Merge pull request #1162 from asonix/remove-hardcoded-https

Use http-signature-normalization-reqwest
This commit is contained in:
Dessalines 2020-09-30 09:28:40 -04:00 committed by GitHub
commit 4772cbd23f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 46 additions and 45 deletions

24
Cargo.lock generated
View File

@ -1566,9 +1566,9 @@ dependencies = [
[[package]] [[package]]
name = "http-signature-normalization" name = "http-signature-normalization"
version = "0.5.2" version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ee917294413cec0db93a8af6ecfa63730c1d2bb604bd1da69ba75b342fb23f21" checksum = "cb3a020c37b48d2258910fae9c9b4f8455651f56abfdde1ae68a9397b2765c31"
dependencies = [ dependencies = [
"chrono", "chrono",
"thiserror", "thiserror",
@ -1592,6 +1592,24 @@ dependencies = [
"thiserror", "thiserror",
] ]
[[package]]
name = "http-signature-normalization-reqwest"
version = "0.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7bc26a68f8963e26453c7fdea9e016e2e31a48ca018a9223f96afe2cca1a4bd1"
dependencies = [
"base64 0.12.3",
"bytes",
"chrono",
"futures",
"http",
"http-signature-normalization",
"reqwest",
"sha2",
"thiserror",
"tokio",
]
[[package]] [[package]]
name = "httparse" name = "httparse"
version = "1.3.4" version = "1.3.4"
@ -1865,8 +1883,8 @@ dependencies = [
"diesel", "diesel",
"futures", "futures",
"http", "http",
"http-signature-normalization",
"http-signature-normalization-actix", "http-signature-normalization-actix",
"http-signature-normalization-reqwest",
"itertools", "itertools",
"lazy_static", "lazy_static",
"lemmy_db", "lemmy_db",

View File

@ -33,8 +33,8 @@ url = { version = "2.1", features = ["serde"] }
percent-encoding = "2.1" percent-encoding = "2.1"
openssl = "0.10" openssl = "0.10"
http = "0.2" http = "0.2"
http-signature-normalization = "0.5"
http-signature-normalization-actix = { version = "0.4", default-features = false, features = ["sha-2"] } http-signature-normalization-actix = { version = "0.4", default-features = false, features = ["sha-2"] }
http-signature-normalization-reqwest = { version = "0.1.3", default-features = false, features = ["sha-2"] }
base64 = "0.12" base64 = "0.12"
tokio = "0.2" tokio = "0.2"
futures = "0.3" futures = "0.3"
@ -45,4 +45,4 @@ async-trait = "0.1"
anyhow = "1.0" anyhow = "1.0"
thiserror = "1.0" thiserror = "1.0"
background-jobs = " 0.8" background-jobs = " 0.8"
reqwest = { version = "0.10", features = ["json"] } reqwest = { version = "0.10", features = ["json"] }

View File

@ -77,7 +77,7 @@ impl ActixJob for SendActivityTask {
for to_url in &self.to { for to_url in &self.to {
let mut headers = BTreeMap::<String, String>::new(); let mut headers = BTreeMap::<String, String>::new();
headers.insert("Content-Type".into(), "application/json".into()); headers.insert("Content-Type".into(), "application/json".into());
let signed = sign( let result = sign(
&state.client, &state.client,
headers, headers,
to_url, to_url,
@ -87,15 +87,7 @@ impl ActixJob for SendActivityTask {
) )
.await; .await;
let signed = match signed { if let Err(e) = result {
Ok(s) => s,
Err(e) => {
warn!("{}", e);
// dont return an error because retrying would probably not fix the signing
return Ok(());
}
};
if let Err(e) = state.client.execute(signed).await {
warn!("{}", e); warn!("{}", e);
return Err(anyhow!( return Err(anyhow!(
"Failed to send activity {} to {}", "Failed to send activity {} to {}",

View File

@ -4,8 +4,8 @@ use activitystreams_ext::UnparsedExtension;
use actix_web::HttpRequest; use actix_web::HttpRequest;
use anyhow::{anyhow, Context}; use anyhow::{anyhow, Context};
use http::{header::HeaderName, HeaderMap, HeaderValue}; use http::{header::HeaderName, HeaderMap, HeaderValue};
use http_signature_normalization::Config; use http_signature_normalization_actix::Config as ConfigActix;
use http_signature_normalization_actix::{digest::DigestCreate, Config as ConfigActix}; use http_signature_normalization_reqwest::prelude::{Config, SignExt};
use lemmy_utils::{location_info, LemmyError}; use lemmy_utils::{location_info, LemmyError};
use log::debug; use log::debug;
use openssl::{ use openssl::{
@ -13,7 +13,7 @@ use openssl::{
pkey::PKey, pkey::PKey,
sign::{Signer, Verifier}, sign::{Signer, Verifier},
}; };
use reqwest::{Client, Request}; use reqwest::{Client, Response};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use sha2::{Digest, Sha256}; use sha2::{Digest, Sha256};
use std::{collections::BTreeMap, str::FromStr}; use std::{collections::BTreeMap, str::FromStr};
@ -27,34 +27,13 @@ lazy_static! {
/// Signs request headers with the given keypair. /// Signs request headers with the given keypair.
pub async fn sign( pub async fn sign(
client: &Client, client: &Client,
mut headers: BTreeMap<String, String>, headers: BTreeMap<String, String>,
url: &Url, url: &Url,
activity: String, activity: String,
actor_id: &Url, actor_id: &Url,
private_key: String, private_key: String,
) -> Result<Request, LemmyError> { ) -> Result<Response, LemmyError> {
let signing_key_id = format!("{}#main-key", actor_id); let signing_key_id = format!("{}#main-key", actor_id);
let digest = format!(
"{}={}",
Sha256::NAME,
Sha256::new().compute(activity.as_bytes())
);
headers.insert("Digest".into(), digest);
let mut path_and_query = url.path().to_string();
if let Some(query) = url.query() {
path_and_query = format!("{}?{}", path_and_query, query);
}
let signature_header_value = HTTP_SIG_CONFIG
.begin_sign("POST", &path_and_query, headers.clone())?
.sign(signing_key_id, |signing_string| {
let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;
let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;
signer.update(signing_string.as_bytes())?;
Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>
})?
.signature_header();
let mut header_map = HeaderMap::new(); let mut header_map = HeaderMap::new();
for h in headers { for h in headers {
@ -63,13 +42,25 @@ pub async fn sign(
HeaderValue::from_str(h.1.as_str())?, HeaderValue::from_str(h.1.as_str())?,
); );
} }
let signed_request = client let response = client
.post(&url.to_string()) .post(&url.to_string())
.headers(header_map) .headers(header_map)
.header("Signature", signature_header_value) .signature_with_digest(
.body(activity); HTTP_SIG_CONFIG.clone(),
signing_key_id,
Sha256::new(),
activity,
move |signing_string| {
let private_key = PKey::private_key_from_pem(private_key.as_bytes())?;
let mut signer = Signer::new(MessageDigest::sha256(), &private_key)?;
signer.update(signing_string.as_bytes())?;
Ok(signed_request.build()?) Ok(base64::encode(signer.sign_to_vec()?)) as Result<_, LemmyError>
},
)
.await?;
Ok(response)
} }
pub fn verify(request: &HttpRequest, actor: &dyn ActorType) -> Result<(), LemmyError> { pub fn verify(request: &HttpRequest, actor: &dyn ActorType) -> Result<(), LemmyError> {