announce to fixed, find_file replaced with find_object, CONTENT_LENGHT included in signature verification

author: pdp8 <pdp8@pdp8.info> 2023-10-06 15:02:59 +0200
committer: pdp8 <pdp8@pdp8.info> 2023-10-06 15:02:59 +0200
commit: 580c684f792d6fab16c58b9a08d566cd03c72ca4 (patch)
tree: b6cda32267d02c5e5118fa2d6b1da92c48c457c6 /server.rb
parent: 6100f9971b74ee4d3449155beb881a69017a296d (diff)
1 files changed, 13 insertions, 9 deletions
diff --git a/server.rb b/server.rb
index 41663cb..e2d4896 100644
--- a/server.rb
+++ b/server.rb
@@ -10,7 +10,7 @@ post '/inbox' do
   end
   # deleted actors return 403 => verification error
   halt 200 if @activity['type'] == 'Delete' and @activity['actor'] == @activity['object']
-  verify! # pixelfed sends unsigned activities???
+  verify!
   handle_activity
   200
 end
@@ -103,7 +103,7 @@ helpers do
     when 'Follow'
       update_collection FOLLOWERS, @activity['object']['actor'], 'delete'
     when 'Create', 'Announce'
-      file = find_file @activity['object']['object']
+      file, object = find_object @activity['object']['object']
       FileUtils.rm(file) if file and File.exist? file
     else
       p "Cannot undo @activity['object']['type']"
@@ -113,13 +113,13 @@ helpers do
   end
 
   def update
-    file = find_file(@activity['object']['id'])
+    file, object = find_object(@activity['object']['id'])
     FileUtils.rm(file) if file and File.exist? file
     create
   end
 
   def delete
-    file = find_file(@activity['object']['id'])
+    file, object = find_object(@activity['object']['id'])
     FileUtils.rm(file) if file and File.exist? file
   end
 
@@ -204,18 +204,22 @@ helpers do
         '(request-target): post /inbox'
       elsif signed_params_name == 'content-type'
         "#{signed_params_name}: #{request.env['CONTENT_TYPE']}"
+      elsif signed_params_name == 'content-length'
+        "#{signed_params_name}: #{request.env['CONTENT_LENGTH']}"
       else
-        "#{signed_params_name}: #{request.env["HTTP_#{signed_params_name.upcase}"]}"
+        "#{signed_params_name}: #{request.env["HTTP_#{signed_params_name.upcase.gsub('-', '_')}"]}"
       end
     end.join("\n")
 
     return if key.verify(OpenSSL::Digest.new('SHA256'), signature, comparison)
 
     p 'verification failed'
-    p signature_params
-    p actor['publicKey']
-    p signature, comparison
-    jj @activity
+    jj signature_params
+    jj request.env.select { |k, _v| k.start_with? 'HTTP_' }.to_h
+    # jj actor['publicKey']
+    # p signature
+    puts comparison
+    # jj @activity
     # halt 403
   end
 end
author	pdp8 <pdp8@pdp8.info>	2023-10-06 15:02:59 +0200
committer	pdp8 <pdp8@pdp8.info>	2023-10-06 15:02:59 +0200
commit	580c684f792d6fab16c58b9a08d566cd03c72ca4 (patch)
tree	b6cda32267d02c5e5118fa2d6b1da92c48c457c6 /server.rb
parent	6100f9971b74ee4d3449155beb881a69017a296d (diff)