1
0
Fork 0
mirror of https://github.com/Lynnesbian/FediBooks/ synced 2024-12-26 14:28:59 +00:00

provide webfinger and actor info with rsa key for secure fetch

This commit is contained in:
Lynne Megido 2020-03-18 16:41:32 +10:00
parent bd2b064153
commit 0c22c415b1
Signed by: lynnesbian
GPG key ID: F0A184B5213D9F90
6 changed files with 90 additions and 12 deletions

View file

@ -1,6 +1,7 @@
from bs4 import BeautifulSoup
import MySQLdb
import markovify
from Crypto.PublicKey import RSA
from mastodon import Mastodon, MastodonUnauthorizedError
import html, re, json
@ -175,3 +176,29 @@ def make_post(args):
c.execute("UPDATE bots SET last_post = CURRENT_TIMESTAMP() WHERE handle = %s", (handle,))
db.commit()
c.close()
def get_key():
db = MySQLdb.connect(
host = cfg['db_host'],
user=cfg['db_user'],
passwd=cfg['db_pass'],
db=cfg['db_name']
)
dc = db.cursor(MySQLdb.cursors.DictCursor)
dc.execute("SELECT * FROM http_auth_key")
key = dc.fetchone()
if key == None:
# generate new key
key = {}
privkey = RSA.generate(4096)
key['private'] = privkey.exportKey('PEM').decode('utf-8')
key['public'] = privkey.publickey().exportKey('PEM').decode('utf-8')
dc.execute("INSERT INTO http_auth_key (private, public) VALUES (%s, %s)", (key['private'], key['public']))
dc.close()
db.commit()
return key

View file

@ -0,0 +1,24 @@
{
"@context": [
"https://www.w3.org/ns/activitystreams",
{
"manuallyApprovesFollowers": "as:manuallyApprovesFollowers"
}
],
"endpoints": {
"sharedInbox": "{{ base_uri }}/inbox"
},
"inbox": "{{ base_uri }}/inbox",
"name": "FediBooks",
"type": "Application",
"id": "{{ base_uri }}/actor",
"manuallyApprovesFollowers": true,
"publicKey": {
"id": "{{ base_uri }}/actor#main-key",
"owner": "{{ base_uri }}/actor",
"publicKeyPem": "{{ pubkey }}"
},
"summary": "FediBooks Actor",
"preferredUsername": "fedibooks",
"url": "{{ base_uri }}/actor"
}

View file

@ -0,0 +1,13 @@
{
"aliases": [
"{{ base_uri }}/actor"
],
"links": [
{
"href": "{{ base_uri }}/actor",
"rel": "self",
"type": "application/activity+json"
}
],
"subject": "acct:fedibooks@{{ base_uri }}"
}

View file

@ -32,7 +32,11 @@ scopes_pleroma = ['read', 'write', 'push']
@app.before_request
def login_check():
if request.path not in ['/', '/about', '/welcome', '/login', '/signup', '/do/login', '/do/signup'] and not request.path.startswith("/push") and not request.path.startswith('/static'):
if request.path not in ['/', '/about', '/welcome', '/login', '/signup', '/do/login', '/do/signup'] \
and not request.path.startswith("/push") \
and not request.path.startswith('/static') \
and not request.path.startswith('/actor') \
and not request.path.startswith('/.well-known'):
# page requires authentication
if 'user_id' not in session:
return redirect(url_for('render_home'))
@ -370,9 +374,14 @@ def img_bot_generic():
def favicon():
return send_file("static/favicon.ico")
# @app.route("/.well-known/webfinger")
# def webfinger():
# return render_template("webfinger.json", base_uri = cfg['base_uri']), 200, {'Content-type':'application/json'}
@app.route("/.well-known/webfinger")
def webfinger():
return render_template("ap/webfinger.json", base_uri = cfg['base_uri']), 200, {'Content-type':'application/json'}
@app.route("/actor")
def actor():
pubkey = functions.get_key()['public'].replace("\n", "\\n")
return render_template("ap/actor.json", base_uri = cfg['base_uri'], pubkey = pubkey), 200, {'Content-type':'application/json'}
def bot_check(bot):

View file

@ -8,13 +8,13 @@ CREATE TABLE IF NOT EXISTS `users` (
`submit` ENUM('always', 'once', 'never') DEFAULT 'once',
`generation` ENUM('always', 'once', 'never') DEFAULT 'once',
`reply` ENUM('always', 'once', 'never') DEFAULT 'once'
) ENGINE=INNODB;
) ENGINE = INNODB;
CREATE TABLE IF NOT EXISTS `credentials` (
`id` INT AUTO_INCREMENT PRIMARY KEY,
`client_id` VARCHAR(128) NOT NULL,
`client_secret` VARCHAR(128) NOT NULL,
`secret` VARCHAR(128) NOT NULL
) ENGINE=INNODB;
) ENGINE = INNODB;
CREATE TABLE IF NOT EXISTS `bots` (
`handle` VARCHAR(128) PRIMARY KEY,
`user_id` INT NOT NULL,
@ -37,7 +37,7 @@ CREATE TABLE IF NOT EXISTS `bots` (
`icon_update_time` DATETIME DEFAULT '1000-01-01 00:00:00',
FOREIGN KEY (`user_id`) REFERENCES users(id) ON DELETE CASCADE,
FOREIGN KEY (`credentials_id`) REFERENCES credentials(id) ON DELETE CASCADE
) ENGINE=INNODB;
) ENGINE = INNODB;
CREATE TABLE IF NOT EXISTS `fedi_accounts` (
`handle` VARCHAR(128) PRIMARY KEY,
`outbox` VARCHAR(256),
@ -45,14 +45,14 @@ CREATE TABLE IF NOT EXISTS `fedi_accounts` (
`icon` VARCHAR(512),
`icon_update_time` DATETIME DEFAULT 0,
FOREIGN KEY (`credentials_id`) REFERENCES credentials(id) ON DELETE CASCADE
) ENGINE=INNODB;
) ENGINE = INNODB;
CREATE TABLE IF NOT EXISTS `bot_learned_accounts` (
`bot_id` VARCHAR(128) NOT NULL,
`fedi_id` VARCHAR(128) NOT NULL,
`enabled` BOOLEAN DEFAULT 1,
FOREIGN KEY (`bot_id`) REFERENCES bots(handle) ON DELETE CASCADE,
FOREIGN KEY (`fedi_id`) REFERENCES fedi_accounts(handle) ON DELETE CASCADE
) ENGINE=INNODB;
) ENGINE = INNODB;
CREATE TABLE IF NOT EXISTS `posts` (
`id` BIGINT AUTO_INCREMENT PRIMARY KEY,
`fedi_id` VARCHAR(128),
@ -60,14 +60,14 @@ CREATE TABLE IF NOT EXISTS `posts` (
`content` TEXT NOT NULL,
`cw` BOOLEAN NOT NULL,
FOREIGN KEY (`fedi_id`) REFERENCES fedi_accounts(handle) ON DELETE CASCADE
) ENGINE=INNODB;
) ENGINE = INNODB;
CREATE TABLE IF NOT EXISTS `word_blacklist` (
`id` INT AUTO_INCREMENT PRIMARY KEY,
`bot_id` VARCHAR(128) NOT NULL,
`phrase` VARCHAR(128) NOT NULL,
`whole_word` BOOLEAN NOT NULL,
FOREIGN KEY (`bot_id`) REFERENCES bots(handle) ON DELETE CASCADE
) ENGINE=INNODB;
) ENGINE = INNODB;
CREATE TABLE IF NOT EXISTS `contact_history` (
`user_id` INT NOT NULL,
`fetch` BOOLEAN DEFAULT 0,
@ -75,4 +75,8 @@ CREATE TABLE IF NOT EXISTS `contact_history` (
`generation` BOOLEAN DEFAULT 0,
`reply` BOOLEAN DEFAULT 0,
FOREIGN KEY (`user_id`) REFERENCES users(id) ON DELETE CASCADE
) ENGINE=INNODB;
) ENGINE = INNODB;
CREATE TABLE IF NOT EXISTS `http_auth_key` (
`private` TEXT NOT NULL,
`public` TEXT NOT NULL
) ENGINE = INNODB;

View file

@ -8,3 +8,4 @@ bcrypt == 3.1.7
requests==2.23.0
http-ece==1.1.0
cryptography==2.8
pycryptodome==3.9.7