import express from 'express'; import crypto from 'crypto'; import fs from 'fs'; const router = express.Router(); export default router; function signAndSend(message, name, domain, req, res, targetDomain) { // get the URI of the actor object and append 'inbox' to it let inbox = message.object.actor+'/inbox'; let inboxFragment = inbox.replace('https://'+targetDomain,''); // get the private key let db = req.app.get('db'); let result = db.prepare('select privkey from accounts where name = ?').get(`${name}@${domain}`); if (result === undefined) { return res.status(404).send(`No record found for ${name}.`); } else { // digest const digest = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64'); let privkey = result.privkey; const signer = crypto.createSign('sha256'); let d = new Date(); let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digest}`; signer.update(stringToSign); signer.end(); const signature = signer.sign(privkey); const signature_b64 = signature.toString('base64'); const algorithm = 'rsa-sha256'; let header = `keyId="https://${domain}/u/${name}",algorithm="${algorithm}",headers="(request-target) host date digest",signature="${signature_b64}"`; fetch(inbox, { headers: { 'Host': targetDomain, 'Date': d.toUTCString(), 'Signature': header, 'Digest': `SHA-256=${digest}`, 'Content-Type': 'application/activity+json', 'Accept': 'application/activity+json' }, method: 'POST', body: message }); res.json('done'); } } function sendAcceptMessage(thebody, name, domain, req, res, targetDomain) { const guid = crypto.randomBytes(16).toString('hex'); let message = { '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'], 'id': `https://${domain}/${guid}`, 'type': 'Accept', 'actor': `https://${domain}/u/${name}`, 'object': thebody, }; signAndSend(message, name, domain, req, res, targetDomain); } router.post('/', function (req, res) { // pass in a name for an account, if the account doesn't exist, create it! let domain = req.app.get('domain'); if (req.body.actor === undefined) { return res.status(400).send(`No actor specified.`); } const myURL = new URL(req.body.actor); let targetDomain = myURL.hostname; fs.appendFile('./inbox.log', JSON.stringify(req.body)+'\r\n', function (err) { if (err) { return console.log(err); } }); // TODO: add "Undo" follow event if (typeof req.body.object === 'string' && req.body.type === 'Follow') { let name = req.body.object.replace(`https://${domain}/u/`,''); sendAcceptMessage(req.body, name, domain, req, res, targetDomain); // Add the user to the DB of accounts that follow the account let db = req.app.get('db'); // get the followers JSON for the user let result = db.prepare('select followers from accounts where name = ?').get(`${name}@${domain}`); if (result === undefined) { console.log(`No record found for ${name}.`); } else { // update followers let followers = result.followers; if (followers) { followers = JSON.parse(followers); followers.push(req.body.actor); // unique items followers = [...new Set(followers)]; } else { followers = [req.body.actor]; } let followersText = JSON.stringify(followers); // update into DB db.prepare('update accounts set followers = ? where name = ?').run(followersText, `${name}@${domain}`); } } });