WIP: Secure mode #31
Johann150
Loading…
Reference in New Issue
No description provided.
Delete Branch "(deleted):feat/secure-fetch"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Fixes #29
Commits from https://github.com/misskey-dev/misskey/pull/7709
Used Deepl to translate the original Japanese strings. I tried to correct any grammar mistakes or other potential mistranslations. Please proofread.
6067410213to664df9a163also seems like the text for the settings doesn't actually show up in the admin console, don't know that much about vue to know why exactly
Looked through the first commit just to get the idea...
Private mode looks like allowlist federation?
I guess including it also is fine since it's not that lengthy.
Do we already do signing for authorized fetch being enabled elsewhere? (I presume yes since it works).
Yeah there's the
signToActivityPubGetoption which does exactly that.WIP: Secure modeto Secure modeok I got the strings to show up now
Maybe we should remove the
signToActivitypubGetsetting and have it be always on. I think because some masto instances require it, many people have it on anyways? It would remove the kinda weird dependence between the GUI setting and the config file.I think I got everywhere the
signToActivityPubGetoption was referenced.Still haven't done a full review of this yet since it's quite big. On a cursory view of a few more files I noticed there are new Japanese comments, e.g. in
packages/backend/src/queue/processors/inbox.tsorpackages/backend/src/remote/activitypub/check-fetch.ts. I would prefer if we could avoid adding new Japanese comments. Remove or translate them to English?First of all I'm not really fond of the idea of both of these modes (see also https://honk.tedunangst.com/u/tedu/h/3PkQ9bJXNBgJ7w7bD8). Not to mention that the current Fediverse "agreement"¹ of HTTP signatures is a huge mess.
¹ Mastdon uses a pretty old version of an RFC draft that is no longer current but now everyone else is stuck with that version.
I'm not really happy with how the pug templates have
unless privatemodeeverywhere. I think it would make more sense to not render the template in the first place if you are in private mode? I think you should be able to just skip tonextin the router as if you didn't find something.@ -0,0 +7,4 @@import DbResolver from '@/remote/activitypub/db-resolver.js';import { getApId } from '@/remote/activitypub/type.js';export default async function checkFetch(req: IncomingMessage): Promise<number> {If you want you could maybe take a stab at reusing this in
packages/backend/src/queue/processors/inbox.tssince its essentially the same code for validating a HTTP signature.Not enitrely sure how to extract out the common logic here, may leave it to someone else to handle that.
@ -189,3 +268,4 @@// emojirouter.get('/emojis/:emoji', async ctx => {const verify = await checkFetch(ctx.req);I think emojis are often not proxied by servers so clients will try to load the emoji from the original server. With requiring HTTP signatures even for this that will cause problems.
@ -203,1 +288,3 @@ctx.set('Cache-Control', 'public, max-age=180');const meta = await fetchMeta();if (meta.secureMode || meta.privateMode) {ctx.set('Cache-Control', 'private, max-age=0, must-revalidate');Is there a significant difference between this an
no-store?I think this is a bit too strong. Just because something is private doesn't mean the
max-ageis suddenly zero.Same goes for other cache directives further down and in other files.
What would be a more sensible
Cache-Controlsetting?Decided to just change it to
no-storefor now@ -134,0 +148,4 @@set.secureMode = ps.secureMode;}if (ps.mascotImageUrl !== undefined) {I think you re-added
mascotImageUrlon accident. We don't have that any more.@ -288,2 +298,4 @@langs: instance.langs,tosUrl: instance.ToSUrl,repositoryUrl: instance.repositoryUrl,feedbackUrl: instance.feedbackUrl,We do not have
repositoryUrlandfeedbackUrlany more. Same asmascotImageUrlabove.@ -67,6 +96,16 @@ function save() {});}function saveInstance() {Why is this a separate function and not in the other
savefunction?d042603b4ftoe5595ca31cSecure modeto WIP: Secure modeSuperceded by #169
Pull request closed