diff options
-rw-r--r-- | README.md | 1 | ||||
-rw-r--r-- | client.py | 6 | ||||
-rw-r--r-- | server.py | 15 |
3 files changed, 6 insertions, 16 deletions
@@ -37,6 +37,7 @@ Enjoy your new "extremely hardcore" ActivityPub server!!! 🎉😎🚀🙃🥳 Since Fuwuqi's code is super duper easy to read and extend, the following features are left as an exercise to the reader: - Multi-user support (hint: dynamically generate `.well-known/webfinger` instead of serving a static file) +- S2S server-side processing - Deleting posts - JSON-LD (hint: don't do it, your brain will thank you) - Lots of pain @@ -17,11 +17,7 @@ message = f'date: {date}\ndigest: SHA-256={digest}' with open('private.pem', 'rb') as f: privkey = serialization.load_pem_private_key(f.read(), None) -signature = b64encode(privkey.sign( - message.encode('utf8'), - padding.PKCS1v15(), - hashes.SHA256() -)).decode() +signature = b64encode(privkey.sign(message.encode('utf8'), padding.PKCS1v15(), hashes.SHA256())).decode() header = f'keyId="https://0.exozy.me/users/test.jsonld#main-key",headers="date digest",signature="{signature}"' resp = post('https://0.exozy.me/users/test.outbox', headers={ @@ -32,9 +32,8 @@ def collection_pop(username, file, item): def iri_to_actor(iri): if domain in iri: - name = search(f'^{domain}/users/(.*?)$', - iri.removesuffix('#main-key')).group(1) - actorfile = f'users/{name}' + username = search(f'^{domain}/users/(.*?)$', iri.removesuffix('#main-key')).group(1) + actorfile = f'users/{username}' else: actorfile = f'users/{quote_plus(iri.removesuffix("#main-key"))}' if not isfile(actorfile): @@ -82,14 +81,8 @@ class fuwuqi(SimpleHTTPRequestHandler): message += f'{header}: {headerval}\n' # Verify HTTP signature - signature = search('signature="(.*?)"', - self.headers['Signature']).group(1) - pubkey.verify( - b64decode(signature), - message[:-1].encode('utf8'), - padding.PKCS1v15(), - hashes.SHA256() - ) + signature = search('signature="(.*?)"', self.headers['Signature']).group(1) + pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256()) # Make sure activity doer matches HTTP signature actor = keyid.removesuffix('#main-key') |