Add a capabilities account to sign requests

2019-07-05 22:24:16 +01:00 · 2019-07-05 22:24:16 +01:00 · 54ff42d078
parent d5ab900570
commit 54ff42d078
4 changed files with 33 additions and 1 deletions
--- a/capabilities.py
+++ b/capabilities.py
@ -0,0 +1,20 @@
+__filename__ = "capabilities.py"
+__author__ = "Bob Mottram"
+__license__ = "AGPL3+"
+__version__ = "0.0.1"
+__maintainer__ = "Bob Mottram"
+__email__ = "bob@freedombone.net"
+__status__ = "Production"
+
+from auth import createPassword
+
+def sendCapabilitiesRequest(baseDir: str,httpPrefix: str,domain: str) -> None:
+
+    capId=createPassword(32)
+    capRequest = {
+        "id": httpPrefix+"://"+domain+"/caps/request/"+capId,
+        "type": "Request",
+        "capability": ["inbox:write", "objects:read"],
+        "actor": httpPrefix+"://"+domain
+    }
+        
--- a/daemon.py
+++ b/daemon.py
@ -324,6 +324,7 @@ class PubServer(BaseHTTPRequestHandler):
        # check that the post is to an expected path
        if not (self.path.endswith('/outbox') or \
                self.path.endswith('/inbox') or \
+                self.path.endswith('/caps/new') or \
                self.path=='/sharedInbox'):
            print('Attempt to POST to invalid path '+self.path)
            self.send_response(400)
--- a/epicyon.py
+++ b/epicyon.py
@ -8,6 +8,7 @@ __status__ = "Production"

 from person import createPerson
 from person import createSharedInbox
+from person import createCapabilitiesInbox
 from person import setPreferredNickname
 from person import setBio
 from webfinger import webfingerHandle
@ -313,4 +314,8 @@ if not os.path.isdir(baseDir+'/accounts/sharedinbox@'+domain):
    print('Creating shared inbox')
    createSharedInbox(baseDir,'sharedinbox',domain,port,httpPrefix)

+if not os.path.isdir(baseDir+'/accounts/capabilities@'+domain):
+    print('Creating capabilities account which can sign requests')
+    createCapabilitiesInbox(baseDir,'capabilities',domain,port,httpPrefix)
+
 runDaemon(baseDir,domain,port,httpPrefix,federationList,useTor,debug)
--- a/person.py
+++ b/person.py
@ -128,13 +128,19 @@ def createSharedInbox(baseDir: str,nickname: str,domain: str,port: int, \
    """Generates the shared inbox
    """
    return createPersonBase(baseDir,nickname,domain,port,httpPrefix,True,None)
+
+def createCapabilitiesInbox(baseDir: str,nickname: str,domain: str,port: int, \
+                            httpPrefix: str) -> (str,str,{},{}):
+    """Generates the capabilities inbox to sign requests
+    """
+    return createPersonBase(baseDir,nickname,domain,port,httpPrefix,True,None)
   
 def validNickname(nickname: str) -> bool:
    forbiddenChars=['.',' ','/','?',':',';','@']
    for c in forbiddenChars:
        if c in nickname:
            return False
-    reservedNames=['inbox','outbox','following','followers','sharedinbox']
+    reservedNames=['inbox','outbox','following','followers','sharedinbox','capabilities']
    if nickname in reservedNames:
        return False
    return True