Hi StatusTeam !
Just wanted to let you know that I can now receive, and verify the
signature, of incoming salmon slap from status.net to my node-ostatus lib !
The code needs some refactoring; but you can already have a look on this
branch: https://github.com/eschnou/node-ostatus/tree/feature_salmon
However, I had two issues, mainly due to the salmon spec having evolved in
the recent months and not reflected in statusnet today. Do you have any
plans to update to the latest spec ? Otherwise I'll have to add special
cases in my code and don't really favor that.
1. Padding is causing problems. It seems the base64 encoder in PHP does not
behave like the node.js one, so that sometimes the armored string computed
are different; sometimes not. This was tough to debug since it works from
time to time. However, in the last release of the spec, it is required to
strip all padding before doing any signature (for this exact reason I
assume). If I hack the statusnet code (see below), then it works great every
time.
2. You are using deprecated rel values, that is less of an issue but still
confusing :-)
3. If a user has salmon links in his webfinger XRD, but also exposes an
activity feed, the links are not discovered (the XRD is skipped) and
searched inside the feed.
For the base64, I changed your base64_url_encode function in MagicSig.php to
strip the padding:
public static function base64_url_encode($input)
{
return str_replace('=','',strtr(base64_encode($input), '+/', '-_'));
}
Next: me slapping you, hopefully it will be straightforward, and then time
for a SWAT0 video :-)
Cheers,
Laurent
_______________________________________________
StatusNet-dev mailing list
StatusNet-dev@lists.status.net
http://lists.status.net/mailman/listinfo/statusnet-dev
