From 844ae6224aeafbe9d751b91fbb059883de73685a Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Sun, 17 Jan 2021 01:43:57 -0700
Subject: [PATCH] Add InstanceActor generate command

---
 .../Commands/GenerateInstanceActor.php        | 75 +++++++++++++++++++
 app/Util/ActivityPub/HttpSignature.php        | 26 ++++++-
 app/Util/Lexer/RestrictedNames.php            | 14 ++++
 3 files changed, 114 insertions(+), 1 deletion(-)
 create mode 100644 app/Console/Commands/GenerateInstanceActor.php

diff --git a/app/Console/Commands/GenerateInstanceActor.php b/app/Console/Commands/GenerateInstanceActor.php
new file mode 100644
index 000000000..c70b13a12
--- /dev/null
+++ b/app/Console/Commands/GenerateInstanceActor.php
@@ -0,0 +1,75 @@
+<?php
+
+namespace App\Console\Commands;
+
+use Illuminate\Console\Command;
+use Illuminate\Support\Facades\Schema;
+use Illuminate\Support\Facades\DB;
+use App\Models\InstanceActor;
+use Cache;
+
+class GenerateInstanceActor extends Command
+{
+	protected $signature = 'instance:actor';
+	protected $description = 'Generate instance actor';
+
+	public function __construct()
+	{
+		parent::__construct();
+	}
+
+	public function handle()
+	{
+		if(Schema::hasTable('instance_actors') == false) {
+			$this->line(' ');
+			$this->error('Missing instance_actors table.');
+			$this->info('Run "php artisan migrate" and try again.');
+			$this->line(' ');
+			exit;
+		}
+
+		if(InstanceActor::exists()) {
+			$this->line(' ');
+			$this->error('Instance actor already exists!');
+			$this->line(' ');
+			$actor = InstanceActor::whereNotNull('public_key')
+				->whereNotNull('private_key')
+				->firstOrFail();
+			Cache::rememberForever(InstanceActor::PKI_PUBLIC, function() use($actor) {
+				return $actor->public_key;
+			});
+
+			Cache::rememberForever(InstanceActor::PKI_PRIVATE, function() use($actor) {
+				return $actor->private_key;
+			});
+			exit;
+		}
+
+		$pkiConfig = [
+			'digest_alg'       => 'sha512',
+			'private_key_bits' => 2048,
+			'private_key_type' => OPENSSL_KEYTYPE_RSA,
+		];
+		$pki = openssl_pkey_new($pkiConfig);
+		openssl_pkey_export($pki, $pki_private);
+		$pki_public = openssl_pkey_get_details($pki);
+		$pki_public = $pki_public['key'];
+
+		$actor = new InstanceActor();
+		$actor->public_key = $pki_public;
+		$actor->private_key = $pki_private;
+		$actor->save();
+
+		Cache::rememberForever(InstanceActor::PKI_PUBLIC, function() use($actor) {
+			return $actor->public_key;
+		});
+
+		Cache::rememberForever(InstanceActor::PKI_PRIVATE, function() use($actor) {
+			return $actor->private_key;
+		});
+
+		$this->info('Instance actor succesfully generated. You do not need to run this command again.');
+
+		return 0;
+	}
+}
diff --git a/app/Util/ActivityPub/HttpSignature.php b/app/Util/ActivityPub/HttpSignature.php
index d6ed0040b..516979f5c 100644
--- a/app/Util/ActivityPub/HttpSignature.php
+++ b/app/Util/ActivityPub/HttpSignature.php
@@ -2,7 +2,8 @@
 
 namespace App\Util\ActivityPub;
 
-use Log;
+use Cache, Log;
+use App\Models\InstanceActor;
 use App\Profile;
 use \DateTime;
 
@@ -32,6 +33,29 @@ class HttpSignature {
     return self::_headersToCurlArray($headers);
   }
 
+  public static function instanceActorSign($url, $body = false, $addlHeaders = [])
+  {
+    $keyId = config('app.url') . '/i/actor#main-key';
+    $privateKey = Cache::rememberForever(InstanceActor::PKI_PRIVATE, function() {
+      return InstanceActor::first()->private_key;
+    });
+    if($body) {
+      $digest = self::_digest($body);
+    }
+    $headers = self::_headersToSign($url, $body ? $digest : false);
+    $headers = array_merge($headers, $addlHeaders);
+    $stringToSign = self::_headersToSigningString($headers);
+    $signedHeaders = implode(' ', array_map('strtolower', array_keys($headers)));
+    $key = openssl_pkey_get_private($privateKey);
+    openssl_sign($stringToSign, $signature, $key, OPENSSL_ALGO_SHA256);
+    $signature = base64_encode($signature);
+    $signatureHeader = 'keyId="'.$keyId.'",headers="'.$signedHeaders.'",algorithm="rsa-sha256",signature="'.$signature.'"';
+    unset($headers['(request-target)']);
+    $headers['Signature'] = $signatureHeader;
+
+    return self::_headersToCurlArray($headers);
+  }
+
   public static function parseSignatureHeader($signature) {
     $parts = explode(',', $signature);
     $signatureData = [];
diff --git a/app/Util/Lexer/RestrictedNames.php b/app/Util/Lexer/RestrictedNames.php
index e104b31d2..09af01bfa 100644
--- a/app/Util/Lexer/RestrictedNames.php
+++ b/app/Util/Lexer/RestrictedNames.php
@@ -98,6 +98,8 @@ class RestrictedNames
 		'aboutus',
 		'about-us',
 		'abuse',
+		'actor',
+		'actors',
 		'account',
 		'admins',
 		'api',
@@ -179,6 +181,7 @@ class RestrictedNames
 		'help-center_',
 		'help_center-',
 		'i',
+		'instance',
 		'inbox',
 		'img',
 		'imgs',
@@ -208,6 +211,17 @@ class RestrictedNames
 		'media',
 		'menu',
 		'music',
+		'my2020',
+		'my2021',
+		'my2022',
+		'my2023',
+		'my2024',
+		'my2025',
+		'my2026',
+		'my2027',
+		'my2028',
+		'my2029',
+		'my2030',
 		'n',
 		'news',
 		'new',