PeerTube/server/lib/activitypub/send/http.ts

import { buildDigest, signJsonLDObject } from '@server/helpers/peertube-crypto'
import { ACTIVITY_PUB, HTTP_SIGNATURE } from '@server/initializers/constants'
import { ActorModel } from '@server/models/actor/actor'
import { getServerActor } from '@server/models/application/application'
import { MActor } from '@server/types/models'
import { ContextType } from '@shared/models/activitypub/context'
import { activityPubContextify } from '../context'

type Payload <T> = { body: T, contextType: ContextType, signatureActorId?: number }

async function computeBody <T> (
  payload: Payload<T>
): Promise<T | T & { type: 'RsaSignature2017', creator: string, created: string }> {
  let body = payload.body

  if (payload.signatureActorId) {
    const actorSignature = await ActorModel.load(payload.signatureActorId)
    if (!actorSignature) throw new Error('Unknown signature actor id.')

    body = await signAndContextify(actorSignature, payload.body, payload.contextType)
  }

  return body
}

async function buildSignedRequestOptions (payload: Payload<any>) {
  let actor: MActor | null

  if (payload.signatureActorId) {
    actor = await ActorModel.load(payload.signatureActorId)
    if (!actor) throw new Error('Unknown signature actor id.')
  } else {
    // We need to sign the request, so use the server
    actor = await getServerActor()
  }

  const keyId = actor.url
  return {
    algorithm: HTTP_SIGNATURE.ALGORITHM,
    authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME,
    keyId,
    key: actor.privateKey,
    headers: HTTP_SIGNATURE.HEADERS_TO_SIGN
  }
}

function buildGlobalHeaders (body: any) {
  return {
    'digest': buildDigest(body),
    'content-type': 'application/activity+json',
    'accept': ACTIVITY_PUB.ACCEPT_HEADER
  }
}

function signAndContextify <T> (byActor: MActor, data: T, contextType: ContextType | null) {
  const activity = contextType
    ? activityPubContextify(data, contextType)
    : data

  return signJsonLDObject(byActor, activity)
}

export {
  buildGlobalHeaders,
  computeBody,
  buildSignedRequestOptions,
  signAndContextify
}
Refactor AP context builder 2022-03-23 16:14:33 +01:00			`import { buildDigest, signJsonLDObject } from '@server/helpers/peertube-crypto'`
			`import { ACTIVITY_PUB, HTTP_SIGNATURE } from '@server/initializers/constants'`
			`import { ActorModel } from '@server/models/actor/actor'`
Cleanup models directory organization 2021-05-11 11:15:29 +02:00			`import { getServerActor } from '@server/models/application/application'`
Refactor AP context builder 2022-03-23 16:14:33 +01:00			`import { MActor } from '@server/types/models'`
Cleanup models directory organization 2021-05-11 11:15:29 +02:00			`import { ContextType } from '@shared/models/activitypub/context'`
Refactor AP context builder 2022-03-23 16:14:33 +01:00			`import { activityPubContextify } from '../context'`
Move job queue to redis We'll use it as cache in the future. /!\ You'll loose your old jobs (pending jobs too) so upgrade only when you don't have pending job anymore. 2018-01-25 15:05:18 +01:00
Refactor AP context builder 2022-03-23 16:14:33 +01:00			`type Payload <T> = { body: T, contextType: ContextType, signatureActorId?: number }`
Add more headers to broadcast/unicast 2018-10-10 08:51:58 +02:00
Use got instead of request 2021-03-08 14:24:11 +01:00			`async function computeBody <T> (`
			`payload: Payload<T>`
			`): Promise<T \| T & { type: 'RsaSignature2017', creator: string, created: string }> {`
Move job queue to redis We'll use it as cache in the future. /!\ You'll loose your old jobs (pending jobs too) so upgrade only when you don't have pending job anymore. 2018-01-25 15:05:18 +01:00			`let body = payload.body`

			`if (payload.signatureActorId) {`
			`const actorSignature = await ActorModel.load(payload.signatureActorId)`
			`if (!actorSignature) throw new Error('Unknown signature actor id.')`
Use got instead of request 2021-03-08 14:24:11 +01:00
Refactor AP context builder 2022-03-23 16:14:33 +01:00			`body = await signAndContextify(actorSignature, payload.body, payload.contextType)`
Move job queue to redis We'll use it as cache in the future. /!\ You'll loose your old jobs (pending jobs too) so upgrade only when you don't have pending job anymore. 2018-01-25 15:05:18 +01:00			`}`

			`return body`
			`}`

Use got instead of request 2021-03-08 14:24:11 +01:00			`async function buildSignedRequestOptions (payload: Payload<any>) {`
Stronger model typings 2019-08-15 11:53:26 +02:00			`let actor: MActor \| null`

Move job queue to redis We'll use it as cache in the future. /!\ You'll loose your old jobs (pending jobs too) so upgrade only when you don't have pending job anymore. 2018-01-25 15:05:18 +01:00			`if (payload.signatureActorId) {`
			`actor = await ActorModel.load(payload.signatureActorId)`
			`if (!actor) throw new Error('Unknown signature actor id.')`
			`} else {`
			`// We need to sign the request, so use the server`
			`actor = await getServerActor()`
			`}`

Fix pleroma follow 2019-04-25 15:19:53 +02:00			`const keyId = actor.url`
Move job queue to redis We'll use it as cache in the future. /!\ You'll loose your old jobs (pending jobs too) so upgrade only when you don't have pending job anymore. 2018-01-25 15:05:18 +01:00			`return {`
Add HTTP signature check before linked signature It's faster, and will allow us to use RSA signature 2018 (with upstream jsonld-signature module) without too much incompatibilities in the peertube federation 2018-10-19 11:41:19 +02:00			`algorithm: HTTP_SIGNATURE.ALGORITHM,`
			`authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME,`
Move job queue to redis We'll use it as cache in the future. /!\ You'll loose your old jobs (pending jobs too) so upgrade only when you don't have pending job anymore. 2018-01-25 15:05:18 +01:00			`keyId,`
Add more headers to broadcast/unicast 2018-10-10 08:51:58 +02:00			`key: actor.privateKey,`
Add HTTP signature check before linked signature It's faster, and will allow us to use RSA signature 2018 (with upstream jsonld-signature module) without too much incompatibilities in the peertube federation 2018-10-19 11:41:19 +02:00			`headers: HTTP_SIGNATURE.HEADERS_TO_SIGN`
Add more headers to broadcast/unicast 2018-10-10 08:51:58 +02:00			`}`
			`}`

Add compatibility with other Linked Signature algorithms 2018-10-23 11:38:48 +02:00			`function buildGlobalHeaders (body: any) {`
Add more headers to broadcast/unicast 2018-10-10 08:51:58 +02:00			`return {`
Fix AP security tests 2021-03-10 11:17:20 +01:00			`'digest': buildDigest(body),`
			`'content-type': 'application/activity+json',`
			`'accept': ACTIVITY_PUB.ACCEPT_HEADER`
Move job queue to redis We'll use it as cache in the future. /!\ You'll loose your old jobs (pending jobs too) so upgrade only when you don't have pending job anymore. 2018-01-25 15:05:18 +01:00			`}`
			`}`

Refactor AP context builder 2022-03-23 16:14:33 +01:00			`function signAndContextify <T> (byActor: MActor, data: T, contextType: ContextType \| null) {`
			`const activity = contextType`
			`? activityPubContextify(data, contextType)`
			`: data`

			`return signJsonLDObject(byActor, activity)`
			`}`

Move job queue to redis We'll use it as cache in the future. /!\ You'll loose your old jobs (pending jobs too) so upgrade only when you don't have pending job anymore. 2018-01-25 15:05:18 +01:00			`export {`
Add more headers to broadcast/unicast 2018-10-10 08:51:58 +02:00			`buildGlobalHeaders,`
Move job queue to redis We'll use it as cache in the future. /!\ You'll loose your old jobs (pending jobs too) so upgrade only when you don't have pending job anymore. 2018-01-25 15:05:18 +01:00			`computeBody,`
Refactor AP context builder 2022-03-23 16:14:33 +01:00			`buildSignedRequestOptions,`
			`signAndContextify`
Move job queue to redis We'll use it as cache in the future. /!\ You'll loose your old jobs (pending jobs too) so upgrade only when you don't have pending job anymore. 2018-01-25 15:05:18 +01:00			`}`