diff options
4 files changed, 25 insertions, 10 deletions
diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts index 00bc0bdda..224e4fe92 100644 --- a/server/helpers/core-utils.ts +++ b/server/helpers/core-utils.ts | |||
@@ -5,7 +5,7 @@ | |||
5 | 5 | ||
6 | import * as bcrypt from 'bcrypt' | 6 | import * as bcrypt from 'bcrypt' |
7 | import * as createTorrent from 'create-torrent' | 7 | import * as createTorrent from 'create-torrent' |
8 | import { createHash, pseudoRandomBytes } from 'crypto' | 8 | import { createHash, HexBase64Latin1Encoding, pseudoRandomBytes } from 'crypto' |
9 | import { isAbsolute, join } from 'path' | 9 | import { isAbsolute, join } from 'path' |
10 | import * as pem from 'pem' | 10 | import * as pem from 'pem' |
11 | import { URL } from 'url' | 11 | import { URL } from 'url' |
@@ -126,8 +126,8 @@ function peertubeTruncate (str: string, maxLength: number) { | |||
126 | return truncate(str, options) | 126 | return truncate(str, options) |
127 | } | 127 | } |
128 | 128 | ||
129 | function sha256 (str: string) { | 129 | function sha256 (str: string, encoding: HexBase64Latin1Encoding = 'hex') { |
130 | return createHash('sha256').update(str).digest('hex') | 130 | return createHash('sha256').update(str).digest(encoding) |
131 | } | 131 | } |
132 | 132 | ||
133 | function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> { | 133 | function promisify0<A> (func: (cb: (err: any, result: A) => void) => void): () => Promise<A> { |
diff --git a/server/lib/job-queue/handlers/activitypub-http-broadcast.ts b/server/lib/job-queue/handlers/activitypub-http-broadcast.ts index 03a9e12a4..abbd89b3b 100644 --- a/server/lib/job-queue/handlers/activitypub-http-broadcast.ts +++ b/server/lib/job-queue/handlers/activitypub-http-broadcast.ts | |||
@@ -3,7 +3,7 @@ import * as Bluebird from 'bluebird' | |||
3 | import { logger } from '../../../helpers/logger' | 3 | import { logger } from '../../../helpers/logger' |
4 | import { doRequest } from '../../../helpers/requests' | 4 | import { doRequest } from '../../../helpers/requests' |
5 | import { ActorFollowModel } from '../../../models/activitypub/actor-follow' | 5 | import { ActorFollowModel } from '../../../models/activitypub/actor-follow' |
6 | import { buildSignedRequestOptions, computeBody } from './utils/activitypub-http-utils' | 6 | import { buildGlobalHeaders, buildSignedRequestOptions, computeBody } from './utils/activitypub-http-utils' |
7 | import { BROADCAST_CONCURRENCY, JOB_REQUEST_TIMEOUT } from '../../../initializers' | 7 | import { BROADCAST_CONCURRENCY, JOB_REQUEST_TIMEOUT } from '../../../initializers' |
8 | 8 | ||
9 | export type ActivitypubHttpBroadcastPayload = { | 9 | export type ActivitypubHttpBroadcastPayload = { |
@@ -25,7 +25,8 @@ async function processActivityPubHttpBroadcast (job: Bull.Job) { | |||
25 | uri: '', | 25 | uri: '', |
26 | json: body, | 26 | json: body, |
27 | httpSignature: httpSignatureOptions, | 27 | httpSignature: httpSignatureOptions, |
28 | timeout: JOB_REQUEST_TIMEOUT | 28 | timeout: JOB_REQUEST_TIMEOUT, |
29 | headers: buildGlobalHeaders(body) | ||
29 | } | 30 | } |
30 | 31 | ||
31 | const badUrls: string[] = [] | 32 | const badUrls: string[] = [] |
diff --git a/server/lib/job-queue/handlers/activitypub-http-unicast.ts b/server/lib/job-queue/handlers/activitypub-http-unicast.ts index c90d735f6..d36479032 100644 --- a/server/lib/job-queue/handlers/activitypub-http-unicast.ts +++ b/server/lib/job-queue/handlers/activitypub-http-unicast.ts | |||
@@ -2,7 +2,7 @@ import * as Bull from 'bull' | |||
2 | import { logger } from '../../../helpers/logger' | 2 | import { logger } from '../../../helpers/logger' |
3 | import { doRequest } from '../../../helpers/requests' | 3 | import { doRequest } from '../../../helpers/requests' |
4 | import { ActorFollowModel } from '../../../models/activitypub/actor-follow' | 4 | import { ActorFollowModel } from '../../../models/activitypub/actor-follow' |
5 | import { buildSignedRequestOptions, computeBody } from './utils/activitypub-http-utils' | 5 | import { buildGlobalHeaders, buildSignedRequestOptions, computeBody } from './utils/activitypub-http-utils' |
6 | import { JOB_REQUEST_TIMEOUT } from '../../../initializers' | 6 | import { JOB_REQUEST_TIMEOUT } from '../../../initializers' |
7 | 7 | ||
8 | export type ActivitypubHttpUnicastPayload = { | 8 | export type ActivitypubHttpUnicastPayload = { |
@@ -25,7 +25,8 @@ async function processActivityPubHttpUnicast (job: Bull.Job) { | |||
25 | uri, | 25 | uri, |
26 | json: body, | 26 | json: body, |
27 | httpSignature: httpSignatureOptions, | 27 | httpSignature: httpSignatureOptions, |
28 | timeout: JOB_REQUEST_TIMEOUT | 28 | timeout: JOB_REQUEST_TIMEOUT, |
29 | headers: buildGlobalHeaders(body) | ||
29 | } | 30 | } |
30 | 31 | ||
31 | try { | 32 | try { |
diff --git a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts index 36092665e..d71c91a24 100644 --- a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts +++ b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts | |||
@@ -1,8 +1,11 @@ | |||
1 | import { buildSignedActivity } from '../../../../helpers/activitypub' | 1 | import { buildSignedActivity } from '../../../../helpers/activitypub' |
2 | import { getServerActor } from '../../../../helpers/utils' | 2 | import { getServerActor } from '../../../../helpers/utils' |
3 | import { ActorModel } from '../../../../models/activitypub/actor' | 3 | import { ActorModel } from '../../../../models/activitypub/actor' |
4 | import { sha256 } from '../../../../helpers/core-utils' | ||
4 | 5 | ||
5 | async function computeBody (payload: { body: any, signatureActorId?: number }) { | 6 | type Payload = { body: any, signatureActorId?: number } |
7 | |||
8 | async function computeBody (payload: Payload) { | ||
6 | let body = payload.body | 9 | let body = payload.body |
7 | 10 | ||
8 | if (payload.signatureActorId) { | 11 | if (payload.signatureActorId) { |
@@ -14,7 +17,7 @@ async function computeBody (payload: { body: any, signatureActorId?: number }) { | |||
14 | return body | 17 | return body |
15 | } | 18 | } |
16 | 19 | ||
17 | async function buildSignedRequestOptions (payload: { signatureActorId?: number }) { | 20 | async function buildSignedRequestOptions (payload: Payload) { |
18 | let actor: ActorModel | null | 21 | let actor: ActorModel | null |
19 | if (payload.signatureActorId) { | 22 | if (payload.signatureActorId) { |
20 | actor = await ActorModel.load(payload.signatureActorId) | 23 | actor = await ActorModel.load(payload.signatureActorId) |
@@ -29,11 +32,21 @@ async function buildSignedRequestOptions (payload: { signatureActorId?: number } | |||
29 | algorithm: 'rsa-sha256', | 32 | algorithm: 'rsa-sha256', |
30 | authorizationHeaderName: 'Signature', | 33 | authorizationHeaderName: 'Signature', |
31 | keyId, | 34 | keyId, |
32 | key: actor.privateKey | 35 | key: actor.privateKey, |
36 | headers: [ 'date', 'host', 'digest', '(request-target)' ] | ||
37 | } | ||
38 | } | ||
39 | |||
40 | function buildGlobalHeaders (body: object) { | ||
41 | const digest = 'SHA-256=' + sha256(JSON.stringify(body), 'base64') | ||
42 | |||
43 | return { | ||
44 | 'Digest': digest | ||
33 | } | 45 | } |
34 | } | 46 | } |
35 | 47 | ||
36 | export { | 48 | export { |
49 | buildGlobalHeaders, | ||
37 | computeBody, | 50 | computeBody, |
38 | buildSignedRequestOptions | 51 | buildSignedRequestOptions |
39 | } | 52 | } |