lemmy/lemmy_apub/src/extensions/signatures.rs

use crate::ActorType;
use activitystreams::unparsed::UnparsedMutExt;
use activitystreams_ext::UnparsedExtension;
use actix_web::HttpRequest;
use anyhow::{anyhow, Context};
use http::{header::HeaderName, HeaderMap, HeaderValue};
use http_signature_normalization_actix::Config as ConfigActix;
use http_signature_normalization_reqwest::prelude::{Config, SignExt};
use lemmy_utils::{location_info, LemmyError};
use log::debug;
use openssl::{
  hash::MessageDigest,
  pkey::PKey,
  sign::{Signer, Verifier},
};
use reqwest::{Client, Response};
use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256};
use std::{collections::BTreeMap, str::FromStr};
use url::Url;

lazy_static! {
  static ref CONFIG2: ConfigActix = ConfigActix::new();
  static ref HTTP_SIG_CONFIG: Config = Config::new();
}

/// Signs request headers with the given keypair.
pub async fn sign(
  client: &Client,
  headers: BTreeMap<String, String>,
  url: &Url,
  activity: String,
  actor_id: &Url,
  private_key: String,
) -> Result<Response, LemmyError> {
  let signing_key_id = format!("{}#main-key", actor_id);

  let mut header_map = HeaderMap::new();
  for h in headers {
    header_map.insert(
      HeaderName::from_str(h.0.as_str())?,
      HeaderValue::from_str(h.1.as_str())?,
    );
  }
  let response = client
    .post(&url.to_string())
    .headers(header_map)
    .signature_with_digest(
      HTTP_SIG_CONFIG.clone(),
      signing_key_id,
      Sha256::new(),
      activity,
      move |signing_string| {
        let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;
        let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;
        signer.update(signing_string.as_bytes())?;

        Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>
      },
    )
    .await?;

  Ok(response)
}

pub fn verify(request: &HttpRequest, actor: &dyn ActorType) -> Result<(), LemmyError> {
  let public_key = actor.public_key().context(location_info!())?;
  let verified = CONFIG2
    .begin_verify(
      request.method(),
      request.uri().path_and_query(),
      request.headers().clone(),
    )?
    .verify(|signature, signing_string| -> Result<bool, LemmyError> {
      debug!(
        "Verifying with key {}, message {}",
        &public_key, &signing_string
      );
      let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;
      let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;
      verifier.update(&signing_string.as_bytes())?;
      Ok(verifier.verify(&base64::decode(signature)?)?)
    })?;

  if verified {
    debug!("verified signature for {}", &request.uri());
    Ok(())
  } else {
    Err(anyhow!("Invalid signature on request: {}", &request.uri()).into())
  }
}

// The following is taken from here:
// https://docs.rs/activitystreams/0.5.0-alpha.17/activitystreams/ext/index.html

#[derive(Clone, Debug, Default, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PublicKey {
  pub id: String,
  pub owner: String,
  pub public_key_pem: String,
}

#[derive(Clone, Debug, Default, Deserialize, Serialize)]
#[serde(rename_all = "camelCase")]
pub struct PublicKeyExtension {
  pub public_key: PublicKey,
}

impl PublicKey {
  pub fn to_ext(&self) -> PublicKeyExtension {
    PublicKeyExtension {
      public_key: self.to_owned(),
    }
  }
}

impl<U> UnparsedExtension<U> for PublicKeyExtension
where
  U: UnparsedMutExt,
{
  type Error = serde_json::Error;

  fn try_from_unparsed(unparsed_mut: &mut U) -> Result<Self, Self::Error> {
    Ok(PublicKeyExtension {
      public_key: unparsed_mut.remove("publicKey")?,
    })
  }

  fn try_into_unparsed(self, unparsed_mut: &mut U) -> Result<(), Self::Error> {
    unparsed_mut.insert("publicKey", self.public_key)?;
    Ok(())
  }
}
Move websocket code into workspace (#107) Adjust dockerfiles, fix cargo.toml and remove unused deps Merge branch 'main' into move-websocket-to-workspace Move api code into workspace Move apub to separate workspace Move websocket code into separate workspace Some code cleanup Remove websocket dependency on API Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/107 2020-09-24 13:53:21 +00:00			`use crate::ActorType;`
Update activitystreams to 0.7.0-alpha.3 (from crates.io) 2020-08-01 13:25:17 +00:00			`use activitystreams::unparsed::UnparsedMutExt;`
Update activitystreams library to latest version (#71) Merge branch 'main' into more-upgrade-apub-3 Update activitystreams library to latest version Remove remaining usages of old activitystreams library Migrate community inbox and user inbox Migrate private message Migrate post Migrate community activities Migrate extensions to new activitystreams library Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/71 2020-07-17 21:11:07 +00:00			`use activitystreams_ext::UnparsedExtension;`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`use actix_web::HttpRequest;`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`use anyhow::{anyhow, Context};`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`use http::{header::HeaderName, HeaderMap, HeaderValue};`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`use http_signature_normalization_actix::Config as ConfigActix;`
			`use http_signature_normalization_reqwest::prelude::{Config, SignExt};`
Move api structs and rate limit into separate workspaces 2020-09-01 14:25:34 +00:00			`use lemmy_utils::{location_info, LemmyError};`
Federate community category and nsfw 2020-05-05 14:30:13 +00:00			`use log::debug;`
Rework imports 2020-05-16 14:04:08 +00:00			`use openssl::{`
			`hash::MessageDigest,`
			`pkey::PKey,`
			`sign::{Signer, Verifier},`
			`};`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`use reqwest::{Client, Response};`
Federate community category and nsfw 2020-05-05 14:30:13 +00:00			`use serde::{Deserialize, Serialize};`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`use sha2::{Digest, Sha256};`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`use std::{collections::BTreeMap, str::FromStr};`
implement ActivitySender actor (#89) Merge pull request 'Adding unique ap_ids. Fixes #1100' (#90) from unique_ap_ids into activity-sender Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/90 Adding back in on_conflict. Trying to add back in the on_conflict_do_nothing. Trying to reduce delay time. Removing createFakes. Removing some unit tests. Adding comment jest timeout. Fixing tests again. Fixing tests again. Merge branch 'activity-sender' into unique_ap_ids_2 Replace actix client with reqwest to speed up federation tests Trying to fix tests again. Fixing unit tests. Fixing some broken unit tests, not done yet. Adding uniques. Adding unique ap_ids. Fixes #1100 use proper sql functionality for upsert added logging in fetcher, replace post/comment::create with upsert no need to do an actual update in post/comment::upsert Merge branch 'main' into activity-sender implement upsert for user/community reuse http client got it working attempt to use background-jobs crate rewrite with proper error handling and less boilerplate remove do_send, dont return errors from activity_sender WIP: implement ActivitySender actor Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Dessalines <tyhou13@gmx.com> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/89 2020-08-31 13:48:02 +00:00			`use url::Url;`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`lazy_static! {`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`static ref CONFIG2: ConfigActix = ConfigActix::new();`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`static ref HTTP_SIG_CONFIG: Config = Config::new();`
			`}`

Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00			`/// Signs request headers with the given keypair.`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`pub async fn sign(`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`client: &Client,`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`headers: BTreeMap<String, String>,`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`url: &Url,`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`activity: String,`
implement ActivitySender actor (#89) Merge pull request 'Adding unique ap_ids. Fixes #1100' (#90) from unique_ap_ids into activity-sender Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/90 Adding back in on_conflict. Trying to add back in the on_conflict_do_nothing. Trying to reduce delay time. Removing createFakes. Removing some unit tests. Adding comment jest timeout. Fixing tests again. Fixing tests again. Merge branch 'activity-sender' into unique_ap_ids_2 Replace actix client with reqwest to speed up federation tests Trying to fix tests again. Fixing unit tests. Fixing some broken unit tests, not done yet. Adding uniques. Adding unique ap_ids. Fixes #1100 use proper sql functionality for upsert added logging in fetcher, replace post/comment::create with upsert no need to do an actual update in post/comment::upsert Merge branch 'main' into activity-sender implement upsert for user/community reuse http client got it working attempt to use background-jobs crate rewrite with proper error handling and less boilerplate remove do_send, dont return errors from activity_sender WIP: implement ActivitySender actor Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Dessalines <tyhou13@gmx.com> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/89 2020-08-31 13:48:02 +00:00			`actor_id: &Url,`
			`private_key: String,`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`) -> Result<Response, LemmyError> {`
implement ActivitySender actor (#89) Merge pull request 'Adding unique ap_ids. Fixes #1100' (#90) from unique_ap_ids into activity-sender Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/90 Adding back in on_conflict. Trying to add back in the on_conflict_do_nothing. Trying to reduce delay time. Removing createFakes. Removing some unit tests. Adding comment jest timeout. Fixing tests again. Fixing tests again. Merge branch 'activity-sender' into unique_ap_ids_2 Replace actix client with reqwest to speed up federation tests Trying to fix tests again. Fixing unit tests. Fixing some broken unit tests, not done yet. Adding uniques. Adding unique ap_ids. Fixes #1100 use proper sql functionality for upsert added logging in fetcher, replace post/comment::create with upsert no need to do an actual update in post/comment::upsert Merge branch 'main' into activity-sender implement upsert for user/community reuse http client got it working attempt to use background-jobs crate rewrite with proper error handling and less boilerplate remove do_send, dont return errors from activity_sender WIP: implement ActivitySender actor Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Dessalines <tyhou13@gmx.com> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/89 2020-08-31 13:48:02 +00:00			`let signing_key_id = format!("{}#main-key", actor_id);`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`let mut header_map = HeaderMap::new();`
			`for h in headers {`
			`header_map.insert(`
			`HeaderName::from_str(h.0.as_str())?,`
			`HeaderValue::from_str(h.1.as_str())?,`
			`);`
			`}`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`let response = client`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`.post(&url.to_string())`
			`.headers(header_map)`
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`.signature_with_digest(`
			`HTTP_SIG_CONFIG.clone(),`
			`signing_key_id,`
			`Sha256::new(),`
			`activity,`
			`move \|signing_string\| {`
			`let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;`
			`let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;`
			`signer.update(signing_string.as_bytes())?;`

			`Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>`
			`},`
			`)`
			`.await?;`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00
Use http-signature-normalization-reqwest 2020-09-30 00:56:41 +00:00			`Ok(response)`
Add http signature to outgoing apub requests 2020-04-18 18:54:20 +00:00			`}`
Federate actor public keys 2020-04-10 13:50:40 +00:00
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`pub fn verify(request: &HttpRequest, actor: &dyn ActorType) -> Result<(), LemmyError> {`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`let public_key = actor.public_key().context(location_info!())?;`
Use reqwest to send activities 2020-09-29 13:10:55 +00:00			`let verified = CONFIG2`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`.begin_verify(`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`request.method(),`
			`request.uri().path_and_query(),`
			`request.headers().clone(),`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`)?`
Federation async (#848) * Asyncify more * I guess these changed * Clean PR a bit * Convert more away from failure error * config changes for testing federation * It was DNS So actix-web's client relies on TRust DNS Resolver to figure out where to send data, but TRust DNS Resolver seems to not play nice with docker, which expressed itself as not resolving the name to an IP address _the first time_ when making a request. The fix was literally to make the request again (which I limited to 3 times total, and not exceeding the request timeout in total) * Only retry for connecterror Since TRust DNS Resolver was causing ConnectError::Timeout, this change limits the retry to only this error, returning immediately for any other error * Use http sig norm 0.4.0-alpha for actix-web 3.0 support * Blocking function, retry http requests * cargo +nightly fmt * Only create one pictrs dir * Don't yarn build * cargo +nightly fmt 2020-07-01 12:54:29 +00:00			`.verify(\|signature, signing_string\| -> Result<bool, LemmyError> {`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`debug!(`
			`"Verifying with key {}, message {}",`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`&public_key, &signing_string`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`);`
Remove usage of Option::unwrap() in activitypub code (#80) Remove remaining usages of unwrap() from activitypub code Remove most usage of Option::unwrap() from activitypub code Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/80 2020-08-11 14:31:05 +00:00			`let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;`
			`let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;`
			`verifier.update(&signing_string.as_bytes())?;`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`Ok(verifier.verify(&base64::decode(signature)?)?)`
			`})?;`

			`if verified {`
			`debug!("verified signature for {}", &request.uri());`
			`Ok(())`
			`} else {`
Migrate from failure to anyhow and thiserror (#1042) * Migrate from failure to anyhow and thiserror * Replace 'format_err!' to 'anyhow!' 2020-08-01 14:04:42 +00:00			`Err(anyhow!("Invalid signature on request: {}", &request.uri()).into())`
Verifyt http signatures 2020-04-19 17:35:40 +00:00			`}`
			`}`

Federate actor public keys 2020-04-10 13:50:40 +00:00			`// The following is taken from here:`
			`// https://docs.rs/activitystreams/0.5.0-alpha.17/activitystreams/ext/index.html`

Added documentation for most functions 2020-04-17 15:33:55 +00:00			`#[derive(Clone, Debug, Default, Deserialize, Serialize)]`
Federate actor public keys 2020-04-10 13:50:40 +00:00			`#[serde(rename_all = "camelCase")]`
			`pub struct PublicKey {`
			`pub id: String,`
			`pub owner: String,`
			`pub public_key_pem: String,`
			`}`

Added documentation for most functions 2020-04-17 15:33:55 +00:00			`#[derive(Clone, Debug, Default, Deserialize, Serialize)]`
Federate actor public keys 2020-04-10 13:50:40 +00:00			`#[serde(rename_all = "camelCase")]`
			`pub struct PublicKeyExtension {`
			`pub public_key: PublicKey,`
			`}`

			`impl PublicKey {`
			`pub fn to_ext(&self) -> PublicKeyExtension {`
			`PublicKeyExtension {`
			`public_key: self.to_owned(),`
			`}`
			`}`
			`}`

Update activitystreams library to latest version (#71) Merge branch 'main' into more-upgrade-apub-3 Update activitystreams library to latest version Remove remaining usages of old activitystreams library Migrate community inbox and user inbox Migrate private message Migrate post Migrate community activities Migrate extensions to new activitystreams library Co-authored-by: dessalines <dessalines@noreply.yerbamate.dev> Co-authored-by: Felix Ableitner <me@nutomic.com> Reviewed-on: https://yerbamate.dev/LemmyNet/lemmy/pulls/71 2020-07-17 21:11:07 +00:00			`impl<U> UnparsedExtension<U> for PublicKeyExtension`
			`where`
			`U: UnparsedMutExt,`
			`{`
			`type Error = serde_json::Error;`

			`fn try_from_unparsed(unparsed_mut: &mut U) -> Result<Self, Self::Error> {`
			`Ok(PublicKeyExtension {`
			`public_key: unparsed_mut.remove("publicKey")?,`
			`})`
			`}`

			`fn try_into_unparsed(self, unparsed_mut: &mut U) -> Result<(), Self::Error> {`
			`unparsed_mut.insert("publicKey", self.public_key)?;`
			`Ok(())`
			`}`
			`}`