From 41f2ebae4f970932fb62d2d8923b1f776f0b1494 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Fri, 19 Oct 2018 11:41:19 +0200
Subject: Add HTTP signature check before linked signature

It's faster, and will allow us to use RSA signature 2018 (with upstream
jsonld-signature module) without too much incompatibilities in the
peertube federation
---
 server/lib/job-queue/handlers/utils/activitypub-http-utils.ts | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'server/lib/job-queue')

diff --git a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
index d71c91a24..fd9c74341 100644
--- a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
+++ b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
@@ -2,6 +2,7 @@ import { buildSignedActivity } from '../../../../helpers/activitypub'
 import { getServerActor } from '../../../../helpers/utils'
 import { ActorModel } from '../../../../models/activitypub/actor'
 import { sha256 } from '../../../../helpers/core-utils'
+import { HTTP_SIGNATURE } from '../../../../initializers'
 
 type Payload = { body: any, signatureActorId?: number }
 
@@ -29,11 +30,11 @@ async function buildSignedRequestOptions (payload: Payload) {
 
   const keyId = actor.getWebfingerUrl()
   return {
-    algorithm: 'rsa-sha256',
-    authorizationHeaderName: 'Signature',
+    algorithm: HTTP_SIGNATURE.ALGORITHM,
+    authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME,
     keyId,
     key: actor.privateKey,
-    headers: [ 'date', 'host', 'digest', '(request-target)' ]
+    headers: HTTP_SIGNATURE.HEADERS_TO_SIGN
   }
 }
 
-- 
cgit v1.2.3