accept AP follow requests: original patch from @swentel

...from https://github.com/snarfed/bridgy-fed/issues/21#issuecomment-430403595
2018-10-19 06:50:00 -07:00 · 2018-10-19 06:50:00 -07:00 · ed3a685831
commit ed3a685831
--- a/activitypub.py
+++ b/activitypub.py
@ -1,7 +1,9 @@
 """Handles requests for ActivityPub endpoints: actors, inbox, etc.
 """
+import datetime
 import json
 import logging
+import string

 import appengine_config

@ -12,13 +14,15 @@ from oauth_dropins.webutil import util
 import webapp2

 import common
-from models import MagicKey
+from models import MagicKey, Response
+from httpsig.requests_auth import HTTPSignatureAuth

 SUPPORTED_TYPES = (
    'Announce',
    'Article',
    'Audio',
    'Create',
+    'Follow',
    'Image',
    'Like',
    'Note',
@ -83,6 +87,10 @@ class InboxHandler(webapp2.RequestHandler):

        # TODO: verify signature if there is one

+        if type == 'Follow':
+            self.accept_follow(activity)
+            return
+
        # fetch actor if necessary so we have name, profile photo, etc
        if type in ('Like', 'Announce'):
            for elem in obj, activity:
@ -96,6 +104,49 @@ class InboxHandler(webapp2.RequestHandler):
        common.send_webmentions(self, as1, proxy=True, protocol='activitypub',
                                source_as2=source_as2)

+    def accept_follow(activity):
+        logging.info('Sending Accept to inbox')
+
+        accept = {
+            '@context': 'https://www.w3.org/ns/activitystreams',
+            'id': activity['id'],
+            'type': 'Accept',
+            'actor': activity['object'],
+            'object': {
+              'type': 'Follow',
+               'actor': activity['actor'],
+               'object': activity['object'],
+            }
+        }
+
+        # source domain - this is still wrong in so many ways ... :)
+        source_domain = string.replace(activity['object'], 'https://fed.brid.gy/r/', '')
+        source_domain = string.replace(source_domain, 'http://', '')
+        source_domain = string.replace(source_domain, 'https://', '')
+        logging.info('source domain ' + source_domain)
+
+        # inbox url.
+        target = activity['actor']
+        actor = common.get_as2(target).json()
+        inbox_url = actor.get('inbox')
+        logging.info('Inbox url ' + inbox_url)
+
+        acct = 'acct:%s@%s' % (source_domain, source_domain)
+        key = MagicKey.get_or_create(source_domain)
+        signature = HTTPSignatureAuth(secret=key.private_pem(), key_id=acct,
+                                 algorithm='rsa-sha256')
+
+        # deliver source object to target actor's inbox.
+        headers = {
+            'Content-Type': common.CONTENT_TYPE_AS2,
+            # required for HTTP Signature
+            # https://tools.ietf.org/html/draft-cavage-http-signatures-07#section-2.1.3
+            'Date': datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT'),
+            'signature': signature,
+        }
+        resp = common.requests_post(inbox_url, json=activity_accept, headers=headers)
+        self.response.write(resp.text)
+

 app = webapp2.WSGIApplication([
    (r'/%s/?' % common.DOMAIN_RE, ActorHandler),