Send Digest header in outbound federation requests

This commit is contained in:
Shadowfacts 2021-03-17 19:04:55 -04:00
parent be6b556601
commit 62277de5a5
Signed by untrusted user: shadowfacts
GPG Key ID: 94A5AB95422746E5
1 changed files with 5 additions and 3 deletions

View File

@ -113,12 +113,13 @@ export async function signAndSend(activity: Activity, inbox: string) {
const inboxFragment = inbox.replace("https://" + targetDomain, "");
const date = new Date();
const privKey = (await fs.readFile(process.env.PRIV_KEY_PEM!)).toString();
const bodyDigest = crypto.createHash("sha256").update(JSON.stringify(activity)).digest("base64");
const stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${date.toUTCString()}\ndigest: SHA-256=${bodyDigest}`;
const signer = crypto.createSign("sha256");
const stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${date.toUTCString()}`;
signer.update(stringToSign);
signer.end();
const signature = signer.sign(privKey, "base64");
const header = `keyId="https://${domain}/ap/actor#main-key",headers="(request-target) host date",signature="${signature}"`;
const header = `keyId="https://${domain}/ap/actor#main-key",headers="(request-target) host date digest",signature="${signature}"`;
console.log("Sending:", activity);
console.log("stringToSign:", stringToSign);
console.log("Signature: " + header);
@ -127,12 +128,13 @@ export async function signAndSend(activity: Activity, inbox: string) {
headers: {
"Host": targetDomain,
"Date": date.toUTCString(),
"Digest": `SHA-256=${bodyDigest}`,
"Signature": header,
"Accept": "application/activity+json, application/json"
},
method: "POST",
json: true,
body: activity
body: activity,
}, (err, res) => {
console.log("Sent message to inbox at", targetDomain);
if (err) console.log("Error:", err, res);