From 5062145de3e3fe600415c8b8718c6a144f8ed939 Mon Sep 17 00:00:00 2001 From: pdp8 Date: Fri, 21 Jul 2023 15:34:09 +0200 Subject: intermediary commit --- server.rb | 47 ++++++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 17 deletions(-) (limited to 'server.rb') diff --git a/server.rb b/server.rb index f7e9b82..4fdf1e8 100644 --- a/server.rb +++ b/server.rb @@ -13,9 +13,9 @@ post '/inbox' do end halt 501 if @activity['actor'] and @activity['type'] == 'Delete' # deleted actors return 403 => verification error verify! # unless type == :accept # pixelfed sends unsigned accept activities??? - complete_and_save(@activity) + save_activity(@activity, INBOX) type = @activity['type'].downcase.to_sym - send(type) if %i[follow accept undo].include? type + send(type) if %i[create announce follow accept undo].include? type halt 200 end @@ -36,6 +36,19 @@ end end helpers do + def create + @object ||= @activity['object'] + @object = save_object @object, INBOX + return unless @object['inReplyTo'] + + @object = @object['inReplyTo'] + create + end + + def announce + create + end + def follow update_collection FOLLOWERS, @activity['actor'] outbox 'Accept', @activity, [@activity['actor']] @@ -88,22 +101,8 @@ helpers do end def outbox(type, object, recipients) - # add date and id, save - activity = complete_and_save({ - '@context' => 'https://www.w3.org/ns/activitystreams', - 'type' => type, - 'actor' => ACTOR, - 'object' => object, - 'to' => recipients - }) - # send - # https://github.com/mastodon/mastodon/blob/main/app/lib/request.rb - keypair = OpenSSL::PKey::RSA.new(File.read('private.pem')) - body = activity.to_json - sha256 = OpenSSL::Digest.new('SHA256') - digest = "SHA-256=#{sha256.base64digest(body)}" - + ## https://github.com/mastodon/mastodon/blob/main/app/lib/request.rb inboxes = [] recipients.uniq.each do |url| next if [ACTOR, 'https://www.w3.org/ns/activitystreams#Public'].include? url @@ -118,8 +117,22 @@ helpers do end end + # add date and id, save + activity = save_activity({ + '@context' => 'https://www.w3.org/ns/activitystreams', + 'type' => type, + 'actor' => ACTOR, + 'object' => object, + 'to' => recipients + }, OUTBOX) + body = activity.to_json + sha256 = OpenSSL::Digest.new('SHA256') + digest = "SHA-256=#{sha256.base64digest(body)}" + keypair = OpenSSL::PKey::RSA.new(File.read('private.pem')) + inboxes.compact.uniq.each do |inbox| uri = URI(inbox) + httpdate = Time.now.utc.httpdate string = "(request-target): post #{uri.request_uri}\nhost: #{uri.host}\ndate: #{httpdate}\ndigest: #{digest}\ncontent-type: application/activity+json" signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), string)) signed_header = "keyId=\"#{ACTOR}#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"#{signature}\"" -- cgit v1.2.3