Change to Signature header stype outgoing http signatures for mastodon compliance, both incoming formats supported (via dependency update), change default text for new groups, use certificate authority when specified

This commit is contained in:
Will Murphy 2019-09-24 22:12:31 -05:00
parent 20b94b35f7
commit a09ac67573
7 changed files with 2513 additions and 14 deletions

2
.gitignore vendored
View file

@ -1,7 +1,5 @@
node_modules/ node_modules/
package-lock.json
*.db *.db
config.json config.json
public/files
certs/ certs/
.vscode .vscode

View file

@ -9,14 +9,15 @@ const https = require('https')
const routes = require('./routes') const routes = require('./routes')
const pub = require('./pub') const pub = require('./pub')
const store = require('./store') const store = require('./store')
const { DOMAIN, KEY_PATH, CERT_PATH, PORT, PORT_HTTPS, DB_URL, DB_NAME } = require('./config.json') const { DOMAIN, KEY_PATH, CERT_PATH, CA_PATH, PORT, PORT_HTTPS, DB_URL, DB_NAME } = require('./config.json')
const app = express() const app = express()
const client = new MongoClient(DB_URL, { useUnifiedTopology: true, useNewUrlParser: true }) const client = new MongoClient(DB_URL, { useUnifiedTopology: true, useNewUrlParser: true })
const sslOptions = { const sslOptions = {
key: fs.readFileSync(path.join(__dirname, KEY_PATH)), key: fs.readFileSync(path.join(__dirname, KEY_PATH)),
cert: fs.readFileSync(path.join(__dirname, CERT_PATH)) cert: fs.readFileSync(path.join(__dirname, CERT_PATH)),
ca: CA_PATH ? fs.readFileSync(path.join(__dirname, CA_PATH)) : undefined
} }
app.set('domain', DOMAIN) app.set('domain', DOMAIN)

View file

@ -16,19 +16,16 @@ function auth (req, res, next) {
} }
async function verifySignature (req, res, next) { async function verifySignature (req, res, next) {
if (!req.get('authorization')) { if (!req.get('authorization') && !req.get('signature')) {
// support for apps not using signature extension to ActivityPub // support for apps not using signature extension to ActivityPub
const actor = await pub.object.resolveObject(pub.utils.actorFromActivity(req.body)) const actor = await pub.object.resolveObject(pub.utils.actorFromActivity(req.body))
if (actor.publicKey && req.app.get('env') !== 'development') { if (actor.publicKey && req.app.get('env') !== 'development') {
console.log('Missing http signature', req)
return res.status(400).send('Missing http signature') return res.status(400).send('Missing http signature')
} }
return next() return next()
} }
// workaround for node-http-signature#87
const tempUrl = req.url
req.url = req.originalUrl
const sigHead = httpSignature.parse(req) const sigHead = httpSignature.parse(req)
req.url = tempUrl
const signer = await pub.object.resolveObject(sigHead.keyId, req.app.get('db')) const signer = await pub.object.resolveObject(sigHead.keyId, req.app.get('db'))
const valid = httpSignature.verifySignature(sigHead, signer.publicKey.publicKeyPem) const valid = httpSignature.verifySignature(sigHead, signer.publicKey.publicKeyPem)
console.log('signature validation', valid) console.log('signature validation', valid)

2502
package-lock.json generated Normal file

File diff suppressed because it is too large Load diff

View file

@ -8,7 +8,7 @@
"cors": "^2.8.4", "cors": "^2.8.4",
"express": "^4.16.3", "express": "^4.16.3",
"express-basic-auth": "^1.1.5", "express-basic-auth": "^1.1.5",
"http-signature": "^1.2.0", "http-signature": "github:wmurphyrd/node-http-signature#9c02eeb",
"mongodb": "^3.3.2", "mongodb": "^3.3.2",
"request": "^2.88.0", "request": "^2.88.0",
"request-promise-native": "^1.0.7" "request-promise-native": "^1.0.7"

View file

@ -37,9 +37,9 @@ function createLocalActor (name, type) {
inbox: `${actorBase}/inbox`, inbox: `${actorBase}/inbox`,
outbox: `${actorBase}/outbox`, outbox: `${actorBase}/outbox`,
preferredUsername: name, preferredUsername: name,
name: 'Dummy Person', name: `${name} group`,
summary: 'Gotta have someone in the db', summary: `I'm a group about ${name}. Follow me to get all the group posts. Tag me to share with the group. Create other groups by searching for or tagging @yourGroupName@${config.DOMAIN}`,
icon: `https://${config.DOMAIN}/f/${name}.png`, icon: `https://${config.DOMAIN}/f/guppe.png`,
publicKey: { publicKey: {
id: `${actorBase}#main-key`, id: `${actorBase}#main-key`,
owner: `${actorBase}`, owner: `${actorBase}`,

View file

@ -33,7 +33,8 @@ function deliver (actor, activity, addresses) {
httpSignature: { httpSignature: {
key: actor._meta.privateKey, key: actor._meta.privateKey,
keyId: actor.id, keyId: actor.id,
headers: ['(request-target)', 'host', 'date'] headers: ['(request-target)', 'host', 'date'],
authorizationHeaderName: 'Signature'
}, },
json: true, json: true,
body: pubUtils.toJSONLD(activity) body: pubUtils.toJSONLD(activity)