From e92269053e3fd0e9b9c155ded86a1668444f3d70 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Tue, 7 Jan 2020 15:24:27 +0100
Subject: [PATCH] Update http signature

---
 package.json                                       |  2 +-
 server/helpers/custom-jsonld-signature.ts          | 14 +++++++++++---
 server/helpers/peertube-crypto.ts                  |  2 +-
 .../job-queue/handlers/activitypub-http-unicast.ts |  2 ++
 server/middlewares/activitypub.ts                  |  5 +++--
 yarn.lock                                          | 13 +++++++++++--
 6 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/package.json b/package.json
index 87dc2b5b9..aba7d1c4b 100644
--- a/package.json
+++ b/package.json
@@ -122,7 +122,7 @@
     "fluent-ffmpeg": "^2.1.0",
     "fs-extra": "^8.0.1",
     "helmet": "^3.12.1",
-    "http-signature": "1.2.0",
+    "http-signature": "1.3.1",
     "ip-anonymize": "^0.1.0",
     "ipaddr.js": "1.9.1",
     "is-cidr": "^3.0.0",
diff --git a/server/helpers/custom-jsonld-signature.ts b/server/helpers/custom-jsonld-signature.ts
index cb07fa3b2..a407a9fec 100644
--- a/server/helpers/custom-jsonld-signature.ts
+++ b/server/helpers/custom-jsonld-signature.ts
@@ -70,12 +70,20 @@ const lru = new AsyncLRU({
       })
     }
 
-    nodeDocumentLoader(url, cb)
+    nodeDocumentLoader(url)
+      .then(value => cb(null, value))
+      .catch(err => cb(err))
   }
 })
 
-jsonld.documentLoader = (url, cb) => {
-  lru.get(url, cb)
+jsonld.documentLoader = (url) => {
+  return new Promise((res, rej) => {
+    lru.get(url, (err, value) => {
+      if (err) return rej(err)
+
+      return res(value)
+    })
+  })
 }
 
 export { jsonld }
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 9eb782302..89c0ab151 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -51,7 +51,7 @@ function isHTTPSignatureVerified (httpSignatureParsed: any, actor: MActor): bool
 }
 
 function parseHTTPSignature (req: Request, clockSkew?: number) {
-  return httpSignature.parse(req, { authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, clockSkew })
+  return httpSignature.parse(req, { clockSkew })
 }
 
 // JSONLD
diff --git a/server/lib/job-queue/handlers/activitypub-http-unicast.ts b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
index c70ce3be9..6fbd4a716 100644
--- a/server/lib/job-queue/handlers/activitypub-http-unicast.ts
+++ b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
@@ -20,6 +20,8 @@ async function processActivityPubHttpUnicast (job: Bull.Job) {
   const body = await computeBody(payload)
   const httpSignatureOptions = await buildSignedRequestOptions(payload)
 
+  logger.info('hello', { httpSignatureOptions })
+
   const options = {
     method: 'POST',
     uri,
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index fedac0e05..bd3bdb076 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -51,10 +51,11 @@ export {
 // ---------------------------------------------------------------------------
 
 async function checkHttpSignature (req: Request, res: Response) {
-  // FIXME: mastodon does not include the Signature scheme
+  // FIXME: compatibility with http-signature < v1.3
   const sig = req.headers[HTTP_SIGNATURE.HEADER_NAME] as string
-  if (sig && sig.startsWith('Signature ') === false) req.headers[HTTP_SIGNATURE.HEADER_NAME] = 'Signature ' + sig
+  if (sig && sig.startsWith('Signature ') === true) req.headers[HTTP_SIGNATURE.HEADER_NAME] = sig.replace(/^Signature /, '')
 
+  logger.info('coucou', { signature: req.headers[HTTP_SIGNATURE.HEADER_NAME] })
   const parsed = parseHTTPSignature(req, HTTP_SIGNATURE.CLOCK_SKEW_SECONDS)
 
   const keyId = parsed.keyId
diff --git a/yarn.lock b/yarn.lock
index 71ef762f4..0f24b411b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3092,7 +3092,16 @@ http-parser-js@^0.4.3:
   resolved "https://registry.yarnpkg.com/http-parser-js/-/http-parser-js-0.4.13.tgz#3bd6d6fde6e3172c9334c3b33b6c193d80fe1137"
   integrity sha1-O9bW/ebjFyyTNMOzO2wZPYD+ETc=
 
-http-signature@1.2.0, http-signature@~1.2.0:
+http-signature@1.3.1:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.3.1.tgz#739fe2f8897ba84798e3e54b699a9008a8724ff9"
+  integrity sha512-Y29YKEc8MQsjch/VzkUVJ+2MXd9WcR42fK5u36CZf4G8bXw2DXMTWuESiB0R6m59JAWxlPPw5/Fri/t/AyyueA==
+  dependencies:
+    assert-plus "^1.0.0"
+    jsprim "^1.2.2"
+    sshpk "^1.14.1"
+
+http-signature@~1.2.0:
   version "1.2.0"
   resolved "https://registry.yarnpkg.com/http-signature/-/http-signature-1.2.0.tgz#9aecd925114772f3d95b65a60abb8f7c18fbace1"
   integrity sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=
@@ -6057,7 +6066,7 @@ srt-to-vtt@^1.1.2:
     through2 "^0.6.3"
     to-utf-8 "^1.2.0"
 
-sshpk@^1.7.0:
+sshpk@^1.14.1, sshpk@^1.7.0:
   version "1.16.1"
   resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"
   integrity sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==