From 4d888b2c8eebcfda504f37d02a3441be85959849 Mon Sep 17 00:00:00 2001 From: Felix Ableitner Date: Thu, 29 Sep 2022 23:27:59 +0200 Subject: [PATCH] Add config option to sign activities in compat mode --- src/core/activity_queue.rs | 3 +++ src/core/signatures.rs | 15 ++++++++++++--- src/deser/values.rs | 2 +- src/lib.rs | 5 +++++ 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/src/core/activity_queue.rs b/src/core/activity_queue.rs index 565b705..84a0662 100644 --- a/src/core/activity_queue.rs +++ b/src/core/activity_queue.rs @@ -64,6 +64,7 @@ where activity: activity_serialized.clone(), public_key: public_key.clone(), private_key: private_key.clone(), + http_signature_compat: instance.settings.http_signature_compat, }; if instance.settings.debug { let res = do_send(message, &instance.client, instance.settings.request_timeout).await; @@ -96,6 +97,7 @@ struct SendActivityTask { activity: String, public_key: PublicKey, private_key: String, + http_signature_compat: bool, } /// Signs the activity with the sending actor's key, and delivers to the given inbox. Also retries @@ -139,6 +141,7 @@ async fn do_send( task.activity.clone(), task.public_key.clone(), task.private_key.to_owned(), + task.http_signature_compat, ) .await?; let response = client.execute(request).await; diff --git a/src/core/signatures.rs b/src/core/signatures.rs index 430c434..bf53050 100644 --- a/src/core/signatures.rs +++ b/src/core/signatures.rs @@ -2,7 +2,7 @@ use actix_web::HttpRequest; use anyhow::anyhow; use http_signature_normalization_actix::Config as ConfigActix; use http_signature_normalization_reqwest::prelude::{Config, SignExt}; -use once_cell::sync::Lazy; +use once_cell::sync::{Lazy, OnceCell}; use openssl::{ hash::MessageDigest, pkey::PKey, @@ -18,7 +18,7 @@ use tracing::debug; use url::Url; static CONFIG2: Lazy = Lazy::new(ConfigActix::new); -static HTTP_SIG_CONFIG: Lazy = Lazy::new(Config::new); +static HTTP_SIG_CONFIG: OnceCell = OnceCell::new(); /// A private/public key pair used for HTTP signatures #[derive(Debug, Clone)] @@ -53,10 +53,19 @@ pub(crate) async fn sign_request( activity: String, public_key: PublicKey, private_key: String, + http_signature_compat: bool, ) -> Result { + let sig_conf = HTTP_SIG_CONFIG.get_or_init(|| { + let c = Config::new(); + if http_signature_compat { + c.mastodon_compat() + } else { + c + } + }); request_builder .signature_with_digest( - HTTP_SIG_CONFIG.clone(), + sig_conf.clone(), public_key.id, Sha256::new(), activity, diff --git a/src/deser/values.rs b/src/deser/values.rs index eba8f8a..06bc7b6 100644 --- a/src/deser/values.rs +++ b/src/deser/values.rs @@ -52,7 +52,7 @@ pub enum MediaTypeHtml { } /// Media type which allows both markdown and HTML. -#[derive(Clone, Debug, Deserialize, Serialize, PartialEq)] +#[derive(Clone, Debug, Deserialize, Serialize, PartialEq, Eq)] pub enum MediaTypeMarkdownOrHtml { #[serde(rename = "text/markdown")] Markdown, diff --git a/src/lib.rs b/src/lib.rs index b890728..7c0fa5c 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -47,6 +47,11 @@ pub struct InstanceSettings { /// fails, it should return an error message. #[builder(default = "|_| { Ok(()) }")] verify_url_function: fn(&Url) -> Result<(), &'static str>, + /// Enable to sign HTTP signatures according to draft 10, which does not include (created) and + /// (expires) fields. This is required for compatibility with some software like Pleroma. + /// https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-10 + /// https://git.pleroma.social/pleroma/pleroma/-/issues/2939 + http_signature_compat: bool, } impl InstanceSettings {