ok']) && $rl['ok'] && @file_put_contents(RLFP,$rl['remaining']."\n".($rl['sleep']+time())."\n")===false)
|
||
echo "<div class=\"warning\">Warning: could not write to rate limit state file.</div>\n";
|
||
/*if ($rl['remaining']==0)
|
||
break;
|
||
usleep(250000);
|
||
}*/
|
||
if ($res===false) {
|
||
echo "<div class=\"error\">Error: could not connect to «{$hhost}».</div>\n";
|
||
} elseif (null===$res=@json_decode($res,true)) {
|
||
echo "<div class=\"error\">Error: «{$hurl}» returned data which could not be parsed as JSON (".json_last_error().': '.json_last_error_msg().").</div>\n";
|
||
} elseif (isset($res['error'])) {
|
||
echo "<div class=\"error\">Error: «{$hurl}» replied with this error message: «".htmlentities($res['error'])."».</div>\n";
|
||
} elseif (!isset($res['statuses'])) {
|
||
echo "<div class=\"error\">Error: «{$hurl}» returned data in an unexpected format.</div>\n";
|
||
} else {
|
||
if (isset($res['statuses'][0]['id']))
|
||
echo "<div class=\"neutral\">\nPost is not censored.\n</div>\n";
|
||
else
|
||
echo "<div class=\"neutral\">\nPost is censored.\n</div>\n";
|
||
}
|
||
}
|
||
}
|
||
|
||
if (isset($conf['footer']))
|
||
echo "<div id=\"almfooter\">{$conf['footer']}</div>\n";
|
||
|
||
echo "<div id=\"footer\"><a href=\"".SREPO."\">".SNAME." ".SVERS."</a></div>
|
||
</div>
|
||
</body>
|
||
</html>\n";
|
||
|
||
function preprint($var) {
|
||
return '<pre>'.print_r($var,true)."</pre>\n";
|
||
}
|
||
|
||
function gethttpcode($headers) {
|
||
return preg_replace('#^[^ ]+ (\d+).*$#','$1',$headers[0]);
|
||
}
|
||
|
||
?>
|