1 files changed, 30 insertions, 17 deletions

diff --git a/server.rb b/server.rb
index f7e9b82..4fdf1e8 100644
--- a/server.rb
+++ b/server.rb
@@ -13,9 +13,9 @@ post '/inbox' do
   end
   halt 501 if @activity['actor'] and @activity['type'] == 'Delete' # deleted actors return 403 => verification error
   verify! # unless type == :accept # pixelfed sends unsigned accept activities???
-  complete_and_save(@activity)
+  save_activity(@activity, INBOX)
   type = @activity['type'].downcase.to_sym
-  send(type) if %i[follow accept undo].include? type
+  send(type) if %i[create announce follow accept undo].include? type
   halt 200
 end
 
@@ -36,6 +36,19 @@ end
 end
 
 helpers do
+  def create
+    @object ||= @activity['object']
+    @object = save_object @object, INBOX
+    return unless @object['inReplyTo']
+
+    @object = @object['inReplyTo']
+    create
+  end
+
+  def announce
+    create
+  end
+
   def follow
     update_collection FOLLOWERS, @activity['actor']
     outbox 'Accept', @activity, [@activity['actor']]
@@ -88,22 +101,8 @@ helpers do
   end
 
   def outbox(type, object, recipients)
-    # add date and id, save
-    activity = complete_and_save({
-                                   '@context' => 'https://www.w3.org/ns/activitystreams',
-                                   'type' => type,
-                                   'actor' => ACTOR,
-                                   'object' => object,
-                                   'to' => recipients
-                                 })
-
     # send
-    # https://github.com/mastodon/mastodon/blob/main/app/lib/request.rb
-    keypair = OpenSSL::PKey::RSA.new(File.read('private.pem'))
-    body = activity.to_json
-    sha256 = OpenSSL::Digest.new('SHA256')
-    digest = "SHA-256=#{sha256.base64digest(body)}"
-
+    ## https://github.com/mastodon/mastodon/blob/main/app/lib/request.rb
     inboxes = []
     recipients.uniq.each do |url|
       next if [ACTOR, 'https://www.w3.org/ns/activitystreams#Public'].include? url
@@ -118,8 +117,22 @@ helpers do
       end
     end
 
+    # add date and id, save
+    activity = save_activity({
+                               '@context' => 'https://www.w3.org/ns/activitystreams',
+                               'type' => type,
+                               'actor' => ACTOR,
+                               'object' => object,
+                               'to' => recipients
+                             }, OUTBOX)
+    body = activity.to_json
+    sha256 = OpenSSL::Digest.new('SHA256')
+    digest = "SHA-256=#{sha256.base64digest(body)}"
+    keypair = OpenSSL::PKey::RSA.new(File.read('private.pem'))
+
     inboxes.compact.uniq.each do |inbox|
       uri = URI(inbox)
+      httpdate = Time.now.utc.httpdate
       string = "(request-target): post #{uri.request_uri}\nhost: #{uri.host}\ndate: #{httpdate}\ndigest: #{digest}\ncontent-type: application/activity+json"
       signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), string))
       signed_header = "keyId=\"#{ACTOR}#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"#{signature}\""