From 3ee1215a4aaf525a0e9c8c874ae394f63cf91bd4 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 17 Jan 2021 12:51:07 -0700 Subject: [PATCH] Add signed GET for secure mode compatibility --- app/Services/ActivityPubFetchService.php | 53 ++++-------------------- app/Util/ActivityPub/Helpers.php | 5 ++- app/Util/ActivityPub/HttpSignature.php | 4 +- 3 files changed, 14 insertions(+), 48 deletions(-) diff --git a/app/Services/ActivityPubFetchService.php b/app/Services/ActivityPubFetchService.php index cdfe81438..b6b8202e4 100644 --- a/app/Services/ActivityPubFetchService.php +++ b/app/Services/ActivityPubFetchService.php @@ -9,51 +9,16 @@ use App\Util\ActivityPub\HttpSignature; class ActivityPubFetchService { - public $signed = true; - public $actor; - public $url; - public $headers = [ - 'Accept' => 'application/activity+json, application/json', - 'User-Agent' => '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')' - ]; - - public static function queue() + public static function get($url) { - return new self; - } + $headers = HttpSignature::instanceActorSign($url, false, [ + 'Accept' => 'application/activity+json, application/json', + 'User-Agent' => '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')' + ]); - public function signed($signed = true) - { - $this->signed = $signed; - return $this; - } - - public function actor($profile) - { - $this->actor = $profile; - return $this; - } - - public function url($url) - { - if(!Helpers::validateUrl($url)) { - throw new \Exception('Invalid URL'); - } - $this->url = $url; - return $this; - } - - public function get() - { - if($this->signed == true && $this->actor == null) { - throw new \Exception('Cannot sign request without actor'); - } - return $this->signedRequest(); - } - - protected function signedRequest() - { - $this->headers = HttpSignature::sign($this->actor, $this->url, false, $this->headers); - return Zttp::withHeaders($this->headers)->get($this->url)->body(); + return Zttp::withHeaders($headers) + ->timeout(30) + ->get($url) + ->body(); } } \ No newline at end of file diff --git a/app/Util/ActivityPub/Helpers.php b/app/Util/ActivityPub/Helpers.php index e50b5d81b..5123e5db4 100644 --- a/app/Util/ActivityPub/Helpers.php +++ b/app/Util/ActivityPub/Helpers.php @@ -23,6 +23,7 @@ use App\Jobs\ImageOptimizePipeline\{ImageOptimize,ImageThumbnail}; use App\Jobs\StatusPipeline\NewStatusPipeline; use App\Util\ActivityPub\HttpSignature; use Illuminate\Support\Str; +use App\Services\ActivityPubFetchService; use App\Services\ActivityPubDeliveryService; use App\Services\MediaPathService; use App\Services\MediaStorageService; @@ -214,8 +215,8 @@ class Helpers { $ttl = now()->addMinutes(5); return Cache::remember($key, $ttl, function() use($url) { - $res = Zttp::withoutVerifying()->withHeaders(self::zttpUserAgent())->get($url); - $res = json_decode($res->body(), true, 8); + $res = ActivityPubFetchService::get($url); + $res = json_decode($res, true, 8); if(json_last_error() == JSON_ERROR_NONE) { return $res; } else { diff --git a/app/Util/ActivityPub/HttpSignature.php b/app/Util/ActivityPub/HttpSignature.php index 516979f5c..fff531fcf 100644 --- a/app/Util/ActivityPub/HttpSignature.php +++ b/app/Util/ActivityPub/HttpSignature.php @@ -43,7 +43,7 @@ class HttpSignature { $digest = self::_digest($body); } $headers = self::_headersToSign($url, $body ? $digest : false); - $headers = array_merge($headers, $addlHeaders); + $headers = array_unique(array_merge($headers, $addlHeaders)); $stringToSign = self::_headersToSigningString($headers); $signedHeaders = implode(' ', array_map('strtolower', array_keys($headers))); $key = openssl_pkey_get_private($privateKey); @@ -53,7 +53,7 @@ class HttpSignature { unset($headers['(request-target)']); $headers['Signature'] = $signatureHeader; - return self::_headersToCurlArray($headers); + return $headers; } public static function parseSignatureHeader($signature) {