summaryrefslogtreecommitdiff
path: root/server.rb
diff options
context:
space:
mode:
Diffstat (limited to 'server.rb')
-rw-r--r--server.rb35
1 files changed, 25 insertions, 10 deletions
diff --git a/server.rb b/server.rb
index 282c3e9..6379332 100644
--- a/server.rb
+++ b/server.rb
@@ -3,9 +3,12 @@
before '/inbox' do
request.body.rewind # in case someone already read it
@body = request.body.read
- @activity = JSON.parse @body
- @object = @activity['object']
- @object = fetch(@object) if @object.is_a?(String) && @object.match(/^http/)
+ unless @body.empty?
+ @activity = JSON.parse @body
+ @object = @activity['object']
+ @object = fetch(@object) if @object.is_a?(String) && @object.match(/^http/)
+ halt 400 unless @object
+ end
end
# client-server
@@ -17,6 +20,8 @@ end
# server-server
post '/inbox' do
verify!
+ # file = File.join INBOX, "#{SecureRandom.uuid}.json"
+ # File.open(file, 'w+') { |f| f.puts @activity.to_json }
type = @activity['type'].downcase.to_sym
respond_to?(type) ? send(type) : p("Unknown activity: #{type}")
end
@@ -31,7 +36,16 @@ get '/.well-known/webfinger' do
end
end
-['/outbox', '/following', '/followers'].each do |path|
+get '/outbox' do
+ ordered_collection(OUTBOX).to_json
+end
+
+get '/inbox' do
+ # protected!
+ ordered_collection(File.join(INBOX, 'note')).to_json
+end
+
+['/following', '/followers'].each do |path|
get path do
ordered_collection(File.join(PUBLIC_DIR, path)).to_json
end
@@ -44,11 +58,12 @@ end
helpers do
# https://github.com/mastodon/mastodon/blob/main/app/controllers/concerns/signature_verification.rb
def verify!
- # verify digest
+ # digest
sha256 = OpenSSL::Digest.new('SHA256')
digest = "SHA-256=#{sha256.base64digest(@body)}"
halt 403 unless digest == request.env['HTTP_DIGEST']
+ # signature
signature_params = {}
request.env['HTTP_SIGNATURE'].split(',').each do |pair|
k, v = pair.split('=')
@@ -60,9 +75,8 @@ helpers do
signature = Base64.decode64(signature_params['signature'])
actor = fetch key_id
- halt 200 if !actor && (@activity['type'] == 'Delete') # deleted users do not return actors
-
halt 403 unless actor
+
key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem'])
comparison = headers.split(' ').map do |signed_params_name|
@@ -79,10 +93,11 @@ helpers do
end
def create
+ return unless @object
return if object_exists?
File.open(object_file, 'w+') { |f| f.puts @object.to_json }
- return unless @object && @object['inReplyTo']
+ return unless @object['inReplyTo']
@object = fetch @object['inReplyTo']
create if @object
@@ -125,13 +140,13 @@ helpers do
'actor' => ACTOR,
'object' => @activity,
'to' => [@activity['actor']] }
- send_signed accept # , @activity['actor']
+ send_signed accept
end
+ # when "Like"
# when "Move"
# when "Add"
# when "Remove"
- # when "Like"
# when "Block"
def inbox