Compare commits

..

No commits in common. "master" and "1-fix-create-object" have entirely different histories.

5 changed files with 20 additions and 40 deletions

View file

@ -96,13 +96,6 @@ This table keeps track of all the data needed for the accounts. Columns:
* `followers` `TEXT`: a JSON-formatted array of the URL for the Actor JSON of all followers, in the form `["https://remote.server/users/somePerson", "https://another.remote.server/ourUsers/anotherPerson"]`
* `messages` `TEXT`: not yet used but will eventually store all messages so we can render them on a "profile" page
### `messages`
This table holds all messages sent by the server, which are served at the url `/m/some-id-number/`.
* `guid` `TEXT PRIMARY KEY`: an id for the message
* `message` `TEXT`: a JSON object encoding the full message
## License
Copyright (c) 2018 Darius Kazemi. Licensed under the MIT license.

View file

@ -9,10 +9,11 @@
"cors": "^2.8.4",
"express": "^4.16.3",
"express-basic-auth": "^1.1.5",
"generate-rsa-keypair": "^0.1.2",
"request": "^2.87.0"
},
"engines": {
"node": ">=10.12.0"
"node": ">=10.10.0"
},
"devDependencies": {},
"scripts": {

View file

@ -1,7 +1,8 @@
'use strict';
const express = require('express'),
router = express.Router(),
crypto = require('crypto');
crypto = require('crypto'),
generateRSAKeypair = require('generate-rsa-keypair');
function createActor(name, domain, pubkey) {
return {
@ -47,28 +48,17 @@ router.post('/create', function (req, res) {
let db = req.app.get('db');
let domain = req.app.get('domain');
// create keypair
crypto.generateKeyPair('rsa', {
modulusLength: 4096,
publicKeyEncoding: {
type: 'spki',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem'
}
}, (err, publicKey, privateKey) => {
let actorRecord = createActor(account, domain, publicKey);
var pair = generateRSAKeypair();
let actorRecord = createActor(account, domain, pair.public);
let webfingerRecord = createWebfinger(account, domain);
const apikey = crypto.randomBytes(16).toString('hex');
try {
db.prepare('insert or replace into accounts(name, actor, apikey, pubkey, privkey, webfinger) values(?, ?, ?, ?, ?, ?)').run(`${account}@${domain}`, JSON.stringify(actorRecord), apikey, publicKey, privateKey, JSON.stringify(webfingerRecord));
db.prepare('insert or replace into accounts(name, actor, apikey, pubkey, privkey, webfinger) values(?, ?, ?, ?, ?, ?)').run(`${account}@${domain}`, JSON.stringify(actorRecord), apikey, pair.public, pair.private, JSON.stringify(webfingerRecord));
res.status(200).json({msg: 'ok', apikey});
}
catch(e) {
res.status(200).json({error: e});
}
});
});
module.exports = router;

View file

@ -30,21 +30,19 @@ function signAndSend(message, name, domain, req, res, targetDomain, inbox) {
}
else {
let privkey = result.privkey;
const digestHash = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
const signer = crypto.createSign('sha256');
let d = new Date();
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digestHash}`;
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}`;
signer.update(stringToSign);
signer.end();
const signature = signer.sign(privkey);
const signature_b64 = signature.toString('base64');
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date digest",signature="${signature_b64}"`;
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date",signature="${signature_b64}"`;
request({
url: inbox,
headers: {
'Host': targetDomain,
'Date': d.toUTCString(),
'Digest': `SHA-256=${digestHash}`,
'Signature': header
},
method: 'POST',
@ -110,7 +108,7 @@ function sendCreateMessage(text, name, domain, req, res) {
for (let follower of followers) {
let inbox = follower+'/inbox';
let myURL = new URL(follower);
let targetDomain = myURL.host;
let targetDomain = myURL.hostname;
let message = createMessage(text, name, domain, req, res, follower);
signAndSend(message, name, domain, req, res, targetDomain, inbox);
}

View file

@ -16,21 +16,19 @@ function signAndSend(message, name, domain, req, res, targetDomain) {
}
else {
let privkey = result.privkey;
const digestHash = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
const signer = crypto.createSign('sha256');
let d = new Date();
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digestHash}`;
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}`;
signer.update(stringToSign);
signer.end();
const signature = signer.sign(privkey);
const signature_b64 = signature.toString('base64');
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date digest",signature="${signature_b64}"`;
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date",signature="${signature_b64}"`;
request({
url: inbox,
headers: {
'Host': targetDomain,
'Date': d.toUTCString(),
'Digest': `SHA-256=${digestHash}`,
'Signature': header
},
method: 'POST',