From fabf233478ad79488cd95b1fcfb511a0c5d348bb Mon Sep 17 00:00:00 2001 From: Akihiko Odaki Date: Sun, 1 Apr 2018 15:58:49 +0900 Subject: Implement inbox --- src/server/activitypub/inbox.ts | 42 ++++++++++++++++++++++++++++ src/server/activitypub/index.ts | 12 ++++++++ src/server/activitypub/user.ts | 62 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 116 insertions(+) create mode 100644 src/server/activitypub/inbox.ts create mode 100644 src/server/activitypub/index.ts create mode 100644 src/server/activitypub/user.ts (limited to 'src/server/activitypub') diff --git a/src/server/activitypub/inbox.ts b/src/server/activitypub/inbox.ts new file mode 100644 index 0000000000..0d4af7c492 --- /dev/null +++ b/src/server/activitypub/inbox.ts @@ -0,0 +1,42 @@ +import * as bodyParser from 'body-parser'; +import * as express from 'express'; +import { parseRequest, verifySignature } from 'http-signature'; +import User, { IRemoteAccount } from '../../models/user'; +import queue from '../../queue'; + +const app = express(); +app.disable('x-powered-by'); +app.use(bodyParser.json()); + +app.get('/@:user/inbox', async (req, res) => { + let parsed; + + try { + parsed = parseRequest(req); + } catch (exception) { + return res.sendStatus(401); + } + + const user = await User.findOne({ + host: { $ne: null }, + account: { publicKey: { id: parsed.keyId } } + }); + + if (user === null) { + return res.sendStatus(401); + } + + if (!verifySignature(parsed, (user.account as IRemoteAccount).publicKey.publicKeyPem)) { + return res.sendStatus(401); + } + + queue.create('http', { + type: 'performActivityPub', + actor: user._id, + outbox: req.body, + }).save(); + + return res.sendStatus(200); +}); + +export default app; diff --git a/src/server/activitypub/index.ts b/src/server/activitypub/index.ts new file mode 100644 index 0000000000..07ff407a76 --- /dev/null +++ b/src/server/activitypub/index.ts @@ -0,0 +1,12 @@ +import * as express from 'express'; + +import user from './user'; +import inbox from './inbox'; + +const app = express(); +app.disable('x-powered-by'); + +app.use(user); +app.use(inbox); + +export default app; diff --git a/src/server/activitypub/user.ts b/src/server/activitypub/user.ts new file mode 100644 index 0000000000..488de93a92 --- /dev/null +++ b/src/server/activitypub/user.ts @@ -0,0 +1,62 @@ +import * as express from 'express'; +import config from '../../conf'; +import { extractPublic } from '../../crypto_key'; +import parseAcct from '../../common/user/parse-acct'; +import User, { ILocalAccount } from '../../models/user'; + +const app = express(); +app.disable('x-powered-by'); + +app.get('/@:user', async (req, res, next) => { + const accepted = req.accepts(['html', 'application/activity+json', 'application/ld+json']); + if (!(['application/activity+json', 'application/ld+json'] as Array).includes(accepted)) { + return next(); + } + + const { username, host } = parseAcct(req.params.user); + if (host !== null) { + return res.sendStatus(422); + } + + const user = await User.findOne({ + usernameLower: username.toLowerCase(), + host: null + }); + if (user === null) { + return res.sendStatus(404); + } + + const id = `${config.url}/@${user.username}`; + + if (username !== user.username) { + return res.redirect(id); + } + + res.json({ + '@context': [ + 'https://www.w3.org/ns/activitystreams', + 'https://w3id.org/security/v1' + ], + type: 'Person', + id, + inbox: `${id}/inbox`, + preferredUsername: user.username, + name: user.name, + summary: user.description, + icon: user.avatarId && { + type: 'Image', + url: `${config.drive_url}/${user.avatarId}` + }, + image: user.bannerId && { + type: 'Image', + url: `${config.drive_url}/${user.bannerId}` + }, + publicKey: { + type: 'Key', + owner: id, + publicKeyPem: extractPublic((user.account as ILocalAccount).keypair) + } + }); +}); + +export default app; -- cgit v1.2.3-freya