From 2b96c3b2249430b2b7841b18b5bdfd0b9e960736 Mon Sep 17 00:00:00 2001 From: Floatingghost Date: Wed, 12 Jun 2024 18:40:44 +0100 Subject: [PATCH 1/2] Update http-signatures dep, allow created header --- lib/pleroma/web/plugs/http_signature_plug.ex | 11 +++++++++++ mix.exs | 4 +++- mix.lock | 2 +- test/pleroma/web/plugs/http_signature_plug_test.exs | 12 +++++++++++- 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex index eb6a46736..254b5171a 100644 --- a/lib/pleroma/web/plugs/http_signature_plug.ex +++ b/lib/pleroma/web/plugs/http_signature_plug.ex @@ -44,6 +44,16 @@ def route_aliases(%{path_info: ["objects", id], query_string: query_string}) do def route_aliases(_), do: [] + def maybe_put_created_psudoheader(conn) do + case HTTPSignatures.signature_for_conn(conn) do + %{"created" => created} -> + put_req_header(conn, "(created)", created) + + _ -> + conn + end + end + defp assign_valid_signature_on_route_aliases(conn, []), do: conn defp assign_valid_signature_on_route_aliases(%{assigns: %{valid_signature: true}} = conn, _), @@ -55,6 +65,7 @@ defp assign_valid_signature_on_route_aliases(conn, [path | rest]) do conn = conn |> put_req_header("(request-target)", request_target) + |> maybe_put_created_psudoheader() |> case do %{assigns: %{digest: digest}} = conn -> put_req_header(conn, "digest", digest) conn -> conn diff --git a/mix.exs b/mix.exs index 2ce2c5e89..7ffc450e2 100644 --- a/mix.exs +++ b/mix.exs @@ -159,7 +159,9 @@ defp deps do {:timex, "~> 3.7"}, {:ueberauth, "== 0.10.5"}, {:linkify, "~> 0.5.3"}, - {:http_signatures, "~> 0.1.2"}, + {:http_signatures, + git: "https://akkoma.dev/AkkomaGang/http_signatures.git", + ref: "d44c43d66758c6a73eaa4da9cffdbee0c5da44ae"}, {:telemetry, "~> 1.2"}, {:telemetry_poller, "~> 1.0"}, {:telemetry_metrics, "~> 0.6"}, diff --git a/mix.lock b/mix.lock index a4e2ddc8c..fbecdc528 100644 --- a/mix.lock +++ b/mix.lock @@ -57,7 +57,7 @@ "hackney": {:hex, :hackney, "1.20.1", "8d97aec62ddddd757d128bfd1df6c5861093419f8f7a4223823537bad5d064e2", [:rebar3], [{:certifi, "~> 2.12.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~> 6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~> 1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~> 1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.4.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~> 1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "fe9094e5f1a2a2c0a7d10918fee36bfec0ec2a979994cff8cfe8058cd9af38e3"}, "hpax": {:hex, :hpax, "0.1.2", "09a75600d9d8bbd064cdd741f21fc06fc1f4cf3d0fcc335e5aa19be1a7235c84", [:mix], [], "hexpm", "2c87843d5a23f5f16748ebe77969880e29809580efdaccd615cd3bed628a8c13"}, "html_entities": {:hex, :html_entities, "0.5.2", "9e47e70598da7de2a9ff6af8758399251db6dbb7eebe2b013f2bbd2515895c3c", [:mix], [], "hexpm", "c53ba390403485615623b9531e97696f076ed415e8d8058b1dbaa28181f4fdcc"}, - "http_signatures": {:hex, :http_signatures, "0.1.2", "ed1cc7043abcf5bb4f30d68fb7bad9d618ec1a45c4ff6c023664e78b67d9c406", [:mix], [], "hexpm", "f08aa9ac121829dae109d608d83c84b940ef2f183ae50f2dd1e9a8bc619d8be7"}, + "http_signatures": {:git, "https://akkoma.dev/AkkomaGang/http_signatures.git", "d44c43d66758c6a73eaa4da9cffdbee0c5da44ae", [ref: "d44c43d66758c6a73eaa4da9cffdbee0c5da44ae"]}, "httpoison": {:hex, :httpoison, "1.8.2", "9eb9c63ae289296a544842ef816a85d881d4a31f518a0fec089aaa744beae290", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "2bb350d26972e30c96e2ca74a1aaf8293d61d0742ff17f01e0279fef11599921"}, "idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"}, "inet_cidr": {:hex, :inet_cidr, "1.0.8", "d26bb7bdbdf21ae401ead2092bf2bb4bf57fe44a62f5eaa5025280720ace8a40", [:mix], [], "hexpm", "d5b26da66603bb56c933c65214c72152f0de9a6ea53618b56d63302a68f6a90e"}, diff --git a/test/pleroma/web/plugs/http_signature_plug_test.exs b/test/pleroma/web/plugs/http_signature_plug_test.exs index a90c6533e..750ffa323 100644 --- a/test/pleroma/web/plugs/http_signature_plug_test.exs +++ b/test/pleroma/web/plugs/http_signature_plug_test.exs @@ -18,7 +18,10 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do {HTTPSignatures, [], [ signature_for_conn: fn _ -> - %{"keyId" => "http://mastodon.example.org/users/admin#main-key"} + %{ + "keyId" => "http://mastodon.example.org/users/admin#main-key", + "created" => "1234567890", + } end, validate_conn: fn conn -> Map.get(conn.assigns, :valid_signature, true) @@ -141,4 +144,11 @@ test "aliases redirected /object endpoints", _ do assert ["/notice/#{act.id}", "/notice/#{act.id}?actor=someparam"] == HTTPSignaturePlug.route_aliases(conn) end + + test "(created) psudoheader", _ do + conn = build_conn(:get, "/doesntmattter") + conn = HTTPSignaturePlug.maybe_put_created_psudoheader(conn) + created_header = List.keyfind(conn.req_headers, "(created)", 0) + assert {_, "1234567890"} = created_header + end end From 57273754b77cfc0f2cea5e8982ad908227d3480c Mon Sep 17 00:00:00 2001 From: Floatingghost Date: Mon, 17 Jun 2024 22:30:14 +0100 Subject: [PATCH 2/2] we may as well handle (expires) as well --- lib/pleroma/web/plugs/http_signature_plug.ex | 11 +++++++++++ .../pleroma/web/plugs/http_signature_plug_test.exs | 14 +++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/lib/pleroma/web/plugs/http_signature_plug.ex b/lib/pleroma/web/plugs/http_signature_plug.ex index 254b5171a..e3ae99636 100644 --- a/lib/pleroma/web/plugs/http_signature_plug.ex +++ b/lib/pleroma/web/plugs/http_signature_plug.ex @@ -54,6 +54,16 @@ def maybe_put_created_psudoheader(conn) do end end + def maybe_put_expires_psudoheader(conn) do + case HTTPSignatures.signature_for_conn(conn) do + %{"expires" => expires} -> + put_req_header(conn, "(expires)", expires) + + _ -> + conn + end + end + defp assign_valid_signature_on_route_aliases(conn, []), do: conn defp assign_valid_signature_on_route_aliases(%{assigns: %{valid_signature: true}} = conn, _), @@ -66,6 +76,7 @@ defp assign_valid_signature_on_route_aliases(conn, [path | rest]) do conn |> put_req_header("(request-target)", request_target) |> maybe_put_created_psudoheader() + |> maybe_put_expires_psudoheader() |> case do %{assigns: %{digest: digest}} = conn -> put_req_header(conn, "digest", digest) conn -> conn diff --git a/test/pleroma/web/plugs/http_signature_plug_test.exs b/test/pleroma/web/plugs/http_signature_plug_test.exs index 750ffa323..0a602424d 100644 --- a/test/pleroma/web/plugs/http_signature_plug_test.exs +++ b/test/pleroma/web/plugs/http_signature_plug_test.exs @@ -19,9 +19,10 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do [ signature_for_conn: fn _ -> %{ - "keyId" => "http://mastodon.example.org/users/admin#main-key", - "created" => "1234567890", - } + "keyId" => "http://mastodon.example.org/users/admin#main-key", + "created" => "1234567890", + "expires" => "1234567890" + } end, validate_conn: fn conn -> Map.get(conn.assigns, :valid_signature, true) @@ -151,4 +152,11 @@ test "(created) psudoheader", _ do created_header = List.keyfind(conn.req_headers, "(created)", 0) assert {_, "1234567890"} = created_header end + + test "(expires) psudoheader", _ do + conn = build_conn(:get, "/doesntmattter") + conn = HTTPSignaturePlug.maybe_put_expires_psudoheader(conn) + expires_header = List.keyfind(conn.req_headers, "(expires)", 0) + assert {_, "1234567890"} = expires_header + end end