diff options
| -rw-r--r-- | database.go | 12 | ||||
| -rw-r--r-- | main.go | 138 | ||||
| -rw-r--r-- | outboxPost.go | 101 |
3 files changed, 84 insertions, 167 deletions
diff --git a/database.go b/database.go index 0898876..948bb38 100644 --- a/database.go +++ b/database.go @@ -105,21 +105,22 @@ func CreateNewBoardDB(db *sql.DB, actor Actor) Actor{ nverify.Board = actor.Id nverify.Identifier = "post" nverify.Type = "post" - CreateBoardMod(db, nverify) + CreateBoardMod(db, nverify) + CreatePem(db, actor) + if actor.Name != "main" { - var nActor Actor var nObject ObjectBase var nActivity Activity + nActor := GetActorFromDB(db, Domain) nActivity.AtContext.Context = "https://www.w3.org/ns/activitystreams" nActivity.Type = "Follow" nActivity.Actor = &nActor nActivity.Object = &nObject - nActivity.Actor.Id = Domain - var mActor Actor + + mActor := GetActorFromDB(db, actor.Id) nActivity.Object.Actor = &mActor - nActivity.Object.Actor.Id = actor.Id nActivity.To = append(nActivity.To, actor.Id) response := AcceptFollow(nActivity) @@ -127,7 +128,6 @@ func CreateNewBoardDB(db *sql.DB, actor Actor) Actor{ MakeActivityRequest(db, nActivity) } - CreatePem(db, actor) } return actor @@ -435,11 +435,11 @@ func main() { followActivity.AtContext.Context = "https://www.w3.org/ns/activitystreams" followActivity.Type = "Follow" - var nactor Actor - var obj ObjectBase + + var obj ObjectBase + nactor := FingerActor(r.FormValue("actor")) followActivity.Actor = &nactor followActivity.Object = &obj - followActivity.Actor.Id = r.FormValue("actor") var mactor Actor followActivity.Object.Actor = &mactor @@ -451,36 +451,14 @@ func main() { return } - enc, _ := json.Marshal(followActivity) - - req, err := http.NewRequest("POST", actor.Outbox, bytes.NewBuffer(enc)) - - CheckError(err, "error with follow req") - - _, pass := GetPasswordFromSession(r) - - pass = CreateTripCode(pass) - pass = CreateTripCode(pass) - - req.Header.Set("Authorization", "Basic " + pass) - - req.Header.Set("Content-Type", activitystreams) - - resp, err := http.DefaultClient.Do(req) - - if err != nil && resp.StatusCode != 200 { - fmt.Println("error with add board follow resp") - } else { - FollowingBoards = GetActorFollowingDB(db, Domain) - Boards = GetBoardCollection(db) - } + MakeActivityRequestOutbox(db, followActivity) var redirect string if(actor.Name != "main") { redirect = "/" + actor.Name } - http.Redirect(w, r, "/" + *Key + "/" + redirect, http.StatusSeeOther) + http.Redirect(w, r, "/" + *Key + "/" + redirect, http.StatusSeeOther) } else if manage && actor.Name != "" { t := template.Must(template.ParseFiles("./static/main.html", "./static/manage.html")) @@ -592,67 +570,14 @@ func main() { newActorActivity.AtContext.Context = "https://www.w3.org/ns/activitystreams" newActorActivity.Type = "New" - var nactor Actor + var nobj ObjectBase - newActorActivity.Actor = &nactor + newActorActivity.Actor = &actor newActorActivity.Object = &nobj - newActorActivity.Actor.Id = actor.Id newActorActivity.Object.Actor = &board - - enc, _ := json.Marshal(newActorActivity) - - req, err := http.NewRequest("POST", actor.Outbox, bytes.NewBuffer(enc)) - - CheckError(err, "error with add board follow req") - - _, pass := GetPasswordFromSession(r) - - pass = CreateTripCode(pass) - pass = CreateTripCode(pass) - - req.Header.Set("Authorization", "Basic " + pass) - req.Header.Set("Content-Type", activitystreams) - - resp, err := http.DefaultClient.Do(req) - - CheckError(err, "error with add board follow resp") - - defer resp.Body.Close() - - body, _ := ioutil.ReadAll(resp.Body) - - var respActor Actor - - err = json.Unmarshal(body, &respActor) - - CheckError(err, "error getting actor from body in new board") - - //update board list with new instances following - if resp.StatusCode == 200 { - var board []ObjectBase - var item ObjectBase - var removed bool = false - - item.Id = respActor.Id - for _, e := range FollowingBoards { - if e.Id != item.Id { - board = append(board, e) - } else { - removed = true - } - } - - if !removed { - board = append(board, item) - } - - FollowingBoards = board - - Boards = GetBoardCollection(db) - } - - http.Redirect(w, r, "/" + *Key, http.StatusSeeOther) + MakeActivityRequestOutbox(db, newActorActivity) + http.Redirect(w, r, "/" + *Key, http.StatusSeeOther) }) http.HandleFunc("/verify", func(w http.ResponseWriter, r *http.Request){ @@ -1820,20 +1745,44 @@ func GetActorReported(w http.ResponseWriter, r *http.Request, db *sql.DB, id str w.Write(enc) } -func MakeActivityRequest(db *sql.DB, activity Activity) { +func MakeActivityRequestOutbox(db *sql.DB, activity Activity) { + j, _ := json.Marshal(activity) - j, _ := json.MarshalIndent(activity, "", "\t") + req, err := http.NewRequest("POST", activity.Actor.Outbox, bytes.NewBuffer(j)) - var verify Verify + CheckError(err, "error with sending activity req to outbox") - verify.Board = activity.Actor.Id - verify.Identifier = "post" + re := regexp.MustCompile("https?://(www.)?") + + var instance string + if activity.Actor.Id == Domain { + instance = re.ReplaceAllString(Domain, "") + } else { + _, instance = GetActorInstance(activity.Actor.Id) + } + + date := time.Now().UTC().Format(time.RFC1123) + path := strings.Replace(activity.Actor.Outbox, instance, "", 1) + + + path = re.ReplaceAllString(path, "") - verify = GetVerificationCode(db, verify) + sig := fmt.Sprintf("(request-target): %s %s\\nhost: %s\\ndate: %s", "post", path, instance, date) + encSig := ActivitySign(db, *activity.Actor, sig) + + req.Header.Set("Content-Type", activitystreams) + req.Header.Set("Date", date) + req.Header.Set("Signature", encSig) + req.Host = instance + + _, err = http.DefaultClient.Do(req) + + CheckError(err, "error with sending activity resp to") +} - auth := CreateTripCode(verify.Code) +func MakeActivityRequest(db *sql.DB, activity Activity) { - auth = CreateTripCode(auth) + j, _ := json.MarshalIndent(activity, "", "\t") for _, e := range activity.To { if e != activity.Actor.Id { @@ -1852,14 +1801,13 @@ func MakeActivityRequest(db *sql.DB, activity Activity) { re := regexp.MustCompile("https?://(www.)?") path = re.ReplaceAllString(path, "") - sig := fmt.Sprintf("(request-target): %s %s\\nhost: %s\\ndate: %s", "post", path, Instance, date) + sig := fmt.Sprintf("(request-target): %s %s\\nhost: %s\\ndate: %s", "post", path, instance, date) encSig := ActivitySign(db, *activity.Actor, sig) req.Header.Set("Content-Type", activitystreams) req.Header.Set("Date", date) req.Header.Set("Signature", encSig) - req.Header.Set("Host", Instance) - req.Host = Instance + req.Host = instance CheckError(err, "error with sending activity req to") diff --git a/outboxPost.go b/outboxPost.go index 83859ad..03e79ff 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -71,113 +71,83 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { w.Write([]byte("captcha could not auth")) } else { activity = GetActivityFromJson(r, db) - if IsActivityLocal(db, activity) { + if !VerifyHeaderSignature(r, *activity.Actor) { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + return + } + switch activity.Type { case "Create": w.WriteHeader(http.StatusBadRequest) w.Write([]byte("")) break + case "Follow": - var validActor bool var validLocalActor bool - header := r.Header.Get("Authorization") - - auth := strings.Split(header, " ") - - if len(auth) < 2 { - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte("")) - return - } - - validActor = (FingerActor(activity.Object.Actor.Id).Id != "") + validActor = (activity.Object.Actor.Id != "") validLocalActor = (activity.Actor.Id == actor.Id) - var verify Verify - verify.Identifier = "admin" - verify.Board = activity.Actor.Id - - verify = GetVerificationCode(db, verify) - - code := verify.Code - code = CreateTripCode(code) - code = CreateTripCode(code) - - if code != auth[1] { - verify.Identifier = "admin" - verify.Board = Domain - - verify = GetVerificationCode(db, verify) - code = verify.Code - code = CreateTripCode(code) - code = CreateTripCode(code) - } - var rActivity Activity - if validActor && validLocalActor && code == auth[1] { + if validActor && validLocalActor { rActivity = AcceptFollow(activity) SetActorFollowingDB(db, rActivity) MakeActivityRequest(db, activity) } - + + FollowingBoards = GetActorFollowingDB(db, Domain) + Boards = GetBoardCollection(db) break + case "Delete": fmt.Println("This is a delete") w.WriteHeader(http.StatusBadRequest) w.Write([]byte("could not process activity")) break + case "Note": w.WriteHeader(http.StatusBadRequest) w.Write([]byte("could not process activity")) break case "New": - - header := r.Header.Get("Authorization") - - auth := strings.Split(header, " ") - - if len(auth) < 2 { - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte("")) - return - } - - var verify Verify - verify.Identifier = "admin" - verify.Board = Domain - - verify = GetVerificationCode(db, verify) - - code := verify.Code - code = CreateTripCode(code) - code = CreateTripCode(code) - - if code != auth[1] { - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte("")) - return - } - name := activity.Object.Actor.Name prefname := activity.Object.Actor.PreferredUsername summary := activity.Object.Actor.Summary restricted := activity.Object.Actor.Restricted actor := CreateNewBoardDB(db, *CreateNewActor(name, prefname, summary, authReq, restricted)) - + if actor.Id != "" { - j, _ := json.Marshal(&actor) - w.Write([]byte(j)) + var board []ObjectBase + var item ObjectBase + var removed bool = false + + item.Id = actor.Id + for _, e := range FollowingBoards { + if e.Id != item.Id { + board = append(board, e) + } else { + removed = true + } + } + + if !removed { + board = append(board, item) + } + + FollowingBoards = board + Boards = GetBoardCollection(db) return } w.WriteHeader(http.StatusBadRequest) w.Write([]byte("")) break + default: w.WriteHeader(http.StatusBadRequest) w.Write([]byte("could not process activity")) @@ -545,7 +515,6 @@ func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { activity := GetActivityFromJson(r, db) if !VerifyHeaderSignature(r, *activity.Actor) { - fmt.Println(*activity.Actor) response := RejectActivity(activity) MakeActivityRequest(db, response) return |