AkkomaGang/http_signatures
2
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity
53 commits 2 branches 0 tags 275 KiB
Commit graph

53 commits

This branch
This branch
All branches
Author SHA1 Message Date
floatingghost
a4791e3e8f Merge pull request 'Correct a typo, also enforce host being a required header' (#3) from typo into main 
Reviewed-on: #3
 2026-05-04 18:57:11 +00:00
FloatingGhost
3e0a1ea8fd remove old atom check 2026-05-04 19:56:25 +01:00
FloatingGhost
f201fe1237 enforce the existence of the host header on signatures 2026-04-30 17:56:28 +01:00
FloatingGhost
c005a19efe correct typo, upgrade deps 2026-04-30 16:28:33 +01:00
Oneric
fa3891074c Bump version to 1.1.1 
Just one minor change: key material is now hidden from logs
 2025-11-25 00:00:00 +00:00
Oneric
6489c7d0be Hide key material from inspect 
To avoid accidentally leaking private keys
 2025-11-25 00:00:00 +00:00
Oneric
c98a4df78b Bump Version 
New features since API rework:
 - handling request-target aliases is now suppported
 - request-target aliases can be lazily evaluated
 - signature metadata like date is now checked
 - signatures missing mandatory headers are rejected due to being insecure
 - creation of signatures missing mandatory headers will raise an error
 2025-02-21 21:43:18 +01:00
Oneric
ef093e5cbc Update README 2025-02-21 21:43:18 +01:00
Oneric
4dedd4594c Verify all mandatory headers are used 2025-02-21 21:43:18 +01:00
Oneric
86bc35c2a7 Actually check signature metadata 2025-02-21 21:43:18 +01:00
Oneric
e601195042 Allow lazily evaluated request aliases 
If fallback aliases are expensive to compute but rarely actually needed
this will avoid the cost of ever computing it. Multiple aliases can be
lazily inserted at once by returning a list of all results.

In Akkoma computing display URL aliases requires a non-cached activity
lookup, but only very few requests will actually query objects by
display URL. We also need to add both a version with and without query
parameters.
 2025-02-21 21:43:18 +01:00
Oneric
dbf1f03a8e Avoid superfluous key refetches while testing request target aliases 2025-02-21 21:43:18 +01:00
Oneric
1b76dde685 Basic support for request-target aliases 2025-02-21 21:43:18 +01:00
Oneric
98779d180a Rework library interface 
And also clean up internals while at it.
Now no more weird req_headers mangling is needed
with callers being required to reparse the signature just to know how to
mangle things or in case of the adapter to figure out what keys should
be fetched.

Unexpected pseudo headers also no longer break verification completely,
they’ll be processed such that verification works, albeit we won't
apply any intended side effects until full support is added.

The interface is now also prepared to handle request target aliases
inside the library in the future to avoid superfluous key refetches etc
on each failing alias. This and further improvments will be implemented
in future commits.

As this is breaking the existing API,
the major version is bumped from 0 to 1.
 2025-02-21 21:43:18 +01:00
Oneric
9b209cc8cd test: capture logs 2025-02-21 21:43:18 +01:00
Oneric
abfed165ea Update dependencies 2025-02-21 21:43:18 +01:00
Oneric
15bbd8cd23 Update repo link 
Pleroma still hasn’t merged the (created) /expires) PR,
so it seems like we’ll carry our own fork for the foreseeable future
 2025-02-21 21:43:18 +01:00
Oneric
2719f261e9 Delete unused GitLab CI file 2025-02-21 21:43:18 +01:00
Floatingghost
d44c43d667 format 2024-06-12 18:24:18 +01:00
Floatingghost
7a764a2657 Merge remote-tracking branch 'origin/master' 2024-06-12 18:22:28 +01:00
Floatingghost
f1c72225a0 Update version, tool versions 2024-06-12 18:20:28 +01:00
Natsu Kagami
fd7c4b6d3a Formatting 2024-06-12 18:18:37 +01:00
Natsu Kagami
87c8622d62 Add tests for special headers 2024-06-12 18:18:37 +01:00
Natsu Kagami
d29930f310 Implement support for special headers (created) and (expires) 2024-06-12 18:18:37 +01:00
lain
a97f558d82 Merge branch 'otp26' into 'master' 
OTP26 support

See merge request pleroma/elixir-libraries/http_signatures!6
 2023-12-30 07:02:52 +00:00
lain
cd38cd6b88 Merge branch 'master' into 'otp26' 
# Conflicts:
#   .gitignore
 2023-12-23 11:22:18 +00:00
Mark Felder
9c473ef097 Ignore mix.lock 2023-12-22 18:42:03 -05:00
Mark Felder
9c7049f439 Credo should ignore these lines 2023-12-22 18:37:48 -05:00
Haelwenn
44ceebe5f2 Merge branch 'mix-lock' into 'master' 
.gitignore: mix.lock

See merge request pleroma/elixir-libraries/http_signatures!7
 2023-12-21 21:43:45 +00:00
Haelwenn (lanodan) Monnier
9b2b5fbb48 .gitignore: mix.lock 2023-12-21 22:42:16 +01:00
Mark Felder
0424ad2f8c OTP26 support 2023-12-21 17:16:17 +00:00
FloatingGhost
6640ce7d24 add type check 2023-08-07 16:09:10 +01:00
FloatingGhost
40d5cbe37e Ensure header sorting stability 2023-08-07 16:05:25 +01:00
Haelwenn
65aab775d7 Merge branch 'reuse' into 'master' 
Make repository REUSE compliant

See merge request pleroma/elixir-libraries/http_signatures!5
 2022-07-21 15:49:50 +00:00
Haelwenn
a7e807e0e0 Merge branch '2022-03-deps' into 'master' 
Update dependencies

See merge request pleroma/elixir-libraries/http_signatures!4
 2022-07-21 15:48:27 +00:00
Haelwenn (lanodan) Monnier
ecad901ccf Make repository REUSE compliant 2022-07-21 17:47:19 +02:00
Haelwenn (lanodan) Monnier
9108307bb6 .credo.exs: Ignore Credo.Check.Readability.WithSingleClause 2022-03-07 14:56:29 +01:00
Haelwenn (lanodan) Monnier
f837d7e4c8 Update dependencies 2022-03-07 14:56:21 +01:00
Haelwenn (lanodan) Monnier
c82e1cf5d9 http_signatures.ex: Use Enum.map_join instead of Enum.map+Enum.join 2022-03-07 14:56:04 +01:00
Haelwenn
d837a43b98 Merge branch 'release/0.1.1' into 'master' 
Bump to version 0.1.1

See merge request pleroma/elixir-libraries/http_signatures!3
 2021-11-09 23:47:53 +00:00
Haelwenn (lanodan) Monnier
7fe4b8f9a3 Bump to version 0.1.1 2021-11-10 00:44:49 +01:00
Haelwenn
8050c438ea Merge branch 'fix/public-key-warnings' into 'master' 
Add `:public_key` to `extra_applications`

See merge request pleroma/elixir-libraries/http_signatures!1
 2021-11-09 23:43:00 +00:00
Haelwenn
04393197b3 Merge branch 'tcit-master-patch-06284' into 'master' 
Change license metadata field to a valid SPDX identifier

See merge request pleroma/elixir-libraries/http_signatures!2
 2021-09-23 05:31:51 +00:00
Thomas Citharel
dc3f0275ee Change license metadata field to a valid SPDX identifier 
Not mandatory, but recommended for hex.pm. https://hex.pm/docs/publish#adding-metadata-to-code-classinlinemixexscode

Can be useful for a project like https://github.com/Cantido/hex_licenses
 2021-09-22 15:49:10 +00:00
Egor Kislitsyn
80e6df08d2
 		Add :public_key to extra_applications 2020-11-17 22:06:52 +04:00
Haelwenn (lanodan) Monnier
de58aed3cb
 		mix.exs: Add fields for hex publishing 2020-07-23 19:13:29 +02:00
Ariadne Conill
293d77bb6f split_signature: gracefully handle unsigned requests 2019-07-18 15:50:34 +00:00
Ariadne Conill
a2a5982fa1 add convenience function to get the signature components given a conn 2019-07-17 18:58:16 +00:00
William Pitcock
9789401987 make the README more useful 2019-05-14 19:41:00 +00:00
William Pitcock
6b6a53a502 make credo happy 2019-05-14 17:00:34 +00:00