aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2020-01-07 15:24:27 +0100
committerChocobozzz <me@florianbigard.com>2020-01-07 15:56:09 +0100
commite92269053e3fd0e9b9c155ded86a1668444f3d70 (patch)
treefc6c48416a028fa4f471fbe91f5b982122e303bf
parent7cde3b9c2e84ea20bb0aae4544598483cde9e22c (diff)
downloadPeerTube-e92269053e3fd0e9b9c155ded86a1668444f3d70.tar.gz
PeerTube-e92269053e3fd0e9b9c155ded86a1668444f3d70.tar.zst
PeerTube-e92269053e3fd0e9b9c155ded86a1668444f3d70.zip
Update http signature
-rw-r--r--package.json2
-rw-r--r--server/helpers/custom-jsonld-signature.ts14
-rw-r--r--server/helpers/peertube-crypto.ts2
-rw-r--r--server/lib/job-queue/handlers/activitypub-http-unicast.ts2
-rw-r--r--server/middlewares/activitypub.ts5
-rw-r--r--yarn.lock13
6 files changed, 29 insertions, 9 deletions
diff --git a/package.json b/package.json
index 87dc2b5b9..aba7d1c4b 100644
--- a/package.json
+++ b/package.json
@@ -122,7 +122,7 @@
122 "fluent-ffmpeg": "^2.1.0", 122 "fluent-ffmpeg": "^2.1.0",
123 "fs-extra": "^8.0.1", 123 "fs-extra": "^8.0.1",
124 "helmet": "^3.12.1", 124 "helmet": "^3.12.1",
125 "http-signature": "1.2.0", 125 "http-signature": "1.3.1",
126 "ip-anonymize": "^0.1.0", 126 "ip-anonymize": "^0.1.0",
127 "ipaddr.js": "1.9.1", 127 "ipaddr.js": "1.9.1",
128 "is-cidr": "^3.0.0", 128 "is-cidr": "^3.0.0",
diff --git a/server/helpers/custom-jsonld-signature.ts b/server/helpers/custom-jsonld-signature.ts
index cb07fa3b2..a407a9fec 100644
--- a/server/helpers/custom-jsonld-signature.ts
+++ b/server/helpers/custom-jsonld-signature.ts
@@ -70,12 +70,20 @@ const lru = new AsyncLRU({
70 }) 70 })
71 } 71 }
72 72
73 nodeDocumentLoader(url, cb) 73 nodeDocumentLoader(url)
74 .then(value => cb(null, value))
75 .catch(err => cb(err))
74 } 76 }
75}) 77})
76 78
77jsonld.documentLoader = (url, cb) => { 79jsonld.documentLoader = (url) => {
78 lru.get(url, cb) 80 return new Promise((res, rej) => {
81 lru.get(url, (err, value) => {
82 if (err) return rej(err)
83
84 return res(value)
85 })
86 })
79} 87}
80 88
81export { jsonld } 89export { jsonld }
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 9eb782302..89c0ab151 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -51,7 +51,7 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool
51} 51}
52 52
53function parseHTTPSignature (req: Request, clockSkew?: number) { 53function parseHTTPSignature (req: Request, clockSkew?: number) {
54 return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, clockSkew }) 54 return httpSignature.parse(req, { clockSkew })
55} 55}
56 56
57// JSONLD 57// JSONLD
diff --git a/server/lib/job-queue/handlers/activitypub-http-unicast.ts b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
index c70ce3be9..6fbd4a716 100644
--- a/server/lib/job-queue/handlers/activitypub-http-unicast.ts
+++ b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
@@ -20,6 +20,8 @@ async function processActivityPubHttpUnicast (job: Bull.Job) {
20 const body = await computeBody(payload) 20 const body = await computeBody(payload)
21 const httpSignatureOptions = await buildSignedRequestOptions(payload) 21 const httpSignatureOptions = await buildSignedRequestOptions(payload)
22 22
23 logger.info('hello', { httpSignatureOptions })
24
23 const options = { 25 const options = {
24 method: 'POST', 26 method: 'POST',
25 uri, 27 uri,
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index fedac0e05..bd3bdb076 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -51,10 +51,11 @@ export {
51// --------------------------------------------------------------------------- 51// ---------------------------------------------------------------------------
52 52
53async function checkHttpSignature (req: Request, res: Response) { 53async function checkHttpSignature (req: Request, res: Response) {
54 // FIXME: mastodon does not include the Signature scheme 54 // FIXME: compatibility with http-signature < v1.3
55 const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string 55 const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
56 if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig 56 if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '')
57 57
58 logger.info('coucou', { signature: req.headers[HTTP_SIGNATURE.HEADER_NAME] })
58 const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS) 59 const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)
59 60
60 const keyId = parsed.keyId 61 const keyId = parsed.keyId
diff --git a/yarn.lock b/yarn.lock
index 71ef762f4..0f24b411b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3092,7 +3092,16 @@ http-parser-js@^0.4.3:
3092 resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137" 3092 resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137"
3093 integrity sha1-O9bW/ebjFyyTNMOzO2wZPYD+ETc= 3093 integrity sha1-O9bW/ebjFyyTNMOzO2wZPYD+ETc=
3094 3094
3095http-signature@1.2.0, http-signature@~1.2.0: 3095http-signature@1.3.1:
3096 version "1.3.1"
3097 resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.3.1.tgz#739fe2f8897ba84798e3e54b699a9008a8724ff9"
3098 integrity sha512-Y29YKEc8MQsjch/VzkUVJ+2MXd9WcR42fK5u36CZf4G8bXw2DXMTWuESiB0R6m59JAWxlPPw5/Fri/t/AyyueA==
3099 dependencies:
3100 assert-plus "^1.0.0"
3101 jsprim "^1.2.2"
3102 sshpk "^1.14.1"
3103
3104http-signature@~1.2.0:
3096 version "1.2.0" 3105 version "1.2.0"
3097 resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1" 3106 resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1"
3098 integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE= 3107 integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=
@@ -6057,7 +6066,7 @@ srt-to-vtt@^1.1.2:
6057 through2 "^0.6.3" 6066 through2 "^0.6.3"
6058 to-utf-8 "^1.2.0" 6067 to-utf-8 "^1.2.0"
6059 6068
6060sshpk@^1.7.0: 6069sshpk@^1.14.1, sshpk@^1.7.0:
6061 version "1.16.1" 6070 version "1.16.1"
6062 resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877" 6071 resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"
6063 integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg== 6072 integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==