import { logger } from './logger'
import { cloneDeep } from 'lodash'
import { createSign, createVerify } from 'crypto'
-import { buildDigest } from '../lib/job-queue/handlers/utils/activitypub-http-utils'
import * as bcrypt from 'bcrypt'
-import { MActor } from '../typings/models'
+import { MActor } from '../types/models'
const bcryptComparePromise = promisify2<any, string, boolean>(bcrypt.compare)
const bcryptGenSaltPromise = promisify1<number, string>(bcrypt.genSalt)
}
function parseHTTPSignature (req: Request, clockSkew?: number) {
- return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, clockSkew })
+ const headers = req.method === 'POST'
+ ? HTTP_SIGNATURE.REQUIRED_HEADERS.POST
+ : HTTP_SIGNATURE.REQUIRED_HEADERS.ALL
+
+ return httpSignature.parse(req, { clockSkew, headers })
}
// JSONLD
return verify.verify(fromActor.publicKey, signedDocument.signature.signatureValue, 'base64')
}
-async function signJsonLDObject (byActor: MActor, data: any) {
+async function signJsonLDObject <T> (byActor: MActor, data: T) {
const signature = {
type: 'RsaSignature2017',
creator: byActor.url,
return Object.assign(data, { signature })
}
+function buildDigest (body: any) {
+ const rawBody = typeof body === 'string' ? body : JSON.stringify(body)
+
+ return 'SHA-256=' + sha256(rawBody, 'base64')
+}
+
// ---------------------------------------------------------------------------
export {
isHTTPSignatureDigestValid,
parseHTTPSignature,
isHTTPSignatureVerified,
+ buildDigest,
isJsonLDSignatureVerified,
comparePassword,
createPrivateAndPublicKeys,