Add signed GET for secure mode compatibility

This commit is contained in:
Daniel Supernault 2021-01-17 12:51:07 -07:00
parent b29b845533
commit 3ee1215a4a
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
3 changed files with 14 additions and 48 deletions

View file

@ -9,51 +9,16 @@ use App\Util\ActivityPub\HttpSignature;
class ActivityPubFetchService
{
public $signed = true;
public $actor;
public $url;
public $headers = [
public static function get($url)
{
$headers = HttpSignature::instanceActorSign($url, false, [
'Accept' => 'application/activity+json, application/json',
'User-Agent' => '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')'
];
]);
public static function queue()
{
return new self;
}
public function signed($signed = true)
{
$this->signed = $signed;
return $this;
}
public function actor($profile)
{
$this->actor = $profile;
return $this;
}
public function url($url)
{
if(!Helpers::validateUrl($url)) {
throw new \Exception('Invalid URL');
}
$this->url = $url;
return $this;
}
public function get()
{
if($this->signed == true && $this->actor == null) {
throw new \Exception('Cannot sign request without actor');
}
return $this->signedRequest();
}
protected function signedRequest()
{
$this->headers = HttpSignature::sign($this->actor, $this->url, false, $this->headers);
return Zttp::withHeaders($this->headers)->get($this->url)->body();
return Zttp::withHeaders($headers)
->timeout(30)
->get($url)
->body();
}
}

View file

@ -23,6 +23,7 @@ use App\Jobs\ImageOptimizePipeline\{ImageOptimize,ImageThumbnail};
use App\Jobs\StatusPipeline\NewStatusPipeline;
use App\Util\ActivityPub\HttpSignature;
use Illuminate\Support\Str;
use App\Services\ActivityPubFetchService;
use App\Services\ActivityPubDeliveryService;
use App\Services\MediaPathService;
use App\Services\MediaStorageService;
@ -214,8 +215,8 @@ class Helpers {
$ttl = now()->addMinutes(5);
return Cache::remember($key, $ttl, function() use($url) {
$res = Zttp::withoutVerifying()->withHeaders(self::zttpUserAgent())->get($url);
$res = json_decode($res->body(), true, 8);
$res = ActivityPubFetchService::get($url);
$res = json_decode($res, true, 8);
if(json_last_error() == JSON_ERROR_NONE) {
return $res;
} else {

View file

@ -43,7 +43,7 @@ class HttpSignature {
$digest = self::_digest($body);
}
$headers = self::_headersToSign($url, $body ? $digest : false);
$headers = array_merge($headers, $addlHeaders);
$headers = array_unique(array_merge($headers, $addlHeaders));
$stringToSign = self::_headersToSigningString($headers);
$signedHeaders = implode(' ', array_map('strtolower', array_keys($headers)));
$key = openssl_pkey_get_private($privateKey);
@ -53,7 +53,7 @@ class HttpSignature {
unset($headers['(request-target)']);
$headers['Signature'] = $signatureHeader;
return self::_headersToCurlArray($headers);
return $headers;
}
public static function parseSignatureHeader($signature) {