paricafe/src/server/activitypub/inbox.ts

import * as bodyParser from 'body-parser';
import * as express from 'express';
import { parseRequest, verifySignature } from 'http-signature';
import User, { IRemoteUser } from '../../models/user';
import queue from '../../queue';
import parseAcct from '../../acct/parse';

const app = express();

app.disable('x-powered-by');

app.post('/@:user/inbox', bodyParser.json({
	type() {
		return true;
	}
}), async (req, res) => {
	let parsed;

	req.headers.authorization = 'Signature ' + req.headers.signature;

	try {
		parsed = parseRequest(req);
	} catch (exception) {
		return res.sendStatus(401);
	}

	const keyIdLower = parsed.keyId.toLowerCase();
	let query;

	if (keyIdLower.startsWith('acct:')) {
		const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
		if (host === null) {
			return res.sendStatus(401);
		}

		query = { usernameLower: username, hostLower: host };
	} else {
		query = {
			host: { $ne: null },
			'account.publicKey.id': parsed.keyId
		};
	}

	const user = await User.findOne(query) as IRemoteUser;

	if (user === null) {
		return res.sendStatus(401);
	}

	if (!verifySignature(parsed, user.account.publicKey.publicKeyPem)) {
		return res.sendStatus(401);
	}

	queue.create('http', {
		type: 'performActivityPub',
		actor: user._id,
		outbox: req.body,
		distribute: true,
	}).save();

	return res.status(202).end();
});

export default app;
Implement inbox 2018-04-01 01:58:49 -05:00			`import * as bodyParser from 'body-parser';`
			`import * as express from 'express';`
			`import { parseRequest, verifySignature } from 'http-signature';`
Refactor 2018-04-01 14:01:34 -05:00			`import User, { IRemoteUser } from '../../models/user';`
Implement inbox 2018-04-01 01:58:49 -05:00			`import queue from '../../queue';`
Introduce acct directory 2018-04-01 23:44:32 -05:00			`import parseAcct from '../../acct/parse';`
Implement inbox 2018-04-01 01:58:49 -05:00
			`const app = express();`
Distribute posts from remote 2018-04-02 03:11:14 -05:00
Implement inbox 2018-04-01 01:58:49 -05:00			`app.disable('x-powered-by');`

Distribute posts from remote 2018-04-02 03:11:14 -05:00			`app.post('/@:user/inbox', bodyParser.json({`
			`type() {`
			`return true;`
			`}`
			`}), async (req, res) => {`
Implement inbox 2018-04-01 01:58:49 -05:00			`let parsed;`

Make inbox signature verification compatible with Mastodon 2018-04-01 10:36:36 -05:00			`req.headers.authorization = 'Signature ' + req.headers.signature;`

Implement inbox 2018-04-01 01:58:49 -05:00			`try {`
			`parsed = parseRequest(req);`
			`} catch (exception) {`
			`return res.sendStatus(401);`
			`}`

Make inbox signature verification compatible with Mastodon 2018-04-01 10:36:36 -05:00			`const keyIdLower = parsed.keyId.toLowerCase();`
			`let query;`

			`if (keyIdLower.startsWith('acct:')) {`
			`const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));`
			`if (host === null) {`
			`return res.sendStatus(401);`
			`}`

			`query = { usernameLower: username, hostLower: host };`
			`} else {`
			`query = {`
			`host: { $ne: null },`
			`'account.publicKey.id': parsed.keyId`
			`};`
			`}`

Refactor 2018-04-01 14:01:34 -05:00			`const user = await User.findOne(query) as IRemoteUser;`
Implement inbox 2018-04-01 01:58:49 -05:00
			`if (user === null) {`
			`return res.sendStatus(401);`
			`}`

Refactor 2018-04-01 14:01:34 -05:00			`if (!verifySignature(parsed, user.account.publicKey.publicKeyPem)) {`
Implement inbox 2018-04-01 01:58:49 -05:00			`return res.sendStatus(401);`
			`}`

			`queue.create('http', {`
			`type: 'performActivityPub',`
			`actor: user._id,`
			`outbox: req.body,`
Distribute posts from remote 2018-04-02 03:11:14 -05:00			`distribute: true,`
Implement inbox 2018-04-01 01:58:49 -05:00			`}).save();`

Respond with 202 for inbox request 2018-04-01 04:16:47 -05:00			`return res.status(202).end();`
Implement inbox 2018-04-01 01:58:49 -05:00			`});`

			`export default app;`