From 580c684f792d6fab16c58b9a08d566cd03c72ca4 Mon Sep 17 00:00:00 2001 From: pdp8 Date: Fri, 6 Oct 2023 15:02:59 +0200 Subject: announce to fixed, find_file replaced with find_object, CONTENT_LENGHT included in signature verification --- server.rb | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'server.rb') diff --git a/server.rb b/server.rb index 41663cb..e2d4896 100644 --- a/server.rb +++ b/server.rb @@ -10,7 +10,7 @@ post '/inbox' do end # deleted actors return 403 => verification error halt 200 if @activity['type'] == 'Delete' and @activity['actor'] == @activity['object'] - verify! # pixelfed sends unsigned activities??? + verify! handle_activity 200 end @@ -103,7 +103,7 @@ helpers do when 'Follow' update_collection FOLLOWERS, @activity['object']['actor'], 'delete' when 'Create', 'Announce' - file = find_file @activity['object']['object'] + file, object = find_object @activity['object']['object'] FileUtils.rm(file) if file and File.exist? file else p "Cannot undo @activity['object']['type']" @@ -113,13 +113,13 @@ helpers do end def update - file = find_file(@activity['object']['id']) + file, object = find_object(@activity['object']['id']) FileUtils.rm(file) if file and File.exist? file create end def delete - file = find_file(@activity['object']['id']) + file, object = find_object(@activity['object']['id']) FileUtils.rm(file) if file and File.exist? file end @@ -204,18 +204,22 @@ helpers do '(request-target): post /inbox' elsif signed_params_name == 'content-type' "#{signed_params_name}: #{request.env['CONTENT_TYPE']}" + elsif signed_params_name == 'content-length' + "#{signed_params_name}: #{request.env['CONTENT_LENGTH']}" else - "#{signed_params_name}: #{request.env["HTTP_#{signed_params_name.upcase}"]}" + "#{signed_params_name}: #{request.env["HTTP_#{signed_params_name.upcase.gsub('-', '_')}"]}" end end.join("\n") return if key.verify(OpenSSL::Digest.new('SHA256'), signature, comparison) p 'verification failed' - p signature_params - p actor['publicKey'] - p signature, comparison - jj @activity + jj signature_params + jj request.env.select { |k, _v| k.start_with? 'HTTP_' }.to_h + # jj actor['publicKey'] + # p signature + puts comparison + # jj @activity # halt 403 end end -- cgit v1.2.3