Change to Signature header stype outgoing http signatures for mastodon compliance, both incoming formats supported (via dependency update), change default text for new groups, use certificate authority when specified

2019-09-24 22:12:31 -05:00 · 2019-09-24 22:12:31 -05:00 · a09ac67573
commit a09ac67573
parent 20b94b35f7
7 changed files with 2513 additions and 14 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,5 @@
 node_modules/
-package-lock.json
 *.db
 config.json
-public/files
 certs/
 .vscode
--- a/index.js
+++ b/index.js
@ -9,14 +9,15 @@ const https = require('https')
 const routes = require('./routes')
 const pub = require('./pub')
 const store = require('./store')
-const { DOMAIN, KEY_PATH, CERT_PATH, PORT, PORT_HTTPS, DB_URL, DB_NAME } = require('./config.json')
+const { DOMAIN, KEY_PATH, CERT_PATH, CA_PATH, PORT, PORT_HTTPS, DB_URL, DB_NAME } = require('./config.json')

 const app = express()
 const client = new MongoClient(DB_URL, { useUnifiedTopology: true, useNewUrlParser: true })

 const sslOptions = {
  key: fs.readFileSync(path.join(__dirname, KEY_PATH)),
-  cert: fs.readFileSync(path.join(__dirname, CERT_PATH))
+  cert: fs.readFileSync(path.join(__dirname, CERT_PATH)),
+  ca: CA_PATH ? fs.readFileSync(path.join(__dirname, CA_PATH)) : undefined
 }

 app.set('domain', DOMAIN)
--- a/net/security.js
+++ b/net/security.js
@ -16,19 +16,16 @@ function auth (req, res, next) {
 }

 async function verifySignature (req, res, next) {
-  if (!req.get('authorization')) {
+  if (!req.get('authorization') && !req.get('signature')) {
    // support for apps not using signature extension to ActivityPub
    const actor = await pub.object.resolveObject(pub.utils.actorFromActivity(req.body))
    if (actor.publicKey && req.app.get('env') !== 'development') {
+      console.log('Missing http signature', req)
      return res.status(400).send('Missing http signature')
    }
    return next()
  }
-  // workaround for node-http-signature#87
-  const tempUrl = req.url
-  req.url = req.originalUrl
  const sigHead = httpSignature.parse(req)
-  req.url = tempUrl
  const signer = await pub.object.resolveObject(sigHead.keyId, req.app.get('db'))
  const valid = httpSignature.verifySignature(sigHead, signer.publicKey.publicKeyPem)
  console.log('signature validation', valid)
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -8,7 +8,7 @@
    "cors": "^2.8.4",
    "express": "^4.16.3",
    "express-basic-auth": "^1.1.5",
-    "http-signature": "^1.2.0",
+    "http-signature": "github:wmurphyrd/node-http-signature#9c02eeb",
    "mongodb": "^3.3.2",
    "request": "^2.88.0",
    "request-promise-native": "^1.0.7"
--- a/pub/actor.js
+++ b/pub/actor.js
@ -37,9 +37,9 @@ function createLocalActor (name, type) {
      inbox: `${actorBase}/inbox`,
      outbox: `${actorBase}/outbox`,
      preferredUsername: name,
-      name: 'Dummy Person',
-      summary: 'Gotta have someone in the db',
-      icon: `https://${config.DOMAIN}/f/${name}.png`,
+      name: `${name} group`,
+      summary: `I'm a group about ${name}. Follow me to get all the group posts. Tag me to share with the group. Create other groups by searching for or tagging @yourGroupName@${config.DOMAIN}`,
+      icon: `https://${config.DOMAIN}/f/guppe.png`,
      publicKey: {
        id: `${actorBase}#main-key`,
        owner: `${actorBase}`,
--- a/pub/federation.js
+++ b/pub/federation.js
@ -33,7 +33,8 @@ function deliver (actor, activity, addresses) {
      httpSignature: {
        key: actor._meta.privateKey,
        keyId: actor.id,
-        headers: ['(request-target)', 'host', 'date']
+        headers: ['(request-target)', 'host', 'date'],
+        authorizationHeaderName: 'Signature'
      },
      json: true,
      body: pubUtils.toJSONLD(activity)