Begin activitypub

14 files changed, 443 insertions, 158 deletions

diff --git a/server/helpers/activitypub.ts b/server/helpers/activitypub.ts
new file mode 100644
index 000000000..ecb509b66
--- /dev/null
+++ b/server/helpers/activitypub.ts
@@ -0,0 +1,123 @@
+import * as url from 'url'
+
+import { database as db } from '../initializers'
+import { logger } from './logger'
+import { doRequest } from './requests'
+import { isRemoteAccountValid } from './custom-validators'
+import { ActivityPubActor } from '../../shared/models/activitypub/activitypub-actor'
+import { ResultList } from '../../shared/models/result-list.model'
+
+async function fetchRemoteAccountAndCreatePod (accountUrl: string) {
+  const options = {
+    uri: accountUrl,
+    method: 'GET'
+  }
+
+  let requestResult
+  try {
+    requestResult = await doRequest(options)
+  } catch (err) {
+    logger.warning('Cannot fetch remote account %s.', accountUrl, err)
+    return undefined
+  }
+
+  const accountJSON: ActivityPubActor = requestResult.body
+  if (isRemoteAccountValid(accountJSON) === false) return undefined
+
+  const followersCount = await fetchAccountCount(accountJSON.followers)
+  const followingCount = await fetchAccountCount(accountJSON.following)
+
+  const account = db.Account.build({
+    uuid: accountJSON.uuid,
+    name: accountJSON.preferredUsername,
+    url: accountJSON.url,
+    publicKey: accountJSON.publicKey.publicKeyPem,
+    privateKey: null,
+    followersCount: followersCount,
+    followingCount: followingCount,
+    inboxUrl: accountJSON.inbox,
+    outboxUrl: accountJSON.outbox,
+    sharedInboxUrl: accountJSON.endpoints.sharedInbox,
+    followersUrl: accountJSON.followers,
+    followingUrl: accountJSON.following
+  })
+
+  const accountHost = url.parse(account.url).host
+  const podOptions = {
+    where: {
+      host: accountHost
+    },
+    defaults: {
+      host: accountHost
+    }
+  }
+  const pod = await db.Pod.findOrCreate(podOptions)
+
+  return { account, pod }
+}
+
+function activityPubContextify (data: object) {
+  return Object.assign(data,{
+    '@context': [
+      'https://www.w3.org/ns/activitystreams',
+      'https://w3id.org/security/v1',
+      {
+        'Hashtag': 'as:Hashtag',
+        'uuid': 'http://schema.org/identifier',
+        'category': 'http://schema.org/category',
+        'licence': 'http://schema.org/license',
+        'nsfw': 'as:sensitive',
+        'language': 'http://schema.org/inLanguage',
+        'views': 'http://schema.org/Number',
+        'size': 'http://schema.org/Number'
+      }
+    ]
+  })
+}
+
+function activityPubCollectionPagination (url: string, page: number, result: ResultList<any>) {
+  const baseUrl = url.split('?').shift
+
+  const obj = {
+    id: baseUrl,
+    type: 'Collection',
+    totalItems: result.total,
+    first: {
+      id: baseUrl + '?page=' + page,
+      type: 'CollectionPage',
+      totalItems: result.total,
+      next: baseUrl + '?page=' + (page + 1),
+      partOf: baseUrl,
+      items: result.data
+    }
+  }
+
+  return activityPubContextify(obj)
+}
+
+// ---------------------------------------------------------------------------
+
+export {
+  fetchRemoteAccountAndCreatePod,
+  activityPubContextify,
+  activityPubCollectionPagination
+}
+
+// ---------------------------------------------------------------------------
+
+async function fetchAccountCount (url: string) {
+  const options = {
+    uri: url,
+    method: 'GET'
+  }
+
+  let requestResult
+  try {
+    requestResult = await doRequest(options)
+  } catch (err) {
+    logger.warning('Cannot fetch remote account count %s.', url, err)
+    return undefined
+  }
+
+  return requestResult.totalItems ? requestResult.totalItems : 0
+}
diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts
index 3dae78144..d8748e1d7 100644
--- a/server/helpers/core-utils.ts
+++ b/server/helpers/core-utils.ts
@@ -19,8 +19,10 @@ import * as mkdirp from 'mkdirp'
 import * as bcrypt from 'bcrypt'
 import * as createTorrent from 'create-torrent'
 import * as rimraf from 'rimraf'
-import * as openssl from 'openssl-wrapper'
-import * as Promise from 'bluebird'
+import * as pem from 'pem'
+import * as jsonld from 'jsonld'
+import * as jsig from 'jsonld-signatures'
+jsig.use('jsonld', jsonld)
 
 function isTestInstance () {
   return process.env.NODE_ENV === 'test'
@@ -54,6 +56,12 @@ function escapeHTML (stringParam) {
   return String(stringParam).replace(/[&<>"'`=\/]/g, s => entityMap[s])
 }
 
+function pageToStartAndCount (page: number, itemsPerPage: number) {
+  const start = (page - 1) * itemsPerPage
+
+  return { start, count: itemsPerPage }
+}
+
 function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> {
   return function promisified (): Promise<A> {
     return new Promise<A>((resolve: (arg: A) => void, reject: (err: any) => void) => {
@@ -104,13 +112,16 @@ const readdirPromise = promisify1<string, string[]>(readdir)
 const mkdirpPromise = promisify1<string, string>(mkdirp)
 const pseudoRandomBytesPromise = promisify1<number, Buffer>(pseudoRandomBytes)
 const accessPromise = promisify1WithVoid<string | Buffer>(access)
-const opensslExecPromise = promisify2WithVoid<string, any>(openssl.exec)
+const createPrivateKey = promisify1<number, { key: string }>(pem.createPrivateKey)
+const getPublicKey = promisify1<string, { publicKey: string }>(pem.getPublicKey)
 const bcryptComparePromise = promisify2<any, string, boolean>(bcrypt.compare)
 const bcryptGenSaltPromise = promisify1<number, string>(bcrypt.genSalt)
 const bcryptHashPromise = promisify2<any, string | number, string>(bcrypt.hash)
 const createTorrentPromise = promisify2<string, any, any>(createTorrent)
 const rimrafPromise = promisify1WithVoid<string>(rimraf)
 const statPromise = promisify1<string, Stats>(stat)
+const jsonldSignPromise = promisify2<object, { privateKeyPem: string, creator: string }, object>(jsig.sign)
+const jsonldVerifyPromise = promisify2<object, object, object>(jsig.verify)
 
 // ---------------------------------------------------------------------------
 
@@ -118,9 +129,11 @@ export {
   isTestInstance,
   root,
   escapeHTML,
+  pageToStartAndCount,
 
   promisify0,
   promisify1,
+
   readdirPromise,
   readFilePromise,
   readFileBufferPromise,
@@ -130,11 +143,14 @@ export {
   mkdirpPromise,
   pseudoRandomBytesPromise,
   accessPromise,
-  opensslExecPromise,
+  createPrivateKey,
+  getPublicKey,
   bcryptComparePromise,
   bcryptGenSaltPromise,
   bcryptHashPromise,
   createTorrentPromise,
   rimrafPromise,
-  statPromise
+  statPromise,
+  jsonldSignPromise,
+  jsonldVerifyPromise
 }
diff --git a/server/helpers/custom-validators/activitypub/account.ts b/server/helpers/custom-validators/activitypub/account.ts
new file mode 100644
index 000000000..8a7d1b7fe
--- /dev/null
+++ b/server/helpers/custom-validators/activitypub/account.ts
@@ -0,0 +1,123 @@
+import * as validator from 'validator'
+
+import { exists, isUUIDValid } from '../misc'
+import { isActivityPubUrlValid } from './misc'
+import { isUserUsernameValid } from '../users'
+
+function isAccountEndpointsObjectValid (endpointObject: any) {
+  return isAccountSharedInboxValid(endpointObject.sharedInbox)
+}
+
+function isAccountSharedInboxValid (sharedInbox: string) {
+  return isActivityPubUrlValid(sharedInbox)
+}
+
+function isAccountPublicKeyObjectValid (publicKeyObject: any) {
+  return isAccountPublicKeyIdValid(publicKeyObject.id) &&
+    isAccountPublicKeyOwnerValid(publicKeyObject.owner) &&
+    isAccountPublicKeyValid(publicKeyObject.publicKeyPem)
+}
+
+function isAccountPublicKeyIdValid (id: string) {
+  return isActivityPubUrlValid(id)
+}
+
+function isAccountTypeValid (type: string) {
+  return type === 'Person' || type === 'Application'
+}
+
+function isAccountPublicKeyOwnerValid (owner: string) {
+  return isActivityPubUrlValid(owner)
+}
+
+function isAccountPublicKeyValid (publicKey: string) {
+  return exists(publicKey) &&
+    typeof publicKey === 'string' &&
+    publicKey.startsWith('-----BEGIN PUBLIC KEY-----') &&
+    publicKey.endsWith('-----END PUBLIC KEY-----')
+}
+
+function isAccountIdValid (id: string) {
+  return isActivityPubUrlValid(id)
+}
+
+function isAccountFollowingValid (id: string) {
+  return isActivityPubUrlValid(id)
+}
+
+function isAccountFollowersValid (id: string) {
+  return isActivityPubUrlValid(id)
+}
+
+function isAccountInboxValid (inbox: string) {
+  return isActivityPubUrlValid(inbox)
+}
+
+function isAccountOutboxValid (outbox: string) {
+  return isActivityPubUrlValid(outbox)
+}
+
+function isAccountNameValid (name: string) {
+  return isUserUsernameValid(name)
+}
+
+function isAccountPreferredUsernameValid (preferredUsername: string) {
+  return isAccountNameValid(preferredUsername)
+}
+
+function isAccountUrlValid (url: string) {
+  return isActivityPubUrlValid(url)
+}
+
+function isAccountPrivateKeyValid (privateKey: string) {
+  return exists(privateKey) &&
+    typeof privateKey === 'string' &&
+    privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') &&
+    privateKey.endsWith('-----END RSA PRIVATE KEY-----')
+}
+
+function isRemoteAccountValid (remoteAccount: any) {
+  return isAccountIdValid(remoteAccount.id) &&
+    isUUIDValid(remoteAccount.uuid) &&
+    isAccountTypeValid(remoteAccount.type) &&
+    isAccountFollowingValid(remoteAccount.following) &&
+    isAccountFollowersValid(remoteAccount.followers) &&
+    isAccountInboxValid(remoteAccount.inbox) &&
+    isAccountOutboxValid(remoteAccount.outbox) &&
+    isAccountPreferredUsernameValid(remoteAccount.preferredUsername) &&
+    isAccountUrlValid(remoteAccount.url) &&
+    isAccountPublicKeyObjectValid(remoteAccount.publicKey) &&
+    isAccountEndpointsObjectValid(remoteAccount.endpoint)
+}
+
+function isAccountFollowingCountValid (value: string) {
+  return exists(value) && validator.isInt('' + value, { min: 0 })
+}
+
+function isAccountFollowersCountValid (value: string) {
+  return exists(value) && validator.isInt('' + value, { min: 0 })
+}
+
+// ---------------------------------------------------------------------------
+
+export {
+  isAccountEndpointsObjectValid,
+  isAccountSharedInboxValid,
+  isAccountPublicKeyObjectValid,
+  isAccountPublicKeyIdValid,
+  isAccountTypeValid,
+  isAccountPublicKeyOwnerValid,
+  isAccountPublicKeyValid,
+  isAccountIdValid,
+  isAccountFollowingValid,
+  isAccountFollowersValid,
+  isAccountInboxValid,
+  isAccountOutboxValid,
+  isAccountPreferredUsernameValid,
+  isAccountUrlValid,
+  isAccountPrivateKeyValid,
+  isRemoteAccountValid,
+  isAccountFollowingCountValid,
+  isAccountFollowersCountValid,
+  isAccountNameValid
+}
diff --git a/server/helpers/custom-validators/activitypub/index.ts b/server/helpers/custom-validators/activitypub/index.ts
new file mode 100644
index 000000000..800f0ddf3
--- /dev/null
+++ b/server/helpers/custom-validators/activitypub/index.ts
@@ -0,0 +1,4 @@
+export * from './account'
+export * from './signature'
+export * from './misc'
+export * from './videos'
diff --git a/server/helpers/custom-validators/activitypub/misc.ts b/server/helpers/custom-validators/activitypub/misc.ts
new file mode 100644
index 000000000..806d33483
--- /dev/null
+++ b/server/helpers/custom-validators/activitypub/misc.ts
@@ -0,0 +1,17 @@
+import { exists } from '../misc'
+
+function isActivityPubUrlValid (url: string) {
+  const isURLOptions = {
+    require_host: true,
+    require_tld: true,
+    require_protocol: true,
+    require_valid_protocol: true,
+    protocols: [ 'http', 'https' ]
+  }
+
+  return exists(url) && validator.isURL(url, isURLOptions)
+}
+
+export {
+  isActivityPubUrlValid
+}
diff --git a/server/helpers/custom-validators/activitypub/signature.ts b/server/helpers/custom-validators/activitypub/signature.ts
new file mode 100644
index 000000000..683ed2b1c
--- /dev/null
+++ b/server/helpers/custom-validators/activitypub/signature.ts
@@ -0,0 +1,22 @@
+import { exists } from '../misc'
+import { isActivityPubUrlValid } from './misc'
+
+function isSignatureTypeValid (signatureType: string) {
+  return exists(signatureType) && signatureType === 'GraphSignature2012'
+}
+
+function isSignatureCreatorValid (signatureCreator: string) {
+  return exists(signatureCreator) && isActivityPubUrlValid(signatureCreator)
+}
+
+function isSignatureValueValid (signatureValue: string) {
+  return exists(signatureValue) && signatureValue.length > 0
+}
+
+// ---------------------------------------------------------------------------
+
+export {
+  isSignatureTypeValid,
+  isSignatureCreatorValid,
+  isSignatureValueValid
+}
diff --git a/server/helpers/custom-validators/remote/videos.ts b/server/helpers/custom-validators/activitypub/videos.ts
index e0ffba679..e0ffba679 100644
--- a/server/helpers/custom-validators/remote/videos.ts
+++ b/server/helpers/custom-validators/activitypub/videos.ts
diff --git a/server/helpers/custom-validators/index.ts b/server/helpers/custom-validators/index.ts
index c79982660..869b08870 100644
--- a/server/helpers/custom-validators/index.ts
+++ b/server/helpers/custom-validators/index.ts
@@ -1,4 +1,4 @@
-export * from './remote'
+export * from './activitypub'
 export * from './misc'
 export * from './pods'
 export * from './pods'
diff --git a/server/helpers/custom-validators/remote/index.ts b/server/helpers/custom-validators/remote/index.ts
deleted file mode 100644
index e29a9b767..000000000
--- a/server/helpers/custom-validators/remote/index.ts
+++ /dev/null
@@ -1 +0,0 @@
-export * from './videos'
diff --git a/server/helpers/ffmpeg-utils.ts b/server/helpers/ffmpeg-utils.ts
index f18b6bd9a..c07dddefe 100644
--- a/server/helpers/ffmpeg-utils.ts
+++ b/server/helpers/ffmpeg-utils.ts
@@ -1,4 +1,3 @@
-import * as Promise from 'bluebird'
 import * as ffmpeg from 'fluent-ffmpeg'
 
 import { CONFIG } from '../initializers'
diff --git a/server/helpers/index.ts b/server/helpers/index.ts
index 846bd796f..2c7ac3954 100644
--- a/server/helpers/index.ts
+++ b/server/helpers/index.ts
@@ -1,3 +1,4 @@
+export * from './activitypub'
 export * from './core-utils'
 export * from './logger'
 export * from './custom-validators'
@@ -6,3 +7,4 @@ export * from './database-utils'
 export * from './peertube-crypto'
 export * from './requests'
 export * from './utils'
+export * from './webfinger'
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 10a226af4..6d50e446f 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -1,77 +1,68 @@
-import * as crypto from 'crypto'
-import { join } from 'path'
+import * as jsig from 'jsonld-signatures'
 
 import {
-  SIGNATURE_ALGORITHM,
-  SIGNATURE_ENCODING,
-  PRIVATE_CERT_NAME,
-  CONFIG,
-  BCRYPT_SALT_SIZE,
-  PUBLIC_CERT_NAME
+  PRIVATE_RSA_KEY_SIZE,
+  BCRYPT_SALT_SIZE
 } from '../initializers'
 import {
-  readFilePromise,
   bcryptComparePromise,
   bcryptGenSaltPromise,
   bcryptHashPromise,
-  accessPromise,
-  opensslExecPromise
+  createPrivateKey,
+  getPublicKey,
+  jsonldSignPromise,
+  jsonldVerifyPromise
 } from './core-utils'
 import { logger } from './logger'
+import { AccountInstance } from '../models/account/account-interface'
 
-function checkSignature (publicKey: string, data: string, hexSignature: string) {
-  const verify = crypto.createVerify(SIGNATURE_ALGORITHM)
-
-  let dataString
-  if (typeof data === 'string') {
-    dataString = data
-  } else {
-    try {
-      dataString = JSON.stringify(data)
-    } catch (err) {
-      logger.error('Cannot check signature.', err)
-      return false
-    }
-  }
+async function createPrivateAndPublicKeys () {
+  logger.info('Generating a RSA key...')
 
-  verify.update(dataString, 'utf8')
+  const { key } = await createPrivateKey(PRIVATE_RSA_KEY_SIZE)
+  const { publicKey } = await getPublicKey(key)
 
-  const isValid = verify.verify(publicKey, hexSignature, SIGNATURE_ENCODING)
-  return isValid
+  return { privateKey: key, publicKey }
 }
 
-async function sign (data: string | Object) {
-  const sign = crypto.createSign(SIGNATURE_ALGORITHM)
-
-  let dataString: string
-  if (typeof data === 'string') {
-    dataString = data
-  } else {
-    try {
-      dataString = JSON.stringify(data)
-    } catch (err) {
-      logger.error('Cannot sign data.', err)
-      return ''
-    }
+function isSignatureVerified (fromAccount: AccountInstance, signedDocument: object) {
+  const publicKeyObject = {
+    '@context': jsig.SECURITY_CONTEXT_URL,
+    '@id': fromAccount.url,
+    '@type':  'CryptographicKey',
+    owner: fromAccount.url,
+    publicKeyPem: fromAccount.publicKey
   }
 
-  sign.update(dataString, 'utf8')
+  const publicKeyOwnerObject = {
+    '@context': jsig.SECURITY_CONTEXT_URL,
+    '@id': fromAccount.url,
+    publicKey: [ publicKeyObject ]
+  }
 
-  const myKey = await getMyPrivateCert()
-  return sign.sign(myKey, SIGNATURE_ENCODING)
-}
+  const options = {
+    publicKey: publicKeyObject,
+    publicKeyOwner: publicKeyOwnerObject
+  }
 
-function comparePassword (plainPassword: string, hashPassword: string) {
-  return bcryptComparePromise(plainPassword, hashPassword)
+  return jsonldVerifyPromise(signedDocument, options)
+    .catch(err => {
+      logger.error('Cannot check signature.', err)
+      return false
+    })
 }
 
-async function createCertsIfNotExist () {
-  const exist = await certsExist()
-  if (exist === true) {
-    return
+function signObject (byAccount: AccountInstance, data: any) {
+  const options = {
+    privateKeyPem: byAccount.privateKey,
+    creator: byAccount.url
   }
 
-  return createCerts()
+  return jsonldSignPromise(data, options)
+}
+
+function comparePassword (plainPassword: string, hashPassword: string) {
+  return bcryptComparePromise(plainPassword, hashPassword)
 }
 
 async function cryptPassword (password: string) {
@@ -80,69 +71,12 @@ async function cryptPassword (password: string) {
   return bcryptHashPromise(password, salt)
 }
 
-function getMyPrivateCert () {
-  const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
-  return readFilePromise(certPath, 'utf8')
-}
-
-function getMyPublicCert () {
-  const certPath = join(CONFIG.STORAGE.CERT_DIR, PUBLIC_CERT_NAME)
-  return readFilePromise(certPath, 'utf8')
-}
-
 // ---------------------------------------------------------------------------
 
 export {
-  checkSignature,
+  isSignatureVerified,
   comparePassword,
-  createCertsIfNotExist,
+  createPrivateAndPublicKeys,
   cryptPassword,
-  getMyPrivateCert,
-  getMyPublicCert,
-  sign
-}
-
-// ---------------------------------------------------------------------------
-
-async function certsExist () {
-  const certPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
-
-  // If there is an error the certificates do not exist
-  try {
-    await accessPromise(certPath)
-
-    return true
-  } catch {
-    return false
-  }
-}
-
-async function createCerts () {
-  const exist = await certsExist()
-  if (exist === true) {
-    const errorMessage = 'Certs already exist.'
-    logger.warning(errorMessage)
-    throw new Error(errorMessage)
-  }
-
-  logger.info('Generating a RSA key...')
-
-  const privateCertPath = join(CONFIG.STORAGE.CERT_DIR, PRIVATE_CERT_NAME)
-  const genRsaOptions = {
-    'out': privateCertPath,
-    '2048': false
-  }
-
-  await opensslExecPromise('genrsa', genRsaOptions)
-  logger.info('RSA key generated.')
-  logger.info('Managing public key...')
-
-  const publicCertPath = join(CONFIG.STORAGE.CERT_DIR, 'peertube.pub')
-  const rsaOptions = {
-    'in': privateCertPath,
-    'pubout': true,
-    'out': publicCertPath
-  }
-
-  await opensslExecPromise('rsa', rsaOptions)
+  signObject
 }
diff --git a/server/helpers/requests.ts b/server/helpers/requests.ts
index af1f401de..8c4c983f7 100644
--- a/server/helpers/requests.ts
+++ b/server/helpers/requests.ts
@@ -9,7 +9,13 @@ import {
 } from '../initializers'
 import { PodInstance } from '../models'
 import { PodSignature } from '../../shared'
-import { sign } from './peertube-crypto'
+import { signObject } from './peertube-crypto'
+
+function doRequest (requestOptions: request.CoreOptions & request.UriOptions) {
+  return new Promise<{ response: request.RequestResponse, body: any }>((res, rej) => {
+    request(requestOptions, (err, response, body) => err ? rej(err) : res({ response, body }))
+  })
+}
 
 type MakeRetryRequestParams = {
   url: string,
@@ -31,61 +37,57 @@ function makeRetryRequest (params: MakeRetryRequestParams) {
 }
 
 type MakeSecureRequestParams = {
-  method: 'GET' | 'POST'
   toPod: PodInstance
   path: string
   data?: Object
 }
 function makeSecureRequest (params: MakeSecureRequestParams) {
-  return new Promise<{ response: request.RequestResponse, body: any }>((res, rej) => {
-    const requestParams: {
-      url: string,
-      json: {
-        signature: PodSignature,
-        data: any
-      }
-    } = {
-      url: REMOTE_SCHEME.HTTP + '://' + params.toPod.host + params.path,
-      json: {
-        signature: null,
-        data: null
-      }
+  const requestParams: {
+    method: 'POST',
+    uri: string,
+    json: {
+      signature: PodSignature,
+      data: any
     }
-
-    if (params.method !== 'POST') {
-      return rej(new Error('Cannot make a secure request with a non POST method.'))
+  } = {
+    method: 'POST',
+    uri: REMOTE_SCHEME.HTTP + '://' + params.toPod.host + params.path,
+    json: {
+      signature: null,
+      data: null
     }
+  }
 
-    const host = CONFIG.WEBSERVER.HOST
+  const host = CONFIG.WEBSERVER.HOST
 
-    let dataToSign
-    if (params.data) {
-      dataToSign = params.data
-    } else {
-      // We do not have data to sign so we just take our host
-      // It is not ideal but the connection should be in HTTPS
-      dataToSign = host
-    }
+  let dataToSign
+  if (params.data) {
+    dataToSign = params.data
+  } else {
+    // We do not have data to sign so we just take our host
+    // It is not ideal but the connection should be in HTTPS
+    dataToSign = host
+  }
 
-    sign(dataToSign).then(signature => {
-      requestParams.json.signature = {
-        host, // Which host we pretend to be
-        signature
-      }
+  sign(dataToSign).then(signature => {
+    requestParams.json.signature = {
+      host, // Which host we pretend to be
+      signature
+    }
 
-      // If there are data information
-      if (params.data) {
-        requestParams.json.data = params.data
-      }
+    // If there are data information
+    if (params.data) {
+      requestParams.json.data = params.data
+    }
 
-      request.post(requestParams, (err, response, body) => err ? rej(err) : res({ response, body }))
-    })
+    return doRequest(requestParams)
   })
 }
 
 // ---------------------------------------------------------------------------
 
 export {
+  doRequest,
   makeRetryRequest,
   makeSecureRequest
 }
diff --git a/server/helpers/webfinger.ts b/server/helpers/webfinger.ts
new file mode 100644
index 000000000..9586fa562
--- /dev/null
+++ b/server/helpers/webfinger.ts
@@ -0,0 +1,44 @@
+import * as WebFinger from 'webfinger.js'
+
+import { isTestInstance } from './core-utils'
+import { isActivityPubUrlValid } from './custom-validators'
+import { WebFingerData } from '../../shared'
+import { fetchRemoteAccountAndCreatePod } from './activitypub'
+
+const webfinger = new WebFinger({
+  webfist_fallback: false,
+  tls_only: isTestInstance(),
+  uri_fallback: false,
+  request_timeout: 3000
+})
+
+async function getAccountFromWebfinger (url: string) {
+  const webfingerData: WebFingerData = await webfingerLookup(url)
+
+  if (Array.isArray(webfingerData.links) === false) return undefined
+
+  const selfLink = webfingerData.links.find(l => l.rel === 'self')
+  if (selfLink === undefined || isActivityPubUrlValid(selfLink.href) === false) return undefined
+
+  const { account } = await fetchRemoteAccountAndCreatePod(selfLink.href)
+
+  return account
+}
+
+// ---------------------------------------------------------------------------
+
+export {
+  getAccountFromWebfinger
+}
+
+// ---------------------------------------------------------------------------
+
+function webfingerLookup (url: string) {
+  return new Promise<WebFingerData>((res, rej) => {
+    webfinger.lookup('nick@silverbucket.net', (err, p) => {
+      if (err) return rej(err)
+
+      return p
+    })
+  })
+}