rss-to-activitypub/app/routes/inbox.js
2021-01-29 14:26:55 +01:00

112 lines
3.9 KiB
JavaScript

'use strict';
const express = require('express'),
crypto = require('crypto'),
request = require('request'),
fs = require('fs'),
router = express.Router();
function signAndSend(message, name, domain, req, res, targetDomain) {
// get the URI of the actor object and append 'inbox' to it
let inbox = message.object.actor+'/inbox';
let inboxFragment = inbox.replace('https://'+targetDomain,'');
// get the private key
let db = req.app.get('db');
let result = db.prepare('select privkey from accounts where name = ?').get(`${name}@${domain}`);
if (result === undefined) {
return res.status(404).send(`No record found for ${name}.`);
}
else {
// digest
const digest = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
let privkey = result.privkey;
const signer = crypto.createSign('sha256');
let d = new Date();
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digest}`;
signer.update(stringToSign);
signer.end();
const signature = signer.sign(privkey);
const signature_b64 = signature.toString('base64');
const algorithm = 'rsa-sha256';
let header = `keyId="https://${domain}/u/${name}",algorithm="${algorithm}",headers="(request-target) host date digest",signature="${signature_b64}"`;
console.log('signature:',header);
console.log('message:',message);
request({
url: inbox,
headers: {
'Host': targetDomain,
'Date': d.toUTCString(),
'Signature': header,
'Digest': `SHA-256=${digest}`,
'Content-Type': 'application/activity+json',
'Accept': 'application/activity+json'
},
method: 'POST',
json: true,
body: message
}, function (error, response, body){
});
res.json('done');
}
}
function sendAcceptMessage(thebody, name, domain, req, res, targetDomain) {
const guid = crypto.randomBytes(16).toString('hex');
console.log(thebody);
let message = {
'@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'],
'id': `https://${domain}/${guid}`,
'type': 'Accept',
'actor': `https://${domain}/u/${name}`,
'object': thebody,
};
signAndSend(message, name, domain, req, res, targetDomain);
}
router.post('/', function (req, res) {
// pass in a name for an account, if the account doesn't exist, create it!
let domain = req.app.get('domain');
if (req.body.actor === undefined) {
return res.status(400).send(`No actor specified.`);
}
const myURL = new URL(req.body.actor);
let targetDomain = myURL.hostname;
fs.appendFile('./inbox.log', JSON.stringify(req.body)+'\r\n', function (err) {
if (err) {
return console.log(err);
}
});
// TODO: add "Undo" follow event
if (typeof req.body.object === 'string' && req.body.type === 'Follow') {
let name = req.body.object.replace(`https://${domain}/u/`,'');
sendAcceptMessage(req.body, name, domain, req, res, targetDomain);
// Add the user to the DB of accounts that follow the account
let db = req.app.get('db');
// get the followers JSON for the user
let result = db.prepare('select followers from accounts where name = ?').get(`${name}@${domain}`);
if (result === undefined) {
console.log(`No record found for ${name}.`);
}
else {
// update followers
let followers = result.followers;
if (followers) {
followers = JSON.parse(followers);
followers.push(req.body.actor);
// unique items
followers = [...new Set(followers)];
}
else {
followers = [req.body.actor];
}
let followersText = JSON.stringify(followers);
console.log('adding followersText', followersText);
// update into DB
db.prepare('update accounts set followers = ? where name = ?').run(followersText, `${name}@${domain}`);
}
}
});
module.exports = router;