1 files changed, 22 insertions, 48 deletions

diff --git a/application.rb b/application.rb
index 5353ae4..029b04e 100644
--- a/application.rb
+++ b/application.rb
@@ -23,54 +23,50 @@ class Application
     type = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'
     response = "not allowed"
 
-    # p env["rack.input"].read
-    # if env["CONTENT_TYPE"] =~ /json/
-    # puts env["REMOTE_ADDR"]
     case env['REQUEST_METHOD']
 
     when 'POST'
       input = env["rack.input"].read
-      case env["REQUEST_URI"]
+      case env["REQUEST_PATH"]
 
       when "/inbox" # receive from server
-        puts "POST INBOX"
         if verify(env)
           begin
-            # unless input.match(/<!DOCTYPE html>/)
             object = JSON.parse(input)
-            # puts object
             case object["type"]
             when "Create"
               File.open(File.join("inbox", SecureRandom.uuid + ".json"), "w+") { |f| f.puts input }
+            when "Delete"
+              puts input
+            when "Follow"
+              File.open(File.join("followers", SecureRandom.uuid + ".json"), "w+") { |f| f.puts input }
+            when "Undo"
+              puts input
             else
               puts input
             end
             code = 200
             response = "OK"
-          # end
           rescue => e
-            # puts e.to_s
-            puts "Verification ERROR: "
-            # puts input
-            response = "invalid json"
+            puts input, e.to_s
+            response = "Request body contains invalid json."
           end
         else
           code = 401
-          response = "not verified"
+          response = "Verification failed for POST to #{env["REQUEST_URI"]}."
         end
 
       when "/outbox" # receive from client
-        puts "POST OUTBOX"
         # TODO auth
         if auth(env)
           input = JSON.parse(input)
           input["type"] == "Create" ? activity = input : activity = activity(input) # expand object to create activity
           add_id activity
-          save activity # , "outbox"
+          save activity
           FileUtils.ln_s File.join('..', path(activity)), "outbox"
-          code, response = deliver activity, ["to", "bto", "cc", "bcc", "audience"].collect { |d|
-                                               activity[d]
-                                             }.flatten.uniq.compact
+          code, response = send activity, ["to", "bto", "cc", "bcc", "audience"].collect { |d|
+                                            activity[d]
+                                          }.flatten.uniq.compact
           code = 200
           response = "OK"
         else
@@ -82,7 +78,7 @@ class Application
 
     when 'GET'
 
-      case env["REQUEST_URI"]
+      case env["REQUEST_PATH"]
 
       when "/.well-known/webfinger?resource=acct:#{ACCOUNT}"
         type = "application/jrd+json"
@@ -95,15 +91,11 @@ class Application
         code = 200
 
       when %r{/[inbox|outbox|following|followers|likes|shares]}
-        response = ordered_collection env["REQUEST_URI"]
+        response = ordered_collection env["REQUEST_PATH"]
         code = 200
-
       end
 
     end
-    # else
-    # response = "Cannot serve Content-type: " + env["CONTENT_TYPE"]
-    # end
     [code, { "Content-Type" => type }, [response]]
   end
 
@@ -138,19 +130,7 @@ class Application
     File.open(path, "w+") { |f| f.puts object.to_json }
   end
 
-  def inbox uri
-    # http = Net::HTTP.new(uri.host, uri.port)
-    # http.use_ssl = true
-    # header = { 'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' }
-    # request = Net::HTTP::Get.new(uri.request_uri, header)
-    # response = http.request(request)
-    # JSON.parse(response.body)["inbox"]
-    # p uri.host
-    # p get(uri)["inbox"]
-    URI(get(uri)["inbox"]).request_uri
-  end
-
-  def deliver object, urls
+  def send object, urls
     # https://github.com/mastodon/mastodon/blob/main/app/lib/request.rb
     keypair = OpenSSL::PKey::RSA.new(File.read('private.pem'))
     urls.each do |url|
@@ -161,10 +141,7 @@ class Application
       body = object.to_json
       digest = "SHA-256=" + sha256.base64digest(body)
 
-      # signed_string = "(request-target): post /inbox\nhost: #{uri.host}\ndate: #{date}\ndigest: #{digest}\ncontent-type: application/activity+json"
-      p inbox(uri)
       signed_string = "(request-target): post #{inbox uri}\nhost: #{uri.host}\ndate: #{date}\ndigest: #{digest}\ncontent-type: application/activity+json"
-      puts signed_string
       signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), signed_string))
       signed_header = 'keyId="' + ACTOR + '#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="' + signature + '"'
 
@@ -172,24 +149,19 @@ class Application
       http = Net::HTTP.new(uri.host, uri.port)
       http.use_ssl = true
       header = {
-        # 'Accept' => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
         'Content-Type' => 'application/activity+json',
         'Host' => uri.host,
         'Date' => date,
         'Digest' => digest,
         'Signature' => signed_header,
       }
-      puts signed_header
       request = Net::HTTP::Post.new(uri.request_uri, header)
       request.body = body
 
       response = http.request(request)
+      # TODO return error if response.code > 400
       puts(response.body, response.code)
-      # puts(response.code)
-      # puts(response.body["signed_string"])
-      # puts(response.body["signature"])
     end
-    # [response.code, response.body]
   end
 
   def ordered_collection dir
@@ -230,8 +202,6 @@ class Application
       end
     end.join("\n")
 
-    puts comparison
-    puts env["HTTP_SIGNATURE"]
     key.verify(OpenSSL::Digest.new('SHA256'), signature, comparison)
   end
 
@@ -245,6 +215,10 @@ class Application
     JSON.parse(response.body)
   end
 
+  def inbox uri
+    URI(get(uri)["inbox"]).request_uri
+  end
+
   def auth env
     true
   end