Add digest, date and request-target in HTTP signature

2018-12-07 10:47:31 +01:00
parent ace427c223
commit fa0f47d8e1
4 changed files with 55 additions and 6 deletions
--- a/lib/service/activity_pub/activity_pub.ex
+++ b/lib/service/activity_pub/activity_pub.ex
@@ -15,6 +15,7 @@ defmodule Mobilizon.Service.ActivityPub do
  alias Mobilizon.Actors.Actor

  alias Mobilizon.Service.Federator
+  alias Mobilizon.Service.HTTPSignatures

  require Logger
  import Mobilizon.Service.ActivityPub.Utils
@@ -277,23 +278,35 @@ defmodule Mobilizon.Service.ActivityPub do

  def publish_one(%{inbox: inbox, json: json, actor: actor, id: id}) do
    Logger.info("Federating #{id} to #{inbox}")
-    host = URI.parse(inbox).host
+    {host, path} = URI.parse(inbox)
+
+    digest = HTTPSignatures.build_digest(json)
+    date = HTTPSignatures.generate_date_header()
+    request_target = HTTPSignatures.generate_request_target("POST", path)

    signature =
-      Mobilizon.Service.HTTPSignatures.sign(actor, %{
+      HTTPSignatures.sign(actor, %{
        host: host,
-        "content-length": byte_size(json)
+        "content-length": byte_size(json),
+        "(request-target)": request_target,
+        digest: digest,
+        date: date
      })

    HTTPoison.post(
      inbox,
      json,
-      [{"Content-Type", "application/activity+json"}, {"signature", signature}],
+      [
+        {"Content-Type", "application/activity+json"},
+        {"signature", signature},
+        {"digest", digest},
+        {"date", date}
+      ],
      hackney: [pool: :default]
    )
  end

-  # Fetching a remote actor's informations through it's AP ID 
+  # Fetching a remote actor's informations through it's AP ID
  @spec fetch_and_prepare_actor_from_url(String.t()) :: {:ok, struct()} | {:error, atom()} | any()
  defp fetch_and_prepare_actor_from_url(url) do
    Logger.debug("Fetching and preparing actor from url")
--- a/lib/service/http_signatures/http_signatures.ex
+++ b/lib/service/http_signatures/http_signatures.ex
@@ -94,6 +94,24 @@ defmodule Mobilizon.Service.HTTPSignatures do
      err ->
        Logger.error("Unable to sign headers")
        Logger.error(inspect(err))
+        nil
    end
  end
+
+  def generate_date_header(date \\ Timex.now("GMT")) do
+    with {:ok, date} <- Timex.format(date, "%a, %d %b %Y %H:%M:%S %Z", :strftime) do
+      date
+    else
+      {:error, err} ->
+        Logger.error("Unable to generate date header")
+        Logger.error(inspect(err))
+        nil
+    end
+  end
+
+  def generate_request_target(method, path), do: "#{method} #{path}"
+
+  def build_digest(body) do
+    "SHA-256=" <> (:crypto.hash(:sha256, body) |> Base.encode64())
+  end
 end