repo: actpub
action: blob
revision: 
path_from: ap-signed-post
revision_from: refs/heads/master:
path_to: 
revision_to:
git.thebackupbox.net
actpub
git clone git://git.thebackupbox.net/actpub

blob of:

actpub

/ ap-signed-post

blob_plain of this file

refs/heads/master:/ap-signed-post

 #!/usr/bin/env bash

 if [ ! "$1" -o ! "$POST_DATA" ];then
   printf "usage: ap-signed-post \n" >&2
   printf "POST_DATA must be in an env var as well.\n" >&2
   exit 1
 fi

 uri="$1"

 host="$(uricut -d <<< "${uri}")"
 uri_path="/$(uricut -p <<< "${uri}")"

 HTTPSIG_ALGO="rsa-sha256"
 # slower  HTTPSIG_KEYID="$(ap-getactor "$(ap-whoami)" | jq -r .publicKey.id)"
 HTTPSIG_KEYID="$(head -n1 ~/.config/ap/private.pem)" # faster HACK. just keep keyid at start of file :P
 CONTENT_TYPE="application/activity+json"
 HTTPSIG_HEADERS="(request-target) host date digest content-type"
 HTTP_DATE="$(rfc7231date)"
 HTTP_DIGEST="SHA-256=$(printf "%s" "$POST_DATA" | openssl sha256 | cut '-d ' -f2- | xxd -r -p | base64)"

 SIGNED_STRING="(request-target): post ${uri_path}
 host: $host
 date: $HTTP_DATE
 digest: $HTTP_DIGEST
 content-type: $CONTENT_TYPE"

 HTTPSIG_SIGNATURE="$(openssl dgst -sha256 -sign ~/.config/ap/private.pem <(printf "%s" "${SIGNED_STRING}") | base64 | tr -d '\n')"
 HTTP_SIGNATURE='keyId="'"${HTTPSIG_KEYID}"'",algorithm="'"${HTTPSIG_ALGO}"'",headers="'"${HTTPSIG_HEADERS}"'",signature="'"${HTTPSIG_SIGNATURE}"'"'

 printf "ap-signed-post: doing a curl to : %s\n" "$uri" >&2

 curl -i \
 	--data-raw "${POST_DATA}" \
 	-A "https://git.thebackupbox.net/actpub/ (epoch's fault)" \
 	-H "Accept: application/activity+json" \
 	-H "Signature: $HTTP_SIGNATURE" \
 	-H "Date: $HTTP_DATE" \
 	-H "Digest: $HTTP_DIGEST" \
 	-H "Content-Type: $CONTENT_TYPE" \
 	-g "$uri"
 	    ### ... and here
 echo 'ap-signed-post: [DONE]' >&2