From 80bcce22a2368c3911137dec97d6744dee328809 Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Fri, 25 Jun 2021 14:55:18 -0700 Subject: more cleaning up to better intergrate with plemroma standards. can verify signatures better --- follow.go | 2 ++ main.go | 8 +++++--- outboxGet.go | 2 +- outboxPost.go | 6 ++++++ verification.go | 19 +++++++++++++------ 5 files changed, 27 insertions(+), 10 deletions(-) diff --git a/follow.go b/follow.go index d62e3b8..7c56136 100644 --- a/follow.go +++ b/follow.go @@ -139,6 +139,8 @@ func RejectActivity(activity Activity) Activity { accept.Type = "Reject" var nObj ObjectBase accept.Object = &nObj + var nActor Actor + accept.Actor = &nActor accept.Actor.Id = activity.Object.Actor accept.Object.Actor = activity.Actor.Id var nNested NestedObjectBase diff --git a/main.go b/main.go index 44e7ea3..4d23a8d 100644 --- a/main.go +++ b/main.go @@ -2293,8 +2293,6 @@ func FingerRequest(actor string, instance string) (*http.Response){ CheckError(err, "could not get finger request from id req") - req.Header.Set("Accept", activitystreams) - resp, err := http.DefaultClient.Do(req) var finger Webfinger @@ -2342,12 +2340,16 @@ func GetActorInstance(path string) (string, string) { } } - re = regexp.MustCompile(`(https?:\\)?(www)?([\w\d-_.:]+)\/([\w\d-_.]+)`) + re = regexp.MustCompile(`(https?:\\)?(www)?([\w\d-_.:]+)\/([\w\d-_.]+)(\/([\w\d-_.]+))?`) httpFormat := re.MatchString(path) if(httpFormat) { match := re.FindStringSubmatch(path) if(len(match) > 3) { + if match[4] == "users" { + return match[6], match[3] + } + return match[4], match[3] } } diff --git a/outboxGet.go b/outboxGet.go index acc1eee..4064f0b 100644 --- a/outboxGet.go +++ b/outboxGet.go @@ -16,7 +16,7 @@ func GetActorOutbox(w http.ResponseWriter, r *http.Request, db *sql.DB) { collection.TotalItems = GetObjectPostsTotalDB(db, actor) collection.TotalImgs = GetObjectImgsTotalDB(db, actor) - enc, _ := json.MarshalIndent(collection, "", "\t") + enc, _ := json.Marshal(collection) w.Header().Set("Content-Type", activitystreams) w.Write(enc) diff --git a/outboxPost.go b/outboxPost.go index 774ac62..5772932 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -512,6 +512,12 @@ func CheckCaptcha(db *sql.DB, captcha string) bool { func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { activity := GetActivityFromJson(r, db) + + if activity.Actor.PublicKey.Id == "" { + nActor := FingerActor(activity.Actor.Id) + activity.Actor = &nActor + } + if !VerifyHeaderSignature(r, *activity.Actor) { response := RejectActivity(activity) MakeActivityRequest(db, response) diff --git a/verification.go b/verification.go index 7c634e1..db44689 100644 --- a/verification.go +++ b/verification.go @@ -615,35 +615,42 @@ func VerifyHeaderSignature(r *http.Request, actor Actor) bool { var contentLength string var sig string - for _, e := range s.Headers { + for i, e := range s.Headers { + + var nl string + if i < len(s.Headers) - 1 { + nl = "\n" + } + + if e == "(request-target)" { method = strings.ToLower(r.Method) path = r.URL.Path - sig += "(request-target): " + method + " " + path + "\\n" + sig += "(request-target): " + method + " " + path + "" + nl continue } if e == "host" { host = r.Host - sig += "host: " + host + "\\n" + sig += "host: " + host + "" + nl continue } if e == "date" { date = r.Header.Get("date") - sig += "date: " + date + sig += "date: " + date + "" + nl continue } if e == "digest" { digest = r.Header.Get("digest") - sig += "digest: " + digest + sig += "digest: " + digest + "" + nl continue } if e == "content-length" { contentLength = r.Header.Get("content-length") - sig += "content-length: " + contentLength + sig += "content-length: " + contentLength + "" + nl continue } } -- cgit v1.2.3