From 729bb184819ddda1d7313da0c30b3397e5689721 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 10 Oct 2018 08:51:58 +0200 Subject: Add more headers to broadcast/unicast --- .../handlers/utils/activitypub-http-utils.ts | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'server/lib/job-queue/handlers/utils') diff --git a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts index 36092665e..d71c91a24 100644 --- a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts +++ b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts @@ -1,8 +1,11 @@ import { buildSignedActivity } from '../../../../helpers/activitypub' import { getServerActor } from '../../../../helpers/utils' import { ActorModel } from '../../../../models/activitypub/actor' +import { sha256 } from '../../../../helpers/core-utils' -async function computeBody (payload: { body: any, signatureActorId?: number }) { +type Payload = { body: any, signatureActorId?: number } + +async function computeBody (payload: Payload) { let body = payload.body if (payload.signatureActorId) { @@ -14,7 +17,7 @@ async function computeBody (payload: { body: any, signatureActorId?: number }) { return body } -async function buildSignedRequestOptions (payload: { signatureActorId?: number }) { +async function buildSignedRequestOptions (payload: Payload) { let actor: ActorModel | null if (payload.signatureActorId) { actor = await ActorModel.load(payload.signatureActorId) @@ -29,11 +32,21 @@ async function buildSignedRequestOptions (payload: { signatureActorId?: number } algorithm: 'rsa-sha256', authorizationHeaderName: 'Signature', keyId, - key: actor.privateKey + key: actor.privateKey, + headers: [ 'date', 'host', 'digest', '(request-target)' ] + } +} + +function buildGlobalHeaders (body: object) { + const digest = 'SHA-256=' + sha256(JSON.stringify(body), 'base64') + + return { + 'Digest': digest } } export { + buildGlobalHeaders, computeBody, buildSignedRequestOptions } -- cgit v1.2.3 From 41f2ebae4f970932fb62d2d8923b1f776f0b1494 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 19 Oct 2018 11:41:19 +0200 Subject: Add HTTP signature check before linked signature It's faster, and will allow us to use RSA signature 2018 (with upstream jsonld-signature module) without too much incompatibilities in the peertube federation --- server/lib/job-queue/handlers/utils/activitypub-http-utils.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'server/lib/job-queue/handlers/utils') diff --git a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts index d71c91a24..fd9c74341 100644 --- a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts +++ b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts @@ -2,6 +2,7 @@ import { buildSignedActivity } from '../../../../helpers/activitypub' import { getServerActor } from '../../../../helpers/utils' import { ActorModel } from '../../../../models/activitypub/actor' import { sha256 } from '../../../../helpers/core-utils' +import { HTTP_SIGNATURE } from '../../../../initializers' type Payload = { body: any, signatureActorId?: number } @@ -29,11 +30,11 @@ async function buildSignedRequestOptions (payload: Payload) { const keyId = actor.getWebfingerUrl() return { - algorithm: 'rsa-sha256', - authorizationHeaderName: 'Signature', + algorithm: HTTP_SIGNATURE.ALGORITHM, + authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, keyId, key: actor.privateKey, - headers: [ 'date', 'host', 'digest', '(request-target)' ] + headers: HTTP_SIGNATURE.HEADERS_TO_SIGN } } -- cgit v1.2.3 From df66d81583e07ce049daeeef1edc6a87b57b3684 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 23 Oct 2018 11:38:48 +0200 Subject: Add compatibility with other Linked Signature algorithms --- .../lib/job-queue/handlers/utils/activitypub-http-utils.ts | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'server/lib/job-queue/handlers/utils') diff --git a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts index fd9c74341..4961d4502 100644 --- a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts +++ b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts @@ -38,15 +38,20 @@ async function buildSignedRequestOptions (payload: Payload) { } } -function buildGlobalHeaders (body: object) { - const digest = 'SHA-256=' + sha256(JSON.stringify(body), 'base64') - +function buildGlobalHeaders (body: any) { return { - 'Digest': digest + 'Digest': buildDigest(body) } } +function buildDigest (body: any) { + const rawBody = typeof body === 'string' ? body : JSON.stringify(body) + + return 'SHA-256=' + sha256(rawBody, 'base64') +} + export { + buildDigest, buildGlobalHeaders, computeBody, buildSignedRequestOptions -- cgit v1.2.3