provide webfinger and actor info with rsa key for secure fetch

app/functions.py

@@ -1,6 +1,7 @@
 from bs4 import BeautifulSoup
 import MySQLdb
 import markovify
+from Crypto.PublicKey import RSA
 from mastodon import Mastodon, MastodonUnauthorizedError
 import html, re, json
 
@@ -175,3 +176,29 @@ def make_post(args):
 		c.execute("UPDATE bots SET last_post = CURRENT_TIMESTAMP() WHERE handle = %s", (handle,))
 		db.commit()
 	c.close()
+
+def get_key():
+	db = MySQLdb.connect(
+		host = cfg['db_host'],
+		user=cfg['db_user'],
+		passwd=cfg['db_pass'],
+		db=cfg['db_name']
+	)
+
+	dc = db.cursor(MySQLdb.cursors.DictCursor)
+	dc.execute("SELECT * FROM http_auth_key")
+	key = dc.fetchone()
+	if key == None:
+		# generate new key
+		key = {}
+		privkey = RSA.generate(4096)
+
+		key['private'] = privkey.exportKey('PEM').decode('utf-8')
+		key['public'] = privkey.publickey().exportKey('PEM').decode('utf-8')
+
+		dc.execute("INSERT INTO http_auth_key (private, public) VALUES (%s, %s)", (key['private'], key['public']))
+
+	dc.close()
+	db.commit()
+
+	return key

app/templates/ap/actor.json

@@ -0,0 +1,24 @@
+{
+	"@context": [
+		"https://www.w3.org/ns/activitystreams",
+		{
+			"manuallyApprovesFollowers": "as:manuallyApprovesFollowers"
+		}
+	],
+	"endpoints": {
+		"sharedInbox": "{{ base_uri }}/inbox"
+	},
+	"inbox": "{{ base_uri }}/inbox",
+	"name": "FediBooks",
+	"type": "Application",
+	"id": "{{ base_uri }}/actor",
+	"manuallyApprovesFollowers": true,
+	"publicKey": {
+		"id": "{{ base_uri }}/actor#main-key",
+		"owner": "{{ base_uri }}/actor",
+		"publicKeyPem": "{{ pubkey }}"
+	},
+	"summary": "FediBooks Actor",
+	"preferredUsername": "fedibooks",
+	"url": "{{ base_uri }}/actor"
+}

app/templates/ap/webfinger.json

@@ -0,0 +1,13 @@
+{
+	"aliases": [
+		"{{ base_uri }}/actor"
+	],
+	"links": [
+		{
+			"href": "{{ base_uri }}/actor",
+			"rel": "self",
+			"type": "application/activity+json"
+		}
+	],
+	"subject": "acct:fedibooks@{{ base_uri }}"
+}

app/webui.py

@@ -32,7 +32,11 @@
 
 @app.before_request
 def login_check():
-	if request.path not in ['/', '/about', '/welcome', '/login', '/signup', '/do/login', '/do/signup'] and not request.path.startswith("/push") and not request.path.startswith('/static'):
+	if request.path not in ['/', '/about', '/welcome', '/login', '/signup', '/do/login', '/do/signup'] \
+		and not request.path.startswith("/push") \
+		and not request.path.startswith('/static') \
+		and not request.path.startswith('/actor') \
+		and not request.path.startswith('/.well-known'):
 		# page requires authentication
 		if 'user_id' not in session:
 			return redirect(url_for('render_home'))
@@ -370,9 +374,14 @@ def img_bot_generic():
 def favicon():
 	return send_file("static/favicon.ico")
 
-# @app.route("/.well-known/webfinger")
-# def webfinger():
-# 	return render_template("webfinger.json", base_uri = cfg['base_uri']), 200, {'Content-type':'application/json'}
+@app.route("/.well-known/webfinger")
+def webfinger():
+	return render_template("ap/webfinger.json", base_uri = cfg['base_uri']), 200, {'Content-type':'application/json'}
+
+@app.route("/actor")
+def actor():
+	pubkey = functions.get_key()['public'].replace("\n", "\\n")
+	return render_template("ap/actor.json", base_uri = cfg['base_uri'], pubkey = pubkey), 200, {'Content-type':'application/json'}
 
 
 def bot_check(bot):

db/setup.sql

@@ -8,13 +8,13 @@ CREATE TABLE IF NOT EXISTS `users` (
   `submit` ENUM('always', 'once', 'never') DEFAULT 'once',
   `generation` ENUM('always', 'once', 'never') DEFAULT 'once',
   `reply` ENUM('always', 'once', 'never') DEFAULT 'once'
-) ENGINE=INNODB;
+) ENGINE = INNODB;
 CREATE TABLE IF NOT EXISTS `credentials` (
   `id` INT AUTO_INCREMENT PRIMARY KEY,
   `client_id` VARCHAR(128) NOT NULL,
   `client_secret` VARCHAR(128) NOT NULL,
   `secret` VARCHAR(128) NOT NULL
-) ENGINE=INNODB;
+) ENGINE = INNODB;
 CREATE TABLE IF NOT EXISTS `bots` (
   `handle` VARCHAR(128) PRIMARY KEY,
   `user_id` INT NOT NULL,
@@ -37,42 +37,46 @@ CREATE TABLE IF NOT EXISTS `bots` (
   `icon_update_time` DATETIME DEFAULT '1000-01-01 00:00:00',
   FOREIGN KEY (`user_id`) REFERENCES users(id) ON DELETE CASCADE,
   FOREIGN KEY (`credentials_id`) REFERENCES credentials(id) ON DELETE CASCADE
-) ENGINE=INNODB;
+) ENGINE = INNODB;
 CREATE TABLE IF NOT EXISTS `fedi_accounts` (
   `handle` VARCHAR(128) PRIMARY KEY,
   `outbox` VARCHAR(256),
   `credentials_id` INT,
   `icon` VARCHAR(512),
   `icon_update_time` DATETIME DEFAULT 0,
   FOREIGN KEY (`credentials_id`) REFERENCES credentials(id) ON DELETE CASCADE
-) ENGINE=INNODB;
+) ENGINE = INNODB;
 CREATE TABLE IF NOT EXISTS `bot_learned_accounts` (
   `bot_id` VARCHAR(128) NOT NULL,
   `fedi_id` VARCHAR(128) NOT NULL,
   `enabled` BOOLEAN DEFAULT 1,
   FOREIGN KEY (`bot_id`) REFERENCES bots(handle) ON DELETE CASCADE,
   FOREIGN KEY (`fedi_id`) REFERENCES fedi_accounts(handle) ON DELETE CASCADE
-) ENGINE=INNODB;
+) ENGINE = INNODB;
 CREATE TABLE IF NOT EXISTS `posts` (
   `id` BIGINT AUTO_INCREMENT PRIMARY KEY,
   `fedi_id` VARCHAR(128),
   `post_id` VARCHAR(64) NOT NULL,
   `content` TEXT NOT NULL,
   `cw` BOOLEAN NOT NULL,
   FOREIGN KEY (`fedi_id`) REFERENCES fedi_accounts(handle) ON DELETE CASCADE
-) ENGINE=INNODB;
+) ENGINE = INNODB;
 CREATE TABLE IF NOT EXISTS `word_blacklist` (
   `id` INT AUTO_INCREMENT PRIMARY KEY,
   `bot_id` VARCHAR(128) NOT NULL,
   `phrase` VARCHAR(128) NOT NULL,
   `whole_word` BOOLEAN NOT NULL,
   FOREIGN KEY (`bot_id`) REFERENCES bots(handle) ON DELETE CASCADE
-) ENGINE=INNODB;
+) ENGINE = INNODB;
 CREATE TABLE IF NOT EXISTS `contact_history` (
   `user_id` INT NOT NULL,
   `fetch` BOOLEAN DEFAULT 0,
   `submit` BOOLEAN DEFAULT 0,
   `generation` BOOLEAN DEFAULT 0,
   `reply` BOOLEAN DEFAULT 0,
   FOREIGN KEY (`user_id`) REFERENCES users(id) ON DELETE CASCADE
-) ENGINE=INNODB;
+) ENGINE = INNODB;
+CREATE TABLE IF NOT EXISTS `http_auth_key` (
+  `private` TEXT NOT NULL,
+  `public` TEXT NOT NULL
+) ENGINE = INNODB;

requirements.txt

@@ -8,3 +8,4 @@ bcrypt == 3.1.7
 requests==2.23.0
 http-ece==1.1.0
 cryptography==2.8
+pycryptodome==3.9.7