mirror of
https://github.com/LemmyNet/lemmy.git
synced 2024-11-25 07:36:01 +00:00
Merge pull request #1162 from asonix/remove-hardcoded-https
Use http-signature-normalization-reqwest
This commit is contained in:
commit
4772cbd23f
24
Cargo.lock
generated
24
Cargo.lock
generated
|
@ -1566,9 +1566,9 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "http-signature-normalization"
|
||||
version = "0.5.2"
|
||||
version = "0.5.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ee917294413cec0db93a8af6ecfa63730c1d2bb604bd1da69ba75b342fb23f21"
|
||||
checksum = "cb3a020c37b48d2258910fae9c9b4f8455651f56abfdde1ae68a9397b2765c31"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
"thiserror",
|
||||
|
@ -1592,6 +1592,24 @@ dependencies = [
|
|||
"thiserror",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "http-signature-normalization-reqwest"
|
||||
version = "0.1.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7bc26a68f8963e26453c7fdea9e016e2e31a48ca018a9223f96afe2cca1a4bd1"
|
||||
dependencies = [
|
||||
"base64 0.12.3",
|
||||
"bytes",
|
||||
"chrono",
|
||||
"futures",
|
||||
"http",
|
||||
"http-signature-normalization",
|
||||
"reqwest",
|
||||
"sha2",
|
||||
"thiserror",
|
||||
"tokio",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "httparse"
|
||||
version = "1.3.4"
|
||||
|
@ -1865,8 +1883,8 @@ dependencies = [
|
|||
"diesel",
|
||||
"futures",
|
||||
"http",
|
||||
"http-signature-normalization",
|
||||
"http-signature-normalization-actix",
|
||||
"http-signature-normalization-reqwest",
|
||||
"itertools",
|
||||
"lazy_static",
|
||||
"lemmy_db",
|
||||
|
|
|
@ -33,8 +33,8 @@ url = { version = "2.1", features = ["serde"] }
|
|||
percent-encoding = "2.1"
|
||||
openssl = "0.10"
|
||||
http = "0.2"
|
||||
http-signature-normalization = "0.5"
|
||||
http-signature-normalization-actix = { version = "0.4", default-features = false, features = ["sha-2"] }
|
||||
http-signature-normalization-reqwest = { version = "0.1.3", default-features = false, features = ["sha-2"] }
|
||||
base64 = "0.12"
|
||||
tokio = "0.2"
|
||||
futures = "0.3"
|
||||
|
@ -45,4 +45,4 @@ async-trait = "0.1"
|
|||
anyhow = "1.0"
|
||||
thiserror = "1.0"
|
||||
background-jobs = " 0.8"
|
||||
reqwest = { version = "0.10", features = ["json"] }
|
||||
reqwest = { version = "0.10", features = ["json"] }
|
||||
|
|
|
@ -77,7 +77,7 @@ impl ActixJob for SendActivityTask {
|
|||
for to_url in &self.to {
|
||||
let mut headers = BTreeMap::<String, String>::new();
|
||||
headers.insert("Content-Type".into(), "application/json".into());
|
||||
let signed = sign(
|
||||
let result = sign(
|
||||
&state.client,
|
||||
headers,
|
||||
to_url,
|
||||
|
@ -87,15 +87,7 @@ impl ActixJob for SendActivityTask {
|
|||
)
|
||||
.await;
|
||||
|
||||
let signed = match signed {
|
||||
Ok(s) => s,
|
||||
Err(e) => {
|
||||
warn!("{}", e);
|
||||
// dont return an error because retrying would probably not fix the signing
|
||||
return Ok(());
|
||||
}
|
||||
};
|
||||
if let Err(e) = state.client.execute(signed).await {
|
||||
if let Err(e) = result {
|
||||
warn!("{}", e);
|
||||
return Err(anyhow!(
|
||||
"Failed to send activity {} to {}",
|
||||
|
|
|
@ -4,8 +4,8 @@ use activitystreams_ext::UnparsedExtension;
|
|||
use actix_web::HttpRequest;
|
||||
use anyhow::{anyhow, Context};
|
||||
use http::{header::HeaderName, HeaderMap, HeaderValue};
|
||||
use http_signature_normalization::Config;
|
||||
use http_signature_normalization_actix::{digest::DigestCreate, Config as ConfigActix};
|
||||
use http_signature_normalization_actix::Config as ConfigActix;
|
||||
use http_signature_normalization_reqwest::prelude::{Config, SignExt};
|
||||
use lemmy_utils::{location_info, LemmyError};
|
||||
use log::debug;
|
||||
use openssl::{
|
||||
|
@ -13,7 +13,7 @@ use openssl::{
|
|||
pkey::PKey,
|
||||
sign::{Signer, Verifier},
|
||||
};
|
||||
use reqwest::{Client, Request};
|
||||
use reqwest::{Client, Response};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use sha2::{Digest, Sha256};
|
||||
use std::{collections::BTreeMap, str::FromStr};
|
||||
|
@ -27,34 +27,13 @@ lazy_static! {
|
|||
/// Signs request headers with the given keypair.
|
||||
pub async fn sign(
|
||||
client: &Client,
|
||||
mut headers: BTreeMap<String, String>,
|
||||
headers: BTreeMap<String, String>,
|
||||
url: &Url,
|
||||
activity: String,
|
||||
actor_id: &Url,
|
||||
private_key: String,
|
||||
) -> Result<Request, LemmyError> {
|
||||
) -> Result<Response, LemmyError> {
|
||||
let signing_key_id = format!("{}#main-key", actor_id);
|
||||
let digest = format!(
|
||||
"{}={}",
|
||||
Sha256::NAME,
|
||||
Sha256::new().compute(activity.as_bytes())
|
||||
);
|
||||
headers.insert("Digest".into(), digest);
|
||||
|
||||
let mut path_and_query = url.path().to_string();
|
||||
if let Some(query) = url.query() {
|
||||
path_and_query = format!("{}?{}", path_and_query, query);
|
||||
}
|
||||
let signature_header_value = HTTP_SIG_CONFIG
|
||||
.begin_sign("POST", &path_and_query, headers.clone())?
|
||||
.sign(signing_key_id, |signing_string| {
|
||||
let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;
|
||||
let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;
|
||||
signer.update(signing_string.as_bytes())?;
|
||||
|
||||
Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>
|
||||
})?
|
||||
.signature_header();
|
||||
|
||||
let mut header_map = HeaderMap::new();
|
||||
for h in headers {
|
||||
|
@ -63,13 +42,25 @@ pub async fn sign(
|
|||
HeaderValue::from_str(h.1.as_str())?,
|
||||
);
|
||||
}
|
||||
let signed_request = client
|
||||
let response = client
|
||||
.post(&url.to_string())
|
||||
.headers(header_map)
|
||||
.header("Signature", signature_header_value)
|
||||
.body(activity);
|
||||
.signature_with_digest(
|
||||
HTTP_SIG_CONFIG.clone(),
|
||||
signing_key_id,
|
||||
Sha256::new(),
|
||||
activity,
|
||||
move |signing_string| {
|
||||
let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;
|
||||
let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;
|
||||
signer.update(signing_string.as_bytes())?;
|
||||
|
||||
Ok(signed_request.build()?)
|
||||
Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>
|
||||
},
|
||||
)
|
||||
.await?;
|
||||
|
||||
Ok(response)
|
||||
}
|
||||
|
||||
pub fn verify(request: &HttpRequest, actor: &dyn ActorType) -> Result<(), LemmyError> {
|
||||
|
|
Loading…
Reference in a new issue