From 41c63c0688475d5212ce2262b1be248bf438a9ad Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Thu, 3 Jun 2021 02:44:35 -0700 Subject: cleaned up file names --- outboxPost.go | 647 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 647 insertions(+) create mode 100644 outboxPost.go (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go new file mode 100644 index 0000000..8bddf42 --- /dev/null +++ b/outboxPost.go @@ -0,0 +1,647 @@ +package main + +import "fmt" +import "net/http" +import "database/sql" +import _ "github.com/lib/pq" +import "encoding/json" +import "reflect" +import "io/ioutil" +import "os" +import "regexp" +import "strings" + +func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { + + var activity Activity + + actor := GetActorFromPath(db, r.URL.Path, "/") + contentType := GetContentType(r.Header.Get("content-type")) + + defer r.Body.Close() + if contentType == "multipart/form-data" || contentType == "application/x-www-form-urlencoded" { + r.ParseMultipartForm(5 << 20) + if(BoardHasAuthType(db, actor.Name, "captcha") && CheckCaptcha(db, r.FormValue("captcha"))) { + f, header, _ := r.FormFile("file") + if(header != nil) { + if(header.Size > (7 << 20)){ + w.WriteHeader(http.StatusRequestEntityTooLarge) + w.Write([]byte("7MB max file size")) + return + } + + contentType, _ := GetFileContentType(f) + + if(!SupportedMIMEType(contentType)) { + w.WriteHeader(http.StatusNotAcceptable) + w.Write([]byte("file type not supported")) + return + } + } + + var nObj = CreateObject("Note") + nObj = ObjectFromForm(r, db, nObj) + + var act Actor + nObj.Actor = &act + nObj.Actor.Id = Domain + "/" + actor.Name + + nObj = WriteObjectToDB(db, nObj) + activity := CreateActivity("Create", nObj) + activity = AddFollowersToActivity(db, activity) + MakeActivityRequest(db, activity) + + var id string + op := len(nObj.InReplyTo) - 1 + if op >= 0 { + if nObj.InReplyTo[op].Id == "" { + id = nObj.Id + } else { + id = nObj.InReplyTo[0].Id + "|" + nObj.Id + } + } + + w.WriteHeader(http.StatusOK) + w.Write([]byte(id)) + return + } + + w.WriteHeader(http.StatusForbidden) + w.Write([]byte("captcha could not auth")) + } else { + activity = GetActivityFromJson(r, db) + + if IsActivityLocal(db, activity) { + switch activity.Type { + case "Create": + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + break + case "Follow": + + var validActor bool + var validLocalActor bool + + header := r.Header.Get("Authorization") + + auth := strings.Split(header, " ") + + if len(auth) < 2 { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + return + } + + _, validActor = IsValidActor(activity.Object.Actor.Id) + validLocalActor = (activity.Actor.Id == actor.Id) + + var verify Verify + verify.Identifier = "admin" + verify.Board = activity.Actor.Id + + verify = GetVerificationCode(db, verify) + + code := verify.Code + code = CreateTripCode(code) + code = CreateTripCode(code) + + if code != auth[1] { + verify.Identifier = "admin" + verify.Board = Domain + + verify = GetVerificationCode(db, verify) + code = verify.Code + code = CreateTripCode(code) + code = CreateTripCode(code) + } + + var rActivity Activity + if validActor && validLocalActor && code == auth[1] || verify.Board == Domain { + rActivity = AcceptFollow(activity) + SetActorFollowingDB(db, rActivity) + MakeActivityRequest(db, activity) + } + + break + case "Delete": + fmt.Println("This is a delete") + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("could not process activity")) + break + case "Note": + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("could not process activity")) + break + + case "New": + + header := r.Header.Get("Authorization") + + auth := strings.Split(header, " ") + + if len(auth) < 2 { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + return + } + + var verify Verify + verify.Identifier = "admin" + verify.Board = Domain + + verify = GetVerificationCode(db, verify) + + code := verify.Code + code = CreateTripCode(code) + code = CreateTripCode(code) + + if code != auth[1] { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + return + } + + name := activity.Object.Actor.Name + prefname := activity.Object.Actor.PreferredUsername + summary := activity.Object.Actor.Summary + restricted := activity.Object.Actor.Restricted + + actor := CreateNewBoardDB(db, *CreateNewActor(name, prefname, summary, authReq, restricted)) + + if actor.Id != "" { + j, _ := json.Marshal(&actor) + w.Write([]byte(j)) + return + } + + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + break + default: + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("could not process activity")) + } + } else { + fmt.Println("is NOT activity") + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("could not process activity")) + } + } +} + +func ObjectFromJson(r *http.Request, obj ObjectBase) ObjectBase { + body, _ := ioutil.ReadAll(r.Body) + + var respActivity ActivityRaw + + err := json.Unmarshal(body, &respActivity) + + CheckError(err, "error with object from json") + + if HasContextFromJson(respActivity.AtContextRaw.Context) { + var jObj ObjectBase + jObj = GetObjectFromJson(respActivity.ObjectRaw) + jObj.To = GetToFromJson(respActivity.ToRaw) + jObj.Cc = GetToFromJson(respActivity.CcRaw) + } + + return obj +} + +func GetObjectFromJson(obj []byte) ObjectBase { + var generic interface{} + + err := json.Unmarshal(obj, &generic) + + CheckError(err, "error with getting obj from json") + + t := reflect.TypeOf(generic) + + var nObj ObjectBase + if t != nil { + switch t.String() { + case "[]interface {}": + var lObj ObjectBase + var arrContext ObjectArray + err = json.Unmarshal(obj, &arrContext.Object) + CheckError(err, "error with []interface{} oject from json") + if len(arrContext.Object) > 0 { + lObj = arrContext.Object[0] + } + nObj = lObj + break + + case "map[string]interface {}": + var arrContext Object + err = json.Unmarshal(obj, &arrContext.Object) + CheckError(err, "error with object from json") + nObj = *arrContext.Object + break + + case "string": + var lObj ObjectBase + var arrContext ObjectString + err = json.Unmarshal(obj, &arrContext.Object) + CheckError(err, "error with string object from json") + lObj.Id = arrContext.Object + nObj = lObj + break + } + } + + return nObj +} + +func GetActorFromJson(actor []byte) Actor{ + var generic interface{} + var nActor Actor + err := json.Unmarshal(actor, &generic) + + if err != nil { + return nActor + } + + t := reflect.TypeOf(generic) + if t != nil { + switch t.String() { + case "map[string]interface {}": + err = json.Unmarshal(actor, &nActor) + CheckError(err, "error with To []interface{}") + + case "string": + var str string + err = json.Unmarshal(actor, &str) + CheckError(err, "error with To string") + nActor.Id = str + } + + return nActor + } + + return nActor +} + +func GetToFromJson(to []byte) []string { + var generic interface{} + + err := json.Unmarshal(to, &generic) + + if err != nil { + return nil + } + + t := reflect.TypeOf(generic) + + if t != nil { + var nStr []string + switch t.String() { + case "[]interface {}": + err = json.Unmarshal(to, &nStr) + CheckError(err, "error with To []interface{}") + return nStr + + case "string": + var str string + err = json.Unmarshal(to, &str) + CheckError(err, "error with To string") + nStr = append(nStr, str) + return nStr + } + } + + return nil +} + +func HasContextFromJson(context []byte) bool { + var generic interface{} + + err := json.Unmarshal(context, &generic) + + CheckError(err, "error with getting context") + + t := reflect.TypeOf(generic) + + hasContext := false + + switch t.String() { + case "[]interface {}": + var arrContext AtContextArray + err = json.Unmarshal(context, &arrContext.Context) + CheckError(err, "error with []interface{}") + if len(arrContext.Context) > 0 { + if arrContext.Context[0] == "https://www.w3.org/ns/activitystreams" { + hasContext = true + } + } + case "string": + var arrContext AtContextString + err = json.Unmarshal(context, &arrContext.Context) + CheckError(err, "error with string") + if arrContext.Context == "https://www.w3.org/ns/activitystreams" { + hasContext = true + } + } + + return hasContext +} + +func ObjectFromForm(r *http.Request, db *sql.DB, obj ObjectBase) ObjectBase { + + file, header, _ := r.FormFile("file") + + if file != nil { + defer file.Close() + + var tempFile = new(os.File) + obj.Attachment, tempFile = CreateAttachmentObject(file, header) + + defer tempFile.Close(); + + fileBytes, _ := ioutil.ReadAll(file) + + tempFile.Write(fileBytes) + + obj.Preview = CreatePreviewObject(obj.Attachment[0]) + } + + obj.AttributedTo = EscapeString(r.FormValue("name")) + obj.TripCode = EscapeString(r.FormValue("tripcode")) + obj.Name = EscapeString(r.FormValue("subject")) + obj.Content = EscapeString(r.FormValue("comment")) + + obj = ParseOptions(r, obj) + + var originalPost ObjectBase + originalPost.Id = EscapeString(r.FormValue("inReplyTo")) + + obj.InReplyTo = append(obj.InReplyTo, originalPost) + + var activity Activity + + if !IsInStringArray(activity.To, originalPost.Id) { + activity.To = append(activity.To, originalPost.Id) + } + + if originalPost.Id != "" { + if !IsActivityLocal(db, activity) { + id := GetActorFromID(originalPost.Id).Id + actor := GetActor(id) + if !IsInStringArray(obj.To, actor.Id) { + obj.To = append(obj.To, actor.Id) + } + } + } + + replyingTo := ParseCommentForReplies(r.FormValue("comment")) + + for _, e := range replyingTo { + + has := false + + for _, f := range obj.InReplyTo { + if e.Id == f.Id { + has = true + break + } + } + + if !has { + obj.InReplyTo = append(obj.InReplyTo, e) + + var activity Activity + + activity.To = append(activity.To, e.Id) + + if !IsActivityLocal(db, activity) { + id := GetActorFromID(e.Id).Id + actor := GetActor(id) + if !IsInStringArray(obj.To, actor.Id) { + obj.To = append(obj.To, actor.Id) + } + } + } + } + + return obj +} + +func ParseOptions(r *http.Request, obj ObjectBase) ObjectBase { + options := EscapeString(r.FormValue("options")) + if options != "" { + option := strings.Split(options, ";") + email := regexp.MustCompile(".+@.+\\..+") + wallet := regexp.MustCompile("wallet:.+") + delete := regexp.MustCompile("delete:.+") + for _, e := range option { + if e == "noko" { + obj.Option = append(obj.Option, "noko") + } else if e == "sage" { + obj.Option = append(obj.Option, "sage") + } else if e == "nokosage" { + obj.Option = append(obj.Option, "nokosage") + } else if email.MatchString(e) { + obj.Option = append(obj.Option, "email:" + e) + } else if wallet.MatchString(e) { + obj.Option = append(obj.Option, "wallet") + var wallet CryptoCur + value := strings.Split(e, ":") + wallet.Type = value[0] + wallet.Address = value[1] + obj.Wallet = append(obj.Wallet, wallet) + } else if delete.MatchString(e) { + obj.Option = append(obj.Option, e) + } + } + } + + return obj +} + +func GetActivityFromJson(r *http.Request, db *sql.DB) Activity { + body, _ := ioutil.ReadAll(r.Body) + + var respActivity ActivityRaw + + var nActivity Activity + + var nType string + + err := json.Unmarshal(body, &respActivity) + + CheckError(err, "error with activity from json") + + if HasContextFromJson(respActivity.AtContextRaw.Context) { + var jObj ObjectBase + + if respActivity.Type == "Note" { + jObj = GetObjectFromJson(body) + nType = "Create" + } else { + jObj = GetObjectFromJson(respActivity.ObjectRaw) + nType = respActivity.Type + } + + actor := GetActorFromJson(respActivity.ActorRaw) + to := GetToFromJson(respActivity.ToRaw) + cc := GetToFromJson(respActivity.CcRaw) + + nActivity.AtContext.Context = "https://www.w3.org/ns/activitystreams" + nActivity.Type = nType + nActivity.Actor = &actor + nActivity.Published = respActivity.Published + nActivity.Auth = respActivity.Auth + + if len(to) > 0 { + nActivity.To = to + } + + if len(cc) > 0 { + nActivity.Cc = cc + } + + nActivity.Name = respActivity.Name + nActivity.Object = &jObj + } + + return nActivity +} + +func CheckCaptcha(db *sql.DB, captcha string) bool { + parts := strings.Split(captcha, ":") + + if strings.Trim(parts[0], " ") == "" || strings.Trim(parts[1], " ") == ""{ + return false + } + + path := "public/" + parts[0] + ".png" + code := GetCaptchaCodeDB(db, path) + + if code != "" { + DeleteCaptchaCodeDB(db, path) + CreateNewCaptcha(db) + } + + if (code == strings.ToUpper(parts[1])) { + return true + } + + return false +} + +func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { + activity := GetActivityFromJson(r, db) + + header := r.Header.Get("Authorization") + auth := strings.Split(header, " ") + + + if len(auth) < 2 { + response := RejectActivity(activity) + MakeActivityRequest(db, response) + return + } + + if !RemoteActorHasAuth(activity.Actor.Id, auth[1]) { + if !RemoteActorHasAuth(Domain, auth[1]) { + response := RejectActivity(activity) + MakeActivityRequest(db, response) + return + } + } + + switch(activity.Type) { + case "Create": + for _, e := range activity.To { + if IsActorLocal(db, e) { + if !IsActorLocal(db, activity.Actor.Id) { + WriteObjectToCache(db, *activity.Object) + } + } + } + break + + case "Delete": + for _, e := range activity.To { + actor := GetActorFromDB(db, e) + if actor.Id != "" { + if activity.Object.Replies != nil { + for _, k := range activity.Object.Replies.OrderedItems { + DeleteObject(db, k.Id) + } + } + DeleteObject(db, activity.Object.Id) + break + } + } + break + + + case "Follow": + for _, e := range activity.To { + if GetActorFromDB(db, e).Id != "" { + response := AcceptFollow(activity) + response = SetActorFollowerDB(db, response) + MakeActivityRequest(db, response) + } else { + fmt.Println("follow request for rejected") + response := RejectActivity(activity) + MakeActivityRequest(db, response) + return + } + } + break + + case "Reject": + if activity.Object.Object.Type == "Follow" { + fmt.Println("follow rejected") + SetActorFollowingDB(db, activity) + } + break + } + +} + +func MakeActivityFollowingReq(w http.ResponseWriter, r *http.Request, activity Activity) bool { + actor := GetActor(activity.Object.Id) + + resp, err := http.NewRequest("POST", actor.Inbox, nil) + + CheckError(err, "Cannot make new get request to actor inbox for following req") + + defer resp.Body.Close() + + body, _ := ioutil.ReadAll(resp.Body) + + var respActivity Activity + + err = json.Unmarshal(body, &respActivity) + + if respActivity.Type == "Accept" { + return true + } + + return false +} + +func RemoteActorHasAuth(actor string, code string) bool { + + if actor == "" || code == "" { + return false + } + + req, err := http.NewRequest("GET", actor + "/verification&code=" + code, nil) + + CheckError(err, "could not make remote actor auth req") + + resp, err := http.DefaultClient.Do(req) + + CheckError(err, "could not make remote actor auth resp") + + defer resp.Body.Close() + + if resp.StatusCode == 200 { + return true + } + + return false +} -- cgit v1.2.3 From 8d9218e8cd7f18808bbd6b60e8a489cee967efb4 Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Fri, 4 Jun 2021 16:02:52 -0700 Subject: added verfication based on signature header with pem keys --- outboxPost.go | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index 8bddf42..5729b2d 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -530,25 +530,13 @@ func CheckCaptcha(db *sql.DB, captcha string) bool { func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { activity := GetActivityFromJson(r, db) - - header := r.Header.Get("Authorization") - auth := strings.Split(header, " ") - - if len(auth) < 2 { + if !VerifyHeaderSignature(r, *activity.Actor) { response := RejectActivity(activity) MakeActivityRequest(db, response) return } - if !RemoteActorHasAuth(activity.Actor.Id, auth[1]) { - if !RemoteActorHasAuth(Domain, auth[1]) { - response := RejectActivity(activity) - MakeActivityRequest(db, response) - return - } - } - switch(activity.Type) { case "Create": for _, e := range activity.To { -- cgit v1.2.3 From 84c008bc27510c63fb22d14c8559e05e12953418 Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Fri, 4 Jun 2021 21:44:43 -0700 Subject: added exif removal from jpeg, png images --- outboxPost.go | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index 5729b2d..ab8c451 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -10,6 +10,7 @@ import "io/ioutil" import "os" import "regexp" import "strings" +import "os/exec" func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { @@ -31,7 +32,7 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { } contentType, _ := GetFileContentType(f) - + if(!SupportedMIMEType(contentType)) { w.WriteHeader(http.StatusNotAcceptable) w.Write([]byte("file type not supported")) @@ -361,6 +362,18 @@ func ObjectFromForm(r *http.Request, db *sql.DB, obj ObjectBase) ObjectBase { tempFile.Write(fileBytes) + re := regexp.MustCompile(`image/(jpe?g|png|webp)`) + if re.MatchString(obj.Attachment[0].MediaType) { + fileLoc := strings.ReplaceAll(obj.Attachment[0].Href, Domain, "") + + cmd := exec.Command("exiv2", "rm", "." + fileLoc) + + err := cmd.Run() + + CheckError(err, "error with removing exif data from image") + + } + obj.Preview = CreatePreviewObject(obj.Attachment[0]) } -- cgit v1.2.3 From 5ca02e417cb5e60b020c0e090ac56d1000aed1cd Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Sun, 6 Jun 2021 00:07:31 -0700 Subject: correct post ordering when following instance --- outboxPost.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index ab8c451..075b795 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -544,11 +544,11 @@ func CheckCaptcha(db *sql.DB, captcha string) bool { func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { activity := GetActivityFromJson(r, db) - if !VerifyHeaderSignature(r, *activity.Actor) { - response := RejectActivity(activity) - MakeActivityRequest(db, response) - return - } + // if !VerifyHeaderSignature(r, *activity.Actor) { + // response := RejectActivity(activity) + // MakeActivityRequest(db, response) + // return + // } switch(activity.Type) { case "Create": -- cgit v1.2.3 From 6e67995a4f659987f6688ba6c9e2fec9c40e9cac Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Sun, 6 Jun 2021 01:37:48 -0700 Subject: changed naming to reflect more of what is being done for deleting or tombstone of an object --- outboxPost.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index 075b795..edbea65 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -567,10 +567,10 @@ func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { if actor.Id != "" { if activity.Object.Replies != nil { for _, k := range activity.Object.Replies.OrderedItems { - DeleteObject(db, k.Id) + TombstoneObject(db, k.Id) } } - DeleteObject(db, activity.Object.Id) + TombstoneObject(db, activity.Object.Id) break } } -- cgit v1.2.3 From 3a4aacb9c49b7d2730b7ec46205a43c5095456d6 Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Sun, 6 Jun 2021 03:01:19 -0700 Subject: better handling of follow when instance is offline --- outboxPost.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index edbea65..2a06211 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -92,8 +92,8 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { w.Write([]byte("")) return } - - _, validActor = IsValidActor(activity.Object.Actor.Id) + + validActor = (FingerActor(activity.Object.Actor.Id).Id != "") validLocalActor = (activity.Actor.Id == actor.Id) var verify Verify @@ -117,7 +117,7 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { } var rActivity Activity - if validActor && validLocalActor && code == auth[1] || verify.Board == Domain { + if validActor && validLocalActor && code == auth[1] { rActivity = AcceptFollow(activity) SetActorFollowingDB(db, rActivity) MakeActivityRequest(db, activity) -- cgit v1.2.3 From 42cf749f7923ac33194ab87b8dce060f46a220bc Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Sun, 6 Jun 2021 12:39:06 -0700 Subject: signature verify arguments mixed up fix --- outboxPost.go | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index 2a06211..83859ad 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -544,11 +544,12 @@ func CheckCaptcha(db *sql.DB, captcha string) bool { func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { activity := GetActivityFromJson(r, db) - // if !VerifyHeaderSignature(r, *activity.Actor) { - // response := RejectActivity(activity) - // MakeActivityRequest(db, response) - // return - // } + if !VerifyHeaderSignature(r, *activity.Actor) { + fmt.Println(*activity.Actor) + response := RejectActivity(activity) + MakeActivityRequest(db, response) + return + } switch(activity.Type) { case "Create": -- cgit v1.2.3 From 96f71a374a9b7f7982a1ca750a33b87034aad46c Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Sun, 6 Jun 2021 14:28:27 -0700 Subject: verifying outbox activity requests with signature integration --- outboxPost.go | 101 ++++++++++++++++++++-------------------------------------- 1 file changed, 35 insertions(+), 66 deletions(-) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index 83859ad..03e79ff 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -71,113 +71,83 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { w.Write([]byte("captcha could not auth")) } else { activity = GetActivityFromJson(r, db) - if IsActivityLocal(db, activity) { + if !VerifyHeaderSignature(r, *activity.Actor) { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + return + } + switch activity.Type { case "Create": w.WriteHeader(http.StatusBadRequest) w.Write([]byte("")) break + case "Follow": - var validActor bool var validLocalActor bool - header := r.Header.Get("Authorization") - - auth := strings.Split(header, " ") - - if len(auth) < 2 { - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte("")) - return - } - - validActor = (FingerActor(activity.Object.Actor.Id).Id != "") + validActor = (activity.Object.Actor.Id != "") validLocalActor = (activity.Actor.Id == actor.Id) - var verify Verify - verify.Identifier = "admin" - verify.Board = activity.Actor.Id - - verify = GetVerificationCode(db, verify) - - code := verify.Code - code = CreateTripCode(code) - code = CreateTripCode(code) - - if code != auth[1] { - verify.Identifier = "admin" - verify.Board = Domain - - verify = GetVerificationCode(db, verify) - code = verify.Code - code = CreateTripCode(code) - code = CreateTripCode(code) - } - var rActivity Activity - if validActor && validLocalActor && code == auth[1] { + if validActor && validLocalActor { rActivity = AcceptFollow(activity) SetActorFollowingDB(db, rActivity) MakeActivityRequest(db, activity) } - + + FollowingBoards = GetActorFollowingDB(db, Domain) + Boards = GetBoardCollection(db) break + case "Delete": fmt.Println("This is a delete") w.WriteHeader(http.StatusBadRequest) w.Write([]byte("could not process activity")) break + case "Note": w.WriteHeader(http.StatusBadRequest) w.Write([]byte("could not process activity")) break case "New": - - header := r.Header.Get("Authorization") - - auth := strings.Split(header, " ") - - if len(auth) < 2 { - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte("")) - return - } - - var verify Verify - verify.Identifier = "admin" - verify.Board = Domain - - verify = GetVerificationCode(db, verify) - - code := verify.Code - code = CreateTripCode(code) - code = CreateTripCode(code) - - if code != auth[1] { - w.WriteHeader(http.StatusBadRequest) - w.Write([]byte("")) - return - } - name := activity.Object.Actor.Name prefname := activity.Object.Actor.PreferredUsername summary := activity.Object.Actor.Summary restricted := activity.Object.Actor.Restricted actor := CreateNewBoardDB(db, *CreateNewActor(name, prefname, summary, authReq, restricted)) - + if actor.Id != "" { - j, _ := json.Marshal(&actor) - w.Write([]byte(j)) + var board []ObjectBase + var item ObjectBase + var removed bool = false + + item.Id = actor.Id + for _, e := range FollowingBoards { + if e.Id != item.Id { + board = append(board, e) + } else { + removed = true + } + } + + if !removed { + board = append(board, item) + } + + FollowingBoards = board + Boards = GetBoardCollection(db) return } w.WriteHeader(http.StatusBadRequest) w.Write([]byte("")) break + default: w.WriteHeader(http.StatusBadRequest) w.Write([]byte("could not process activity")) @@ -545,7 +515,6 @@ func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { activity := GetActivityFromJson(r, db) if !VerifyHeaderSignature(r, *activity.Actor) { - fmt.Println(*activity.Actor) response := RejectActivity(activity) MakeActivityRequest(db, response) return -- cgit v1.2.3 From bf23a5c30ace0525e2ad67a979916af5ebab3001 Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Sun, 6 Jun 2021 20:22:07 -0700 Subject: nil actor variables for deleting posts --- outboxPost.go | 1 - 1 file changed, 1 deletion(-) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index 03e79ff..e86703d 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -513,7 +513,6 @@ func CheckCaptcha(db *sql.DB, captcha string) bool { func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { activity := GetActivityFromJson(r, db) - if !VerifyHeaderSignature(r, *activity.Actor) { response := RejectActivity(activity) MakeActivityRequest(db, response) -- cgit v1.2.3 From 6b265b0a8c2e45422f4a4601e041d44e5cef1c1b Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Sat, 19 Jun 2021 18:26:14 -0700 Subject: added sensitive content checkbox for upload --- outboxPost.go | 1 + 1 file changed, 1 insertion(+) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index e86703d..c5e582a 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -351,6 +351,7 @@ func ObjectFromForm(r *http.Request, db *sql.DB, obj ObjectBase) ObjectBase { obj.TripCode = EscapeString(r.FormValue("tripcode")) obj.Name = EscapeString(r.FormValue("subject")) obj.Content = EscapeString(r.FormValue("comment")) + obj.Sensitive = (r.FormValue("sensitive") != "") obj = ParseOptions(r, obj) -- cgit v1.2.3 From ef7eb7330018c84a44fb24711982c25f51749d2e Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Thu, 24 Jun 2021 23:45:18 -0700 Subject: changed activitystream formating for objects to better align with pleromas actor field --- outboxPost.go | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index c5e582a..774ac62 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -43,9 +43,7 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { var nObj = CreateObject("Note") nObj = ObjectFromForm(r, db, nObj) - var act Actor - nObj.Actor = &act - nObj.Actor.Id = Domain + "/" + actor.Name + nObj.Actor = Domain + "/" + actor.Name nObj = WriteObjectToDB(db, nObj) activity := CreateActivity("Create", nObj) @@ -88,9 +86,9 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { var validActor bool var validLocalActor bool - validActor = (activity.Object.Actor.Id != "") + validActor = (activity.Object.Actor != "") validLocalActor = (activity.Actor.Id == actor.Id) - + var rActivity Activity if validActor && validLocalActor { rActivity = AcceptFollow(activity) @@ -114,10 +112,10 @@ func ParseOutboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { break case "New": - name := activity.Object.Actor.Name - prefname := activity.Object.Actor.PreferredUsername - summary := activity.Object.Actor.Summary - restricted := activity.Object.Actor.Restricted + name := activity.Object.Alias + prefname := activity.Object.Name + summary := activity.Object.Summary + restricted := activity.Object.Sensitive actor := CreateNewBoardDB(db, *CreateNewActor(name, prefname, summary, authReq, restricted)) @@ -368,7 +366,7 @@ func ObjectFromForm(r *http.Request, db *sql.DB, obj ObjectBase) ObjectBase { if originalPost.Id != "" { if !IsActivityLocal(db, activity) { - id := GetActorFromID(originalPost.Id).Id + id := FingerActor(originalPost.Id).Id actor := GetActor(id) if !IsInStringArray(obj.To, actor.Id) { obj.To = append(obj.To, actor.Id) @@ -397,7 +395,7 @@ func ObjectFromForm(r *http.Request, db *sql.DB, obj ObjectBase) ObjectBase { activity.To = append(activity.To, e.Id) if !IsActivityLocal(db, activity) { - id := GetActorFromID(e.Id).Id + id := FingerActor(e.Id).Id actor := GetActor(id) if !IsInStringArray(obj.To, actor.Id) { obj.To = append(obj.To, actor.Id) -- cgit v1.2.3 From 80bcce22a2368c3911137dec97d6744dee328809 Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Fri, 25 Jun 2021 14:55:18 -0700 Subject: more cleaning up to better intergrate with plemroma standards. can verify signatures better --- outboxPost.go | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'outboxPost.go') diff --git a/outboxPost.go b/outboxPost.go index 774ac62..5772932 100644 --- a/outboxPost.go +++ b/outboxPost.go @@ -512,6 +512,12 @@ func CheckCaptcha(db *sql.DB, captcha string) bool { func ParseInboxRequest(w http.ResponseWriter, r *http.Request, db *sql.DB) { activity := GetActivityFromJson(r, db) + + if activity.Actor.PublicKey.Id == "" { + nActor := FingerActor(activity.Actor.Id) + activity.Actor = &nActor + } + if !VerifyHeaderSignature(r, *activity.Actor) { response := RejectActivity(activity) MakeActivityRequest(db, response) -- cgit v1.2.3