Extract keys to their own table, match keyID #816
4 changed files with 14 additions and 5 deletions
|
@ -47,7 +47,7 @@ def refetch_public_key(conn) do
|
||||||
|
|
||||||
def sign(%User{} = user, headers) do
|
def sign(%User{} = user, headers) do
|
||||||
with {:ok, private_key} <- SigningKey.private_key(user) do
|
with {:ok, private_key} <- SigningKey.private_key(user) do
|
||||||
HTTPSignatures.sign(private_key, user.ap_id <> "#main-key", headers)
|
HTTPSignatures.sign(private_key, SigningKey.local_key_id(user.ap_id), headers)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -91,7 +91,15 @@ def generate_local_keys(ap_id) do
|
||||||
|> change()
|
|> change()
|
||||||
|> put_change(:public_key, local_pem)
|
|> put_change(:public_key, local_pem)
|
||||||
|> put_change(:private_key, private_pem)
|
|> put_change(:private_key, private_pem)
|
||||||
|> put_change(:key_id, ap_id <> "#main-key")
|
|> put_change(:key_id, local_key_id(ap_id))
|
||||||
|
end
|
||||||
|
|
||||||
|
@spec local_key_id(String.t()) :: String.t()
|
||||||
|
@doc """
|
||||||
|
Given an AP ID, return the key ID for the local user.
|
||||||
|
"""
|
||||||
|
def local_key_id(ap_id) do
|
||||||
|
ap_id <> "#main-key"
|
||||||
end
|
end
|
||||||
|
|
||||||
@spec private_pem_to_public_pem(binary) :: {:ok, binary()} | {:error, String.t()}
|
@spec private_pem_to_public_pem(binary) :: {:ok, binary()} | {:error, String.t()}
|
||||||
|
|
|
@ -49,7 +49,7 @@ def render("service.json", %{user: user}) do
|
||||||
"url" => user.ap_id,
|
"url" => user.ap_id,
|
||||||
"manuallyApprovesFollowers" => false,
|
"manuallyApprovesFollowers" => false,
|
||||||
"publicKey" => %{
|
"publicKey" => %{
|
||||||
"id" => "#{user.ap_id}#main-key",
|
"id" => User.SigningKey.local_key_id(user.ap_id),
|
||||||
"owner" => user.ap_id,
|
"owner" => user.ap_id,
|
||||||
"publicKeyPem" => public_key
|
"publicKeyPem" => public_key
|
||||||
},
|
},
|
||||||
|
@ -97,7 +97,7 @@ def render("user.json", %{user: user}) do
|
||||||
"url" => user.ap_id,
|
"url" => user.ap_id,
|
||||||
"manuallyApprovesFollowers" => user.is_locked,
|
"manuallyApprovesFollowers" => user.is_locked,
|
||||||
"publicKey" => %{
|
"publicKey" => %{
|
||||||
"id" => "#{user.ap_id}#main-key",
|
"id" => User.SigningKey.local_key_id(user.ap_id),
|
||||||
"owner" => user.ap_id,
|
"owner" => user.ap_id,
|
||||||
"publicKeyPem" => public_key
|
"publicKeyPem" => public_key
|
||||||
},
|
},
|
||||||
|
|
|
@ -15,6 +15,7 @@ def up do
|
||||||
Repo.stream(query, timeout: :infinity)
|
Repo.stream(query, timeout: :infinity)
|
||||||
|> Enum.each(fn
|
|> Enum.each(fn
|
||||||
%User{id: user_id, keys: private_key, local: true, ap_id: ap_id} ->
|
%User{id: user_id, keys: private_key, local: true, ap_id: ap_id} ->
|
||||||
|
IO.puts("Migrating user #{user_id}")
|
||||||
# we can precompute the public key here...
|
# we can precompute the public key here...
|
||||||
# we do use it on every user view which makes it a bit of a dos attack vector
|
# we do use it on every user view which makes it a bit of a dos attack vector
|
||||||
# so we should probably cache it
|
# so we should probably cache it
|
||||||
|
@ -23,7 +24,7 @@ def up do
|
||||||
key = %User.SigningKey{
|
key = %User.SigningKey{
|
||||||
user_id: user_id,
|
user_id: user_id,
|
||||||
public_key: public_key,
|
public_key: public_key,
|
||||||
key_id: "#{ap_id}#main-key",
|
key_id: User.SigningKey.local_key_id(ap_id),
|
||||||
private_key: private_key
|
private_key: private_key
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue