summaryrefslogtreecommitdiff
path: root/server.rb
diff options
context:
space:
mode:
Diffstat (limited to 'server.rb')
-rw-r--r--server.rb28
1 files changed, 12 insertions, 16 deletions
diff --git a/server.rb b/server.rb
index c083cb1..94729cc 100644
--- a/server.rb
+++ b/server.rb
@@ -8,8 +8,6 @@ post '/inbox' do
p e, @body
halt 400
end
- # deleted actors return 403 => verification error
- halt 200 if @activity['type'] == 'Delete' and @activity['actor'] == @activity['object']
verify!
handle_activity
200
@@ -104,7 +102,7 @@ helpers do
if @activity['object']['type'] == 'Follow'
update_collection FOLLOWING, @activity['object']['object']
else
- p "Cannot accept @activity['object']['type']"
+ p "Error: Cannot accept @activity['object']['type']"
jj @activity
halt 501
end
@@ -116,23 +114,22 @@ helpers do
update_collection FOLLOWERS, @activity['object']['actor'], 'delete'
when 'Create', 'Announce'
file, object = find_object @activity['object']['object']
- FileUtils.rm(file) if file and File.exist? file
+ FileUtils.rm(file) if file and File.exist? file and @activity['actor'] == object['attributedTo']
else
- p "Cannot undo @activity['object']['type']"
+ p "Error: Cannot undo @activity['object']['type']"
jj @activity
halt 501
end
end
def update
- file, object = find_object(@activity['object']['id'])
- FileUtils.rm(file) if file and File.exist? file
+ delete
create
end
def delete
file, object = find_object(@activity['object']['id'])
- FileUtils.rm(file) if file and File.exist? file
+ FileUtils.rm(file) if file and File.exist? file and @activity['actor'] == object['attributedTo']
end
def move
@@ -141,12 +138,12 @@ helpers do
def handle_activity
type = @activity['type'].downcase.to_sym
- save_item @activity, File.join(INBOX[:dir], @activity['type'].downcase, activity_name)
+ # save_item @activity, File.join(INBOX[:dir], @activity['type'].downcase, activity_name)
if ACTIVITIES.include? type
send(type)
else
unless %w[Add Remove].include? @activity['type']
- p "Unknown activity #{type}:"
+ p "Error: Unknown activity #{type}:"
jj @activity
end
end
@@ -188,11 +185,13 @@ helpers do
# https://github.com/mastodon/mastodon/blob/main/app/controllers/concerns/signature_verification.rb
def verify!
+ # deleted actors return 403 => verification error
+ halt 200 if @activity['type'] == 'Delete' and @activity['actor'] == @activity['object']
# digest
sha256 = OpenSSL::Digest.new('SHA256')
digest = "SHA-256=#{sha256.base64digest(@body)}"
unless digest == request.env['HTTP_DIGEST']
- p 'invalid digest'
+ p 'Error: Invalid digest'
p @body
halt 403
end
@@ -210,7 +209,7 @@ helpers do
actor = fetch key_id
unless actor
- p 'no actor'
+ p 'Error: No actor'
jj @activity
halt 403
end
@@ -231,13 +230,10 @@ helpers do
return if key.verify(OpenSSL::Digest.new('SHA256'), signature, comparison)
- p 'verification failed'
+ p 'Error: Verification failed'
jj signature_params
jj request.env.select { |k, _v| k.start_with? 'HTTP_' }.to_h
- # jj actor['publicKey']
- # p signature
puts comparison
- # jj @activity
halt 403
end
end