Update http signature

diff --git a/package.json b/package.json
index 87dc2b5b9aafa3afe229db8201830a6730db0034..aba7d1c4b27fb80cd1f657eafb9f7eda217c0f40 100644 (file)
--- a/package.json
+++ b/package.json
@@ -122,7 +122,7 @@
     "fluent-ffmpeg": "^2.1.0",
     "fs-extra": "^8.0.1",
     "helmet": "^3.12.1",
-    "http-signature": "1.2.0",
+    "http-signature": "1.3.1",
     "ip-anonymize": "^0.1.0",
     "ipaddr.js": "1.9.1",
     "is-cidr": "^3.0.0",

diff --git a/server/helpers/custom-jsonld-signature.ts b/server/helpers/custom-jsonld-signature.ts
index cb07fa3b28bc7ce6c08f2cdf4ad23c14887aa8c9..a407a9fec1f0eb41771a20e430dc0ba1edf2f9ef 100644 (file)
--- a/server/helpers/custom-jsonld-signature.ts
+++ b/server/helpers/custom-jsonld-signature.ts
@@ -70,12 +70,20 @@ const lru = new AsyncLRU({
       })
     }
 
-    nodeDocumentLoader(url, cb)
+    nodeDocumentLoader(url)
+      .then(value => cb(null, value))
+      .catch(err => cb(err))
   }
 })
 
-jsonld.documentLoader = (url, cb) => {
-  lru.get(url, cb)
+jsonld.documentLoader = (url) => {
+  return new Promise((res, rej) => {
+    lru.get(url, (err, value) => {
+      if (err) return rej(err)
+
+      return res(value)
+    })
+  })
 }
 
 export { jsonld }

diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 9eb7823026cc3222bca162ed6841bef45152300d..89c0ab1515b24d962dca7ddbe21b47100733e3d6 100644 (file)
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -51,7 +51,7 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool
 }
 
 function parseHTTPSignature (req: Request, clockSkew?: number) {
-  return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, clockSkew })
+  return httpSignature.parse(req, { clockSkew })
 }
 
 // JSONLD

diff --git a/server/lib/job-queue/handlers/activitypub-http-unicast.ts b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
index c70ce3be90fb80a346787391acc85b8cbb5d63a5..6fbd4a716f84419055fb73c0b81e6a90411045c7 100644 (file)
--- a/server/lib/job-queue/handlers/activitypub-http-unicast.ts
+++ b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
@@ -20,6 +20,8 @@ async function processActivityPubHttpUnicast (job: Bull.Job) {
   const body = await computeBody(payload)
   const httpSignatureOptions = await buildSignedRequestOptions(payload)
 
+  logger.info('hello', { httpSignatureOptions })
+
   const options = {
     method: 'POST',
     uri,

diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index fedac0e05ed419b2de6c0b37ee3ddb02840715ec..bd3bdb07635df8b2d950e2bfa61a31d3fdad63b4 100644 (file)
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -51,10 +51,11 @@ export {
 // ---------------------------------------------------------------------------
 
 async function checkHttpSignature (req: Request, res: Response) {
-  // FIXME: mastodon does not include the Signature scheme
+  // FIXME: compatibility with http-signature < v1.3
   const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
-  if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig
+  if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '')
 
+  logger.info('coucou', { signature: req.headers[HTTP_SIGNATURE.HEADER_NAME] })
   const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)
 
   const keyId = parsed.keyId

diff --git a/yarn.lock b/yarn.lock
index 71ef762f4a74117c6a5edf8fb18fa958b5293f0c..0f24b411beddbd8182775357402ce09c2dbf8628 100644 (file)
--- a/yarn.lock
+++ b/yarn.lock
@@ -3092,7 +3092,16 @@ http-parser-js@^0.4.3:
   resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137"
   integrity sha1-O9bW/ebjFyyTNMOzO2wZPYD+ETc=
 
-http-signature@1.2.0, http-signature@~1.2.0:
+http-signature@1.3.1:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.3.1.tgz#739fe2f8897ba84798e3e54b699a9008a8724ff9"
+  integrity sha512-Y29YKEc8MQsjch/VzkUVJ+2MXd9WcR42fK5u36CZf4G8bXw2DXMTWuESiB0R6m59JAWxlPPw5/Fri/t/AyyueA==
+  dependencies:
+    assert-plus "^1.0.0"
+    jsprim "^1.2.2"
+    sshpk "^1.14.1"
+
+http-signature@~1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1"
   integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=
@@ -6057,7 +6066,7 @@ srt-to-vtt@^1.1.2:
     through2 "^0.6.3"
     to-utf-8 "^1.2.0"
 
-sshpk@^1.7.0:
+sshpk@^1.14.1, sshpk@^1.7.0:
   version "1.16.1"
   resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"
   integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==