In postInboxR, use the Activity type, so we only accept Create Note for now
This commit is contained in:
parent
fb396bb984
commit
128f1297ec
1 changed files with 10 additions and 29 deletions
|
@ -125,7 +125,7 @@ postInboxR = do
|
||||||
Left _ -> notAuthenticated
|
Left _ -> notAuthenticated
|
||||||
where
|
where
|
||||||
liftE = ExceptT . pure
|
liftE = ExceptT . pure
|
||||||
getActivity :: UTCTime -> ExceptT String Handler (ContentType, HashMap Text Value)
|
getActivity :: UTCTime -> ExceptT String Handler (ContentType, Activity)
|
||||||
getActivity now = do
|
getActivity now = do
|
||||||
contentType <- do
|
contentType <- do
|
||||||
ctypes <- lookupHeaders "Content-Type"
|
ctypes <- lookupHeaders "Content-Type"
|
||||||
|
@ -138,34 +138,15 @@ postInboxR = do
|
||||||
_ -> Left "More than one Content-Type given"
|
_ -> Left "More than one Content-Type given"
|
||||||
HttpSigVerResult result <- ExceptT . fmap (first displayException) $ verifyRequestSignature now
|
HttpSigVerResult result <- ExceptT . fmap (first displayException) $ verifyRequestSignature now
|
||||||
uActor <- liftE result
|
uActor <- liftE result
|
||||||
o <- requireJsonBody
|
a@(CreateActivity c) <- requireJsonBody
|
||||||
activityActor <-
|
liftE $ do
|
||||||
liftE $
|
if createActor c == uActor
|
||||||
case M.lookup "actor" o of
|
then Right ()
|
||||||
Nothing -> Left "Activity has no actor member"
|
else Left "Activity's actor != Signature key's actor"
|
||||||
Just v -> case v of
|
if noteAttrib (createObject c) == uActor
|
||||||
String t -> case parseFedURI t of
|
then Right ()
|
||||||
Left e -> Left $ "Activity actor URI parsing failed: " ++ e
|
else Left "Activity object's actor doesn't match activity's actor"
|
||||||
Right uri -> Right uri
|
return (contentType, a)
|
||||||
_ -> Left "Activity actor isn't a JSON string"
|
|
||||||
liftE $ if activityActor == uActor
|
|
||||||
then Right ()
|
|
||||||
else Left "Activity's actor != Signature key's actor"
|
|
||||||
liftE $ case M.lookup "object" o of
|
|
||||||
Nothing -> Right ()
|
|
||||||
Just v -> case v of
|
|
||||||
Object obj -> case M.lookup "actor" obj <|> M.lookup "attributedTo" obj of
|
|
||||||
Nothing -> Right ()
|
|
||||||
Just v' -> case v' of
|
|
||||||
String t -> case parseFedURI t of
|
|
||||||
Left e -> Left $ "Activity actor URI parsing failed: " ++ e
|
|
||||||
Right uri ->
|
|
||||||
if uri == uActor
|
|
||||||
then Right ()
|
|
||||||
else Left "Activity object's actor doesn't match activity's actor"
|
|
||||||
_ -> Left "Activity actor isn't a JSON string"
|
|
||||||
_ -> Left "Activity's object isn't a JSON object"
|
|
||||||
return (contentType, o)
|
|
||||||
|
|
||||||
{-
|
{-
|
||||||
jsonField :: (FromJSON a, ToJSON a) => Field Handler a
|
jsonField :: (FromJSON a, ToJSON a) => Field Handler a
|
||||||
|
|
Loading…
Reference in a new issue