From dddf7834ccf2b915338da92f42544b5f20b12247 Mon Sep 17 00:00:00 2001 From: mei23 Date: Thu, 30 Aug 2018 20:52:35 +0900 Subject: [PATCH] Add host/digest to HTTP signature --- src/remote/activitypub/request.ts | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/src/remote/activitypub/request.ts b/src/remote/activitypub/request.ts index 6238d3acb..d739d08e1 100644 --- a/src/remote/activitypub/request.ts +++ b/src/remote/activitypub/request.ts @@ -2,6 +2,7 @@ import { request } from 'https'; const { sign } = require('http-signature'); import { URL } from 'url'; import * as debug from 'debug'; +const crypto = require('crypto'); import config from '../../config'; import { ILocalUser } from '../../models/user'; @@ -13,6 +14,12 @@ export default (user: ILocalUser, url: string, object: any) => new Promise((reso const { protocol, hostname, port, pathname, search } = new URL(url); + const data = JSON.stringify(object); + + const sha256 = crypto.createHash('sha256'); + sha256.update(data); + const hash = sha256.digest('base64'); + const req = request({ protocol, hostname, @@ -20,7 +27,8 @@ export default (user: ILocalUser, url: string, object: any) => new Promise((reso method: 'POST', path: pathname + search, headers: { - 'Content-Type': 'application/activity+json' + 'Content-Type': 'application/activity+json', + 'Digest': `SHA-256=${hash}` } }, res => { log(`${url} --> ${res.statusCode}`); @@ -35,7 +43,8 @@ export default (user: ILocalUser, url: string, object: any) => new Promise((reso sign(req, { authorizationHeaderName: 'Signature', key: user.keypair, - keyId: `${config.url}/users/${user._id}/publickey` + keyId: `${config.url}/users/${user._id}/publickey`, + headers: ['date', 'host', 'digest'] }); // Signature: Signature ... => Signature: ... @@ -43,5 +52,5 @@ export default (user: ILocalUser, url: string, object: any) => new Promise((reso sig = sig.replace(/^Signature /, ''); req.setHeader('Signature', sig); - req.end(JSON.stringify(object)); + req.end(data); });