Compare commits

..

No commits in common. "master" and "1-fix-create-object" have entirely different histories.

5 changed files with 20 additions and 40 deletions

View file

@ -96,13 +96,6 @@ This table keeps track of all the data needed for the accounts. Columns:
* `followers` `TEXT`: a JSON-formatted array of the URL for the Actor JSON of all followers, in the form `["https://remote.server/users/somePerson", "https://another.remote.server/ourUsers/anotherPerson"]` * `followers` `TEXT`: a JSON-formatted array of the URL for the Actor JSON of all followers, in the form `["https://remote.server/users/somePerson", "https://another.remote.server/ourUsers/anotherPerson"]`
* `messages` `TEXT`: not yet used but will eventually store all messages so we can render them on a "profile" page * `messages` `TEXT`: not yet used but will eventually store all messages so we can render them on a "profile" page
### `messages`
This table holds all messages sent by the server, which are served at the url `/m/some-id-number/`.
* `guid` `TEXT PRIMARY KEY`: an id for the message
* `message` `TEXT`: a JSON object encoding the full message
## License ## License
Copyright (c) 2018 Darius Kazemi. Licensed under the MIT license. Copyright (c) 2018 Darius Kazemi. Licensed under the MIT license.

View file

@ -9,10 +9,11 @@
"cors": "^2.8.4", "cors": "^2.8.4",
"express": "^4.16.3", "express": "^4.16.3",
"express-basic-auth": "^1.1.5", "express-basic-auth": "^1.1.5",
"generate-rsa-keypair": "^0.1.2",
"request": "^2.87.0" "request": "^2.87.0"
}, },
"engines": { "engines": {
"node": ">=10.12.0" "node": ">=10.10.0"
}, },
"devDependencies": {}, "devDependencies": {},
"scripts": { "scripts": {

View file

@ -1,7 +1,8 @@
'use strict'; 'use strict';
const express = require('express'), const express = require('express'),
router = express.Router(), router = express.Router(),
crypto = require('crypto'); crypto = require('crypto'),
generateRSAKeypair = require('generate-rsa-keypair');
function createActor(name, domain, pubkey) { function createActor(name, domain, pubkey) {
return { return {
@ -47,28 +48,17 @@ router.post('/create', function (req, res) {
let db = req.app.get('db'); let db = req.app.get('db');
let domain = req.app.get('domain'); let domain = req.app.get('domain');
// create keypair // create keypair
crypto.generateKeyPair('rsa', { var pair = generateRSAKeypair();
modulusLength: 4096, let actorRecord = createActor(account, domain, pair.public);
publicKeyEncoding: {
type: 'spki',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem'
}
}, (err, publicKey, privateKey) => {
let actorRecord = createActor(account, domain, publicKey);
let webfingerRecord = createWebfinger(account, domain); let webfingerRecord = createWebfinger(account, domain);
const apikey = crypto.randomBytes(16).toString('hex'); const apikey = crypto.randomBytes(16).toString('hex');
try { try {
db.prepare('insert or replace into accounts(name, actor, apikey, pubkey, privkey, webfinger) values(?, ?, ?, ?, ?, ?)').run(`${account}@${domain}`, JSON.stringify(actorRecord), apikey, publicKey, privateKey, JSON.stringify(webfingerRecord)); db.prepare('insert or replace into accounts(name, actor, apikey, pubkey, privkey, webfinger) values(?, ?, ?, ?, ?, ?)').run(`${account}@${domain}`, JSON.stringify(actorRecord), apikey, pair.public, pair.private, JSON.stringify(webfingerRecord));
res.status(200).json({msg: 'ok', apikey}); res.status(200).json({msg: 'ok', apikey});
} }
catch(e) { catch(e) {
res.status(200).json({error: e}); res.status(200).json({error: e});
} }
});
}); });
module.exports = router; module.exports = router;

View file

@ -30,21 +30,19 @@ function signAndSend(message, name, domain, req, res, targetDomain, inbox) {
} }
else { else {
let privkey = result.privkey; let privkey = result.privkey;
const digestHash = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
const signer = crypto.createSign('sha256'); const signer = crypto.createSign('sha256');
let d = new Date(); let d = new Date();
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digestHash}`; let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}`;
signer.update(stringToSign); signer.update(stringToSign);
signer.end(); signer.end();
const signature = signer.sign(privkey); const signature = signer.sign(privkey);
const signature_b64 = signature.toString('base64'); const signature_b64 = signature.toString('base64');
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date digest",signature="${signature_b64}"`; let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date",signature="${signature_b64}"`;
request({ request({
url: inbox, url: inbox,
headers: { headers: {
'Host': targetDomain, 'Host': targetDomain,
'Date': d.toUTCString(), 'Date': d.toUTCString(),
'Digest': `SHA-256=${digestHash}`,
'Signature': header 'Signature': header
}, },
method: 'POST', method: 'POST',
@ -110,7 +108,7 @@ function sendCreateMessage(text, name, domain, req, res) {
for (let follower of followers) { for (let follower of followers) {
let inbox = follower+'/inbox'; let inbox = follower+'/inbox';
let myURL = new URL(follower); let myURL = new URL(follower);
let targetDomain = myURL.host; let targetDomain = myURL.hostname;
let message = createMessage(text, name, domain, req, res, follower); let message = createMessage(text, name, domain, req, res, follower);
signAndSend(message, name, domain, req, res, targetDomain, inbox); signAndSend(message, name, domain, req, res, targetDomain, inbox);
} }

View file

@ -16,21 +16,19 @@ function signAndSend(message, name, domain, req, res, targetDomain) {
} }
else { else {
let privkey = result.privkey; let privkey = result.privkey;
const digestHash = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
const signer = crypto.createSign('sha256'); const signer = crypto.createSign('sha256');
let d = new Date(); let d = new Date();
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digestHash}`; let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}`;
signer.update(stringToSign); signer.update(stringToSign);
signer.end(); signer.end();
const signature = signer.sign(privkey); const signature = signer.sign(privkey);
const signature_b64 = signature.toString('base64'); const signature_b64 = signature.toString('base64');
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date digest",signature="${signature_b64}"`; let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date",signature="${signature_b64}"`;
request({ request({
url: inbox, url: inbox,
headers: { headers: {
'Host': targetDomain, 'Host': targetDomain,
'Date': d.toUTCString(), 'Date': d.toUTCString(),
'Digest': `SHA-256=${digestHash}`,
'Signature': header 'Signature': header
}, },
method: 'POST', method: 'POST',