From 5af8d78e195c7479769240b32703d5b76843db4d Mon Sep 17 00:00:00 2001 From: pdp8 Date: Sat, 1 Jul 2023 00:57:48 +0200 Subject: initial refactoring of client.rb --- server.rb | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) (limited to 'server.rb') diff --git a/server.rb b/server.rb index 282c3e9..6379332 100644 --- a/server.rb +++ b/server.rb @@ -3,9 +3,12 @@ before '/inbox' do request.body.rewind # in case someone already read it @body = request.body.read - @activity = JSON.parse @body - @object = @activity['object'] - @object = fetch(@object) if @object.is_a?(String) && @object.match(/^http/) + unless @body.empty? + @activity = JSON.parse @body + @object = @activity['object'] + @object = fetch(@object) if @object.is_a?(String) && @object.match(/^http/) + halt 400 unless @object + end end # client-server @@ -17,6 +20,8 @@ end # server-server post '/inbox' do verify! + # file = File.join INBOX, "#{SecureRandom.uuid}.json" + # File.open(file, 'w+') { |f| f.puts @activity.to_json } type = @activity['type'].downcase.to_sym respond_to?(type) ? send(type) : p("Unknown activity: #{type}") end @@ -31,7 +36,16 @@ get '/.well-known/webfinger' do end end -['/outbox', '/following', '/followers'].each do |path| +get '/outbox' do + ordered_collection(OUTBOX).to_json +end + +get '/inbox' do + # protected! + ordered_collection(File.join(INBOX, 'note')).to_json +end + +['/following', '/followers'].each do |path| get path do ordered_collection(File.join(PUBLIC_DIR, path)).to_json end @@ -44,11 +58,12 @@ end helpers do # https://github.com/mastodon/mastodon/blob/main/app/controllers/concerns/signature_verification.rb def verify! - # verify digest + # digest sha256 = OpenSSL::Digest.new('SHA256') digest = "SHA-256=#{sha256.base64digest(@body)}" halt 403 unless digest == request.env['HTTP_DIGEST'] + # signature signature_params = {} request.env['HTTP_SIGNATURE'].split(',').each do |pair| k, v = pair.split('=') @@ -60,9 +75,8 @@ helpers do signature = Base64.decode64(signature_params['signature']) actor = fetch key_id - halt 200 if !actor && (@activity['type'] == 'Delete') # deleted users do not return actors - halt 403 unless actor + key = OpenSSL::PKey::RSA.new(actor['publicKey']['publicKeyPem']) comparison = headers.split(' ').map do |signed_params_name| @@ -79,10 +93,11 @@ helpers do end def create + return unless @object return if object_exists? File.open(object_file, 'w+') { |f| f.puts @object.to_json } - return unless @object && @object['inReplyTo'] + return unless @object['inReplyTo'] @object = fetch @object['inReplyTo'] create if @object @@ -125,13 +140,13 @@ helpers do 'actor' => ACTOR, 'object' => @activity, 'to' => [@activity['actor']] } - send_signed accept # , @activity['actor'] + send_signed accept end + # when "Like" # when "Move" # when "Add" # when "Remove" - # when "Like" # when "Block" def inbox -- cgit v1.2.3