encrypt/gancio
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix digest httpsignature header

Browse Source
This commit is contained in:
les
2021-03-21 22:44:54 +01:00
parent 79ab5c9214
commit fed138abc2
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/federation/follows.js
View File

@@ -25,7 +25,7 @@ module.exports = {
'actor': `${config.baseurl}/federation/u/${username}`,
'object': body
}
Helpers.signAndSend(message, req.fedi_user.object.inbox)
Helpers.signAndSend(JSON.stringify(message), req.fedi_user.object.inbox)
res.sendStatus(200)
},

17
server/federation/helpers.js
View File

@@ -35,23 +35,28 @@ const Helpers = {
const privkey = settingsController.secretSettings.privateKey
const signer = crypto.createSign('sha256')
const d = new Date()
const stringToSign = `(request-target): post ${inboxUrl.pathname}\nhost: ${inboxUrl.hostname}\ndate: ${d.toUTCString()}`
// digest header added for Mastodon 3.2.1 compatibility
const digest = crypto.createHash('sha256')
.update(message)
.digest('base64')
const stringToSign = `(request-target): post ${inboxUrl.pathname}\nhost: ${inboxUrl.hostname}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digest}`
signer.update(stringToSign)
signer.end()
const signature = signer.sign(privkey)
const signature_b64 = signature.toString('base64')
const header = `keyId="${config.baseurl}/federation/u/${settingsController.settings.instance_name}",headers="(request-target) host date",signature="${signature_b64}"`
const header = `keyId="${config.baseurl}/federation/u/${settingsController.settings.instance_name}",algorithm="rsa-sha256",headers="(request-target) host date digest",signature="${signature_b64}"`
try {
const ret = await axios(inbox, {
headers: {
Host: inboxUrl.hostname,
Date: d.toUTCString(),
Signature: header,
Digest: `SHA-256=${digest}`,
'Content-Type': 'application/activity+json; charset=utf-8',
Accept: 'application/activity+json, application/json; chartset=utf-8'
},
method: 'post',
data: JSON.stringify(message)
data: message
})
debug('sign %s => %s', ret.status, ret.data)
} catch (e) {
@@ -88,8 +93,10 @@ const Helpers = {
body['@context'] = [
'https://www.w3.org/ns/activitystreams',
'https://w3id.org/security/v1',
{ Hashtag: 'as:Hashtag' }]
Helpers.signAndSend(body, sharedInbox)
{
Hashtag: 'as:Hashtag'
}]
await Helpers.signAndSend(JSON.stringify(body), sharedInbox)
}
},