indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Sign the header for returned actors

merge-requests/30/head
Bob Mottram 2021-01-21 15:37:03 +00:00
parent 83ede4e43e
commit 3d5aad4aa7
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
daemon.py
View File

@ -10,6 +10,7 @@ from http.server import BaseHTTPRequestHandler, ThreadingHTTPServer, HTTPServer
import sys import sys
import json import json
import time import time
from time import gmtime, strftime
import locale import locale
import urllib.parse import urllib.parse
import datetime import datetime
@ -65,6 +66,7 @@ from person import removeAccount
from person import canRemovePost from person import canRemovePost
from person import personSnooze from person import personSnooze
from person import personUnsnooze from person import personUnsnooze
from posts import getPersonKey
from posts import isModerator from posts import isModerator
from posts import mutePost from posts import mutePost
from posts import unmutePost from posts import unmutePost
@ -221,6 +223,7 @@ from media import removeMetaData
from cache import storePersonInCache from cache import storePersonInCache
from cache import getPersonFromCache from cache import getPersonFromCache
from httpsig import verifyPostHeaders from httpsig import verifyPostHeaders
from httpsig import signPostHeaders
from theme import setNewsAvatar from theme import setNewsAvatar
from theme import setTheme from theme import setTheme
from theme import getTheme from theme import getTheme
@ -9065,13 +9068,27 @@ class PubServer(BaseHTTPRequestHandler):
'show profile posts') 'show profile posts')
else: else:
if self._fetchAuthenticated(): if self._fetchAuthenticated():
if atPath:
print('@ detected actor ' + str(actorJson))
msg = json.dumps(actorJson, msg = json.dumps(actorJson,
ensure_ascii=False).encode('utf-8') ensure_ascii=False).encode('utf-8')
msglen = len(msg) msglen = len(msg)
self._set_headers('application/json', msglen, self._set_headers('application/json', msglen,
None, callingDomain) None, callingDomain)
nickname = path.split('/users/')[1]
if '/' in nickname:
nickname = nickname.split('/')[0]
privateKeyPem = \
getPersonKey(nickname, domain, baseDir, 'private', debug)
if len(privateKeyPem) > 0:
dateStr = strftime("%a, %d %b %Y %H:%M:%S %Z", gmtime())
boxpath = '/inbox'
signatureHeader = \
signPostHeaders(dateStr, privateKeyPem, nickname,
domain, port,
callingDomain, 443,
boxpath, httpPrefix, None)
self.headers['signature'] = signatureHeader
if atPath:
print('@ detected actor ' + str(actorJson))
self._write(msg) self._write(msg)
else: else:
self._404() self._404()

6
posts.py
View File

@ -118,7 +118,7 @@ def noOfFollowersOnDomain(baseDir: str, handle: str,
return ctr return ctr
def _getPersonKey(nickname: str, domain: str, baseDir: str, keyType='public', def getPersonKey(nickname: str, domain: str, baseDir: str, keyType='public',
debug=False): debug=False):
"""Returns the public or private key of a person """Returns the public or private key of a person
""" """
@ -1837,7 +1837,7 @@ def sendPost(projectVersion: str,
None, None, None, None, None) None, None, None, None, None)
# get the senders private key # get the senders private key
privateKeyPem = _getPersonKey(nickname, domain, baseDir, 'private') privateKeyPem = getPersonKey(nickname, domain, baseDir, 'private')
if len(privateKeyPem) == 0: if len(privateKeyPem) == 0:
return 6 return 6
@ -2159,7 +2159,7 @@ def sendSignedJson(postJsonObject: {}, session, baseDir: str,
# sharedInbox is optional # sharedInbox is optional
# get the senders private key # get the senders private key
privateKeyPem = _getPersonKey(nickname, domain, baseDir, 'private', debug) privateKeyPem = getPersonKey(nickname, domain, baseDir, 'private', debug)
if len(privateKeyPem) == 0: if len(privateKeyPem) == 0:
if debug: if debug:
print('DEBUG: Private key not found for ' + print('DEBUG: Private key not found for ' +