Allowing for Speech Channel credentials in options page

2019-01-24 13:26:30 -06:00 · 2019-01-24 13:26:30 -06:00 · 066900ec08
parent b07c9d23e3
commit 066900ec08
5 changed files with 109 additions and 20 deletions
--- a/classes/LBRYPress.php
+++ b/classes/LBRYPress.php
@ -113,6 +113,8 @@ class LBRYPress
        $this->define('LBRY_ADMIN_PAGE', 'lbrypress');
        $this->define('LBRY_WALLET', 'lbry_wallet'); // the wallet address
        $this->define('LBRY_SPEECH', 'lbry_speech'); // the spee.ch address
+        $this->define('LBRY_SPEECH_CHANNEL', 'lbry_speech_channel'); // The spee.ch channel
+        $this->define('LBRY_SPEECH_PW', 'lbry_speech_pw'); // The password for the spee.ch channel
        $this->define('LBRY_LICENSE', 'lbry_license'); // the license to publish with to the LBRY network
        $this->define('LBRY_LBC_PUBLISH', 'lbry_lbc_publish'); // amount of lbc to use per publish
        $this->define('LBRY_WILL_PUBLISH', '_lbry_will_publish'); // The meta key for if to publish to LBRY Network or not
--- a/classes/LBRY_Admin.php
+++ b/classes/LBRY_Admin.php
@ -40,7 +40,7 @@ class LBRY_Admin
    public function page_init()
    {
        // Register the LBRY Setting array
-        register_setting(LBRY_SETTINGS_GROUP, LBRY_SETTINGS, array($this, 'sanitize'));
+        register_setting(LBRY_SETTINGS_GROUP, LBRY_SETTINGS, array('sanitize_callback' => array($this, 'sanitize')));

        // Add Required Settings Sections
        add_settings_section(
@ -60,11 +60,27 @@ class LBRY_Admin
        );

        add_settings_field(
-            LBRY_SPEECH, // ID
-            'Spee.ch URL', // Title
-            array( $this, 'speech_callback' ), // Callback
-            LBRY_ADMIN_PAGE, // Page
-            LBRY_SETTINGS_SECTION_GENERAL // Section
+            LBRY_SPEECH,
+            'Spee.ch URL',
+            array( $this, 'speech_callback' ),
+            LBRY_ADMIN_PAGE,
+            LBRY_SETTINGS_SECTION_GENERAL
+        );
+
+        add_settings_field(
+            LBRY_SPEECH_CHANNEL,
+            'Spee.ch Channel',
+            array( $this, 'speech_channel_callback' ),
+            LBRY_ADMIN_PAGE,
+            LBRY_SETTINGS_SECTION_GENERAL
+        );
+
+        add_settings_field(
+            LBRY_SPEECH_PW,
+            'Spee.ch Password',
+            array( $this, 'speech_pw_callback' ),
+            LBRY_ADMIN_PAGE,
+            LBRY_SETTINGS_SECTION_GENERAL
        );

        add_settings_field(
@ -96,10 +112,15 @@ class LBRY_Admin

    /**
    * Sanitizes setting input
-    * // TODO Actually sanitize the input
+    * // COMBAK Potentially sanitize more
    */
    public function sanitize($input)
    {
+        if (!empty($input['lbry_speech_pw'])) {
+            $encrypted = $this->encrypt($input['lbry_speech_pw']);
+            $input['lbry_speech_pw'] = $encrypted;
+        }
+
        return $input;
    }

@ -140,6 +161,32 @@ class LBRY_Admin
        );
    }

+    /**
+    * Prints Spee.ch channel input
+    */
+    public function speech_channel_callback()
+    {
+        printf(
+            '<span>@</span><input type="text" id="%1$s" name="%2$s[%1$s]" value="%3$s" placeholder="your-channel"/>',
+            LBRY_SPEECH_CHANNEL,
+            LBRY_SETTINGS,
+            isset($this->options[LBRY_SPEECH_CHANNEL]) ? esc_attr($this->options[LBRY_SPEECH_CHANNEL]) : ''
+        );
+    }
+
+    /**
+    * Prints Spee.ch password input
+    */
+    public function speech_pw_callback()
+    {
+        printf(
+            '<input type="password" id="%1$s" name="%2$s[%1$s]" value="%3$s" placeholder="**********"',
+            LBRY_SPEECH_PW,
+            LBRY_SETTINGS,
+            isset($this->options[LBRY_SPEECH_PW]) ? $this->get_pw_length() : ''
+        );
+    }
+
    /**
    * Prints License input
    */
@ -232,4 +279,50 @@ class LBRY_Admin
            set_transient('lbry_wallet_check', true, 2 * HOUR_IN_SECONDS);
        }
    }
+
+    private function get_pw_length()
+    {
+        $pw = $this->options[LBRY_SPEECH_PW];
+        if (empty($pw)) {
+            return '';
+        }
+        $pw = $this->decrypt($pw);
+        $length = strlen($pw);
+        return str_repeat("X", $length);
+    }
+
+    private function encrypt($plaintext)
+    {
+        $ivlen = openssl_cipher_iv_length($cipher="AES-256-CTR");
+        $iv = openssl_random_pseudo_bytes($ivlen);
+        $ciphertext_raw = openssl_encrypt($plaintext, $cipher, wp_salt(), $options=OPENSSL_RAW_DATA, $iv);
+        $hmac = hash_hmac('sha256', $ciphertext_raw, wp_salt(), $as_binary=true);
+        return base64_encode($iv.$hmac.$ciphertext_raw);
+    }
+
+    private function decrypt($ciphertext)
+    {
+        $c = base64_decode($ciphertext);
+        $ivlen = openssl_cipher_iv_length($cipher="AES-256-CTR");
+        $iv = substr($c, 0, $ivlen);
+        $hmac = substr($c, $ivlen, $sha2len=32);
+        $ciphertext_raw = substr($c, $ivlen+$sha2len);
+        $original_plaintext = openssl_decrypt($ciphertext_raw, $cipher, wp_salt(), $options=OPENSSL_RAW_DATA, $iv);
+        $calcmac = hash_hmac('sha256', $ciphertext_raw, wp_salt(), $as_binary=true);
+        if (hash_equals($hmac, $calcmac)) {//PHP 5.6+ timing attack safe comparison
+            return $original_plaintext;
+        }
+
+        return false;
+    }
+
+    public function get_speech_pw()
+    {
+        $ciphertext = get_option(LBRY_SETTINGS)[LBRY_SPEECH_PW];
+        if (empty($ciphertext)) {
+            return false;
+        }
+
+        return $this->decrypt($ciphertext);
+    }
 }
--- a/classes/LBRY_Speech.php
+++ b/classes/LBRY_Speech.php
@ -67,10 +67,11 @@ class LBRY_Speech
                    );

                // Pull Channel and Password from config file for now
-                // COMBAK: This will change in the future
-                if (LBRY_SPEECH_CHANNEL && LBRY_SPEECH_CHANNEL_PASSWORD) {
-                    $params['channelName'] = LBRY_SPEECH_CHANNEL;
-                    $params['channelPassword'] = LBRY_SPEECH_CHANNEL_PASSWORD;
+                $speech_channel = get_option(LBRY_SETTINGS)[LBRY_SPEECH_CHANNEL];
+                $speech_pw = LBRY()->admin->get_speech_pw();
+                if (!empty($speech_channel) && !empty($speech_pw)) {
+                    $params['channelName'] = $speech_channel;
+                    $params['channelPassword'] = $speech_pw;
                }

                $ch = $this->build_request('publish', $params);
@ -160,7 +161,6 @@ class LBRY_Speech
            }
        }
        // Don't forget the featured image
-        error_log($post_id);
        if ($featured_id = get_post_thumbnail_id($post_id)) {
            $image_ids = array_merge($image_ids, array($featured_id));
        }
--- a/lbry_config.example.php
+++ b/lbry_config.example.php
@ -1,4 +0,0 @@
-<?php
-// Define Speech Channel and password
-// define('LBRY_SPEECH_CHANNEL', '');
-// define('LBRY_SPEECH_CHANNEL_PASSWORD', '');
--- a/lbrypress.php
+++ b/lbrypress.php
@ -25,7 +25,7 @@ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLI

 defined('ABSPATH') || die(); // Exit if accessed directly

-define('LBRY_REQUIRED_PHP_VERSION', '5.3'); // TODO: Figure out what versions we actually need
+define('LBRY_REQUIRED_PHP_VERSION', '5.6');
 define('LBRY_REQUIRED_WP_VERSION', '3.1');
 define('LBRY_PLUGIN_FILE', __FILE__);

@ -70,9 +70,7 @@ function LBRY()
        if (! class_exists('LBRYPress')) {
            require_once(dirname(__FILE__) . '/classes/LBRYPress.php');
        }
-        // Bring in configuration requirements
-        // HACK: Will probably be getting rid of configuration once we sort out Spee.ch Implementation
-        require_once(dirname(__FILE__) . '/lbry_config.php');
+
        return LBRYPress::instance();
    } else {
        add_action('admin_notices', 'lbry_requirements_error');