diff options
| author | pdp8 <pdp8@pdp8.info> | 2023-06-28 18:55:27 +0200 |
|---|---|---|
| committer | pdp8 <pdp8@pdp8.info> | 2023-06-28 18:55:27 +0200 |
| commit | e328b59ffc2476262dbd076d2478aaade78e649c (patch) | |
| tree | 758f134e1b68af8a52fd2559c9fe704a62b9a040 /server.rb | |
| parent | dfaac96870ac6a86ebb0b5e5c9365e1e0ef6e5bc (diff) | |
digest login, refactoring
Diffstat (limited to 'server.rb')
| -rw-r--r-- | server.rb | 45 |
1 files changed, 25 insertions, 20 deletions
@@ -1,33 +1,33 @@ # server-server post "/inbox" do - verify! request.body.rewind # in case someone already read it - body = request.body.read - action = JSON.parse body + @body = request.body.read + @action = JSON.parse @body + verify! - case action["type"] + case @action["type"] when "Create" - create action["object"] + create @action["object"] when "Delete" - delete action["object"] + delete @action["object"] when "Update" - delete action["object"] - create action["object"] + delete @action["object"] + create @action["object"] when "Follow" - File.open(File.join("public", "followers", mention(action["actor"]) + ".json"), "w+") { |f| f.puts body } + File.open(File.join("public", "followers", mention(@action["actor"]) + ".json"), "w+") { |f| f.puts @body } accept = { "@context" => "https://www.w3.org/ns/activitystreams", "id" => File.join(SOCIAL_URL + "#accepts", SecureRandom.uuid), "type" => "Accept", "actor" => ACTOR, - "object" => action } - send_signed accept, action["actor"] + "object" => @action } + send_signed accept, @action["actor"] when "Undo" - o = action["object"] + o = @action["object"] case o["type"] when "Follow" Dir["public/followers/*.json"].each do |follower| @@ -36,14 +36,14 @@ post "/inbox" do end when "Accept" - o = action["object"] + o = @action["object"] case o["type"] when "Follow" File.open(File.join("public","following",mention(o['object'])+".json"),"w+"){|f| f.puts o.to_json} end when "Announce" - download action["object"] + download @action["object"] #when "Move" #when "Add" #when "Remove" @@ -51,8 +51,8 @@ post "/inbox" do #when "Block" else - p "Unknown action: #{action['type']}" - p body + p "Unknown @action: #{@action['type']}" + p @body end end @@ -81,10 +81,8 @@ helpers do def verify! # verify digest - request.body.rewind # in case someone already read it - body = request.body.read sha256 = OpenSSL::Digest::SHA256.new - digest = "SHA-256=" + sha256.base64digest(body) + digest = "SHA-256=" + sha256.base64digest(@body) halt 403 unless digest == request.env["HTTP_DIGEST"] signature_params = {} @@ -97,6 +95,12 @@ helpers do headers = signature_params['headers'] signature = Base64.decode64(signature_params['signature']) + if @action["type"] == "Delete" # deleted users do not return actors + delete @action["object"] + halt 200 + end + + jj @action actor = fetch key_id halt 403 unless actor key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem']) @@ -129,7 +133,8 @@ helpers do end def download object_url - create fetch(object_url) + object = fetch(object_url) + object and object["type"] ? create(object) : p(object_url, object) end def delete object |