Add config option to sign activities in compat mode

2022-09-29 23:27:59 +02:00 · 2022-09-29 23:27:59 +02:00 · 4d888b2c8e
commit 4d888b2c8e
parent 2acbc06538
4 changed files with 21 additions and 4 deletions
--- a/src/core/activity_queue.rs
+++ b/src/core/activity_queue.rs
@ -64,6 +64,7 @@ where
            activity: activity_serialized.clone(),
            public_key: public_key.clone(),
            private_key: private_key.clone(),
+            http_signature_compat: instance.settings.http_signature_compat,
        };
        if instance.settings.debug {
            let res = do_send(message, &instance.client, instance.settings.request_timeout).await;
@ -96,6 +97,7 @@ struct SendActivityTask {
    activity: String,
    public_key: PublicKey,
    private_key: String,
+    http_signature_compat: bool,
 }

 /// Signs the activity with the sending actor's key, and delivers to the given inbox. Also retries
@ -139,6 +141,7 @@ async fn do_send(
        task.activity.clone(),
        task.public_key.clone(),
        task.private_key.to_owned(),
+        task.http_signature_compat,
    )
    .await?;
    let response = client.execute(request).await;
--- a/src/core/signatures.rs
+++ b/src/core/signatures.rs
@ -2,7 +2,7 @@ use actix_web::HttpRequest;
 use anyhow::anyhow;
 use http_signature_normalization_actix::Config as ConfigActix;
 use http_signature_normalization_reqwest::prelude::{Config, SignExt};
-use once_cell::sync::Lazy;
+use once_cell::sync::{Lazy, OnceCell};
 use openssl::{
    hash::MessageDigest,
    pkey::PKey,
@ -18,7 +18,7 @@ use tracing::debug;
 use url::Url;

 static CONFIG2: Lazy<ConfigActix> = Lazy::new(ConfigActix::new);
-static HTTP_SIG_CONFIG: Lazy<Config> = Lazy::new(Config::new);
+static HTTP_SIG_CONFIG: OnceCell<Config> = OnceCell::new();

 /// A private/public key pair used for HTTP signatures
 #[derive(Debug, Clone)]
@ -53,10 +53,19 @@ pub(crate) async fn sign_request(
    activity: String,
    public_key: PublicKey,
    private_key: String,
+    http_signature_compat: bool,
 ) -> Result<Request, anyhow::Error> {
+    let sig_conf = HTTP_SIG_CONFIG.get_or_init(|| {
+        let c = Config::new();
+        if http_signature_compat {
+            c.mastodon_compat()
+        } else {
+            c
+        }
+    });
    request_builder
        .signature_with_digest(
-            HTTP_SIG_CONFIG.clone(),
+            sig_conf.clone(),
            public_key.id,
            Sha256::new(),
            activity,
--- a/src/deser/values.rs
+++ b/src/deser/values.rs
@ -52,7 +52,7 @@ pub enum MediaTypeHtml {
 }

 /// Media type which allows both markdown and HTML.
-#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)]
+#[derive(Clone, Debug, Deserialize, Serialize, PartialEq, Eq)]
 pub enum MediaTypeMarkdownOrHtml {
    #[serde(rename = "text/markdown")]
    Markdown,
--- a/src/lib.rs
+++ b/src/lib.rs
@ -47,6 +47,11 @@ pub struct InstanceSettings {
    /// fails, it should return an error message.
    #[builder(default = "|_| { Ok(()) }")]
    verify_url_function: fn(&Url) -> Result<(), &'static str>,
+    /// Enable to sign HTTP signatures according to draft 10, which does not include (created) and
+    /// (expires) fields. This is required for compatibility with some software like Pleroma.
+    /// https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-10
+    /// https://git.pleroma.social/pleroma/pleroma/-/issues/2939
+    http_signature_compat: bool,
 }

 impl InstanceSettings {