2020-09-29 13:10:55 +00:00
|
|
|
use actix_web::HttpRequest;
|
Apub inbox rewrite (#1652)
* start to implement apub inbox routing lib
* got something that almost works
* it compiles!
* implemented some more
* move library code to separate crate (most of it)
* convert private message handlers
* convert all comment receivers (except undo comment)
* convert post receiver
* add verify trait
* convert community receivers
* add cc field for all activities which i forgot before
* convert inbox functions, add missing checks
* convert undo like/dislike receivers
* convert undo_delete and undo_remove receivers
* move block/unblock activities
* convert remaining activity receivers
* reimplement http signature verification and other checks
* also use actor type for routing, VerifyActivity and SendActivity traits
* cleanup and restructure apub_receive code
* wip: try to fix activity routing
* implement a (very bad) derive macro for activityhandler
* working activity routing!
* rework pm verify(), fix tests and confirm manually
also remove inbox username check which was broken
* rework following verify(), fix tests and test manually
* fix post/comment create/update, rework voting
* Rewrite remove/delete post/comment, fix tests, test manually
* Rework and fix (un)block user, announce, update post
* some code cleanup
* rework delete/remove activity receivers (still quite messy)
* rewrite, test and fix add/remove mod, update community handlers
* add docs for ActivityHandler derive macro
* dont try to compile macro comments
2021-07-17 16:08:46 +00:00
|
|
|
use anyhow::anyhow;
|
2020-09-29 13:10:55 +00:00
|
|
|
use http::{header::HeaderName, HeaderMap, HeaderValue};
|
2020-09-30 00:56:41 +00:00
|
|
|
use http_signature_normalization_actix::Config as ConfigActix;
|
|
|
|
use http_signature_normalization_reqwest::prelude::{Config, SignExt};
|
Apub inbox rewrite (#1652)
* start to implement apub inbox routing lib
* got something that almost works
* it compiles!
* implemented some more
* move library code to separate crate (most of it)
* convert private message handlers
* convert all comment receivers (except undo comment)
* convert post receiver
* add verify trait
* convert community receivers
* add cc field for all activities which i forgot before
* convert inbox functions, add missing checks
* convert undo like/dislike receivers
* convert undo_delete and undo_remove receivers
* move block/unblock activities
* convert remaining activity receivers
* reimplement http signature verification and other checks
* also use actor type for routing, VerifyActivity and SendActivity traits
* cleanup and restructure apub_receive code
* wip: try to fix activity routing
* implement a (very bad) derive macro for activityhandler
* working activity routing!
* rework pm verify(), fix tests and confirm manually
also remove inbox username check which was broken
* rework following verify(), fix tests and test manually
* fix post/comment create/update, rework voting
* Rewrite remove/delete post/comment, fix tests, test manually
* Rework and fix (un)block user, announce, update post
* some code cleanup
* rework delete/remove activity receivers (still quite messy)
* rewrite, test and fix add/remove mod, update community handlers
* add docs for ActivityHandler derive macro
* dont try to compile macro comments
2021-07-17 16:08:46 +00:00
|
|
|
use lemmy_utils::LemmyError;
|
2020-05-05 14:30:13 +00:00
|
|
|
use log::debug;
|
2020-05-16 14:04:08 +00:00
|
|
|
use openssl::{
|
|
|
|
hash::MessageDigest,
|
|
|
|
pkey::PKey,
|
|
|
|
sign::{Signer, Verifier},
|
|
|
|
};
|
2020-09-30 00:56:41 +00:00
|
|
|
use reqwest::{Client, Response};
|
2020-05-05 14:30:13 +00:00
|
|
|
use serde::{Deserialize, Serialize};
|
2020-07-01 12:54:29 +00:00
|
|
|
use sha2::{Digest, Sha256};
|
2020-09-29 13:10:55 +00:00
|
|
|
use std::{collections::BTreeMap, str::FromStr};
|
2020-08-31 13:48:02 +00:00
|
|
|
use url::Url;
|
2020-04-18 18:54:20 +00:00
|
|
|
|
2020-04-19 17:35:40 +00:00
|
|
|
lazy_static! {
|
2020-09-29 13:10:55 +00:00
|
|
|
static ref CONFIG2: ConfigActix = ConfigActix::new();
|
2020-04-19 17:35:40 +00:00
|
|
|
static ref HTTP_SIG_CONFIG: Config = Config::new();
|
|
|
|
}
|
|
|
|
|
2020-10-19 14:29:35 +00:00
|
|
|
/// Creates an HTTP post request to `inbox_url`, with the given `client` and `headers`, and
|
|
|
|
/// `activity` as request body. The request is signed with `private_key` and then sent.
|
2021-10-06 20:20:05 +00:00
|
|
|
pub async fn sign_and_send(
|
2020-09-29 13:10:55 +00:00
|
|
|
client: &Client,
|
2020-09-30 00:56:41 +00:00
|
|
|
headers: BTreeMap<String, String>,
|
2020-10-19 14:29:35 +00:00
|
|
|
inbox_url: &Url,
|
2020-07-01 12:54:29 +00:00
|
|
|
activity: String,
|
2020-08-31 13:48:02 +00:00
|
|
|
actor_id: &Url,
|
|
|
|
private_key: String,
|
2020-09-30 00:56:41 +00:00
|
|
|
) -> Result<Response, LemmyError> {
|
2020-08-31 13:48:02 +00:00
|
|
|
let signing_key_id = format!("{}#main-key", actor_id);
|
2020-04-18 18:54:20 +00:00
|
|
|
|
2020-09-29 13:10:55 +00:00
|
|
|
let mut header_map = HeaderMap::new();
|
|
|
|
for h in headers {
|
|
|
|
header_map.insert(
|
|
|
|
HeaderName::from_str(h.0.as_str())?,
|
|
|
|
HeaderValue::from_str(h.1.as_str())?,
|
|
|
|
);
|
|
|
|
}
|
2020-09-30 00:56:41 +00:00
|
|
|
let response = client
|
2020-10-19 14:29:35 +00:00
|
|
|
.post(&inbox_url.to_string())
|
2020-09-29 13:10:55 +00:00
|
|
|
.headers(header_map)
|
2020-09-30 00:56:41 +00:00
|
|
|
.signature_with_digest(
|
|
|
|
HTTP_SIG_CONFIG.clone(),
|
|
|
|
signing_key_id,
|
|
|
|
Sha256::new(),
|
|
|
|
activity,
|
|
|
|
move |signing_string| {
|
|
|
|
let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;
|
|
|
|
let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;
|
|
|
|
signer.update(signing_string.as_bytes())?;
|
|
|
|
|
|
|
|
Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>
|
|
|
|
},
|
|
|
|
)
|
|
|
|
.await?;
|
2020-04-18 18:54:20 +00:00
|
|
|
|
2020-09-30 00:56:41 +00:00
|
|
|
Ok(response)
|
2020-04-18 18:54:20 +00:00
|
|
|
}
|
2020-04-10 13:50:40 +00:00
|
|
|
|
2020-10-19 14:29:35 +00:00
|
|
|
/// Verifies the HTTP signature on an incoming inbox request.
|
2021-10-06 20:20:05 +00:00
|
|
|
pub fn verify_signature(request: &HttpRequest, public_key: &str) -> Result<(), LemmyError> {
|
2020-09-29 13:10:55 +00:00
|
|
|
let verified = CONFIG2
|
2020-04-19 17:35:40 +00:00
|
|
|
.begin_verify(
|
2020-07-01 12:54:29 +00:00
|
|
|
request.method(),
|
|
|
|
request.uri().path_and_query(),
|
|
|
|
request.headers().clone(),
|
2020-04-19 17:35:40 +00:00
|
|
|
)?
|
2020-07-01 12:54:29 +00:00
|
|
|
.verify(|signature, signing_string| -> Result<bool, LemmyError> {
|
2020-04-19 17:35:40 +00:00
|
|
|
debug!(
|
|
|
|
"Verifying with key {}, message {}",
|
2020-08-11 14:31:05 +00:00
|
|
|
&public_key, &signing_string
|
2020-04-19 17:35:40 +00:00
|
|
|
);
|
2020-08-11 14:31:05 +00:00
|
|
|
let public_key = PKey::public_key_from_pem(public_key.as_bytes())?;
|
|
|
|
let mut verifier = Verifier::new(MessageDigest::sha256(), &public_key)?;
|
2021-07-05 16:07:26 +00:00
|
|
|
verifier.update(signing_string.as_bytes())?;
|
2020-04-19 17:35:40 +00:00
|
|
|
Ok(verifier.verify(&base64::decode(signature)?)?)
|
|
|
|
})?;
|
|
|
|
|
|
|
|
if verified {
|
|
|
|
debug!("verified signature for {}", &request.uri());
|
|
|
|
Ok(())
|
|
|
|
} else {
|
2020-08-01 14:04:42 +00:00
|
|
|
Err(anyhow!("Invalid signature on request: {}", &request.uri()).into())
|
2020-04-19 17:35:40 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-01-27 16:42:23 +00:00
|
|
|
#[derive(Clone, Debug, Deserialize, Serialize)]
|
2020-04-10 13:50:40 +00:00
|
|
|
#[serde(rename_all = "camelCase")]
|
|
|
|
pub struct PublicKey {
|
|
|
|
pub id: String,
|
2021-01-27 16:42:23 +00:00
|
|
|
pub owner: Url,
|
2020-04-10 13:50:40 +00:00
|
|
|
pub public_key_pem: String,
|
|
|
|
}
|