aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md1
-rw-r--r--client.py6
-rw-r--r--server.py15
3 files changed, 6 insertions, 16 deletions
diff --git a/README.md b/README.md
index 1e482dc..11d9911 100644
--- a/README.md
+++ b/README.md
@@ -37,6 +37,7 @@ Enjoy your new "extremely hardcore" ActivityPub server!!! 🎉😎🚀🙃🥳
Since Fuwuqi's code is super duper easy to read and extend, the following features are left as an exercise to the reader:
- Multi-user support (hint: dynamically generate `.well-known/webfinger` instead of serving a static file)
+- S2S server-side processing
- Deleting posts
- JSON-LD (hint: don't do it, your brain will thank you)
- Lots of pain
diff --git a/client.py b/client.py
index 346881b..50f6b2f 100644
--- a/client.py
+++ b/client.py
@@ -17,11 +17,7 @@ message = f'date: {date}\ndigest: SHA-256={digest}'
with open('private.pem', 'rb') as f:
privkey = serialization.load_pem_private_key(f.read(), None)
-signature = b64encode(privkey.sign(
- message.encode('utf8'),
- padding.PKCS1v15(),
- hashes.SHA256()
-)).decode()
+signature = b64encode(privkey.sign(message.encode('utf8'), padding.PKCS1v15(), hashes.SHA256())).decode()
header = f'keyId="https://0.exozy.me/users/test.jsonld#main-key",headers="date digest",signature="{signature}"'
resp = post('https://0.exozy.me/users/test.outbox', headers={
diff --git a/server.py b/server.py
index acad94d..cbd5602 100644
--- a/server.py
+++ b/server.py
@@ -32,9 +32,8 @@ def collection_pop(username, file, item):
def iri_to_actor(iri):
if domain in iri:
- name = search(f'^{domain}/users/(.*?)$',
- iri.removesuffix('#main-key')).group(1)
- actorfile = f'users/{name}'
+ username = search(f'^{domain}/users/(.*?)$', iri.removesuffix('#main-key')).group(1)
+ actorfile = f'users/{username}'
else:
actorfile = f'users/{quote_plus(iri.removesuffix("#main-key"))}'
if not isfile(actorfile):
@@ -82,14 +81,8 @@ class fuwuqi(SimpleHTTPRequestHandler):
message += f'{header}: {headerval}\n'
# Verify HTTP signature
- signature = search('signature="(.*?)"',
- self.headers['Signature']).group(1)
- pubkey.verify(
- b64decode(signature),
- message[:-1].encode('utf8'),
- padding.PKCS1v15(),
- hashes.SHA256()
- )
+ signature = search('signature="(.*?)"', self.headers['Signature']).group(1)
+ pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256())
# Make sure activity doer matches HTTP signature
actor = keyid.removesuffix('#main-key')