2018-12-23 20:04:54 +00:00
|
|
|
# Pleroma: A lightweight social networking server
|
2021-01-13 06:49:20 +00:00
|
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
2018-12-23 20:04:54 +00:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2017-12-12 09:17:21 +00:00
|
|
|
defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
|
|
|
|
import Plug.Conn
|
2022-12-19 20:41:48 +00:00
|
|
|
import Phoenix.Controller, only: [get_format: 1]
|
2023-08-15 10:22:18 +00:00
|
|
|
|
|
|
|
use Pleroma.Web, :verified_routes
|
2022-08-05 19:31:32 +00:00
|
|
|
alias Pleroma.Activity
|
2022-11-26 19:22:56 +00:00
|
|
|
alias Pleroma.Signature
|
|
|
|
alias Pleroma.Instances
|
2018-02-22 13:57:35 +00:00
|
|
|
require Logger
|
2017-12-12 09:17:21 +00:00
|
|
|
|
2022-11-26 19:22:56 +00:00
|
|
|
@cachex Pleroma.Config.get([:cachex, :provider], Cachex)
|
|
|
|
|
2017-12-12 09:17:21 +00:00
|
|
|
def init(options) do
|
|
|
|
options
|
|
|
|
end
|
|
|
|
|
2018-05-04 20:59:01 +00:00
|
|
|
def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
|
2018-02-15 18:58:26 +00:00
|
|
|
conn
|
|
|
|
end
|
|
|
|
|
2018-05-04 20:59:01 +00:00
|
|
|
def call(conn, _opts) do
|
2022-12-19 20:41:48 +00:00
|
|
|
if get_format(conn) in ["json", "activity+json"] do
|
2019-12-19 13:17:18 +00:00
|
|
|
conn
|
|
|
|
|> maybe_assign_valid_signature()
|
|
|
|
|> maybe_require_signature()
|
|
|
|
else
|
|
|
|
conn
|
|
|
|
end
|
2019-12-16 15:24:03 +00:00
|
|
|
end
|
2018-03-11 13:37:23 +00:00
|
|
|
|
2022-08-27 18:05:48 +00:00
|
|
|
def route_aliases(%{path_info: ["objects", id], query_string: query_string}) do
|
2023-08-15 10:22:18 +00:00
|
|
|
ap_id = url(~p[/objects/#{id}])
|
2022-08-05 19:31:32 +00:00
|
|
|
|
|
|
|
with %Activity{} = activity <- Activity.get_by_object_ap_id_with_object(ap_id) do
|
2023-08-15 10:22:18 +00:00
|
|
|
[~p"/notice/#{activity.id}", "/notice/#{activity.id}?#{query_string}"]
|
2022-08-05 19:31:32 +00:00
|
|
|
else
|
|
|
|
_ -> []
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def route_aliases(_), do: []
|
|
|
|
|
|
|
|
defp assign_valid_signature_on_route_aliases(conn, []), do: conn
|
|
|
|
|
|
|
|
defp assign_valid_signature_on_route_aliases(%{assigns: %{valid_signature: true}} = conn, _),
|
|
|
|
do: conn
|
|
|
|
|
|
|
|
defp assign_valid_signature_on_route_aliases(conn, [path | rest]) do
|
|
|
|
request_target = String.downcase("#{conn.method}") <> " #{path}"
|
|
|
|
|
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("(request-target)", request_target)
|
|
|
|
|> case do
|
|
|
|
%{assigns: %{digest: digest}} = conn -> put_req_header(conn, "digest", digest)
|
|
|
|
conn -> conn
|
|
|
|
end
|
|
|
|
|
|
|
|
conn
|
|
|
|
|> assign(:valid_signature, HTTPSignatures.validate_conn(conn))
|
2022-11-26 19:22:56 +00:00
|
|
|
|> assign(:signature_actor_id, signature_host(conn))
|
2022-08-05 19:31:32 +00:00
|
|
|
|> assign_valid_signature_on_route_aliases(rest)
|
|
|
|
end
|
|
|
|
|
2019-12-16 15:24:03 +00:00
|
|
|
defp maybe_assign_valid_signature(conn) do
|
|
|
|
if has_signature_header?(conn) do
|
2019-07-18 15:06:58 +00:00
|
|
|
# set (request-target) header to the appropriate value
|
|
|
|
# we also replace the digest header with the one we computed
|
2022-08-27 18:05:48 +00:00
|
|
|
possible_paths =
|
|
|
|
route_aliases(conn) ++ [conn.request_path, conn.request_path <> "?#{conn.query_string}"]
|
|
|
|
|
2022-08-05 19:31:32 +00:00
|
|
|
assign_valid_signature_on_route_aliases(conn, possible_paths)
|
2019-07-18 15:06:58 +00:00
|
|
|
else
|
|
|
|
Logger.debug("No signature header!")
|
|
|
|
conn
|
2017-12-12 09:17:21 +00:00
|
|
|
end
|
|
|
|
end
|
2019-12-16 15:24:03 +00:00
|
|
|
|
|
|
|
defp has_signature_header?(conn) do
|
|
|
|
conn |> get_req_header("signature") |> Enum.at(0, false)
|
|
|
|
end
|
|
|
|
|
2022-11-26 19:22:56 +00:00
|
|
|
defp maybe_require_signature(
|
|
|
|
%{assigns: %{valid_signature: true, signature_actor_id: actor_id}} = conn
|
|
|
|
) do
|
|
|
|
# inboxes implicitly need http signatures for authentication
|
|
|
|
# so we don't really know if the instance will have broken federation after
|
|
|
|
# we turn on authorized_fetch_mode.
|
|
|
|
#
|
|
|
|
# to "check" this is a signed fetch, verify if method is GET
|
|
|
|
if conn.method == "GET" do
|
|
|
|
actor_host = URI.parse(actor_id).host
|
|
|
|
|
|
|
|
case @cachex.get(:request_signatures_cache, actor_host) do
|
|
|
|
{:ok, nil} ->
|
|
|
|
Logger.debug("Successful signature from #{actor_host}")
|
|
|
|
Instances.set_request_signatures(actor_host)
|
|
|
|
@cachex.put(:request_signatures_cache, actor_host, true)
|
|
|
|
|
|
|
|
{:ok, true} ->
|
|
|
|
:noop
|
|
|
|
|
|
|
|
any ->
|
2023-08-01 10:43:50 +00:00
|
|
|
Logger.warning(
|
2022-11-26 19:22:56 +00:00
|
|
|
"expected request signature cache to return a boolean, instead got #{inspect(any)}"
|
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
conn
|
|
|
|
end
|
|
|
|
|
2022-12-19 20:41:48 +00:00
|
|
|
defp maybe_require_signature(conn), do: conn
|
2022-11-26 19:22:56 +00:00
|
|
|
|
|
|
|
defp signature_host(conn) do
|
|
|
|
with %{"keyId" => kid} <- HTTPSignatures.signature_for_conn(conn),
|
|
|
|
{:ok, actor_id} <- Signature.key_id_to_actor_id(kid) do
|
|
|
|
actor_id
|
|
|
|
else
|
|
|
|
e ->
|
|
|
|
{:error, e}
|
|
|
|
end
|
|
|
|
end
|
2017-12-12 09:17:21 +00:00
|
|
|
end
|