Update http signature

2020-01-07 15:24:27 +01:00 · 2020-01-07 15:24:27 +01:00 · e92269053e
parent 7cde3b9c2e
commit e92269053e
6 changed files with 29 additions and 9 deletions
--- a/package.json
+++ b/package.json
@ -122,7 +122,7 @@
    "fluent-ffmpeg": "^2.1.0",
    "fs-extra": "^8.0.1",
    "helmet": "^3.12.1",
-    "http-signature": "1.2.0",
+    "http-signature": "1.3.1",
    "ip-anonymize": "^0.1.0",
    "ipaddr.js": "1.9.1",
    "is-cidr": "^3.0.0",
--- a/server/helpers/custom-jsonld-signature.ts
+++ b/server/helpers/custom-jsonld-signature.ts
@ -70,12 +70,20 @@ const lru = new AsyncLRU({
      })
    }

-    nodeDocumentLoader(url, cb)
+    nodeDocumentLoader(url)
+      .then(value => cb(null, value))
+      .catch(err => cb(err))
  }
 })

-jsonld.documentLoader = (url, cb) => {
-  lru.get(url, cb)
+jsonld.documentLoader = (url) => {
+  return new Promise((res, rej) => {
+    lru.get(url, (err, value) => {
+      if (err) return rej(err)
+
+      return res(value)
+    })
+  })
 }

 export { jsonld }
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@ -51,7 +51,7 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool
 }

 function parseHTTPSignature (req: Request, clockSkew?: number) {
-  return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, clockSkew })
+  return httpSignature.parse(req, { clockSkew })
 }

 // JSONLD
--- a/server/lib/job-queue/handlers/activitypub-http-unicast.ts
+++ b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
@ -20,6 +20,8 @@ async function processActivityPubHttpUnicast (job: Bull.Job) {
  const body = await computeBody(payload)
  const httpSignatureOptions = await buildSignedRequestOptions(payload)

+  logger.info('hello', { httpSignatureOptions })
+
  const options = {
    method: 'POST',
    uri,
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@ -51,10 +51,11 @@ export {
 // ---------------------------------------------------------------------------

 async function checkHttpSignature (req: Request, res: Response) {
-  // FIXME: mastodon does not include the Signature scheme
+  // FIXME: compatibility with http-signature < v1.3
  const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
-  if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig
+  if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '')

+  logger.info('coucou', { signature: req.headers[HTTP_SIGNATURE.HEADER_NAME] })
  const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)

  const keyId = parsed.keyId
--- a/yarn.lock
+++ b/yarn.lock
@ -3092,7 +3092,16 @@ http-parser-js@^0.4.3:
  resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137"
  integrity sha1-O9bW/ebjFyyTNMOzO2wZPYD+ETc=

-http-signature@1.2.0, http-signature@~1.2.0:
+http-signature@1.3.1:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.3.1.tgz#739fe2f8897ba84798e3e54b699a9008a8724ff9"
+  integrity sha512-Y29YKEc8MQsjch/VzkUVJ+2MXd9WcR42fK5u36CZf4G8bXw2DXMTWuESiB0R6m59JAWxlPPw5/Fri/t/AyyueA==
+  dependencies:
+    assert-plus "^1.0.0"
+    jsprim "^1.2.2"
+    sshpk "^1.14.1"
+
+http-signature@~1.2.0:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1"
  integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=
@ -6057,7 +6066,7 @@ srt-to-vtt@^1.1.2:
    through2 "^0.6.3"
    to-utf-8 "^1.2.0"

-sshpk@^1.7.0:
+sshpk@^1.14.1, sshpk@^1.7.0:
  version "1.16.1"
  resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"
  integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==