aboutsummaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
authorMarc Coquand <marcc@fastmail.fr>2023-12-02 13:08:13 -0600
committerMarc Coquand <marcc@fastmail.fr>2023-12-02 13:08:13 -0600
commit11d14f6dd8581715e5241f1fc780a14bf4cc40a2 (patch)
tree32d20403bd99b766a2c52c90a02726653713c16d /bin
parent3fd0ae419ff2dadb0a566a28c042333affbb03b4 (diff)
downloadwormhole-11d14f6dd8581715e5241f1fc780a14bf4cc40a2.tar.gz
wormhole-11d14f6dd8581715e5241f1fc780a14bf4cc40a2.tar.bz2
wormhole-11d14f6dd8581715e5241f1fc780a14bf4cc40a2.zip
Add initial auth
Diffstat (limited to '')
-rw-r--r--bin/main.ml32
1 files changed, 21 insertions, 11 deletions
diff --git a/bin/main.ml b/bin/main.ml
index ef7d5fa..4d12cee 100644
--- a/bin/main.ml
+++ b/bin/main.ml
@@ -54,8 +54,6 @@ let actor =
}
|}
-let header_concat (a, b) = a ^ ": " ^ b
-
let () =
Post.add fake_post;
Post.add fake_post_2;
@@ -83,9 +81,8 @@ let () =
Dream.post "/inbox" (fun request ->
let%lwt body = Dream.body request in
Dream.log "Got body: %s" body;
- let headers = Dream.all_headers request in
- Dream.log "Got headers: %s"
- (String.concat " " (List.map header_concat headers));
+ let signature = Dream.headers request "signature" in
+ Dream.log "Got signature: %s" (String.concat " " signature);
let message_object =
Yojson.Safe.from_string body |> Post.mastodon_post_of_yojson
in
@@ -99,10 +96,23 @@ let () =
Dream.json ?code "User not found"
| Ok actor ->
Dream.log "User found";
- message_object
- |> Post.post_of_mastodon_post (User.name actor)
- |> Post.add;
- message_object |> Post.yojson_of_mastodon_post
- |> Yojson.Safe.to_string |> Dream.log "Added post %s";
- Dream.json "{}");
+ let pem = User.get_public_pem actor |> Result.to_option in
+ let%lwt valid_request = Sig.verify_request pem request in
+ (match valid_request with
+ | Error e ->
+ Dream.log "Error verifying request %s"
+ Printexc.(to_string e);
+ let code = Some 500 in
+ Dream.json ?code "Invalid request"
+ | Ok false ->
+ Dream.log "Unauthorized request";
+ let code = Some 501 in
+ Dream.json ?code "Unauthorized"
+ | Ok true ->
+ message_object
+ |> Post.post_of_mastodon_post (User.name actor)
+ |> Post.add;
+ message_object |> Post.yojson_of_mastodon_post
+ |> Yojson.Safe.to_string |> Dream.log "Added post %s";
+ Dream.json "Added user"));
]