Compare commits
No commits in common. "master" and "1-fix-create-object" have entirely different histories.
master
...
1-fix-crea
5 changed files with 20 additions and 40 deletions
|
@ -96,13 +96,6 @@ This table keeps track of all the data needed for the accounts. Columns:
|
|||
* `followers` `TEXT`: a JSON-formatted array of the URL for the Actor JSON of all followers, in the form `["https://remote.server/users/somePerson", "https://another.remote.server/ourUsers/anotherPerson"]`
|
||||
* `messages` `TEXT`: not yet used but will eventually store all messages so we can render them on a "profile" page
|
||||
|
||||
### `messages`
|
||||
|
||||
This table holds all messages sent by the server, which are served at the url `/m/some-id-number/`.
|
||||
|
||||
* `guid` `TEXT PRIMARY KEY`: an id for the message
|
||||
* `message` `TEXT`: a JSON object encoding the full message
|
||||
|
||||
## License
|
||||
|
||||
Copyright (c) 2018 Darius Kazemi. Licensed under the MIT license.
|
||||
|
|
|
@ -9,10 +9,11 @@
|
|||
"cors": "^2.8.4",
|
||||
"express": "^4.16.3",
|
||||
"express-basic-auth": "^1.1.5",
|
||||
"generate-rsa-keypair": "^0.1.2",
|
||||
"request": "^2.87.0"
|
||||
},
|
||||
"engines": {
|
||||
"node": ">=10.12.0"
|
||||
"node": ">=10.10.0"
|
||||
},
|
||||
"devDependencies": {},
|
||||
"scripts": {
|
||||
|
|
|
@ -1,7 +1,8 @@
|
|||
'use strict';
|
||||
const express = require('express'),
|
||||
router = express.Router(),
|
||||
crypto = require('crypto');
|
||||
crypto = require('crypto'),
|
||||
generateRSAKeypair = require('generate-rsa-keypair');
|
||||
|
||||
function createActor(name, domain, pubkey) {
|
||||
return {
|
||||
|
@ -47,28 +48,17 @@ router.post('/create', function (req, res) {
|
|||
let db = req.app.get('db');
|
||||
let domain = req.app.get('domain');
|
||||
// create keypair
|
||||
crypto.generateKeyPair('rsa', {
|
||||
modulusLength: 4096,
|
||||
publicKeyEncoding: {
|
||||
type: 'spki',
|
||||
format: 'pem'
|
||||
},
|
||||
privateKeyEncoding: {
|
||||
type: 'pkcs8',
|
||||
format: 'pem'
|
||||
}
|
||||
}, (err, publicKey, privateKey) => {
|
||||
let actorRecord = createActor(account, domain, publicKey);
|
||||
var pair = generateRSAKeypair();
|
||||
let actorRecord = createActor(account, domain, pair.public);
|
||||
let webfingerRecord = createWebfinger(account, domain);
|
||||
const apikey = crypto.randomBytes(16).toString('hex');
|
||||
try {
|
||||
db.prepare('insert or replace into accounts(name, actor, apikey, pubkey, privkey, webfinger) values(?, ?, ?, ?, ?, ?)').run(`${account}@${domain}`, JSON.stringify(actorRecord), apikey, publicKey, privateKey, JSON.stringify(webfingerRecord));
|
||||
db.prepare('insert or replace into accounts(name, actor, apikey, pubkey, privkey, webfinger) values(?, ?, ?, ?, ?, ?)').run(`${account}@${domain}`, JSON.stringify(actorRecord), apikey, pair.public, pair.private, JSON.stringify(webfingerRecord));
|
||||
res.status(200).json({msg: 'ok', apikey});
|
||||
}
|
||||
catch(e) {
|
||||
res.status(200).json({error: e});
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
|
|
|
@ -30,21 +30,19 @@ function signAndSend(message, name, domain, req, res, targetDomain, inbox) {
|
|||
}
|
||||
else {
|
||||
let privkey = result.privkey;
|
||||
const digestHash = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
|
||||
const signer = crypto.createSign('sha256');
|
||||
let d = new Date();
|
||||
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digestHash}`;
|
||||
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}`;
|
||||
signer.update(stringToSign);
|
||||
signer.end();
|
||||
const signature = signer.sign(privkey);
|
||||
const signature_b64 = signature.toString('base64');
|
||||
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date digest",signature="${signature_b64}"`;
|
||||
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date",signature="${signature_b64}"`;
|
||||
request({
|
||||
url: inbox,
|
||||
headers: {
|
||||
'Host': targetDomain,
|
||||
'Date': d.toUTCString(),
|
||||
'Digest': `SHA-256=${digestHash}`,
|
||||
'Signature': header
|
||||
},
|
||||
method: 'POST',
|
||||
|
@ -110,7 +108,7 @@ function sendCreateMessage(text, name, domain, req, res) {
|
|||
for (let follower of followers) {
|
||||
let inbox = follower+'/inbox';
|
||||
let myURL = new URL(follower);
|
||||
let targetDomain = myURL.host;
|
||||
let targetDomain = myURL.hostname;
|
||||
let message = createMessage(text, name, domain, req, res, follower);
|
||||
signAndSend(message, name, domain, req, res, targetDomain, inbox);
|
||||
}
|
||||
|
|
|
@ -16,21 +16,19 @@ function signAndSend(message, name, domain, req, res, targetDomain) {
|
|||
}
|
||||
else {
|
||||
let privkey = result.privkey;
|
||||
const digestHash = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
|
||||
const signer = crypto.createSign('sha256');
|
||||
let d = new Date();
|
||||
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digestHash}`;
|
||||
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}`;
|
||||
signer.update(stringToSign);
|
||||
signer.end();
|
||||
const signature = signer.sign(privkey);
|
||||
const signature_b64 = signature.toString('base64');
|
||||
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date digest",signature="${signature_b64}"`;
|
||||
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date",signature="${signature_b64}"`;
|
||||
request({
|
||||
url: inbox,
|
||||
headers: {
|
||||
'Host': targetDomain,
|
||||
'Date': d.toUTCString(),
|
||||
'Digest': `SHA-256=${digestHash}`,
|
||||
'Signature': header
|
||||
},
|
||||
method: 'POST',
|
||||
|
|
Loading…
Reference in a new issue