From dfaac96870ac6a86ebb0b5e5c9365e1e0ef6e5bc Mon Sep 17 00:00:00 2001 From: pdp8 Date: Mon, 26 Jun 2023 20:49:38 +0200 Subject: digest verification, fetch/send_signed refactored --- client.rb | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'client.rb') diff --git a/client.rb b/client.rb index 2e449bd..3b30861 100644 --- a/client.rb +++ b/client.rb @@ -66,7 +66,8 @@ post "/outbox" do File.open(outbox_path, "w+") { |f| f.puts create.to_json } File.open(notes_path, "w+") { |f| f.puts create["object"].to_json } - create["to"].each { |r| send_signed create, r } + recipients.delete "https://www.w3.org/ns/activitystreams#Public" + recipients.each { |r| send_signed create, r } redirect to(params['redirect']) end @@ -92,6 +93,7 @@ post "/follow/*" do protected! mention = params['splat'][0] actor = actor(mention) + return 502 unless actor follow = { "@context" => "https://www.w3.org/ns/activitystreams", "id" => File.join(SOCIAL_URL, "following", mention + ".json"), "type" => "Follow", @@ -105,6 +107,7 @@ post "/unfollow/*" do protected! mention = params['splat'][0] actor = actor(mention) + return 502 unless actor following_path = File.join("public", "following", mention + ".json") if File.exists?(following_path) undo = { "@context" => "https://www.w3.org/ns/activitystreams", @@ -144,12 +147,12 @@ end helpers do def protected! - redirect("/login.html") unless session['client'] + halt 403 unless session['client'] end def items nr = 0 - files = Dir[File.join(@dir, '*.json')] + Dir['public/objects/*.json'] + files = Dir[File.join(@dir, '*.json')] + Dir['public/notes/*.json'] @items = files.sort.collect do |file| item = JSON.parse(File.read(file)) mention = mention(item['attributedTo']) @@ -199,7 +202,9 @@ helpers do def mention actor person = people.select{|p| p[1] == actor} if person.empty? - mention = "#{fetch(actor)["preferredUsername"]}@#{URI(actor).host}" + a = fetch(actor) + return nil unless a + mention = "#{a["preferredUsername"]}@#{URI(actor).host}" File.open('cache/people.tsv','a'){|f| f.puts "#{mention}\t#{actor}"} mention else @@ -212,8 +217,9 @@ helpers do actors = people.select{|p| p[0] == mention} if actors.empty? user, server = mention.split("@") - actor = fetch("https://#{server}/.well-known/webfinger?resource=acct:#{mention}", - "application/jrd+json")["links"].select { |l| + a = fetch("https://#{server}/.well-known/webfinger?resource=acct:#{mention}", "application/jrd+json") + return nil unless a + actor = a["links"].select { |l| l["rel"] == "self" }[0]["href"] File.open('cache/people.tsv','a'){|f| f.puts "#{mention}\t#{actor}"} -- cgit v1.2.3