diff options
author | Chocobozzz <me@florianbigard.com> | 2020-01-07 15:24:27 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2020-01-07 15:56:09 +0100 |
commit | e92269053e3fd0e9b9c155ded86a1668444f3d70 (patch) | |
tree | fc6c48416a028fa4f471fbe91f5b982122e303bf | |
parent | 7cde3b9c2e84ea20bb0aae4544598483cde9e22c (diff) | |
download | PeerTube-e92269053e3fd0e9b9c155ded86a1668444f3d70.tar.gz PeerTube-e92269053e3fd0e9b9c155ded86a1668444f3d70.tar.zst PeerTube-e92269053e3fd0e9b9c155ded86a1668444f3d70.zip |
Update http signature
-rw-r--r-- | package.json | 2 | ||||
-rw-r--r-- | server/helpers/custom-jsonld-signature.ts | 14 | ||||
-rw-r--r-- | server/helpers/peertube-crypto.ts | 2 | ||||
-rw-r--r-- | server/lib/job-queue/handlers/activitypub-http-unicast.ts | 2 | ||||
-rw-r--r-- | server/middlewares/activitypub.ts | 5 | ||||
-rw-r--r-- | yarn.lock | 13 |
6 files changed, 29 insertions, 9 deletions
diff --git a/package.json b/package.json index 87dc2b5b9..aba7d1c4b 100644 --- a/package.json +++ b/package.json | |||
@@ -122,7 +122,7 @@ | |||
122 | "fluent-ffmpeg": "^2.1.0", | 122 | "fluent-ffmpeg": "^2.1.0", |
123 | "fs-extra": "^8.0.1", | 123 | "fs-extra": "^8.0.1", |
124 | "helmet": "^3.12.1", | 124 | "helmet": "^3.12.1", |
125 | "http-signature": "1.2.0", | 125 | "http-signature": "1.3.1", |
126 | "ip-anonymize": "^0.1.0", | 126 | "ip-anonymize": "^0.1.0", |
127 | "ipaddr.js": "1.9.1", | 127 | "ipaddr.js": "1.9.1", |
128 | "is-cidr": "^3.0.0", | 128 | "is-cidr": "^3.0.0", |
diff --git a/server/helpers/custom-jsonld-signature.ts b/server/helpers/custom-jsonld-signature.ts index cb07fa3b2..a407a9fec 100644 --- a/server/helpers/custom-jsonld-signature.ts +++ b/server/helpers/custom-jsonld-signature.ts | |||
@@ -70,12 +70,20 @@ const lru = new AsyncLRU({ | |||
70 | }) | 70 | }) |
71 | } | 71 | } |
72 | 72 | ||
73 | nodeDocumentLoader(url, cb) | 73 | nodeDocumentLoader(url) |
74 | .then(value => cb(null, value)) | ||
75 | .catch(err => cb(err)) | ||
74 | } | 76 | } |
75 | }) | 77 | }) |
76 | 78 | ||
77 | jsonld.documentLoader = (url, cb) => { | 79 | jsonld.documentLoader = (url) => { |
78 | lru.get(url, cb) | 80 | return new Promise((res, rej) => { |
81 | lru.get(url, (err, value) => { | ||
82 | if (err) return rej(err) | ||
83 | |||
84 | return res(value) | ||
85 | }) | ||
86 | }) | ||
79 | } | 87 | } |
80 | 88 | ||
81 | export { jsonld } | 89 | export { jsonld } |
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts index 9eb782302..89c0ab151 100644 --- a/server/helpers/peertube-crypto.ts +++ b/server/helpers/peertube-crypto.ts | |||
@@ -51,7 +51,7 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool | |||
51 | } | 51 | } |
52 | 52 | ||
53 | function parseHTTPSignature (req: Request, clockSkew?: number) { | 53 | function parseHTTPSignature (req: Request, clockSkew?: number) { |
54 | return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, clockSkew }) | 54 | return httpSignature.parse(req, { clockSkew }) |
55 | } | 55 | } |
56 | 56 | ||
57 | // JSONLD | 57 | // JSONLD |
diff --git a/server/lib/job-queue/handlers/activitypub-http-unicast.ts b/server/lib/job-queue/handlers/activitypub-http-unicast.ts index c70ce3be9..6fbd4a716 100644 --- a/server/lib/job-queue/handlers/activitypub-http-unicast.ts +++ b/server/lib/job-queue/handlers/activitypub-http-unicast.ts | |||
@@ -20,6 +20,8 @@ async function processActivityPubHttpUnicast (job: Bull.Job) { | |||
20 | const body = await computeBody(payload) | 20 | const body = await computeBody(payload) |
21 | const httpSignatureOptions = await buildSignedRequestOptions(payload) | 21 | const httpSignatureOptions = await buildSignedRequestOptions(payload) |
22 | 22 | ||
23 | logger.info('hello', { httpSignatureOptions }) | ||
24 | |||
23 | const options = { | 25 | const options = { |
24 | method: 'POST', | 26 | method: 'POST', |
25 | uri, | 27 | uri, |
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts index fedac0e05..bd3bdb076 100644 --- a/server/middlewares/activitypub.ts +++ b/server/middlewares/activitypub.ts | |||
@@ -51,10 +51,11 @@ export { | |||
51 | // --------------------------------------------------------------------------- | 51 | // --------------------------------------------------------------------------- |
52 | 52 | ||
53 | async function checkHttpSignature (req: Request, res: Response) { | 53 | async function checkHttpSignature (req: Request, res: Response) { |
54 | // FIXME: mastodon does not include the Signature scheme | 54 | // FIXME: compatibility with http-signature < v1.3 |
55 | const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string | 55 | const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string |
56 | if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig | 56 | if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '') |
57 | 57 | ||
58 | logger.info('coucou', { signature: req.headers[HTTP_SIGNATURE.HEADER_NAME] }) | ||
58 | const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS) | 59 | const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS) |
59 | 60 | ||
60 | const keyId = parsed.keyId | 61 | const keyId = parsed.keyId |
@@ -3092,7 +3092,16 @@ http-parser-js@^0.4.3: | |||
3092 | resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137" | 3092 | resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137" |
3093 | integrity sha1-O9bW/ebjFyyTNMOzO2wZPYD+ETc= | 3093 | integrity sha1-O9bW/ebjFyyTNMOzO2wZPYD+ETc= |
3094 | 3094 | ||
3095 | http-signature@1.2.0, http-signature@~1.2.0: | 3095 | http-signature@1.3.1: |
3096 | version "1.3.1" | ||
3097 | resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.3.1.tgz#739fe2f8897ba84798e3e54b699a9008a8724ff9" | ||
3098 | integrity sha512-Y29YKEc8MQsjch/VzkUVJ+2MXd9WcR42fK5u36CZf4G8bXw2DXMTWuESiB0R6m59JAWxlPPw5/Fri/t/AyyueA== | ||
3099 | dependencies: | ||
3100 | assert-plus "^1.0.0" | ||
3101 | jsprim "^1.2.2" | ||
3102 | sshpk "^1.14.1" | ||
3103 | |||
3104 | http-signature@~1.2.0: | ||
3096 | version "1.2.0" | 3105 | version "1.2.0" |
3097 | resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1" | 3106 | resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1" |
3098 | integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE= | 3107 | integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE= |
@@ -6057,7 +6066,7 @@ srt-to-vtt@^1.1.2: | |||
6057 | through2 "^0.6.3" | 6066 | through2 "^0.6.3" |
6058 | to-utf-8 "^1.2.0" | 6067 | to-utf-8 "^1.2.0" |
6059 | 6068 | ||
6060 | sshpk@^1.7.0: | 6069 | sshpk@^1.14.1, sshpk@^1.7.0: |
6061 | version "1.16.1" | 6070 | version "1.16.1" |
6062 | resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877" | 6071 | resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877" |
6063 | integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg== | 6072 | integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg== |