aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/lib
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2018-10-19 11:41:19 +0200
committerChocobozzz <me@florianbigard.com>2018-10-19 12:59:52 +0200
commitf7509cbec875ec4ee3201cce08839f2a02676c1c (patch)
tree5dbfcff41a175aa7d4b7d396ca90fe26049d0164 /server/lib
parent333210d862fdba4bb114b756d4f964789f480196 (diff)
downloadPeerTube-f7509cbec875ec4ee3201cce08839f2a02676c1c.tar.gz
PeerTube-f7509cbec875ec4ee3201cce08839f2a02676c1c.tar.zst
PeerTube-f7509cbec875ec4ee3201cce08839f2a02676c1c.zip
Add HTTP signature check before linked signature
It's faster, and will allow us to use RSA signature 2018 (with upstream jsonld-signature module) without too much incompatibilities in the peertube federation
Diffstat (limited to 'server/lib')
-rw-r--r--server/lib/job-queue/handlers/utils/activitypub-http-utils.ts7
1 files changed, 4 insertions, 3 deletions
diff --git a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
index d71c91a24..fd9c74341 100644
--- a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
+++ b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
@@ -2,6 +2,7 @@ import { buildSignedActivity } from '../../../../helpers/activitypub'
2import { getServerActor } from '../../../../helpers/utils' 2import { getServerActor } from '../../../../helpers/utils'
3import { ActorModel } from '../../../../models/activitypub/actor' 3import { ActorModel } from '../../../../models/activitypub/actor'
4import { sha256 } from '../../../../helpers/core-utils' 4import { sha256 } from '../../../../helpers/core-utils'
5import { HTTP_SIGNATURE } from '../../../../initializers'
5 6
6type Payload = { body: any, signatureActorId?: number } 7type Payload = { body: any, signatureActorId?: number }
7 8
@@ -29,11 +30,11 @@ async function buildSignedRequestOptions (payload: Payload) {
29 30
30 const keyId = actor.getWebfingerUrl() 31 const keyId = actor.getWebfingerUrl()
31 return { 32 return {
32 algorithm: 'rsa-sha256', 33 algorithm: HTTP_SIGNATURE.ALGORITHM,
33 authorizationHeaderName: 'Signature', 34 authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME,
34 keyId, 35 keyId,
35 key: actor.privateKey, 36 key: actor.privateKey,
36 headers: [ 'date', 'host', 'digest', '(request-target)' ] 37 headers: HTTP_SIGNATURE.HEADERS_TO_SIGN
37 } 38 }
38} 39}
39 40