From c2f14fc9109143d8129799121da6b16f5b24c65e Mon Sep 17 00:00:00 2001
From: Terence Eden <github.com@shkspr.mobi>
Date: Thu, 7 Mar 2024 17:43:40 +0000
Subject: [PATCH] Support for processing Undo / Delete

---
 README.md |  2 +-
 index.php | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 59 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index ac99ae7..077e186 100644
--- a/README.md
+++ b/README.md
@@ -63,6 +63,7 @@ Please take note of [CRAPL v0](https://matt.might.net/articles/crapl/):
 * ✅ User can follow, unfollow, block, and unblock external accounts
 * ✅ Server validates the HTTP Message Signatures of all incoming messages
 * ✅ Incoming messages are saved
+* ✅ Process Undo / Delete messages (Unfollow, delete post, remove Like, remove Announce)
 * ✅ User can read incoming messages (Create, Update, Announce, Like)
 * ✅ User can read the results of polls
 * ✅ User can see attached images, videos, audio
@@ -79,7 +80,6 @@ Please take note of [CRAPL v0](https://matt.might.net/articles/crapl/):
 * ❌ Thread replies in context
 * ❌ Delete own post
 * ❌ Update own post
-* ❌ Receive Undo messages (Unfollow, delete post, remove Like, remove Announce)
 * ❌ Create Polls
 * ❌ Attach multiple images
 * ❌ Set focus point for images
diff --git a/index.php b/index.php
index 66b0986..e2efb28 100644
--- a/index.php
+++ b/index.php
@@ -248,6 +248,13 @@
 		$inbox_message = $body;
 		$inbox_type = $inbox_message["type"];
 
+		//	If this is an Undo or Delete message, try to process it
+		if ( "Undo" == $inbox_type || "Delete" == $inbox_type ) { 
+			undo( $inbox_message ); 
+			die();
+		}
+
+
 		//	Messages to ignore.
 		//	Some servers are very chatty. They send lots of irrelevant messages.
 		//	Before even bothering to validate them, we can delete them.
@@ -1545,7 +1552,6 @@ HTML;
 		//	This is usually in the form `https://example.com/user/username#main-key`
 		//	This is to differentiate if the user has multiple keys
 		//	TODO: Check the actual key
-
 		$userData  = getDataFromURl( $publicKeyURL );
 		$publicKey = $userData["publicKey"]["publicKeyPem"];
 
@@ -1656,6 +1662,57 @@ HTML;
 		die();
 	}
 
+	//	Perform the Undo action requested
+	function undo( $message) { 
+		global $server, $directories;
+		
+		//	Validate HTTP Message Signature
+		if ( !verifyHTTPSignature() ) { die(); }
+
+		//	Get some basic data
+		$type = $message["type"];
+		//	The thing being undone
+		$object      = $message["object"];
+		$object_id   = $object["id"];
+		$object_type = $object["type"];
+		
+		//	Find all the inbox messages which have that ID
+		$inbox_files = glob( $directories["inbox"] . "/*.json" );
+		foreach ( $inbox_files as $inbox_file ) {
+			//	Load the contents
+			$inbox_item = json_decode( file_get_contents( $inbox_file ), true );
+			//	Find the ID
+			if ( isset( $inbox_item["object"]["id"] ) ) { 
+				$inbox_id = $inbox_item["object"]["id"];
+			} else if ( isset ($inbox_item["id"] )) {
+				$inbox_id = $inbox_item["id"];
+			} else {
+				continue;
+			}
+
+			//	If this has the same ID as the item being undone
+			if ( $inbox_id == $object_id ) {
+				//	Delete the file
+				unlink( $inbox_file );
+
+				//	If this was the undoing of a follow request, remove the external user from followers 😢
+				if ( "Follow" == $object_type ) {
+					$actor = $object["actor"];
+					$follower_filename = urlencode( $actor );
+					unlink( $directories["followers"] . "/{$follower_filename}.json" );
+				}
+				//	Stop looping
+				break;
+			}
+		}
+		
+
+		//	If the message is valid, save the message in `/data/inbox/`
+		$uuid = uuid();
+		$filename = $uuid . "." . urlencode( $type ) . ".json";
+		file_put_contents( $directories["inbox"] . "/{$filename}", json_encode( $message ) );
+	}
+
 
 //	"One to stun, two to kill, three to make sure"
 die();