From 2e614738f72c9af634c4a630693d06f144bc24df Mon Sep 17 00:00:00 2001 From: pdp8 Date: Wed, 12 Jul 2023 14:49:22 +0200 Subject: signed fetch for mastodon instances with AUTHORIZED_FETCH (e.g. mastodon.art) --- helpers.rb | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) (limited to 'helpers.rb') diff --git a/helpers.rb b/helpers.rb index 556f187..212c406 100644 --- a/helpers.rb +++ b/helpers.rb @@ -6,11 +6,26 @@ helpers do def curl(ext, url) p url response = `/run/current-system/sw/bin/curl --fail-with-body -sSL #{ext} #{url}` - $CHILD_STATUS.success? ? response : nil + if $CHILD_STATUS.success? + response + else + p response + nil + end end def fetch(url, accept = 'application/activity+json') - response = curl("-H 'Accept: #{accept}'", url) + uri = URI(url) + httpdate = Time.now.utc.httpdate + keypair = OpenSSL::PKey::RSA.new(File.read('private.pem')) + string = "(request-target): get #{uri.request_uri}\nhost: #{uri.host}\ndate: #{httpdate}" + signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), string)) + signed_header = "keyId=\"#{ACTOR}#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date\",signature=\"#{signature}\"" + + response = curl( + "-H 'Accept: #{accept}' -H 'Host: #{uri.host}' -H 'Date: #{httpdate}' -H 'Signature: #{signed_header}' ", url + ) + # response = curl("-H 'Accept: #{accept}'", url) response ? JSON.parse(response) : nil end @@ -30,7 +45,7 @@ helpers do basename = "#{date}.json" activity['id'] = File.join(OUTBOX_URL, basename) activity['published'] = httpdate - if activity['object'] and activity['object']['type'] and !activity['object']['id'] + if activity['object'] && activity['object']['type'] && !activity['object']['id'] rel_path = File.join activity['object']['type'].downcase, basename activity['object']['published'] = httpdate activity['object']['id'] = File.join(OUTBOX_URL, rel_path) @@ -46,16 +61,19 @@ helpers do # assumes that recipient collections have been expanded by sender # put all recipients into 'to', avoid 'cc' 'bto' 'bcc' 'audience' !! activity['to'] = recipients if add_recipients - inboxes = if recipients.include? 'https://www.w3.org/ns/activitystreams#Public' - people.collect { |p| p[2] }.uniq # cached sharedInboxes - else - [] - end + inboxes = [] + # inboxes = if recipients.include? 'https://www.w3.org/ns/activitystreams#Public' + # people.collect { |p| p[2] }.uniq # cached sharedInboxes + # else + # [] + # end recipients.uniq.each do |url| next if [ACTOR, 'https://www.w3.org/ns/activitystreams#Public'].include? url + p 'FETCH', url actor = fetch url - next unless actor and actor['inbox'] + p actor + next unless actor && actor['inbox'] inbox = actor['endpoints']['sharedInbox'] inboxes << (inbox || actor['inbox']) @@ -109,7 +127,7 @@ helpers do end def cache(mention, actor, a) - sharedInbox = a['endpoints']['sharedInbox'] if a['endpoints'] and a['endpoints']['sharedInbox'] + sharedInbox = a['endpoints']['sharedInbox'] if a['endpoints'] && a['endpoints']['sharedInbox'] File.open('cache/people.tsv', 'a') { |f| f.puts "#{mention}\t#{actor}\t#{sharedInbox}" } end end -- cgit v1.2.3