diff options
Diffstat (limited to 'server.rb')
-rw-r--r-- | server.rb | 28 |
1 files changed, 12 insertions, 16 deletions
@@ -8,8 +8,6 @@ post '/inbox' do p e, @body halt 400 end - # deleted actors return 403 => verification error - halt 200 if @activity['type'] == 'Delete' and @activity['actor'] == @activity['object'] verify! handle_activity 200 @@ -104,7 +102,7 @@ helpers do if @activity['object']['type'] == 'Follow' update_collection FOLLOWING, @activity['object']['object'] else - p "Cannot accept @activity['object']['type']" + p "Error: Cannot accept @activity['object']['type']" jj @activity halt 501 end @@ -116,23 +114,22 @@ helpers do update_collection FOLLOWERS, @activity['object']['actor'], 'delete' when 'Create', 'Announce' file, object = find_object @activity['object']['object'] - FileUtils.rm(file) if file and File.exist? file + FileUtils.rm(file) if file and File.exist? file and @activity['actor'] == object['attributedTo'] else - p "Cannot undo @activity['object']['type']" + p "Error: Cannot undo @activity['object']['type']" jj @activity halt 501 end end def update - file, object = find_object(@activity['object']['id']) - FileUtils.rm(file) if file and File.exist? file + delete create end def delete file, object = find_object(@activity['object']['id']) - FileUtils.rm(file) if file and File.exist? file + FileUtils.rm(file) if file and File.exist? file and @activity['actor'] == object['attributedTo'] end def move @@ -141,12 +138,12 @@ helpers do def handle_activity type = @activity['type'].downcase.to_sym - save_item @activity, File.join(INBOX[:dir], @activity['type'].downcase, activity_name) + # save_item @activity, File.join(INBOX[:dir], @activity['type'].downcase, activity_name) if ACTIVITIES.include? type send(type) else unless %w[Add Remove].include? @activity['type'] - p "Unknown activity #{type}:" + p "Error: Unknown activity #{type}:" jj @activity end end @@ -188,11 +185,13 @@ helpers do # https://github.com/mastodon/mastodon/blob/main/app/controllers/concerns/signature_verification.rb def verify! + # deleted actors return 403 => verification error + halt 200 if @activity['type'] == 'Delete' and @activity['actor'] == @activity['object'] # digest sha256 = OpenSSL::Digest.new('SHA256') digest = "SHA-256=#{sha256.base64digest(@body)}" unless digest == request.env['HTTP_DIGEST'] - p 'invalid digest' + p 'Error: Invalid digest' p @body halt 403 end @@ -210,7 +209,7 @@ helpers do actor = fetch key_id unless actor - p 'no actor' + p 'Error: No actor' jj @activity halt 403 end @@ -231,13 +230,10 @@ helpers do return if key.verify(OpenSSL::Digest.new('SHA256'), signature, comparison) - p 'verification failed' + p 'Error: Verification failed' jj signature_params jj request.env.select { |k, _v| k.start_with? 'HTTP_' }.to_h - # jj actor['publicKey'] - # p signature puts comparison - # jj @activity halt 403 end end |