In postInboxR, use the Activity type, so we only accept Create Note for now

This commit is contained in:
fr33domlover 2019-02-14 22:29:59 +00:00
parent fb396bb984
commit 128f1297ec

View file

@ -125,7 +125,7 @@ postInboxR = do
Left _ -> notAuthenticated Left _ -> notAuthenticated
where where
liftE = ExceptT . pure liftE = ExceptT . pure
getActivity :: UTCTime -> ExceptT String Handler (ContentType, HashMap Text Value) getActivity :: UTCTime -> ExceptT String Handler (ContentType, Activity)
getActivity now = do getActivity now = do
contentType <- do contentType <- do
ctypes <- lookupHeaders "Content-Type" ctypes <- lookupHeaders "Content-Type"
@ -138,34 +138,15 @@ postInboxR = do
_ -> Left "More than one Content-Type given" _ -> Left "More than one Content-Type given"
HttpSigVerResult result <- ExceptT . fmap (first displayException) $ verifyRequestSignature now HttpSigVerResult result <- ExceptT . fmap (first displayException) $ verifyRequestSignature now
uActor <- liftE result uActor <- liftE result
o <- requireJsonBody a@(CreateActivity c) <- requireJsonBody
activityActor <- liftE $ do
liftE $ if createActor c == uActor
case M.lookup "actor" o of
Nothing -> Left "Activity has no actor member"
Just v -> case v of
String t -> case parseFedURI t of
Left e -> Left $ "Activity actor URI parsing failed: " ++ e
Right uri -> Right uri
_ -> Left "Activity actor isn't a JSON string"
liftE $ if activityActor == uActor
then Right () then Right ()
else Left "Activity's actor != Signature key's actor" else Left "Activity's actor != Signature key's actor"
liftE $ case M.lookup "object" o of if noteAttrib (createObject c) == uActor
Nothing -> Right ()
Just v -> case v of
Object obj -> case M.lookup "actor" obj <|> M.lookup "attributedTo" obj of
Nothing -> Right ()
Just v' -> case v' of
String t -> case parseFedURI t of
Left e -> Left $ "Activity actor URI parsing failed: " ++ e
Right uri ->
if uri == uActor
then Right () then Right ()
else Left "Activity object's actor doesn't match activity's actor" else Left "Activity object's actor doesn't match activity's actor"
_ -> Left "Activity actor isn't a JSON string" return (contentType, a)
_ -> Left "Activity's object isn't a JSON object"
return (contentType, o)
{- {-
jsonField :: (FromJSON a, ToJSON a) => Field Handler a jsonField :: (FromJSON a, ToJSON a) => Field Handler a