sendnrw/misskey
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update @misskey-dev/node-http-message-signatures

Browse Source
This commit is contained in:
tamaina
2024-03-03 21:02:23 +00:00
parent e4f70f017e
commit a405b62827
6 changed files with 30 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/backend/package.json
View File

@@ -79,7 +79,7 @@
"@fastify/multipart": "8.1.0",
"@fastify/static": "6.12.0",
"@fastify/view": "8.2.0",
"@misskey-dev/node-http-message-signatures": "0.0.0-alpha.11",
"@misskey-dev/node-http-message-signatures": "0.0.1",
"@misskey-dev/sharp-read-bmp": "1.2.0",
"@misskey-dev/summaly": "5.0.3",
"@nestjs/common": "10.3.3",

14
packages/backend/src/core/activitypub/ApRequestService.ts
View File

@@ -28,7 +28,7 @@ type PrivateKey = {
keyId: string;
};
export function createSignedPost(args: { level: string; key: PrivateKey; url: string; body: string; additionalHeaders: Record<string, string> }) {
export async function createSignedPost(args: { level: string; key: PrivateKey; url: string; body: string; additionalHeaders: Record<string, string> }) {
const u = new URL(args.url);
const request: RequestLike = {
url: u.href,
@@ -42,10 +42,10 @@ export function createSignedPost(args: { level: string; key: PrivateKey; url: st
};
// TODO: levelによって処理を分ける
const digestHeader = genRFC3230DigestHeader(args.body);
const digestHeader = await genRFC3230DigestHeader(args.body, 'SHA-256');
request.headers['Digest'] = digestHeader;
const result = signAsDraftToRequest(request, args.key, ['(request-target)', 'date', 'host', 'digest']);
const result = await signAsDraftToRequest(request, args.key, ['(request-target)', 'date', 'host', 'digest']);
return {
request,
@@ -53,7 +53,7 @@ export function createSignedPost(args: { level: string; key: PrivateKey; url: st
};
}
export function createSignedGet(args: { level: string; key: PrivateKey; url: string; additionalHeaders: Record<string, string> }) {
export async function createSignedGet(args: { level: string; key: PrivateKey; url: string; additionalHeaders: Record<string, string> }) {
const u = new URL(args.url);
const request: RequestLike = {
url: u.href,
@@ -67,7 +67,7 @@ export function createSignedGet(args: { level: string; key: PrivateKey; url: str
};
// TODO: levelによって処理を分ける
const result = signAsDraftToRequest(request, args.key, ['(request-target)', 'date', 'host', 'accept']);
const result = await signAsDraftToRequest(request, args.key, ['(request-target)', 'date', 'host', 'accept']);
return {
request,
@@ -108,7 +108,7 @@ export class ApRequestService {
public async signedPost(user: { id: MiUser['id'] }, url: string, object: unknown, level: string): Promise<void> {
const body = typeof object === 'string' ? object : JSON.stringify(object);
const key = await this.getPrivateKey(user.id, level);
const req = createSignedPost({
const req = await createSignedPost({
level,
key,
url,
@@ -140,7 +140,7 @@ export class ApRequestService {
@bindThis
public async signedGet(url: string, user: { id: MiUser['id'] }, level: string): Promise<unknown> {
const key = await this.getPrivateKey(user.id, level);
const req = createSignedGet({
const req = await createSignedGet({
level,
key,
url,

2
packages/backend/src/queue/processors/InboxProcessorService.ts
View File

@@ -104,7 +104,7 @@ export class InboxProcessorService {
// HTTP-Signatureの検証
const errorLogger = (ms: any) => this.logger.error(ms);
const httpSignatureValidated = verifyDraftSignature(signature, authUser.key.keyPem, errorLogger);
const httpSignatureValidated = await verifyDraftSignature(signature, authUser.key.keyPem, errorLogger);
this.logger.debug('Inbox message validation: ', {
userId: authUser.user.id,
userAcct: Acct.toString(authUser.user),

12
packages/backend/src/server/ActivityPubServerService.ts
View File

@@ -3,7 +3,6 @@
* SPDX-License-Identifier: AGPL-3.0-only
*/
import * as crypto from 'node:crypto';
import { IncomingMessage } from 'node:http';
import { Inject, Injectable } from '@nestjs/common';
import fastifyAccepts from '@fastify/accepts';
@@ -100,10 +99,10 @@ export class ActivityPubServerService {
}
@bindThis
private inbox(request: FastifyRequest, reply: FastifyReply) {
private async inbox(request: FastifyRequest, reply: FastifyReply) {
let signature: ReturnType<typeof parseRequestSignature>;
const verifyDigest = verifyDigestHeader(request.raw, request.rawBody || '', true);
const verifyDigest = await verifyDigestHeader(request.raw, request.rawBody || '', true);
if (!verifyDigest) {
reply.code(401);
return;
@@ -120,13 +119,6 @@ export class ActivityPubServerService {
return;
}
if (signature.value.params.headers.indexOf('host') === -1
|| request.headers.host !== this.config.host) {
// Host not specified or not match.
reply.code(401);
return;
}
this.queueService.inbox(request.body as IActivity, signature);
reply.code(202);

8
packages/backend/test/unit/ap-request.ts
View File

@@ -43,12 +43,12 @@ describe('ap-request', () => {
'User-Agent': 'UA',
};
const req = createSignedPost({ level, key, url, body, additionalHeaders: headers });
const req = await createSignedPost({ level, key, url, body, additionalHeaders: headers });
const parsed = parseRequestSignature(req.request);
expect(parsed?.version).toBe('draft');
if (!parsed) return;
const verify = verifyDraftSignature(parsed.value, keypair.publicKey);
const verify = await verifyDraftSignature(parsed.value, keypair.publicKey);
assert.deepStrictEqual(verify, true);
});
});
@@ -62,12 +62,12 @@ describe('ap-request', () => {
'User-Agent': 'UA',
};
const req = createSignedGet({ level, key, url, additionalHeaders: headers });
const req = await createSignedGet({ level, key, url, additionalHeaders: headers });
const parsed = parseRequestSignature(req.request);
expect(parsed?.version).toBe('draft');
if (!parsed) return;
const verify = verifyDraftSignature(parsed.value, keypair.publicKey);
const verify = await verifyDraftSignature(parsed.value, keypair.publicKey);
assert.deepStrictEqual(verify, true);
});
});