A Ruby toolset for interacting with the OStatus suite of protocols
Eugen Rochko 9257196297 Update gempush.yml | 4 years ago | |
---|---|---|
.github | 4 years ago | |
lib | 6 years ago | |
spec | 7 years ago | |
.gitignore | 8 years ago | |
.rspec | 8 years ago | |
.ruby-version | 6 years ago | |
.travis.yml | 7 years ago | |
Gemfile | 8 years ago | |
LICENSE.txt | 8 years ago | |
README.md | 7 years ago | |
Rakefile | 8 years ago | |
ostatus2.gemspec | 6 years ago |
A Ruby toolset for interacting with the OStatus suite of protocols:
gem install ostatus2
When your feed updates and you need to notify subscribers:
p = OStatus2::Publication.new('http://url.to/feed', ['http://some.hub'])
p.publish
When you want to subscribe to a feed:
token = 'abc123'
secret = 'def456'
s = OStatus2::Subscription.new('http://url.to/feed', token: token, secret: secret, webhook: 'http://url.to/webhook', hub: 'http://some.hub')
s.subscribe
Your webhook URL will receive a HTTP GET request that you will need to handle:
if s.valid?(params['hub.topic'], params['hub.verify_token'])
# echo back params['hub.challenge']
else
# return 404
end
Once the subscription is established, your webhook URL will be receiving HTTP POST requests. Among the headers of such a request will be the hub's signature on the content: X-Hub-Signature
. You can verify the integrity of the request:
body = request.body.read
signature = request.env['HTTP_X_HUB_SIGNATURE']
if s.verify(body, signature)
# Do something with the data!
end
When you want to notify a remote resource about an interaction (like a comment):
your_rsa_keypair = OpenSSL::PKey::RSA.new 2048
salmon = OStatus2::Salmon.new
envelope = salmon.pack(comment, your_rsa_keypair)
salmon.post('http://remote.salmon/endpoint', envelope)
When you receive a Salmon notification about a remote interaction:
salmon = OStatus2::Salmon.new
comment = salmon.unpack(envelope)
# Parse comment and determine who the remote author is pretending to be,
# fetch their public key via Webfinger or something like that, and finally
if salmon.verify(envelope, remote_public_key)
# You can be sure the salmon is genuine
end