Michcio
/
shadowfacts.net
forked from shadowfacts/shadowfacts.net
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Send Digest header in outbound federation requests

This commit is contained in:
Shadowfacts 2021-03-17 19:04:55 -04:00
parent be6b556601
commit 62277de5a5
Signed by untrusted user: shadowfacts
GPG Key ID: 94A5AB95422746E5
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/activitypub/federate.ts
View File

@ -113,12 +113,13 @@ export async function signAndSend(activity: Activity, inbox: string) {
const inboxFragment = inbox.replace("https://" + targetDomain, ""); const inboxFragment = inbox.replace("https://" + targetDomain, "");
const date = new Date(); const date = new Date();
const privKey = (await fs.readFile(process.env.PRIV_KEY_PEM!)).toString(); const privKey = (await fs.readFile(process.env.PRIV_KEY_PEM!)).toString();
const bodyDigest = crypto.createHash("sha256").update(JSON.stringify(activity)).digest("base64");
const stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${date.toUTCString()}\ndigest: SHA-256=${bodyDigest}`;
const signer = crypto.createSign("sha256"); const signer = crypto.createSign("sha256");
const stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${date.toUTCString()}`;
signer.update(stringToSign); signer.update(stringToSign);
signer.end(); signer.end();
const signature = signer.sign(privKey, "base64"); const signature = signer.sign(privKey, "base64");
const header = `keyId="https://${domain}/ap/actor#main-key",headers="(request-target) host date",signature="${signature}"`; const header = `keyId="https://${domain}/ap/actor#main-key",headers="(request-target) host date digest",signature="${signature}"`;
console.log("Sending:", activity); console.log("Sending:", activity);
console.log("stringToSign:", stringToSign); console.log("stringToSign:", stringToSign);
console.log("Signature: " + header); console.log("Signature: " + header);
@ -127,12 +128,13 @@ export async function signAndSend(activity: Activity, inbox: string) {
headers: { headers: {
"Host": targetDomain, "Host": targetDomain,
"Date": date.toUTCString(), "Date": date.toUTCString(),
"Digest": `SHA-256=${bodyDigest}`,
"Signature": header, "Signature": header,
"Accept": "application/activity+json, application/json" "Accept": "application/activity+json, application/json"
}, },
method: "POST", method: "POST",
json: true, json: true,
body: activity body: activity,
}, (err, res) => { }, (err, res) => {
console.log("Sent message to inbox at", targetDomain); console.log("Sent message to inbox at", targetDomain);
if (err) console.log("Error:", err, res); if (err) console.log("Error:", err, res);