From dfaac96870ac6a86ebb0b5e5c9365e1e0ef6e5bc Mon Sep 17 00:00:00 2001
From: pdp8 <pdp8@pdp8.info>
Date: Mon, 26 Jun 2023 20:49:38 +0200
Subject: digest verification, fetch/send_signed refactored

---
 helpers.rb | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

(limited to 'helpers.rb')

diff --git a/helpers.rb b/helpers.rb
index 66dca3d..dca18e7 100644
--- a/helpers.rb
+++ b/helpers.rb
@@ -1,10 +1,13 @@
 helpers do
 
+  def curl ext, url
+    response = `/run/current-system/sw/bin/curl -ifsSL #{ext} #{url}`
+    $?.success? ? response : nil
+  end
+
   def fetch url, accept = 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"'
-    p url
-    response = `/run/current-system/sw/bin/curl --fail-with-body -sSL -H 'Accept: #{accept}' #{url}`
-    halt 400 unless $?.success?
-    JSON.parse(response)
+    response = curl("-H 'Accept: #{accept}'", url)
+    response ? JSON.parse(response) : nil
   end
 
   # https://github.com/mastodon/mastodon/blob/main/app/lib/request.rb
@@ -12,20 +15,21 @@ helpers do
 
     keypair = OpenSSL::PKey::RSA.new(File.read('private.pem'))
     date = Time.now.utc.httpdate
-    sha256 = OpenSSL::Digest::SHA256.new
     body = object.to_json
+    sha256 = OpenSSL::Digest::SHA256.new
     digest = "SHA-256=" + sha256.base64digest(body)
     host = URI.parse(url).host
     inbox = fetch(url)["inbox"]
+    return false unless inbox
     request_uri = URI(inbox).request_uri
 
     signed_string = "(request-target): post #{request_uri}\nhost: #{host}\ndate: #{date}\ndigest: #{digest}\ncontent-type: application/activity+json"
     signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), signed_string))
     signed_header = 'keyId="' + ACTOR + '#main-key",algorithm="rsa-sha256",headers="(request-target) host date digest content-type",signature="' + signature + '"'
 
-    #p url
-    puts `/run/current-system/sw/bin/curl --fail-with-body -sSL -X POST -H 'Content-Type: application/activity+json' -H 'Host: #{host}' -H 'Date: #{date}' -H 'Digest: #{digest}' -H 'Signature: #{signed_header}' -d '#{body}' #{inbox}`
-    #puts `/run/current-system/sw/bin/curl -iL -X POST -H 'Content-Type: application/activity+json' -H 'Host: #{host}' -H 'Date: #{date}' -H 'Digest: #{digest}' -H 'Signature: #{signed_header}' -d '#{body}' #{inbox}`
+    curl "-X POST -H 'Content-Type: application/activity+json' -H 'Host: #{host}' -H 'Date: #{date}' -H 'Digest: #{digest}' -H 'Signature: #{signed_header}' -d '#{body}'", inbox
+    $?.success?
+
   end
 
 end
-- 
cgit v1.2.3