Formatting, support whitelist

author: Marc Coquand <marcc@fastmail.fr> 2023-12-03 12:52:07 -0600
committer: Marc Coquand <marcc@fastmail.fr> 2023-12-03 12:52:07 -0600
commit: 867761a2e764c6c6327434585498ed62c54f6eac (patch)
tree: 38ab8ffd581a2cb3acfcdf25fcd593f211a094f0 /bin/main.ml
parent: f192457e19486cdfbc8ac62684d33ac4b6c82bc1 (diff)
download: wormhole-867761a2e764c6c6327434585498ed62c54f6eac.tar.gz
wormhole-867761a2e764c6c6327434585498ed62c54f6eac.tar.bz2
wormhole-867761a2e764c6c6327434585498ed62c54f6eac.zip
1 files changed, 45 insertions, 41 deletions
diff --git a/bin/main.ml b/bin/main.ml
index 29dea84..579b334 100644
--- a/bin/main.ml
+++ b/bin/main.ml
@@ -2,20 +2,25 @@ open Wormhole
 
 let (fake_post : Post.t) =
   {
-    link = "https://mccd.space";
-    summary = "My personal blog";
-    tags = [ "cool"; "article" ];
-    published = "2020-01-01T00:00:00Z";
-    author = "Marc";
-  }
-
-let (fake_post_2 : Post.t) =
-  {
     link = "https://google.com";
-    summary = "Some other cool article that I just made";
-    tags = [ "cool"; "something" ];
-    published = "2020-01-02T00:00:00Z";
-    author = "Bob";
+    summary =
+      "<p><span class=\"h-card\" translate=\"no\"><a \
+       href=\"https://galaxy.mccd.space/actor\" class=\"u-url \
+       mention\">@<span>wormhole</span></a></span>   </p><p><a \
+       href=\"https://google.com\" target=\"_blank\" rel=\"nofollow noopener \
+       noreferrer\" translate=\"no\"><span \
+       class=\"invisible\">https://</span><span \
+       class=\"\">google.com</span><span \
+       class=\"invisible\"></span></a></p><p>This is a place on the web where \
+       you can search for things</p><p><a \
+       href=\"https://fosstodon.org/tags/goodie\" class=\"mention hashtag\" \
+       rel=\"tag\">#<span>goodie</span></a> <a \
+       href=\"https://fosstodon.org/tags/othergoodie\" class=\"mention \
+       hashtag\" rel=\"tag\">#<span>othergoodie</span></a></p>";
+    tags = [ "#goodie" ];
+    published = "2023-08-23";
+    author = "marcc.rooted";
+    author_link = "https://www.fosstodon.org/@marcc";
   }
 
 let webfinger =
@@ -109,38 +114,37 @@ let () =
          Dream.post "/inbox" (fun request ->
              let%lwt body = Dream.body request in
              Dream.log "Got body: %s" body;
-             let signature = Dream.headers request "signature" in
-             Dream.log "Got signature: %s" (String.concat " " signature);
              let message_object =
                Yojson.Safe.from_string body |> Post.mastodon_post_of_yojson
              in
              let%lwt actor =
                User.get_user (Post.mastodon_actor message_object)
              in
-             match actor with
-             | Error e ->
-                 Dream.log "User not found %s" (Printexc.to_string e);
-                 let code = Some 400 in
-                 Dream.json ?code "User not found"
-             | Ok actor ->
-                 Dream.log "User found";
-                 let pem = User.get_public_pem actor |> Result.to_option in
-                 let%lwt valid_request = Sig.verify_request pem request in
-                 (match valid_request with
-                 | Error e ->
-                     Dream.log "Error verifying request %s"
-                       Printexc.(to_string e);
-                     let code = Some 500 in
-                     Dream.json ?code "Invalid request"
-                 | Ok false ->
-                     Dream.log "Unauthorized request";
-                     let code = Some 501 in
-                     Dream.json ?code "Unauthorized"
-                 | Ok true ->
-                     message_object
-                     |> Post.post_of_mastodon_post (User.name actor)
-                     |> Post.add;
-                     message_object |> Post.yojson_of_mastodon_post
-                     |> Yojson.Safe.to_string |> Dream.log "Added post %s";
-                     Dream.json "Added user"));
+             Dream.log "User found";
+             let pem = User.get_public_pem actor |> Result.to_option in
+             let%lwt valid_request = Sig.verify_request pem request in
+             let post =
+               message_object |> Post.post_of_mastodon_post (User.name actor)
+             in
+             let in_whitelist =
+               List.mem (Post.mastodon_actor message_object) actor_whitelist
+             in
+             match (valid_request, disable_auth, in_whitelist) with
+             | Error e, "false", _ ->
+                 Dream.log "Error verifying request %s" Printexc.(to_string e);
+                 let code = Some 500 in
+                 Dream.json ?code "Invalid request"
+             | Ok false, "false", _ ->
+                 Dream.log "Unauthorized request";
+                 let code = Some 401 in
+                 Dream.json ?code "Unauthorized"
+             | _, _, false ->
+                 Dream.log "Unauthorized request";
+                 let code = Some 401 in
+                 Dream.json ?code "Unauthorized, not in whitelist"
+             | _, _, _ ->
+                 post |> Post.add;
+                 message_object |> Post.yojson_of_mastodon_post
+                 |> Yojson.Safe.to_string |> Dream.log "Added post %s";
+                 Dream.json "Added user");
        ]
author	Marc Coquand <marcc@fastmail.fr>	2023-12-03 12:52:07 -0600
committer	Marc Coquand <marcc@fastmail.fr>	2023-12-03 12:52:07 -0600
commit	867761a2e764c6c6327434585498ed62c54f6eac (patch)
tree	38ab8ffd581a2cb3acfcdf25fcd593f211a094f0 /bin/main.ml
parent	f192457e19486cdfbc8ac62684d33ac4b6c82bc1 (diff)
download	wormhole-867761a2e764c6c6327434585498ed62c54f6eac.tar.gz wormhole-867761a2e764c6c6327434585498ed62c54f6eac.tar.bz2 wormhole-867761a2e764c6c6327434585498ed62c54f6eac.zip