5 changed files with 20 additions and 40 deletions
--- a/README.md
+++ b/README.md
@ -96,13 +96,6 @@ This table keeps track of all the data needed for the accounts. Columns:
 * `followers` `TEXT`: a JSON-formatted array of the URL for the Actor JSON of all followers, in the form `["https://remote.server/users/somePerson", "https://another.remote.server/ourUsers/anotherPerson"]`
 * `messages` `TEXT`: not yet used but will eventually store all messages so we can render them on a "profile" page

-### `messages`
-
-This table holds all messages sent by the server, which are served at the url `/m/some-id-number/`.
-
-* `guid` `TEXT PRIMARY KEY`: an id for the message
-* `message` `TEXT`: a JSON object encoding the full message
-
 ## License

 Copyright (c) 2018 Darius Kazemi. Licensed under the MIT license.
--- a/package.json
+++ b/package.json
@ -9,10 +9,11 @@
    "cors": "^2.8.4",
    "express": "^4.16.3",
    "express-basic-auth": "^1.1.5",
+    "generate-rsa-keypair": "^0.1.2",
    "request": "^2.87.0"
  },
  "engines": {
-    "node": ">=10.12.0"
+    "node": ">=10.10.0"
  },
  "devDependencies": {},
  "scripts": {
--- a/routes/admin.js
+++ b/routes/admin.js
@ -1,7 +1,8 @@
 'use strict';
 const express = require('express'),
      router = express.Router(),
-      crypto = require('crypto');
+      crypto = require('crypto'),
+      generateRSAKeypair = require('generate-rsa-keypair');

 function createActor(name, domain, pubkey) {
  return {
@ -47,28 +48,17 @@ router.post('/create', function (req, res) {
  let db = req.app.get('db');
  let domain = req.app.get('domain');
  // create keypair
-  crypto.generateKeyPair('rsa', {
-    modulusLength: 4096,
-    publicKeyEncoding: {
-      type: 'spki',
-      format: 'pem'
-    },
-    privateKeyEncoding: {
-      type: 'pkcs8',
-      format: 'pem'
-    }
-  }, (err, publicKey, privateKey) => {
-    let actorRecord = createActor(account, domain, publicKey);
-    let webfingerRecord = createWebfinger(account, domain);
-    const apikey = crypto.randomBytes(16).toString('hex');
-    try {
-      db.prepare('insert or replace into accounts(name, actor, apikey, pubkey, privkey, webfinger) values(?, ?, ?, ?, ?, ?)').run(`${account}@${domain}`, JSON.stringify(actorRecord), apikey, publicKey, privateKey, JSON.stringify(webfingerRecord));
-      res.status(200).json({msg: 'ok', apikey});
-    }
-    catch(e) {
-      res.status(200).json({error: e});
-    }
-  });
+  var pair = generateRSAKeypair();
+  let actorRecord = createActor(account, domain, pair.public);
+  let webfingerRecord = createWebfinger(account, domain);
+  const apikey = crypto.randomBytes(16).toString('hex');
+  try {
+    db.prepare('insert or replace into accounts(name, actor, apikey, pubkey, privkey, webfinger) values(?, ?, ?, ?, ?, ?)').run(`${account}@${domain}`, JSON.stringify(actorRecord), apikey, pair.public, pair.private, JSON.stringify(webfingerRecord));
+    res.status(200).json({msg: 'ok', apikey});
+  }
+  catch(e) {
+    res.status(200).json({error: e});
+  }
 });

 module.exports = router;
--- a/routes/api.js
+++ b/routes/api.js
@ -30,21 +30,19 @@ function signAndSend(message, name, domain, req, res, targetDomain, inbox) {
  }
  else {
    let privkey = result.privkey;
-    const digestHash = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
    const signer = crypto.createSign('sha256');
    let d = new Date();
-    let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digestHash}`;
+    let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}`;
    signer.update(stringToSign);
    signer.end();
    const signature = signer.sign(privkey);
    const signature_b64 = signature.toString('base64');
-    let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date digest",signature="${signature_b64}"`;
+    let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date",signature="${signature_b64}"`;
    request({
      url: inbox,
      headers: {
        'Host': targetDomain,
        'Date': d.toUTCString(),
-        'Digest': `SHA-256=${digestHash}`,
        'Signature': header
      },
      method: 'POST',
@ -110,7 +108,7 @@ function sendCreateMessage(text, name, domain, req, res) {
    for (let follower of followers) {
      let inbox = follower+'/inbox';
      let myURL = new URL(follower);
-      let targetDomain = myURL.host;
+      let targetDomain = myURL.hostname;
      let message = createMessage(text, name, domain, req, res, follower);
      signAndSend(message, name, domain, req, res, targetDomain, inbox);
    }
--- a/routes/inbox.js
+++ b/routes/inbox.js
@ -16,21 +16,19 @@ function signAndSend(message, name, domain, req, res, targetDomain) {
  }
  else {
    let privkey = result.privkey;
-    const digestHash = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
    const signer = crypto.createSign('sha256');
    let d = new Date();
-    let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digestHash}`;
+    let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}`;
    signer.update(stringToSign);
    signer.end();
    const signature = signer.sign(privkey);
    const signature_b64 = signature.toString('base64');
-    let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date digest",signature="${signature_b64}"`;
+    let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date",signature="${signature_b64}"`;
    request({
      url: inbox,
      headers: {
        'Host': targetDomain,
        'Date': d.toUTCString(),
-        'Digest': `SHA-256=${digestHash}`,
        'Signature': header
      },
      method: 'POST',