mirror of
https://github.com/LemmyNet/activitypub-federation-rust.git
synced 2024-06-01 19:43:19 +00:00
Add config option to sign activities in compat mode
This commit is contained in:
Felix Ableitner
parent
2acbc06538
commit
4d888b2c8e
|
|
@ -64,6 +64,7 @@ where
|
||||||
activity: activity_serialized.clone(),
|
activity: activity_serialized.clone(),
|
||||||
public_key: public_key.clone(),
|
public_key: public_key.clone(),
|
||||||
private_key: private_key.clone(),
|
private_key: private_key.clone(),
|
||||||
|
http_signature_compat: instance.settings.http_signature_compat,
|
||||||
};
|
};
|
||||||
if instance.settings.debug {
|
if instance.settings.debug {
|
||||||
let res = do_send(message, &instance.client, instance.settings.request_timeout).await;
|
let res = do_send(message, &instance.client, instance.settings.request_timeout).await;
|
||||||
|
|
@ -96,6 +97,7 @@ struct SendActivityTask {
|
||||||
activity: String,
|
activity: String,
|
||||||
public_key: PublicKey,
|
public_key: PublicKey,
|
||||||
private_key: String,
|
private_key: String,
|
||||||
|
http_signature_compat: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Signs the activity with the sending actor's key, and delivers to the given inbox. Also retries
|
/// Signs the activity with the sending actor's key, and delivers to the given inbox. Also retries
|
||||||
|
|
@ -139,6 +141,7 @@ async fn do_send(
|
||||||
task.activity.clone(),
|
task.activity.clone(),
|
||||||
task.public_key.clone(),
|
task.public_key.clone(),
|
||||||
task.private_key.to_owned(),
|
task.private_key.to_owned(),
|
||||||
|
task.http_signature_compat,
|
||||||
)
|
)
|
||||||
.await?;
|
.await?;
|
||||||
let response = client.execute(request).await;
|
let response = client.execute(request).await;
|
||||||
|
|
|
||||||
|
|
@ -2,7 +2,7 @@ use actix_web::HttpRequest;
|
||||||
use anyhow::anyhow;
|
use anyhow::anyhow;
|
||||||
use http_signature_normalization_actix::Config as ConfigActix;
|
use http_signature_normalization_actix::Config as ConfigActix;
|
||||||
use http_signature_normalization_reqwest::prelude::{Config, SignExt};
|
use http_signature_normalization_reqwest::prelude::{Config, SignExt};
|
||||||
use once_cell::sync::Lazy;
|
use once_cell::sync::{Lazy, OnceCell};
|
||||||
use openssl::{
|
use openssl::{
|
||||||
hash::MessageDigest,
|
hash::MessageDigest,
|
||||||
pkey::PKey,
|
pkey::PKey,
|
||||||
|
|
@ -18,7 +18,7 @@ use tracing::debug;
|
||||||
use url::Url;
|
use url::Url;
|
||||||
|
|
||||||
static CONFIG2: Lazy<ConfigActix> = Lazy::new(ConfigActix::new);
|
static CONFIG2: Lazy<ConfigActix> = Lazy::new(ConfigActix::new);
|
||||||
static HTTP_SIG_CONFIG: Lazy<Config> = Lazy::new(Config::new);
|
static HTTP_SIG_CONFIG: OnceCell<Config> = OnceCell::new();
|
||||||
|
|
||||||
/// A private/public key pair used for HTTP signatures
|
/// A private/public key pair used for HTTP signatures
|
||||||
#[derive(Debug, Clone)]
|
#[derive(Debug, Clone)]
|
||||||
|
|
@ -53,10 +53,19 @@ pub(crate) async fn sign_request(
|
||||||
activity: String,
|
activity: String,
|
||||||
public_key: PublicKey,
|
public_key: PublicKey,
|
||||||
private_key: String,
|
private_key: String,
|
||||||
|
http_signature_compat: bool,
|
||||||
) -> Result<Request, anyhow::Error> {
|
) -> Result<Request, anyhow::Error> {
|
||||||
|
let sig_conf = HTTP_SIG_CONFIG.get_or_init(|| {
|
||||||
|
let c = Config::new();
|
||||||
|
if http_signature_compat {
|
||||||
|
c.mastodon_compat()
|
||||||
|
} else {
|
||||||
|
c
|
||||||
|
}
|
||||||
|
});
|
||||||
request_builder
|
request_builder
|
||||||
.signature_with_digest(
|
.signature_with_digest(
|
||||||
HTTP_SIG_CONFIG.clone(),
|
sig_conf.clone(),
|
||||||
public_key.id,
|
public_key.id,
|
||||||
Sha256::new(),
|
Sha256::new(),
|
||||||
activity,
|
activity,
|
||||||
|
|
|
||||||
|
|
@ -52,7 +52,7 @@ pub enum MediaTypeHtml {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Media type which allows both markdown and HTML.
|
/// Media type which allows both markdown and HTML.
|
||||||
#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]
|
#[derive(Clone, Debug, Deserialize, Serialize, PartialEq, Eq)]
|
||||||
pub enum MediaTypeMarkdownOrHtml {
|
pub enum MediaTypeMarkdownOrHtml {
|
||||||
#[serde(rename = "text/markdown")]
|
#[serde(rename = "text/markdown")]
|
||||||
Markdown,
|
Markdown,
|
||||||
|
|
|
||||||
|
|
@ -47,6 +47,11 @@ pub struct InstanceSettings {
|
||||||
/// fails, it should return an error message.
|
/// fails, it should return an error message.
|
||||||
#[builder(default = "|_| { Ok(()) }")]
|
#[builder(default = "|_| { Ok(()) }")]
|
||||||
verify_url_function: fn(&Url) -> Result<(), &'static str>,
|
verify_url_function: fn(&Url) -> Result<(), &'static str>,
|
||||||
|
/// Enable to sign HTTP signatures according to draft 10, which does not include (created) and
|
||||||
|
/// (expires) fields. This is required for compatibility with some software like Pleroma.
|
||||||
|
/// https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-10
|
||||||
|
/// https://git.pleroma.social/pleroma/pleroma/-/issues/2939
|
||||||
|
http_signature_compat: bool,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl InstanceSettings {
|
impl InstanceSettings {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue