repo: actpub
action: blob
revision: 
path_from: ap-proxy.cgi
revision_from: refs/heads/master:
path_to: 
revision_to:
git.thebackupbox.net
actpub
git clone git://git.thebackupbox.net/actpub

blob of:

actpub

/ ap-proxy.cgi

blob_plain of this file

refs/heads/master:/ap-proxy.cgi

 #!/usr/bin/env bash
 ### this CGI is to be ran by the 'www' user so that user inboxes can pull
 ### public keys and actor objects of other users using requests signed by www.

 ### we really only need to proxy these for localhost
 ### inb4 we proxy the proxy through the proxy. XD
 if [ "$REMOTE_ADDR" != "127.0.0.1" -a "$REMOTE_ADDR" != "21.41.41.5" ];then
   printf "Status: 401 Not Authorized\r\n"
   printf "Content-Type: text/plain\r\n\r\n"
   printf "I only proxy requests for hosts I like. Not yours: %s\n" "$REMOTE_ADDR"
   exit 0
 fi
 export REMOTE_IDENT="$(ident "${SERVER_ADDR}" "${REMOTE_ADDR}" 113 "${REMOTE_PORT}" "${SERVER_PORT}")"
 if [ $REMOTE_IDENT = "www" ];then #lol. we don't need to proxy for ourself. we *have* a private key.
   printf "Status: 401 Not Authorized\r\n"
   printf "Content-Type: text/plain\r\n\r\n"
   printf "Why would I proxy requests for myself? That's stupid.\n"
   exit 0
 fi

 uri="$(uriunescape "$(query_param uri)")"
 if [ ! "$uri" ];then
   printf "Content-Type: text/html\r\n\r\n"
   printf "grab uris as thebackupbox.net's www user"
   printf '
' # hrm... maybe require a POST?.... nah
   printf ""
   exit 0
 fi

 ### this needs to be a signed request for some hosts so... I guess we
 ### will probably give the server itself a key it can use.
 #curl -sH 'Accept: application/activity+json, application/ld+json' -g "$keyuri" \

 printf 'Content-Type: application/ld+json\r\n\r\n'
 ap-signed-get "$uri"