forked from indymedia/epicyon
Add a capabilities account to sign requests
parent
d5ab900570
commit
54ff42d078
|
@ -0,0 +1,20 @@
|
|||
__filename__ = "capabilities.py"
|
||||
__author__ = "Bob Mottram"
|
||||
__license__ = "AGPL3+"
|
||||
__version__ = "0.0.1"
|
||||
__maintainer__ = "Bob Mottram"
|
||||
__email__ = "bob@freedombone.net"
|
||||
__status__ = "Production"
|
||||
|
||||
from auth import createPassword
|
||||
|
||||
def sendCapabilitiesRequest(baseDir: str,httpPrefix: str,domain: str) -> None:
|
||||
|
||||
capId=createPassword(32)
|
||||
capRequest = {
|
||||
"id": httpPrefix+"://"+domain+"/caps/request/"+capId,
|
||||
"type": "Request",
|
||||
"capability": ["inbox:write", "objects:read"],
|
||||
"actor": httpPrefix+"://"+domain
|
||||
}
|
||||
|
|
@ -324,6 +324,7 @@ class PubServer(BaseHTTPRequestHandler):
|
|||
# check that the post is to an expected path
|
||||
if not (self.path.endswith('/outbox') or \
|
||||
self.path.endswith('/inbox') or \
|
||||
self.path.endswith('/caps/new') or \
|
||||
self.path=='/sharedInbox'):
|
||||
print('Attempt to POST to invalid path '+self.path)
|
||||
self.send_response(400)
|
||||
|
|
|
@ -8,6 +8,7 @@ __status__ = "Production"
|
|||
|
||||
from person import createPerson
|
||||
from person import createSharedInbox
|
||||
from person import createCapabilitiesInbox
|
||||
from person import setPreferredNickname
|
||||
from person import setBio
|
||||
from webfinger import webfingerHandle
|
||||
|
@ -313,4 +314,8 @@ if not os.path.isdir(baseDir+'/accounts/sharedinbox@'+domain):
|
|||
print('Creating shared inbox')
|
||||
createSharedInbox(baseDir,'sharedinbox',domain,port,httpPrefix)
|
||||
|
||||
if not os.path.isdir(baseDir+'/accounts/capabilities@'+domain):
|
||||
print('Creating capabilities account which can sign requests')
|
||||
createCapabilitiesInbox(baseDir,'capabilities',domain,port,httpPrefix)
|
||||
|
||||
runDaemon(baseDir,domain,port,httpPrefix,federationList,useTor,debug)
|
||||
|
|
|
@ -129,12 +129,18 @@ def createSharedInbox(baseDir: str,nickname: str,domain: str,port: int, \
|
|||
"""
|
||||
return createPersonBase(baseDir,nickname,domain,port,httpPrefix,True,None)
|
||||
|
||||
def createCapabilitiesInbox(baseDir: str,nickname: str,domain: str,port: int, \
|
||||
httpPrefix: str) -> (str,str,{},{}):
|
||||
"""Generates the capabilities inbox to sign requests
|
||||
"""
|
||||
return createPersonBase(baseDir,nickname,domain,port,httpPrefix,True,None)
|
||||
|
||||
def validNickname(nickname: str) -> bool:
|
||||
forbiddenChars=['.',' ','/','?',':',';','@']
|
||||
for c in forbiddenChars:
|
||||
if c in nickname:
|
||||
return False
|
||||
reservedNames=['inbox','outbox','following','followers','sharedinbox']
|
||||
reservedNames=['inbox','outbox','following','followers','sharedinbox','capabilities']
|
||||
if nickname in reservedNames:
|
||||
return False
|
||||
return True
|
||||
|
|
Loading…
Reference in New Issue