diff options
| author | pdp8 <pdp8@pdp8.info> | 2023-06-26 20:49:38 +0200 |
|---|---|---|
| committer | pdp8 <pdp8@pdp8.info> | 2023-06-26 20:49:38 +0200 |
| commit | dfaac96870ac6a86ebb0b5e5c9365e1e0ef6e5bc (patch) | |
| tree | 07f04481328a85cfe3e3ea4b8bee1a6c654636d6 /helpers.rb | |
| parent | 8453f524515941f3c0a65b5ca3b9354be76b4c33 (diff) | |
digest verification, fetch/send_signed refactored
Diffstat (limited to 'helpers.rb')
| -rw-r--r-- | helpers.rb | 20 |
1 files changed, 12 insertions, 8 deletions
@@ -1,10 +1,13 @@ helpers do + def curl ext, url + response = `/run/current-system/sw/bin/curl -ifsSL #{ext} #{url}` + $?.success? ? response : nil + end + def fetch url, accept = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' - p url - response = `/run/current-system/sw/bin/curl --fail-with-body -sSL -H 'Accept: #{accept}' #{url}` - halt 400 unless $?.success? - JSON.parse(response) + response = curl("-H 'Accept: #{accept}'", url) + response ? JSON.parse(response) : nil end # https://github.com/mastodon/mastodon/blob/main/app/lib/request.rb @@ -12,20 +15,21 @@ helpers do keypair = OpenSSL::PKey::RSA.new(File.read('private.pem')) date = Time.now.utc.httpdate - sha256 = OpenSSL::Digest::SHA256.new body = object.to_json + sha256 = OpenSSL::Digest::SHA256.new digest = "SHA-256=" + sha256.base64digest(body) host = URI.parse(url).host inbox = fetch(url)["inbox"] + return false unless inbox request_uri = URI(inbox).request_uri signed_string = "(request-target): post #{request_uri}\nhost: #{host}\ndate: #{date}\ndigest: #{digest}\ncontent-type: application/activity+json" signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), signed_string)) signed_header = 'keyId="' + ACTOR + '#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="' + signature + '"' - #p url - puts `/run/current-system/sw/bin/curl --fail-with-body -sSL -X POST -H 'Content-Type: application/activity+json' -H 'Host: #{host}' -H 'Date: #{date}' -H 'Digest: #{digest}' -H 'Signature: #{signed_header}' -d '#{body}' #{inbox}` - #puts `/run/current-system/sw/bin/curl -iL -X POST -H 'Content-Type: application/activity+json' -H 'Host: #{host}' -H 'Date: #{date}' -H 'Digest: #{digest}' -H 'Signature: #{signed_header}' -d '#{body}' #{inbox}` + curl "-X POST -H 'Content-Type: application/activity+json' -H 'Host: #{host}' -H 'Date: #{date}' -H 'Digest: #{digest}' -H 'Signature: #{signed_header}' -d '#{body}'", inbox + $?.success? + end end |