More code cleanup

2023-01-18 20:06:17 +00:00 · 2023-01-18 20:06:17 +00:00 · 315b1c635c
commit 315b1c635c
parent 183267030d
3 changed files with 6 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -37,6 +37,7 @@ Enjoy your new "extremely hardcore" ActivityPub server!!! 🎉😎🚀🙃🥳

 Since Fuwuqi's code is super duper easy to read and extend, the following features are left as an exercise to the reader:
 - Multi-user support (hint: dynamically generate `.well-known/webfinger` instead of serving a static file)
+- S2S server-side processing
 - Deleting posts
 - JSON-LD (hint: don't do it, your brain will thank you)
 - Lots of pain
--- a/client.py
+++ b/client.py
@ -17,11 +17,7 @@ message = f'date: {date}\ndigest: SHA-256={digest}'
 with open('private.pem', 'rb') as f:
    privkey = serialization.load_pem_private_key(f.read(), None)

-signature = b64encode(privkey.sign(
-    message.encode('utf8'),
-    padding.PKCS1v15(),
-    hashes.SHA256()
-)).decode()
+signature = b64encode(privkey.sign(message.encode('utf8'), padding.PKCS1v15(), hashes.SHA256())).decode()
 header = f'keyId="https://0.exozy.me/users/test.jsonld#main-key",headers="date digest",signature="{signature}"'

 resp = post('https://0.exozy.me/users/test.outbox', headers={
--- a/server.py
+++ b/server.py
@ -32,9 +32,8 @@ def collection_pop(username, file, item):

 def iri_to_actor(iri):
    if domain in iri:
-        name = search(f'^{domain}/users/(.*?)$',
-                      iri.removesuffix('#main-key')).group(1)
-        actorfile = f'users/{name}'
+        username = search(f'^{domain}/users/(.*?)$', iri.removesuffix('#main-key')).group(1)
+        actorfile = f'users/{username}'
    else:
        actorfile = f'users/{quote_plus(iri.removesuffix("#main-key"))}'
    if not isfile(actorfile):
@ -82,14 +81,8 @@ class fuwuqi(SimpleHTTPRequestHandler):
            message += f'{header}: {headerval}\n'

        # Verify HTTP signature
-        signature = search('signature="(.*?)"',
-                           self.headers['Signature']).group(1)
-        pubkey.verify(
-            b64decode(signature),
-            message[:-1].encode('utf8'),
-            padding.PKCS1v15(),
-            hashes.SHA256()
-        )
+        signature = search('signature="(.*?)"', self.headers['Signature']).group(1)
+        pubkey.verify(b64decode(signature), message[:-1].encode('utf8'), padding.PKCS1v15(), hashes.SHA256())

        # Make sure activity doer matches HTTP signature
        actor = keyid.removesuffix('#main-key')