From 5208b67df5f8ed6851c0d65e512880792794f9a6 Mon Sep 17 00:00:00 2001
From: Will Murphy <william@datatitian.com>
Date: Sat, 24 Oct 2020 13:14:33 -0500
Subject: [PATCH] add digest to http signature for Mastodon 3.2.1 compliance

---
 pub/federation.js | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/pub/federation.js b/pub/federation.js
index d594326..4fe2d34 100644
--- a/pub/federation.js
+++ b/pub/federation.js
@@ -1,4 +1,5 @@
 'use strict'
+const crypto = require('crypto')
 const request = require('request-promise-native')
 const pubUtils = require('./utils')
 
@@ -24,22 +25,27 @@ function deliver (actor, activity, addresses) {
     delete activity.bcc
   }
   const requests = addresses.map(addr => {
+    const body = pubUtils.toJSONLD(activity)
+    const digest = crypto.createHash('sha256')
+      .update(JSON.stringify(body))
+      .digest('base64')
     return request({
       method: 'POST',
       url: addr,
       headers: {
-        'Content-Type': 'application/activity+json'
+        'Content-Type': 'application/activity+json',
+        Digest: `SHA-256=${digest}`
       },
       httpSignature: {
         key: actor._meta.privateKey,
         keyId: actor.id,
-        headers: ['(request-target)', 'host', 'date'],
+        headers: ['(request-target)', 'host', 'date', 'digest'],
         authorizationHeaderName: 'Signature'
       },
       json: true,
       resolveWithFullResponse: true,
       simple: false,
-      body: pubUtils.toJSONLD(activity)
+      body
     })
       .then(result => console.log('delivery:', addr, result.statusCode))
       .catch(err => console.log(err.message))