aboutsummaryrefslogtreecommitdiff
path: root/main.go
diff options
context:
space:
mode:
authorFChannel <=>2021-01-28 15:07:33 -0800
committerFChannel <=>2021-01-28 15:07:33 -0800
commit6dc1c48518a4f458412347ca5c73eb7846229a0d (patch)
treec4371ec0906a738792bb3574f36ad4622e6b2c9d /main.go
parent3d480edaef645b91ee8d00733dccc59f7296df28 (diff)
need to verify remote post auth to save to cache
Diffstat (limited to 'main.go')
-rw-r--r--main.go70
1 files changed, 37 insertions, 33 deletions
diff --git a/main.go b/main.go
index 551fce9..f6ed5f0 100644
--- a/main.go
+++ b/main.go
@@ -4,7 +4,6 @@ import "fmt"
import "strings"
import "strconv"
import "net/http"
-import "net/url"
import "database/sql"
import _ "github.com/lib/pq"
import "math/rand"
@@ -225,35 +224,28 @@ func main() {
}
if actorVerification {
- if method == "POST" {
- p, _ := url.ParseQuery(r.URL.RawQuery)
- if len(p["email"]) > 0 {
- email := p["email"][0]
- verify := GetVerificationByEmail(db, email)
- if verify.Identifier != "" || !IsEmailSetup() {
- w.WriteHeader(http.StatusForbidden)
- w.Write([]byte("400 no path"))
- } else {
- var nVerify Verify
- nVerify.Type = "email"
- nVerify.Identifier = email
- nVerify.Code = CreateKey(32)
- nVerify.Board = actor.Id
- CreateVerification(db, nVerify)
- SendVerification(nVerify)
- w.WriteHeader(http.StatusCreated)
- w.Write([]byte("Verification added"))
- }
+ r.ParseForm()
- } else {
- w.WriteHeader(http.StatusForbidden)
- w.Write([]byte("400 no path"))
- }
+ code := r.FormValue("code")
+
+ var verify Verify
+
+ verify.Board = actor.Id
+ verify.Identifier = "post"
+
+ verify = GetVerificationCode(db, verify)
+
+ auth := CreateTripCode(verify.Code)
+ auth = CreateTripCode(auth)
+
+
+ if CreateTripCode(auth) == code {
+ w.WriteHeader(http.StatusOK)
} else {
- w.WriteHeader(http.StatusForbidden)
- w.Write([]byte("400 no path"))
+ w.WriteHeader(http.StatusUnauthorized)
}
- return
+
+ w.Write([]byte(""))
}
//catch all
@@ -344,7 +336,7 @@ func main() {
CheckError(err, "error with post form req")
req.Header.Set("Content-Type", we.FormDataContentType())
- req.Header.Set("Authorization", "basic: " + *Key)
+ req.Header.Set("Authorization", "Basic " + *Key)
resp, err := http.DefaultClient.Do(req)
@@ -1595,9 +1587,20 @@ func GetActorReported(w http.ResponseWriter, r *http.Request, db *sql.DB, id str
w.Write(enc)
}
-func MakeActivityRequest(activity Activity) {
+func MakeActivityRequest(db *sql.DB, activity Activity) {
j, _ := json.MarshalIndent(activity, "", "\t")
+
+ var verify Verify
+
+ verify.Board = activity.Actor.Id
+ verify.Identifier = "post"
+
+ verify = GetVerificationCode(db, verify)
+
+ auth := CreateTripCode(verify.Code)
+
+ auth = CreateTripCode(auth)
for _, e := range activity.To {
@@ -1605,8 +1608,9 @@ func MakeActivityRequest(activity Activity) {
if actor.Inbox != "" {
req, err := http.NewRequest("POST", actor.Inbox, bytes.NewBuffer(j))
-
- req.Header.Set("Content-Type", activitystreams)
+
+ req.Header.Set("Content-Type", activitystreams)
+ req.Header.Set("Authorization", "Basic " + auth)
CheckError(err, "error with sending activity req to")
@@ -1748,7 +1752,7 @@ func DeleteObjectRequest(db *sql.DB, id string) {
activity.To = append(activity.To, e.Id)
}
- MakeActivityRequest(activity)
+ MakeActivityRequest(db, activity)
}
func DeleteObjectAndRepliesRequest(db *sql.DB, id string) {
@@ -1764,7 +1768,7 @@ func DeleteObjectAndRepliesRequest(db *sql.DB, id string) {
activity.To = append(activity.To, e.Id)
}
- MakeActivityRequest(activity)
+ MakeActivityRequest(db, activity)
}
func ResizeAttachmentToPreview(db *sql.DB) {