.circleci
.github
app
chewy
controllers
activitypub
admin
api
v1
v2
web
base_controller.rb
oembed_controller.rb
proofs_controller.rb
push_controller.rb
salmon_controller.rb
subscriptions_controller.rb
auth
concerns
oauth
settings
well_known
about_controller.rb
account_follow_controller.rb
account_unfollow_controller.rb
accounts_controller.rb
application_controller.rb
authorize_interactions_controller.rb
custom_css_controller.rb
directories_controller.rb
emojis_controller.rb
filters_controller.rb
follower_accounts_controller.rb
following_accounts_controller.rb
home_controller.rb
intents_controller.rb
invites_controller.rb
manifests_controller.rb
media_controller.rb
media_proxy_controller.rb
public_timelines_controller.rb
relationships_controller.rb
remote_follow_controller.rb
remote_interaction_controller.rb
remote_unfollows_controller.rb
shares_controller.rb
statuses_controller.rb
stream_entries_controller.rb
tags_controller.rb
helpers
javascript
lib
mailers
models
policies
presenters
serializers
services
validators
views
workers
bin
config
db
dist
lib
log
nanobox
public
spec
streaming
vendor
.buildpacks
.codeclimate.yml
.dockerignore
.editorconfig
.env.nanobox
.env.production.sample
.env.test
.env.vagrant
.eslintignore
.eslintrc.js
.foreman
.gitattributes
.gitignore
.haml-lint.yml
.nanoignore
.nvmrc
.profile
.rspec
.rubocop.yml
.ruby-version
.scss-lint.yml
.slugignore
.yarnclean
AUTHORS.md
Aptfile
CHANGELOG.md
CODE_OF_CONDUCT.md
CONTRIBUTING.md
Capfile
Dockerfile
Gemfile
Gemfile.lock
LICENSE
Procfile
Procfile.dev
README.md
Rakefile
Vagrantfile
app.json
babel.config.js
boxfile.yml
config.ru
docker-compose.yml
package.json
postcss.config.js
priv-config
scalingo.json
yarn.lock
1618b68bfa
* Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
52 lines
1.0 KiB
Ruby
52 lines
1.0 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Api::SubscriptionsController < Api::BaseController
|
|
before_action :set_account
|
|
respond_to :txt
|
|
|
|
def show
|
|
if subscription.valid?(params['hub.topic'])
|
|
@account.update(subscription_expires_at: future_expires)
|
|
render plain: encoded_challenge, status: 200
|
|
else
|
|
head 404
|
|
end
|
|
end
|
|
|
|
def update
|
|
if subscription.verify(body, request.headers['HTTP_X_HUB_SIGNATURE'])
|
|
ProcessingWorker.perform_async(@account.id, body.force_encoding('UTF-8'))
|
|
end
|
|
|
|
head 200
|
|
end
|
|
|
|
private
|
|
|
|
def subscription
|
|
@_subscription ||= @account.subscription(
|
|
api_subscription_url(@account.id)
|
|
)
|
|
end
|
|
|
|
def body
|
|
@_body ||= request.body.read
|
|
end
|
|
|
|
def encoded_challenge
|
|
HTMLEntities.new.encode(params['hub.challenge'])
|
|
end
|
|
|
|
def future_expires
|
|
Time.now.utc + lease_seconds_or_default
|
|
end
|
|
|
|
def lease_seconds_or_default
|
|
(params['hub.lease_seconds'] || 1.day).to_i.seconds
|
|
end
|
|
|
|
def set_account
|
|
@account = Account.find(params[:id])
|
|
end
|
|
end
|