mirror of https://github.com/pixelfed/pixelfed.git
Add signed GET for secure mode compatibility
This commit is contained in:
Daniel Supernault
parent
b29b845533
commit
3ee1215a4a
|
|
@ -9,51 +9,16 @@ use App\Util\ActivityPub\HttpSignature;
|
|||
|
||||
class ActivityPubFetchService
|
||||
{
|
||||
public $signed = true;
|
||||
public $actor;
|
||||
public $url;
|
||||
public $headers = [
|
||||
'Accept' => 'application/activity+json, application/json',
|
||||
'User-Agent' => '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')'
|
||||
];
|
||||
|
||||
public static function queue()
|
||||
public static function get($url)
|
||||
{
|
||||
return new self;
|
||||
}
|
||||
$headers = HttpSignature::instanceActorSign($url, false, [
|
||||
'Accept' => 'application/activity+json, application/json',
|
||||
'User-Agent' => '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')'
|
||||
]);
|
||||
|
||||
public function signed($signed = true)
|
||||
{
|
||||
$this->signed = $signed;
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function actor($profile)
|
||||
{
|
||||
$this->actor = $profile;
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function url($url)
|
||||
{
|
||||
if(!Helpers::validateUrl($url)) {
|
||||
throw new \Exception('Invalid URL');
|
||||
}
|
||||
$this->url = $url;
|
||||
return $this;
|
||||
}
|
||||
|
||||
public function get()
|
||||
{
|
||||
if($this->signed == true && $this->actor == null) {
|
||||
throw new \Exception('Cannot sign request without actor');
|
||||
}
|
||||
return $this->signedRequest();
|
||||
}
|
||||
|
||||
protected function signedRequest()
|
||||
{
|
||||
$this->headers = HttpSignature::sign($this->actor, $this->url, false, $this->headers);
|
||||
return Zttp::withHeaders($this->headers)->get($this->url)->body();
|
||||
return Zttp::withHeaders($headers)
|
||||
->timeout(30)
|
||||
->get($url)
|
||||
->body();
|
||||
}
|
||||
}
|
||||
|
|
@ -23,6 +23,7 @@ use App\Jobs\ImageOptimizePipeline\{ImageOptimize,ImageThumbnail};
|
|||
use App\Jobs\StatusPipeline\NewStatusPipeline;
|
||||
use App\Util\ActivityPub\HttpSignature;
|
||||
use Illuminate\Support\Str;
|
||||
use App\Services\ActivityPubFetchService;
|
||||
use App\Services\ActivityPubDeliveryService;
|
||||
use App\Services\MediaPathService;
|
||||
use App\Services\MediaStorageService;
|
||||
|
|
@ -214,8 +215,8 @@ class Helpers {
|
|||
$ttl = now()->addMinutes(5);
|
||||
|
||||
return Cache::remember($key, $ttl, function() use($url) {
|
||||
$res = Zttp::withoutVerifying()->withHeaders(self::zttpUserAgent())->get($url);
|
||||
$res = json_decode($res->body(), true, 8);
|
||||
$res = ActivityPubFetchService::get($url);
|
||||
$res = json_decode($res, true, 8);
|
||||
if(json_last_error() == JSON_ERROR_NONE) {
|
||||
return $res;
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ class HttpSignature {
|
|||
$digest = self::_digest($body);
|
||||
}
|
||||
$headers = self::_headersToSign($url, $body ? $digest : false);
|
||||
$headers = array_merge($headers, $addlHeaders);
|
||||
$headers = array_unique(array_merge($headers, $addlHeaders));
|
||||
$stringToSign = self::_headersToSigningString($headers);
|
||||
$signedHeaders = implode(' ', array_map('strtolower', array_keys($headers)));
|
||||
$key = openssl_pkey_get_private($privateKey);
|
||||
|
|
@ -53,7 +53,7 @@ class HttpSignature {
|
|||
unset($headers['(request-target)']);
|
||||
$headers['Signature'] = $signatureHeader;
|
||||
|
||||
return self::_headersToCurlArray($headers);
|
||||
return $headers;
|
||||
}
|
||||
|
||||
public static function parseSignatureHeader($signature) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue