forked from FoundKeyGang/FoundKey
Merge pull request #1371 from akihikodaki/misc
Resolve account by signature in inbox
This commit is contained in:
commit
b42c656776
7 changed files with 72 additions and 56 deletions
src
processor/http
remote
server/activitypub
|
@ -1,10 +1,12 @@
|
||||||
import follow from './follow';
|
import follow from './follow';
|
||||||
import performActivityPub from './perform-activitypub';
|
import performActivityPub from './perform-activitypub';
|
||||||
|
import processInbox from './process-inbox';
|
||||||
import reportGitHubFailure from './report-github-failure';
|
import reportGitHubFailure from './report-github-failure';
|
||||||
|
|
||||||
const handlers = {
|
const handlers = {
|
||||||
follow,
|
follow,
|
||||||
performActivityPub,
|
performActivityPub,
|
||||||
|
processInbox,
|
||||||
reportGitHubFailure,
|
reportGitHubFailure,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -2,5 +2,5 @@ import User from '../../models/user';
|
||||||
import act from '../../remote/activitypub/act';
|
import act from '../../remote/activitypub/act';
|
||||||
|
|
||||||
export default ({ data }, done) => User.findOne({ _id: data.actor })
|
export default ({ data }, done) => User.findOne({ _id: data.actor })
|
||||||
.then(actor => act(actor, data.outbox, data.distribute))
|
.then(actor => act(actor, data.outbox, false))
|
||||||
.then(() => done(), done);
|
.then(() => done(), done);
|
||||||
|
|
38
src/processor/http/process-inbox.ts
Normal file
38
src/processor/http/process-inbox.ts
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
import { verifySignature } from 'http-signature';
|
||||||
|
import parseAcct from '../../acct/parse';
|
||||||
|
import User, { IRemoteUser } from '../../models/user';
|
||||||
|
import act from '../../remote/activitypub/act';
|
||||||
|
import resolvePerson from '../../remote/activitypub/resolve-person';
|
||||||
|
|
||||||
|
export default ({ data }, done) => (async () => {
|
||||||
|
const keyIdLower = data.signature.keyId.toLowerCase();
|
||||||
|
let user;
|
||||||
|
|
||||||
|
if (keyIdLower.startsWith('acct:')) {
|
||||||
|
const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
|
||||||
|
if (host === null) {
|
||||||
|
throw 'request was made by local user';
|
||||||
|
}
|
||||||
|
|
||||||
|
user = await User.findOne({ usernameLower: username, hostLower: host }) as IRemoteUser;
|
||||||
|
} else {
|
||||||
|
user = await User.findOne({
|
||||||
|
host: { $ne: null },
|
||||||
|
'account.publicKey.id': data.signature.keyId
|
||||||
|
}) as IRemoteUser;
|
||||||
|
|
||||||
|
if (user === null) {
|
||||||
|
user = await resolvePerson(data.signature.keyId);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (user === null) {
|
||||||
|
throw 'failed to resolve user';
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!verifySignature(data.signature, user.account.publicKey.publicKeyPem)) {
|
||||||
|
throw 'signature verification failed';
|
||||||
|
}
|
||||||
|
|
||||||
|
await act(user, data.inbox, true);
|
||||||
|
})().then(done, done);
|
|
@ -10,18 +10,14 @@ async function isCollection(collection) {
|
||||||
return ['Collection', 'OrderedCollection'].includes(collection.type);
|
return ['Collection', 'OrderedCollection'].includes(collection.type);
|
||||||
}
|
}
|
||||||
|
|
||||||
export default async (value, usernameLower, hostLower, acctLower) => {
|
export default async (value, verifier?: string) => {
|
||||||
if (!validateUsername(usernameLower)) {
|
|
||||||
throw new Error();
|
|
||||||
}
|
|
||||||
|
|
||||||
const { resolver, object } = await new Resolver().resolveOne(value);
|
const { resolver, object } = await new Resolver().resolveOne(value);
|
||||||
|
|
||||||
if (
|
if (
|
||||||
object === null ||
|
object === null ||
|
||||||
object.type !== 'Person' ||
|
object.type !== 'Person' ||
|
||||||
typeof object.preferredUsername !== 'string' ||
|
typeof object.preferredUsername !== 'string' ||
|
||||||
object.preferredUsername.toLowerCase() !== usernameLower ||
|
!validateUsername(object.preferredUsername) ||
|
||||||
!isValidName(object.name) ||
|
!isValidName(object.name) ||
|
||||||
!isValidDescription(object.summary)
|
!isValidDescription(object.summary)
|
||||||
) {
|
) {
|
||||||
|
@ -41,9 +37,11 @@ export default async (value, usernameLower, hostLower, acctLower) => {
|
||||||
resolved => isCollection(resolved.object) ? resolved.object : null,
|
resolved => isCollection(resolved.object) ? resolved.object : null,
|
||||||
() => null
|
() => null
|
||||||
),
|
),
|
||||||
webFinger(object.id, acctLower),
|
webFinger(object.id, verifier),
|
||||||
]);
|
]);
|
||||||
|
|
||||||
|
const host = toUnicode(finger.subject.replace(/^.*?@/, ''));
|
||||||
|
const hostLower = host.replace(/[A-Z]+/, matched => matched.toLowerCase());
|
||||||
const summaryDOM = JSDOM.fragment(object.summary);
|
const summaryDOM = JSDOM.fragment(object.summary);
|
||||||
|
|
||||||
// Create user
|
// Create user
|
||||||
|
@ -58,8 +56,8 @@ export default async (value, usernameLower, hostLower, acctLower) => {
|
||||||
postsCount: outbox ? outbox.totalItem || 0 : 0,
|
postsCount: outbox ? outbox.totalItem || 0 : 0,
|
||||||
driveCapacity: 1024 * 1024 * 8, // 8MiB
|
driveCapacity: 1024 * 1024 * 8, // 8MiB
|
||||||
username: object.preferredUsername,
|
username: object.preferredUsername,
|
||||||
usernameLower,
|
usernameLower: object.preferredUsername.toLowerCase(),
|
||||||
host: toUnicode(finger.subject.replace(/^.*?@/, '')),
|
host,
|
||||||
hostLower,
|
hostLower,
|
||||||
account: {
|
account: {
|
||||||
publicKey: {
|
publicKey: {
|
||||||
|
|
|
@ -19,7 +19,7 @@ export default async (username, host, option) => {
|
||||||
throw new Error();
|
throw new Error();
|
||||||
}
|
}
|
||||||
|
|
||||||
user = await resolvePerson(self.href, usernameLower, hostLower, acctLower);
|
user = await resolvePerson(self.href, acctLower);
|
||||||
}
|
}
|
||||||
|
|
||||||
return user;
|
return user;
|
||||||
|
|
|
@ -12,14 +12,22 @@ type IWebFinger = {
|
||||||
subject: string;
|
subject: string;
|
||||||
};
|
};
|
||||||
|
|
||||||
export default (query, verifier): Promise<IWebFinger> => new Promise((res, rej) => webFinger.lookup(query, (error, result) => {
|
export default async function resolve(query, verifier?: string): Promise<IWebFinger> {
|
||||||
if (error) {
|
const finger = await new Promise((res, rej) => webFinger.lookup(query, (error, result) => {
|
||||||
return rej(error);
|
if (error) {
|
||||||
|
return rej(error);
|
||||||
|
}
|
||||||
|
|
||||||
|
res(result.object);
|
||||||
|
})) as IWebFinger;
|
||||||
|
|
||||||
|
if (verifier) {
|
||||||
|
if (finger.subject.toLowerCase().replace(/^acct:/, '') !== verifier) {
|
||||||
|
throw 'WebFinger verfification failed';
|
||||||
|
}
|
||||||
|
|
||||||
|
return finger;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (result.object.subject.toLowerCase().replace(/^acct:/, '') !== verifier) {
|
return resolve(finger.subject, finger.subject.toLowerCase());
|
||||||
return rej('WebFinger verfification failed');
|
}
|
||||||
}
|
|
||||||
|
|
||||||
res(result.object);
|
|
||||||
}));
|
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
import * as bodyParser from 'body-parser';
|
import * as bodyParser from 'body-parser';
|
||||||
import * as express from 'express';
|
import * as express from 'express';
|
||||||
import { parseRequest, verifySignature } from 'http-signature';
|
import { parseRequest } from 'http-signature';
|
||||||
import User, { IRemoteUser } from '../../models/user';
|
|
||||||
import queue from '../../queue';
|
import queue from '../../queue';
|
||||||
import parseAcct from '../../acct/parse';
|
|
||||||
|
|
||||||
const app = express();
|
const app = express();
|
||||||
|
|
||||||
|
@ -14,48 +12,20 @@ app.post('/@:user/inbox', bodyParser.json({
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}), async (req, res) => {
|
}), async (req, res) => {
|
||||||
let parsed;
|
let signature;
|
||||||
|
|
||||||
req.headers.authorization = 'Signature ' + req.headers.signature;
|
req.headers.authorization = 'Signature ' + req.headers.signature;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
parsed = parseRequest(req);
|
signature = parseRequest(req);
|
||||||
} catch (exception) {
|
} catch (exception) {
|
||||||
return res.sendStatus(401);
|
return res.sendStatus(401);
|
||||||
}
|
}
|
||||||
|
|
||||||
const keyIdLower = parsed.keyId.toLowerCase();
|
|
||||||
let query;
|
|
||||||
|
|
||||||
if (keyIdLower.startsWith('acct:')) {
|
|
||||||
const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
|
|
||||||
if (host === null) {
|
|
||||||
return res.sendStatus(401);
|
|
||||||
}
|
|
||||||
|
|
||||||
query = { usernameLower: username, hostLower: host };
|
|
||||||
} else {
|
|
||||||
query = {
|
|
||||||
host: { $ne: null },
|
|
||||||
'account.publicKey.id': parsed.keyId
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
const user = await User.findOne(query) as IRemoteUser;
|
|
||||||
|
|
||||||
if (user === null) {
|
|
||||||
return res.sendStatus(401);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!verifySignature(parsed, user.account.publicKey.publicKeyPem)) {
|
|
||||||
return res.sendStatus(401);
|
|
||||||
}
|
|
||||||
|
|
||||||
queue.create('http', {
|
queue.create('http', {
|
||||||
type: 'performActivityPub',
|
type: 'processInbox',
|
||||||
actor: user._id,
|
inbox: req.body,
|
||||||
outbox: req.body,
|
signature,
|
||||||
distribute: true,
|
|
||||||
}).save();
|
}).save();
|
||||||
|
|
||||||
return res.status(202).end();
|
return res.status(202).end();
|
||||||
|
|
Loading…
Reference in a new issue