revamp signatures

2023-12-31 05:32:39 -05:00 · 2023-12-31 05:32:39 -05:00 · 6ada10a340
parent 3544c61468
commit 6ada10a340
2 changed files with 34 additions and 23 deletions
--- a/module.d.ts
+++ b/module.d.ts
@ -6,7 +6,7 @@ declare module "activitypub-express" {
 // Only enough here for what I need.
 declare module "activitypub-http-signatures" {
    export class Sha256Signer {
-        constructor(options: { publicKeyId: string, privateKey: string });
+        constructor(options: { publicKeyId: string, privateKey: string }, headerNames?: string[]);

        sign: (options: { url: string, method: string, headers: any[] }) => string;
    };
--- a/src/net.ts
+++ b/src/net.ts
@ -22,34 +22,45 @@ export const signedFetch = async (url: string, init: RequestInit, signedInit: Si
    const signedHeaders: HeadersInit = [
        ["Date", new Date().toUTCString()],
        ["Host", new URL(url).host],
-        ["Content-Type", `application/ld+json; profile="${CONTEXT}"`]
    ];

-    const newHeaders = new Headers();
+    const headerNames = ["(request-target)", "host", "date"];

-    if (signedInit.digest && init.body) {
-        signedHeaders.push(["Digest", signedInit.digest]);
-    }
-    else if (init.method === "POST" && init.body) {
-        if (Buffer.isBuffer(init.body) || typeof init.body === "string") {
-            signedHeaders.push(["Digest", hashDigest(init.body)]);
+    if (init.method === "POST") {
+        headerNames.push("digest");
+
+        if (init.body) {
+            if (signedInit.digest) {
+                signedHeaders.push(["Digest", signedInit.digest]);
+            }
+            else {
+                if (Buffer.isBuffer(init.body) || typeof init.body === "string") {
+                    signedHeaders.push(["Digest", hashDigest(init.body)]);
+                }
+                else throw "unsupported body type";
+            }
        }
-        else throw "unsupported body type";
-
-        const signer = new Sha256Signer({
-            privateKey: signedInit.privateKey,
-            publicKeyId: signedInit.keyId
-        });
-    
-        const signature = signer.sign({
-            url,
-            method: init.method as string,
-            headers: signedHeaders
-        });
-    
-        newHeaders.set("Authorization", `Signature ${signature}`);
+        else throw "missing body";
    }

+    const signer = new Sha256Signer({
+        privateKey: signedInit.privateKey,
+        publicKeyId: signedInit.keyId
+    }, headerNames);
+
+    const signature = signer.sign({
+        url,
+        method: init.method as string,
+        headers: signedHeaders
+    });
+
+    const newHeaders = new Headers(
+        [
+            ["Signature", signature],
+            ["Content-Type", `application/ld+json; profile="${CONTEXT}"`]
+        ]
+    );
+
    if (Array.isArray(init.headers) || !init.headers) {
        for (const header of (init.headers || [])) {
            if (Array.isArray(header))