Update http signature
This commit is contained in:
parent
7cde3b9c2e
commit
e92269053e
6 changed files with 29 additions and 9 deletions
|
@ -122,7 +122,7 @@
|
||||||
"fluent-ffmpeg": "^2.1.0",
|
"fluent-ffmpeg": "^2.1.0",
|
||||||
"fs-extra": "^8.0.1",
|
"fs-extra": "^8.0.1",
|
||||||
"helmet": "^3.12.1",
|
"helmet": "^3.12.1",
|
||||||
"http-signature": "1.2.0",
|
"http-signature": "1.3.1",
|
||||||
"ip-anonymize": "^0.1.0",
|
"ip-anonymize": "^0.1.0",
|
||||||
"ipaddr.js": "1.9.1",
|
"ipaddr.js": "1.9.1",
|
||||||
"is-cidr": "^3.0.0",
|
"is-cidr": "^3.0.0",
|
||||||
|
|
|
@ -70,12 +70,20 @@ const lru = new AsyncLRU({
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
nodeDocumentLoader(url, cb)
|
nodeDocumentLoader(url)
|
||||||
|
.then(value => cb(null, value))
|
||||||
|
.catch(err => cb(err))
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
jsonld.documentLoader = (url, cb) => {
|
jsonld.documentLoader = (url) => {
|
||||||
lru.get(url, cb)
|
return new Promise((res, rej) => {
|
||||||
|
lru.get(url, (err, value) => {
|
||||||
|
if (err) return rej(err)
|
||||||
|
|
||||||
|
return res(value)
|
||||||
|
})
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
export { jsonld }
|
export { jsonld }
|
||||||
|
|
|
@ -51,7 +51,7 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool
|
||||||
}
|
}
|
||||||
|
|
||||||
function parseHTTPSignature (req: Request, clockSkew?: number) {
|
function parseHTTPSignature (req: Request, clockSkew?: number) {
|
||||||
return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, clockSkew })
|
return httpSignature.parse(req, { clockSkew })
|
||||||
}
|
}
|
||||||
|
|
||||||
// JSONLD
|
// JSONLD
|
||||||
|
|
|
@ -20,6 +20,8 @@ async function processActivityPubHttpUnicast (job: Bull.Job) {
|
||||||
const body = await computeBody(payload)
|
const body = await computeBody(payload)
|
||||||
const httpSignatureOptions = await buildSignedRequestOptions(payload)
|
const httpSignatureOptions = await buildSignedRequestOptions(payload)
|
||||||
|
|
||||||
|
logger.info('hello', { httpSignatureOptions })
|
||||||
|
|
||||||
const options = {
|
const options = {
|
||||||
method: 'POST',
|
method: 'POST',
|
||||||
uri,
|
uri,
|
||||||
|
|
|
@ -51,10 +51,11 @@ export {
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
|
|
||||||
async function checkHttpSignature (req: Request, res: Response) {
|
async function checkHttpSignature (req: Request, res: Response) {
|
||||||
// FIXME: mastodon does not include the Signature scheme
|
// FIXME: compatibility with http-signature < v1.3
|
||||||
const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
|
const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
|
||||||
if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig
|
if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '')
|
||||||
|
|
||||||
|
logger.info('coucou', { signature: req.headers[HTTP_SIGNATURE.HEADER_NAME] })
|
||||||
const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)
|
const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)
|
||||||
|
|
||||||
const keyId = parsed.keyId
|
const keyId = parsed.keyId
|
||||||
|
|
13
yarn.lock
13
yarn.lock
|
@ -3092,7 +3092,16 @@ http-parser-js@^0.4.3:
|
||||||
resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137"
|
resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137"
|
||||||
integrity sha1-O9bW/ebjFyyTNMOzO2wZPYD+ETc=
|
integrity sha1-O9bW/ebjFyyTNMOzO2wZPYD+ETc=
|
||||||
|
|
||||||
http-signature@1.2.0, http-signature@~1.2.0:
|
http-signature@1.3.1:
|
||||||
|
version "1.3.1"
|
||||||
|
resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.3.1.tgz#739fe2f8897ba84798e3e54b699a9008a8724ff9"
|
||||||
|
integrity sha512-Y29YKEc8MQsjch/VzkUVJ+2MXd9WcR42fK5u36CZf4G8bXw2DXMTWuESiB0R6m59JAWxlPPw5/Fri/t/AyyueA==
|
||||||
|
dependencies:
|
||||||
|
assert-plus "^1.0.0"
|
||||||
|
jsprim "^1.2.2"
|
||||||
|
sshpk "^1.14.1"
|
||||||
|
|
||||||
|
http-signature@~1.2.0:
|
||||||
version "1.2.0"
|
version "1.2.0"
|
||||||
resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1"
|
resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1"
|
||||||
integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=
|
integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=
|
||||||
|
@ -6057,7 +6066,7 @@ srt-to-vtt@^1.1.2:
|
||||||
through2 "^0.6.3"
|
through2 "^0.6.3"
|
||||||
to-utf-8 "^1.2.0"
|
to-utf-8 "^1.2.0"
|
||||||
|
|
||||||
sshpk@^1.7.0:
|
sshpk@^1.14.1, sshpk@^1.7.0:
|
||||||
version "1.16.1"
|
version "1.16.1"
|
||||||
resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"
|
resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"
|
||||||
integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==
|
integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==
|
||||||
|
|
Loading…
Reference in a new issue