From 128f1297ecd354a11b486db61057f702741a2e47 Mon Sep 17 00:00:00 2001 From: fr33domlover Date: Thu, 14 Feb 2019 22:29:59 +0000 Subject: [PATCH] In postInboxR, use the Activity type, so we only accept Create Note for now --- src/Vervis/Handler/Inbox.hs | 39 ++++++++++--------------------------- 1 file changed, 10 insertions(+), 29 deletions(-) diff --git a/src/Vervis/Handler/Inbox.hs b/src/Vervis/Handler/Inbox.hs index da525a3..c7b8a03 100644 --- a/src/Vervis/Handler/Inbox.hs +++ b/src/Vervis/Handler/Inbox.hs @@ -125,7 +125,7 @@ postInboxR = do Left _ -> notAuthenticated where liftE = ExceptT . pure - getActivity :: UTCTime -> ExceptT String Handler (ContentType, HashMap Text Value) + getActivity :: UTCTime -> ExceptT String Handler (ContentType, Activity) getActivity now = do contentType <- do ctypes <- lookupHeaders "Content-Type" @@ -138,34 +138,15 @@ postInboxR = do _ -> Left "More than one Content-Type given" HttpSigVerResult result <- ExceptT . fmap (first displayException) $ verifyRequestSignature now uActor <- liftE result - o <- requireJsonBody - activityActor <- - liftE $ - case M.lookup "actor" o of - Nothing -> Left "Activity has no actor member" - Just v -> case v of - String t -> case parseFedURI t of - Left e -> Left $ "Activity actor URI parsing failed: " ++ e - Right uri -> Right uri - _ -> Left "Activity actor isn't a JSON string" - liftE $ if activityActor == uActor - then Right () - else Left "Activity's actor != Signature key's actor" - liftE $ case M.lookup "object" o of - Nothing -> Right () - Just v -> case v of - Object obj -> case M.lookup "actor" obj <|> M.lookup "attributedTo" obj of - Nothing -> Right () - Just v' -> case v' of - String t -> case parseFedURI t of - Left e -> Left $ "Activity actor URI parsing failed: " ++ e - Right uri -> - if uri == uActor - then Right () - else Left "Activity object's actor doesn't match activity's actor" - _ -> Left "Activity actor isn't a JSON string" - _ -> Left "Activity's object isn't a JSON object" - return (contentType, o) + a@(CreateActivity c) <- requireJsonBody + liftE $ do + if createActor c == uActor + then Right () + else Left "Activity's actor != Signature key's actor" + if noteAttrib (createObject c) == uActor + then Right () + else Left "Activity object's actor doesn't match activity's actor" + return (contentType, a) {- jsonField :: (FromJSON a, ToJSON a) => Field Handler a