mirror of
https://git.joinsharkey.org/Sharkey/Sharkey.git
synced 2024-11-24 00:23:09 +02:00
Merge pull request #1371 from akihikodaki/misc
Resolve account by signature in inbox
This commit is contained in:
commit
b42c656776
7 changed files with 72 additions and 56 deletions
|
@ -1,10 +1,12 @@
|
|||
import follow from './follow';
|
||||
import performActivityPub from './perform-activitypub';
|
||||
import processInbox from './process-inbox';
|
||||
import reportGitHubFailure from './report-github-failure';
|
||||
|
||||
const handlers = {
|
||||
follow,
|
||||
performActivityPub,
|
||||
processInbox,
|
||||
reportGitHubFailure,
|
||||
};
|
||||
|
||||
|
|
|
@ -2,5 +2,5 @@ import User from '../../models/user';
|
|||
import act from '../../remote/activitypub/act';
|
||||
|
||||
export default ({ data }, done) => User.findOne({ _id: data.actor })
|
||||
.then(actor => act(actor, data.outbox, data.distribute))
|
||||
.then(actor => act(actor, data.outbox, false))
|
||||
.then(() => done(), done);
|
||||
|
|
38
src/processor/http/process-inbox.ts
Normal file
38
src/processor/http/process-inbox.ts
Normal file
|
@ -0,0 +1,38 @@
|
|||
import { verifySignature } from 'http-signature';
|
||||
import parseAcct from '../../acct/parse';
|
||||
import User, { IRemoteUser } from '../../models/user';
|
||||
import act from '../../remote/activitypub/act';
|
||||
import resolvePerson from '../../remote/activitypub/resolve-person';
|
||||
|
||||
export default ({ data }, done) => (async () => {
|
||||
const keyIdLower = data.signature.keyId.toLowerCase();
|
||||
let user;
|
||||
|
||||
if (keyIdLower.startsWith('acct:')) {
|
||||
const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
|
||||
if (host === null) {
|
||||
throw 'request was made by local user';
|
||||
}
|
||||
|
||||
user = await User.findOne({ usernameLower: username, hostLower: host }) as IRemoteUser;
|
||||
} else {
|
||||
user = await User.findOne({
|
||||
host: { $ne: null },
|
||||
'account.publicKey.id': data.signature.keyId
|
||||
}) as IRemoteUser;
|
||||
|
||||
if (user === null) {
|
||||
user = await resolvePerson(data.signature.keyId);
|
||||
}
|
||||
}
|
||||
|
||||
if (user === null) {
|
||||
throw 'failed to resolve user';
|
||||
}
|
||||
|
||||
if (!verifySignature(data.signature, user.account.publicKey.publicKeyPem)) {
|
||||
throw 'signature verification failed';
|
||||
}
|
||||
|
||||
await act(user, data.inbox, true);
|
||||
})().then(done, done);
|
|
@ -10,18 +10,14 @@ async function isCollection(collection) {
|
|||
return ['Collection', 'OrderedCollection'].includes(collection.type);
|
||||
}
|
||||
|
||||
export default async (value, usernameLower, hostLower, acctLower) => {
|
||||
if (!validateUsername(usernameLower)) {
|
||||
throw new Error();
|
||||
}
|
||||
|
||||
export default async (value, verifier?: string) => {
|
||||
const { resolver, object } = await new Resolver().resolveOne(value);
|
||||
|
||||
if (
|
||||
object === null ||
|
||||
object.type !== 'Person' ||
|
||||
typeof object.preferredUsername !== 'string' ||
|
||||
object.preferredUsername.toLowerCase() !== usernameLower ||
|
||||
!validateUsername(object.preferredUsername) ||
|
||||
!isValidName(object.name) ||
|
||||
!isValidDescription(object.summary)
|
||||
) {
|
||||
|
@ -41,9 +37,11 @@ export default async (value, usernameLower, hostLower, acctLower) => {
|
|||
resolved => isCollection(resolved.object) ? resolved.object : null,
|
||||
() => null
|
||||
),
|
||||
webFinger(object.id, acctLower),
|
||||
webFinger(object.id, verifier),
|
||||
]);
|
||||
|
||||
const host = toUnicode(finger.subject.replace(/^.*?@/, ''));
|
||||
const hostLower = host.replace(/[A-Z]+/, matched => matched.toLowerCase());
|
||||
const summaryDOM = JSDOM.fragment(object.summary);
|
||||
|
||||
// Create user
|
||||
|
@ -58,8 +56,8 @@ export default async (value, usernameLower, hostLower, acctLower) => {
|
|||
postsCount: outbox ? outbox.totalItem || 0 : 0,
|
||||
driveCapacity: 1024 * 1024 * 8, // 8MiB
|
||||
username: object.preferredUsername,
|
||||
usernameLower,
|
||||
host: toUnicode(finger.subject.replace(/^.*?@/, '')),
|
||||
usernameLower: object.preferredUsername.toLowerCase(),
|
||||
host,
|
||||
hostLower,
|
||||
account: {
|
||||
publicKey: {
|
||||
|
|
|
@ -19,7 +19,7 @@ export default async (username, host, option) => {
|
|||
throw new Error();
|
||||
}
|
||||
|
||||
user = await resolvePerson(self.href, usernameLower, hostLower, acctLower);
|
||||
user = await resolvePerson(self.href, acctLower);
|
||||
}
|
||||
|
||||
return user;
|
||||
|
|
|
@ -12,14 +12,22 @@ type IWebFinger = {
|
|||
subject: string;
|
||||
};
|
||||
|
||||
export default (query, verifier): Promise<IWebFinger> => new Promise((res, rej) => webFinger.lookup(query, (error, result) => {
|
||||
if (error) {
|
||||
return rej(error);
|
||||
export default async function resolve(query, verifier?: string): Promise<IWebFinger> {
|
||||
const finger = await new Promise((res, rej) => webFinger.lookup(query, (error, result) => {
|
||||
if (error) {
|
||||
return rej(error);
|
||||
}
|
||||
|
||||
res(result.object);
|
||||
})) as IWebFinger;
|
||||
|
||||
if (verifier) {
|
||||
if (finger.subject.toLowerCase().replace(/^acct:/, '') !== verifier) {
|
||||
throw 'WebFinger verfification failed';
|
||||
}
|
||||
|
||||
return finger;
|
||||
}
|
||||
|
||||
if (result.object.subject.toLowerCase().replace(/^acct:/, '') !== verifier) {
|
||||
return rej('WebFinger verfification failed');
|
||||
}
|
||||
|
||||
res(result.object);
|
||||
}));
|
||||
return resolve(finger.subject, finger.subject.toLowerCase());
|
||||
}
|
||||
|
|
|
@ -1,9 +1,7 @@
|
|||
import * as bodyParser from 'body-parser';
|
||||
import * as express from 'express';
|
||||
import { parseRequest, verifySignature } from 'http-signature';
|
||||
import User, { IRemoteUser } from '../../models/user';
|
||||
import { parseRequest } from 'http-signature';
|
||||
import queue from '../../queue';
|
||||
import parseAcct from '../../acct/parse';
|
||||
|
||||
const app = express();
|
||||
|
||||
|
@ -14,48 +12,20 @@ app.post('/@:user/inbox', bodyParser.json({
|
|||
return true;
|
||||
}
|
||||
}), async (req, res) => {
|
||||
let parsed;
|
||||
let signature;
|
||||
|
||||
req.headers.authorization = 'Signature ' + req.headers.signature;
|
||||
|
||||
try {
|
||||
parsed = parseRequest(req);
|
||||
signature = parseRequest(req);
|
||||
} catch (exception) {
|
||||
return res.sendStatus(401);
|
||||
}
|
||||
|
||||
const keyIdLower = parsed.keyId.toLowerCase();
|
||||
let query;
|
||||
|
||||
if (keyIdLower.startsWith('acct:')) {
|
||||
const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
|
||||
if (host === null) {
|
||||
return res.sendStatus(401);
|
||||
}
|
||||
|
||||
query = { usernameLower: username, hostLower: host };
|
||||
} else {
|
||||
query = {
|
||||
host: { $ne: null },
|
||||
'account.publicKey.id': parsed.keyId
|
||||
};
|
||||
}
|
||||
|
||||
const user = await User.findOne(query) as IRemoteUser;
|
||||
|
||||
if (user === null) {
|
||||
return res.sendStatus(401);
|
||||
}
|
||||
|
||||
if (!verifySignature(parsed, user.account.publicKey.publicKeyPem)) {
|
||||
return res.sendStatus(401);
|
||||
}
|
||||
|
||||
queue.create('http', {
|
||||
type: 'performActivityPub',
|
||||
actor: user._id,
|
||||
outbox: req.body,
|
||||
distribute: true,
|
||||
type: 'processInbox',
|
||||
inbox: req.body,
|
||||
signature,
|
||||
}).save();
|
||||
|
||||
return res.status(202).end();
|
||||
|
|
Loading…
Reference in a new issue