remove uneccessary routes and update readme

README.md

@@ -4,7 +4,7 @@ Web proxy for Mastodon that puts public profiles behind an auth layer.
 
 ## How it works
 
-PAWS sits between Mastodon and your front-facing web proxy to intercept incoming requests. If a profile, toot, or any related json is requested, it will be blocked unless authenticated.
+PAWS sits between Mastodon and your front-facing web proxy to intercept incoming requests. If a profile, toot, or any related json is requested, it will be blocked unless authenticated. If authenticated fetches on mastodon are disabled, PAWS will check signatures instead
 
 Note: Still very much a WIP. Currently it's just simple http auth, but I plan on adding the ability to login via oauth
 
@@ -12,15 +12,30 @@ Note: Still very much a WIP. Currently it's just simple http auth, but I plan on
 
 Python 3.6.0+ (3.8.0 recommended)
 
-`python3 setup.py install`
+`python3 -m pip install -r requirements.txt --user`
 
 ## Configuration
 
-(eventually)
+data/production.env:
+
+```
+# Path to mastodon instance. Defaults to current working dir
+MASTOPATH=/home/mastodon/glitch-soc
+
+# Listen address and port for PAWS. Can safely be ignored if running on same host as web server
+PAWS_HOST=127.0.0.1
+PAWS_PORT=3001
+
+# These will be phased out
+PAWS_USER=admin
+PAWS_PASS=password
+```
 
 ### Caddy
 
-'''
+Append this to caddy's mastodon config:
+
+```
 rewrite {
 	if_op and
 	if {path} starts_with /users
@@ -29,7 +44,9 @@ rewrite {
 }
 
 rewrite {
+	if_op or
 	if {path} starts_with /@
+	if {path} starts_with /authorize
 	to {path} /auth/{path}
 }
 
@@ -37,4 +54,9 @@ proxy /auth localhost:3001 {
 	without /auth
 	transparent
 }
-'''
+```
+
+### Nginx
+
+Coming soon. Convert caddy's config to nginx format if you know how for now
+

paws/middleware.py

@@ -62,18 +62,21 @@ def parse_ua(agent):
 	elif 'Pleroma' in agent:
 		ua2 = ua1[1].split(' <')
 
-	elif 'Misskey' in agent:
+	elif 'Misskey' in agent or 'BarksharkRelay' in agent:
 		ua2 = ua1[1].split(')')
 
 	elif 'Friendica' in agent:
-		logging.info(ua1[1])
+		logging.debug(ua1[1])
 		return ua1[1]
 
+	elif 'activityrelay' in agent.lower():
+		return ''
+
 	else:
 		logging.warning(f'Unhandled user-agent: {agent}')
 
 	if len(ua2) > 1:
-		logging.info(ua2[0])
+		logging.debug(ua2[0])
 		return ua2[0]
 
 	logging.warning(f'Invalid user-agent: {agent}')
@@ -99,7 +102,7 @@ async def passthrough(path, headers, post=None, query=None):
 			if resp.status not in [200, 202]:
 				print(data)
 				logging.warning(f'Recieved error {resp.status} from Mastodon')
-				json_error(504, f'Failed to forward request. Recieved error {resp.status} from Mastodon')
+				json_error(resp.status, f'Failed to forward request. Recieved error {resp.status} from Mastodon')
 
 			raise aiohttp.web.HTTPOk(body=data, content_type=resp.content_type)
 
@@ -209,7 +212,7 @@ async def http_filter(app, handler):
 	async def http_filter_handler(request):
 		ua = request.headers.get('user-agent')
 
-		if 'Mozilla/5.0' not in ua and 'aiohttp/3.3.2' not in ua:
+		if not user_check(request.path):
 			try:
 				data = await request.json()
 				actor = data.get('actor')

paws/routes.py

@@ -20,13 +20,7 @@ def webserver():
 	])
 
 	web.add_routes([
-		aiohttp.web.route('*', '/', views.heck),
-		aiohttp.web.route('*', '/@{user}', views.heck),
-		aiohttp.web.route('*', '/@{user}/{post}', views.heck),
-		aiohttp.web.route('*', '/@{user}/{post}/activity', views.heck),
-		aiohttp.web.route('*', '/users/{user}', views.heck),
-		aiohttp.web.route('*', '/users/{user}/{post}', views.heck),
-		aiohttp.web.route('*', '/users/{user}/{post}/activity', views.heck)
+		aiohttp.web.route('GET', '/authorize', views.authorize),
 	])
 
 	return web

paws/views.py

@@ -1,9 +1,5 @@
 import aiohttp
 
-async def heck(request):
-	data = {
-		'path': request.match_info.get('path'),
-		'msg': 'UvU'
-	}
-
+async def authorize(request):
+	data = {['heck']}
 	return aiohttp.web.json_response(data)

requirements.txt

@@ -0,0 +1,12 @@
+# todo: module version numbers
+dbutils
+pygresql
+tinydb
+tinyrecord
+tinydb-smartcache
+aiohttp
+pycryptodome
+tldextract
+envbash
+ipaddress
+