fuwuqi/server.py

from base64 import b64decode
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import padding
from http.server import SimpleHTTPRequestHandler, ThreadingHTTPServer
from json import dump, load, loads
from re import search
from requests import get, post
from os.path import isfile
from urllib.parse import quote_plus


domain = 'https://0.exozy.me'


def collection_append(username, file, item):
    with open(f'users/{username}.{file}') as f:
        collection = load(f)
    collection['orderedItems'].append(item)
    collection['totalItems'] += 1
    with open(f'users/{username}.{file}', 'w') as f:
        dump(collection, f)


def collection_pop(username, file, item):
    with open(f'users/{username}.{file}') as f:
        collection = load(f)
    collection['orderedItems'].pop(item)
    collection['totalItems'] -= 1
    with open(f'users/{username}.{file}', 'w') as f:
        dump(collection, f)


def iri_to_actor(iri):
    if domain in iri:
        username = search(f'^{domain}/users/(.*?)$', iri.removesuffix('#main-key')).group(1)
        actorfile = f'users/{username}'
    else:
        actorfile = f'users/{quote_plus(iri.removesuffix("#main-key"))}'
    if not isfile(actorfile):
        with open(actorfile, 'w') as f:
            resp = get(iri, headers={'Accept': 'application/activity+json'})
            print(resp)
            print(resp.text)
            f.write(resp.text)
    with open(actorfile) as f:
        return load(f)


def send(to, headers, body):
    actor = iri_to_actor(to)
    headers['Host'] = to.split('/')[2]
    resp = post(actor['inbox'], headers=headers, data=body)
    print(resp)
    print(resp.text)


class fuwuqi(SimpleHTTPRequestHandler):
    def do_POST(self):
        body = self.rfile.read(int(self.headers['Content-Length']))
        activity = loads(body)
        print(activity)
        print(self.headers)
        print(self.path)

        username = search('^/users/(.*)\.(in|out)box$', self.path).group(1)

        # Get signer public key
        signer = iri_to_actor(search('keyId="(.*?)"', self.headers['Signature']).group(1))
        pubkeypem = signer['publicKey']['publicKeyPem'].encode('utf8')
        pubkey = serialization.load_pem_public_key(pubkeypem, None)

        # Assemble headers
        headers = search('headers="(.*?)"', self.headers['Signature']).group(1)
        message = ''
        for header in headers.split():
            if header == '(request-target)':
                headerval = f'post {self.path}'
            else:
                headerval = self.headers[header]
            message += f'{header}: {headerval}\n'

        # Verify HTTP signature
        signature = search('signature="(.*?)"', self.headers['Signature']).group(1)
        pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256())

        # Make sure activity doer matches HTTP signature
        if ('actor' in activity and activity['actor'] != signer['id']) or \
           ('attributedTo' in activity and activity['attributedTo'] != signer['id']) or \
           ('attributedTo' in activity['object'] and activity['object']['attributedTo'] != signer['id']):
            self.send_response(401)
            return

        if self.path.endswith('inbox'):
            # S2S
            collection_append(username, 'inbox', activity)
            if activity['type'] == 'Accept' and activity['actor'] == activity['object']['object']:
                # Follow request accepted
                collection_append(username, 'following', activity['actor'])
            elif activity['type'] == 'Undo' and activity['object']['type'] == 'Follow' and \
                 activity['actor'] == activity['object']['actor']:
                # Unfollow request
                collection_remove(username, 'followers', activity['actor'])
        elif self.path.endswith('outbox'):
            # C2S
            collection_append(username, 'outbox', activity)
            # Clients responsible for addressing activity
            for to in activity['to']:
                if 'followers' in to or to == 'https://www.w3.org/ns/activitystreams#Public':
                    with open(f'users/{username}.followers') as f:
                        for follower in load(f)['orderedItems']:
                            send(follower, self.headers, body)
                else:
                    send(to, self.headers, body)
            # Process activity
            if activity['type'] == 'Create':
                # Post
                id = activity['object']['id'].split('/')[-1]
                with open(f'users/{username}.statuses/{id}', 'w') as f:
                    dump(activity['object'], f)
            elif activity['type'] == 'Accept':
                # Accept follow request
                collection_append(username, 'followers', activity['object']['actor'])
            elif activity['type'] == 'Like':
                # Like post
                collection_append(username, 'liked', activity['object'])
            elif activity['type'] == 'Undo':
                if activity['object']['type'] == 'Follow':
                    # Unfollow request
                    collection_remove(username, 'following', activity['object']['object'])
                elif activity['object']['type'] == 'Like':
                    # Unlike post
                    collection_remove(username, 'liked', activity['object']['object'])

        self.send_response(200)
        self.end_headers()


ThreadingHTTPServer(('localhost', 4200), fuwuqi).serve_forever()
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00			`from base64 import b64decode`
			`from cryptography.hazmat.primitives import hashes, serialization`
			`from cryptography.hazmat.primitives.asymmetric import padding`
			`from http.server import SimpleHTTPRequestHandler, ThreadingHTTPServer`
			`from json import dump, load, loads`
			`from re import search`
			`from requests import get, post`
			`from os.path import isfile`
			`from urllib.parse import quote_plus`


Add latest working code 2023-01-18 06:23:36 +00:00			`domain = 'https://0.exozy.me'`


Style improvements 2023-01-18 20:00:54 +00:00			`def collection_append(username, file, item):`
			`with open(f'users/{username}.{file}') as f:`
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00			`collection = load(f)`
			`collection['orderedItems'].append(item)`
Implement some more server features 2023-01-18 19:48:11 +00:00			`collection['totalItems'] += 1`
Style improvements 2023-01-18 20:00:54 +00:00			`with open(f'users/{username}.{file}', 'w') as f:`
			`dump(collection, f)`
Implement some more server features 2023-01-18 19:48:11 +00:00

Style improvements 2023-01-18 20:00:54 +00:00			`def collection_pop(username, file, item):`
			`with open(f'users/{username}.{file}') as f:`
Implement some more server features 2023-01-18 19:48:11 +00:00			`collection = load(f)`
			`collection['orderedItems'].pop(item)`
			`collection['totalItems'] -= 1`
Style improvements 2023-01-18 20:00:54 +00:00			`with open(f'users/{username}.{file}', 'w') as f:`
			`dump(collection, f)`
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00

Add latest working code 2023-01-18 06:23:36 +00:00			`def iri_to_actor(iri):`
			`if domain in iri:`
More code cleanup 2023-01-18 20:06:17 +00:00			`username = search(f'^{domain}/users/(.*?)$', iri.removesuffix('#main-key')).group(1)`
			`actorfile = f'users/{username}'`
Add latest working code 2023-01-18 06:23:36 +00:00			`else:`
Implement some more server features 2023-01-18 19:48:11 +00:00			`actorfile = f'users/{quote_plus(iri.removesuffix("#main-key"))}'`
Add latest working code 2023-01-18 06:23:36 +00:00			`if not isfile(actorfile):`
			`with open(actorfile, 'w') as f:`
Implement some more server features 2023-01-18 19:48:11 +00:00			`resp = get(iri, headers={'Accept': 'application/activity+json'})`
Style improvements 2023-01-18 20:00:54 +00:00			`print(resp)`
			`print(resp.text)`
Add latest working code 2023-01-18 06:23:36 +00:00			`f.write(resp.text)`
			`with open(actorfile) as f:`
			`return load(f)`


Implement some more server features 2023-01-18 19:48:11 +00:00			`def send(to, headers, body):`
			`actor = iri_to_actor(to)`
			`headers['Host'] = to.split('/')[2]`
			`resp = post(actor['inbox'], headers=headers, data=body)`
			`print(resp)`
			`print(resp.text)`


Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00			`class fuwuqi(SimpleHTTPRequestHandler):`
			`def do_POST(self):`
			`body = self.rfile.read(int(self.headers['Content-Length']))`
			`activity = loads(body)`
			`print(activity)`
			`print(self.headers)`
			`print(self.path)`

Add latest working code 2023-01-18 06:23:36 +00:00			`username = search('^/users/(.*)\.(in\|out)box$', self.path).group(1)`

Clean up HTTP signature verification code 2023-01-19 22:09:55 +00:00			`# Get signer public key`
			`signer = iri_to_actor(search('keyId="(.*?)"', self.headers['Signature']).group(1))`
			`pubkeypem = signer['publicKey']['publicKeyPem'].encode('utf8')`
Add latest working code 2023-01-18 06:23:36 +00:00			`pubkey = serialization.load_pem_public_key(pubkeypem, None)`
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00
			`# Assemble headers`
			`headers = search('headers="(.*?)"', self.headers['Signature']).group(1)`
			`message = ''`
			`for header in headers.split():`
Add latest working code 2023-01-18 06:23:36 +00:00			`if header == '(request-target)':`
			`headerval = f'post {self.path}'`
			`else:`
			`headerval = self.headers[header]`
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00			`message += f'{header}: {headerval}\n'`

			`# Verify HTTP signature`
More code cleanup 2023-01-18 20:06:17 +00:00			`signature = search('signature="(.*?)"', self.headers['Signature']).group(1)`
			`pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256())`
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00
Remove trailing whitespace 2023-02-06 20:28:25 +00:00			`# Make sure activity doer matches HTTP signature`
Clean up HTTP signature verification code 2023-01-19 22:09:55 +00:00			`if ('actor' in activity and activity['actor'] != signer['id']) or \`
			`('attributedTo' in activity and activity['attributedTo'] != signer['id']) or \`
			`('attributedTo' in activity['object'] and activity['object']['attributedTo'] != signer['id']):`
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00			`self.send_response(401)`
			`return`

			`if self.path.endswith('inbox'):`
			`# S2S`
Add to following collection only after receiving Accept activity 2023-01-18 20:33:39 +00:00			`collection_append(username, 'inbox', activity)`
			`if activity['type'] == 'Accept' and activity['actor'] == activity['object']['object']:`
			`# Follow request accepted`
			`collection_append(username, 'following', activity['actor'])`
Implement S2S processing for unfollows 2023-01-19 01:55:44 +00:00			`elif activity['type'] == 'Undo' and activity['object']['type'] == 'Follow' and \`
			`activity['actor'] == activity['object']['actor']:`
			`# Unfollow request`
			`collection_remove(username, 'followers', activity['actor'])`
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00			`elif self.path.endswith('outbox'):`
			`# C2S`
Add to following collection only after receiving Accept activity 2023-01-18 20:33:39 +00:00			`collection_append(username, 'outbox', activity)`
Implement some more server features 2023-01-18 19:48:11 +00:00			`# Clients responsible for addressing activity`
			`for to in activity['to']:`
Server bug fixes 2023-01-18 19:52:31 +00:00			`if 'followers' in to or to == 'https://www.w3.org/ns/activitystreams#Public':`
Implement some more server features 2023-01-18 19:48:11 +00:00			`with open(f'users/{username}.followers') as f:`
			`for follower in load(f)['orderedItems']:`
			`send(follower, self.headers, body)`
			`else:`
			`send(to, self.headers, body)`
			`# Process activity`
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00			`if activity['type'] == 'Create':`
Implement some more server features 2023-01-18 19:48:11 +00:00			`# Post`
			`id = activity['object']['id'].split('/')[-1]`
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00			`with open(f'users/{username}.statuses/{id}', 'w') as f:`
			`dump(activity['object'], f)`
Implement some more server features 2023-01-18 19:48:11 +00:00			`elif activity['type'] == 'Accept':`
			`# Accept follow request`
Style improvements 2023-01-18 20:00:54 +00:00			`collection_append(username, 'followers', activity['object']['actor'])`
Implement some more server features 2023-01-18 19:48:11 +00:00			`elif activity['type'] == 'Like':`
			`# Like post`
Style improvements 2023-01-18 20:00:54 +00:00			`collection_append(username, 'liked', activity['object'])`
Implement some more server features 2023-01-18 19:48:11 +00:00			`elif activity['type'] == 'Undo':`
			`if activity['object']['type'] == 'Follow':`
			`# Unfollow request`
Style improvements 2023-01-18 20:00:54 +00:00			`collection_remove(username, 'following', activity['object']['object'])`
Implement some more server features 2023-01-18 19:48:11 +00:00			`elif activity['object']['type'] == 'Like':`
			`# Unlike post`
Style improvements 2023-01-18 20:00:54 +00:00			`collection_remove(username, 'liked', activity['object']['object'])`

Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00			`self.send_response(200)`
Add latest working code 2023-01-18 06:23:36 +00:00			`self.end_headers()`
Implement (broken) HTTP signatures 2023-01-18 05:01:59 +00:00

			`ThreadingHTTPServer(('localhost', 4200), fuwuqi).serve_forever()`