follow, announce, delete fixed

author: pdp8 <pdp8@pdp8.info> 2023-12-20 11:20:50 +0100
committer: pdp8 <pdp8@pdp8.info> 2023-12-20 11:20:50 +0100
commit: 88518c5a4fa4fa9d841bb0d1c8add9fa2234530c (patch)
tree: 8a808ff352841779637c6bd1aa171e94c2c55cdf
parent: 443b6fd42abf9cb1392125199cca449702898327 (diff)
4 files changed, 55 insertions, 46 deletions
diff --git a/client.rb b/client.rb
index 01124bc..e0a5746 100644
--- a/client.rb
+++ b/client.rb
@@ -1,20 +1,20 @@
 # client-server
-['/inbox/object', '/outbox/object'].each do |path|
-  get path do
-    protected!
-    Dir[File.join(path.sub('/', ''), '*', '*.json')].collect { |f| JSON.load_file(f) }.to_json
-  end
-end
+# ['/inbox/object', '/outbox/object'].each do |path|
+#   get path do
+#     protected!
+#     Dir[File.join(path.sub('/', ''), '*', '*.json')].collect { |f| JSON.load_file(f) }.to_json
+#   end
+# end
 
-post '/delete' do
-  protected!
-  params['id'].each do |id|
-    file, object = find_object id
-    halt 404 unless file and File.exist?(file)
-    FileUtils.rm(file)
-  end
-  200
-end
+# post '/delete' do
+#   protected!
+#   params['id'].each do |id|
+#     file, object = find_object id
+#     halt 404 unless file and File.exist?(file)
+#     FileUtils.rm(file)
+#   end
+#   200
+# end
 
 post '/follow' do
   protected!
@@ -29,26 +29,31 @@ post '/unfollow' do
   following = Dir[File.join(OUTBOX[:dir], 'follow', '*.json')].collect { |f| JSON.load_file(f) }
   activity = following.find { |a| a['object'] == params['id'] }
   activity ||= {
-    "@context": 'https://www.w3.org/ns/activitystreams',
-    "type": 'Follow',
-    "actor": 'https://social.pdp8.info/pdp8',
-    "object": params['id']
+    '@context' => 'https://www.w3.org/ns/activitystreams',
+    'type' => 'Follow',
+    'actor' => 'https://social.pdp8.info/pdp8',
+    'object' => params['id']
   }
   create_activity 'Undo', activity, [params['id']]
   update_collection FOLLOWING, params['id'], 'delete'
   200
 end
 
-post '/share' do # TODO
+post '/announce' do # TODO
   protected!
-  src, object = find_object params['id']
-  object = JSON.load_file(src)
+  #  src, object = find_object params['id']
+  #  object = JSON.load_file(src)
+  #  to = ['https://www.w3.org/ns/activitystreams#Public', FOLLOWERS_URL]
+  #  to << object['attributedTo']
+  #  create_activity 'Announce', object, to
+  # src, object = find_object params['id']
+  # object = JSON.load_file(src)
   to = ['https://www.w3.org/ns/activitystreams#Public', FOLLOWERS_URL]
-  to << object['attributedTo']
-  create_activity 'Announce', object, to
-  dest = src.sub('inbox/', 'outbox/')
-  FileUtils.mkdir_p File.dirname(dest)
-  FileUtils.mv src, dest
+  to << params['attributedTo']
+  create_activity 'Announce', params['id'], to
+  # dest = src.sub('inbox/', 'outbox/')
+  # FileUtils.mkdir_p File.dirname(dest)
+  # FileUtils.rm src
   200
 end
 
diff --git a/helpers.rb b/helpers.rb
index 1f106a7..09b0d42 100644
--- a/helpers.rb
+++ b/helpers.rb
@@ -136,7 +136,14 @@ helpers do
     response = curl(
       "-H 'Accept: #{accept}' -H 'Host: #{uri.host}' -H 'Date: #{httpdate}' -H 'Signature: #{signed_header}' ", url
     )
-    response ? JSON.parse(response) : nil
+    return unless response
+
+    begin
+      JSON.parse(response)
+    rescue StandardError => e
+      p url, e
+      nil
+    end
   end
 
   def curl(ext, url)
@@ -144,7 +151,7 @@ helpers do
     if $CHILD_STATUS.success?
       response
     else
-      p 'curl error:', url, response
+      p 'Curl Error:', url, response
       nil
     end
   end
diff --git a/server.rb b/server.rb
index c083cb1..94729cc 100644
--- a/server.rb
+++ b/server.rb
@@ -8,8 +8,6 @@ post '/inbox' do
     p e, @body
     halt 400
   end
-  # deleted actors return 403 => verification error
-  halt 200 if @activity['type'] == 'Delete' and @activity['actor'] == @activity['object']
   verify!
   handle_activity
   200
@@ -104,7 +102,7 @@ helpers do
     if @activity['object']['type'] == 'Follow'
       update_collection FOLLOWING, @activity['object']['object']
     else
-      p "Cannot accept @activity['object']['type']"
+      p "Error: Cannot accept @activity['object']['type']"
       jj @activity
       halt 501
     end
@@ -116,23 +114,22 @@ helpers do
       update_collection FOLLOWERS, @activity['object']['actor'], 'delete'
     when 'Create', 'Announce'
       file, object = find_object @activity['object']['object']
-      FileUtils.rm(file) if file and File.exist? file
+      FileUtils.rm(file) if file and File.exist? file and @activity['actor'] == object['attributedTo']
     else
-      p "Cannot undo @activity['object']['type']"
+      p "Error: Cannot undo @activity['object']['type']"
       jj @activity
       halt 501
     end
   end
 
   def update
-    file, object = find_object(@activity['object']['id'])
-    FileUtils.rm(file) if file and File.exist? file
+    delete
     create
   end
 
   def delete
     file, object = find_object(@activity['object']['id'])
-    FileUtils.rm(file) if file and File.exist? file
+    FileUtils.rm(file) if file and File.exist? file and @activity['actor'] == object['attributedTo']
   end
 
   def move
@@ -141,12 +138,12 @@ helpers do
 
   def handle_activity
     type = @activity['type'].downcase.to_sym
-    save_item @activity, File.join(INBOX[:dir], @activity['type'].downcase, activity_name)
+    # save_item @activity, File.join(INBOX[:dir], @activity['type'].downcase, activity_name)
     if ACTIVITIES.include? type
       send(type)
     else
       unless %w[Add Remove].include? @activity['type']
-        p "Unknown activity #{type}:"
+        p "Error: Unknown activity #{type}:"
         jj @activity
       end
     end
@@ -188,11 +185,13 @@ helpers do
 
   # https://github.com/mastodon/mastodon/blob/main/app/controllers/concerns/signature_verification.rb
   def verify!
+    # deleted actors return 403 => verification error
+    halt 200 if @activity['type'] == 'Delete' and @activity['actor'] == @activity['object']
     # digest
     sha256 = OpenSSL::Digest.new('SHA256')
     digest = "SHA-256=#{sha256.base64digest(@body)}"
     unless digest == request.env['HTTP_DIGEST']
-      p 'invalid digest'
+      p 'Error: Invalid digest'
       p @body
       halt 403
     end
@@ -210,7 +209,7 @@ helpers do
 
     actor = fetch key_id
     unless actor
-      p 'no actor'
+      p 'Error: No actor'
       jj @activity
       halt 403
     end
@@ -231,13 +230,10 @@ helpers do
 
     return if key.verify(OpenSSL::Digest.new('SHA256'), signature, comparison)
 
-    p 'verification failed'
+    p 'Error: Verification failed'
     jj signature_params
     jj request.env.select { |k, _v| k.start_with? 'HTTP_' }.to_h
-    # jj actor['publicKey']
-    # p signature
     puts comparison
-    # jj @activity
     halt 403
   end
 end
diff --git a/views/outbox.erb b/views/outbox.erb
index 0efb78c..23adb19 100644
--- a/views/outbox.erb
+++ b/views/outbox.erb
@@ -12,10 +12,11 @@
     <p>
     <% if @type == 'create' %>
       <h2>posts&nbsp;|&nbsp;<a href='/outbox/announce'>boosts</a></h2>
-    <% elsif @type = 'announce' %>
+    <% elsif @type == 'announce' %>
       <h2><a href='/outbox/create'>posts</a>&nbsp;|&nbsp;boosts</h2>
     <% end %>
     <% @objects.each do |object| 
+        object = fetch(object) if object.is_a? String
         mention = mention object['attributedTo'] %>
         <div class='pdp8'>
         <p><b><a href='<%= object['attributedTo'] %>' target='_blank'><%= mention %></a></b>&nbsp;
author	pdp8 <pdp8@pdp8.info>	2023-12-20 11:20:50 +0100
committer	pdp8 <pdp8@pdp8.info>	2023-12-20 11:20:50 +0100
commit	88518c5a4fa4fa9d841bb0d1c8add9fa2234530c (patch)
tree	8a808ff352841779637c6bd1aa171e94c2c55cdf
parent	443b6fd42abf9cb1392125199cca449702898327 (diff)