update @misskey-dev/node-http-message-signatures
This commit is contained in:
tamaina
@@ -28,7 +28,7 @@ type PrivateKey = {
|
||||
keyId: string;
|
||||
};
|
||||
|
||||
export function createSignedPost(args: { level: string; key: PrivateKey; url: string; body: string; additionalHeaders: Record<string, string> }) {
|
||||
export async function createSignedPost(args: { level: string; key: PrivateKey; url: string; body: string; additionalHeaders: Record<string, string> }) {
|
||||
const u = new URL(args.url);
|
||||
const request: RequestLike = {
|
||||
url: u.href,
|
||||
@@ -42,10 +42,10 @@ export function createSignedPost(args: { level: string; key: PrivateKey; url: st
|
||||
};
|
||||
|
||||
// TODO: levelによって処理を分ける
|
||||
const digestHeader = genRFC3230DigestHeader(args.body);
|
||||
const digestHeader = await genRFC3230DigestHeader(args.body, 'SHA-256');
|
||||
request.headers['Digest'] = digestHeader;
|
||||
|
||||
const result = signAsDraftToRequest(request, args.key, ['(request-target)', 'date', 'host', 'digest']);
|
||||
const result = await signAsDraftToRequest(request, args.key, ['(request-target)', 'date', 'host', 'digest']);
|
||||
|
||||
return {
|
||||
request,
|
||||
@@ -53,7 +53,7 @@ export function createSignedPost(args: { level: string; key: PrivateKey; url: st
|
||||
};
|
||||
}
|
||||
|
||||
export function createSignedGet(args: { level: string; key: PrivateKey; url: string; additionalHeaders: Record<string, string> }) {
|
||||
export async function createSignedGet(args: { level: string; key: PrivateKey; url: string; additionalHeaders: Record<string, string> }) {
|
||||
const u = new URL(args.url);
|
||||
const request: RequestLike = {
|
||||
url: u.href,
|
||||
@@ -67,7 +67,7 @@ export function createSignedGet(args: { level: string; key: PrivateKey; url: str
|
||||
};
|
||||
|
||||
// TODO: levelによって処理を分ける
|
||||
const result = signAsDraftToRequest(request, args.key, ['(request-target)', 'date', 'host', 'accept']);
|
||||
const result = await signAsDraftToRequest(request, args.key, ['(request-target)', 'date', 'host', 'accept']);
|
||||
|
||||
return {
|
||||
request,
|
||||
@@ -108,7 +108,7 @@ export class ApRequestService {
|
||||
public async signedPost(user: { id: MiUser['id'] }, url: string, object: unknown, level: string): Promise<void> {
|
||||
const body = typeof object === 'string' ? object : JSON.stringify(object);
|
||||
const key = await this.getPrivateKey(user.id, level);
|
||||
const req = createSignedPost({
|
||||
const req = await createSignedPost({
|
||||
level,
|
||||
key,
|
||||
url,
|
||||
@@ -140,7 +140,7 @@ export class ApRequestService {
|
||||
@bindThis
|
||||
public async signedGet(url: string, user: { id: MiUser['id'] }, level: string): Promise<unknown> {
|
||||
const key = await this.getPrivateKey(user.id, level);
|
||||
const req = createSignedGet({
|
||||
const req = await createSignedGet({
|
||||
level,
|
||||
key,
|
||||
url,
|
||||
|
||||
@@ -104,7 +104,7 @@ export class InboxProcessorService {
|
||||
|
||||
// HTTP-Signatureの検証
|
||||
const errorLogger = (ms: any) => this.logger.error(ms);
|
||||
const httpSignatureValidated = verifyDraftSignature(signature, authUser.key.keyPem, errorLogger);
|
||||
const httpSignatureValidated = await verifyDraftSignature(signature, authUser.key.keyPem, errorLogger);
|
||||
this.logger.debug('Inbox message validation: ', {
|
||||
userId: authUser.user.id,
|
||||
userAcct: Acct.toString(authUser.user),
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
* SPDX-License-Identifier: AGPL-3.0-only
|
||||
*/
|
||||
|
||||
import * as crypto from 'node:crypto';
|
||||
import { IncomingMessage } from 'node:http';
|
||||
import { Inject, Injectable } from '@nestjs/common';
|
||||
import fastifyAccepts from '@fastify/accepts';
|
||||
@@ -100,10 +99,10 @@ export class ActivityPubServerService {
|
||||
}
|
||||
|
||||
@bindThis
|
||||
private inbox(request: FastifyRequest, reply: FastifyReply) {
|
||||
private async inbox(request: FastifyRequest, reply: FastifyReply) {
|
||||
let signature: ReturnType<typeof parseRequestSignature>;
|
||||
|
||||
const verifyDigest = verifyDigestHeader(request.raw, request.rawBody || '', true);
|
||||
const verifyDigest = await verifyDigestHeader(request.raw, request.rawBody || '', true);
|
||||
if (!verifyDigest) {
|
||||
reply.code(401);
|
||||
return;
|
||||
@@ -120,13 +119,6 @@ export class ActivityPubServerService {
|
||||
return;
|
||||
}
|
||||
|
||||
if (signature.value.params.headers.indexOf('host') === -1
|
||||
|| request.headers.host !== this.config.host) {
|
||||
// Host not specified or not match.
|
||||
reply.code(401);
|
||||
return;
|
||||
}
|
||||
|
||||
this.queueService.inbox(request.body as IActivity, signature);
|
||||
|
||||
reply.code(202);
|
||||
|
||||
Reference in New Issue
Block a user