mj-saunders
/
epicyon
forked from indymedia/epicyon
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add a capabilities account to sign requests

master
Bob Mottram 2019-07-05 22:24:16 +01:00
parent d5ab900570
commit 54ff42d078
4 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
capabilities.py 100644
View File

@ -0,0 +1,20 @@
__filename__ = "capabilities.py"
__author__ = "Bob Mottram"
__license__ = "AGPL3+"
__version__ = "0.0.1"
__maintainer__ = "Bob Mottram"
__email__ = "bob@freedombone.net"
__status__ = "Production"
from auth import createPassword
def sendCapabilitiesRequest(baseDir: str,httpPrefix: str,domain: str) -> None:
capId=createPassword(32)
capRequest = {
"id": httpPrefix+"://"+domain+"/caps/request/"+capId,
"type": "Request",
"capability": ["inbox:write", "objects:read"],
"actor": httpPrefix+"://"+domain
}

1
daemon.py
View File

@ -324,6 +324,7 @@ class PubServer(BaseHTTPRequestHandler):
# check that the post is to an expected path # check that the post is to an expected path
if not (self.path.endswith('/outbox') or \ if not (self.path.endswith('/outbox') or \
self.path.endswith('/inbox') or \ self.path.endswith('/inbox') or \
self.path.endswith('/caps/new') or \
self.path=='/sharedInbox'): self.path=='/sharedInbox'):
print('Attempt to POST to invalid path '+self.path) print('Attempt to POST to invalid path '+self.path)
self.send_response(400) self.send_response(400)

5
epicyon.py
View File

@ -8,6 +8,7 @@ __status__ = "Production"
from person import createPerson from person import createPerson
from person import createSharedInbox from person import createSharedInbox
from person import createCapabilitiesInbox
from person import setPreferredNickname from person import setPreferredNickname
from person import setBio from person import setBio
from webfinger import webfingerHandle from webfinger import webfingerHandle
@ -313,4 +314,8 @@ if not os.path.isdir(baseDir+'/accounts/sharedinbox@'+domain):
print('Creating shared inbox') print('Creating shared inbox')
createSharedInbox(baseDir,'sharedinbox',domain,port,httpPrefix) createSharedInbox(baseDir,'sharedinbox',domain,port,httpPrefix)
if not os.path.isdir(baseDir+'/accounts/capabilities@'+domain):
print('Creating capabilities account which can sign requests')
createCapabilitiesInbox(baseDir,'capabilities',domain,port,httpPrefix)
runDaemon(baseDir,domain,port,httpPrefix,federationList,useTor,debug) runDaemon(baseDir,domain,port,httpPrefix,federationList,useTor,debug)

8
person.py
View File

@ -129,12 +129,18 @@ def createSharedInbox(baseDir: str,nickname: str,domain: str,port: int, \
""" """
return createPersonBase(baseDir,nickname,domain,port,httpPrefix,True,None) return createPersonBase(baseDir,nickname,domain,port,httpPrefix,True,None)
def createCapabilitiesInbox(baseDir: str,nickname: str,domain: str,port: int, \
httpPrefix: str) -> (str,str,{},{}):
"""Generates the capabilities inbox to sign requests
"""
return createPersonBase(baseDir,nickname,domain,port,httpPrefix,True,None)
def validNickname(nickname: str) -> bool: def validNickname(nickname: str) -> bool:
forbiddenChars=['.',' ','/','?',':',';','@'] forbiddenChars=['.',' ','/','?',':',';','@']
for c in forbiddenChars: for c in forbiddenChars:
if c in nickname: if c in nickname:
return False return False
reservedNames=['inbox','outbox','following','followers','sharedinbox'] reservedNames=['inbox','outbox','following','followers','sharedinbox','capabilities']
if nickname in reservedNames: if nickname in reservedNames:
return False return False
return True return True