revamp signatures

This commit is contained in:
Moon Man 2023-12-31 05:32:39 -05:00
parent 3544c61468
commit 6ada10a340
2 changed files with 34 additions and 23 deletions

2
module.d.ts vendored
View File

@ -6,7 +6,7 @@ declare module "activitypub-express" {
// Only enough here for what I need. // Only enough here for what I need.
declare module "activitypub-http-signatures" { declare module "activitypub-http-signatures" {
export class Sha256Signer { export class Sha256Signer {
constructor(options: { publicKeyId: string, privateKey: string }); constructor(options: { publicKeyId: string, privateKey: string }, headerNames?: string[]);
sign: (options: { url: string, method: string, headers: any[] }) => string; sign: (options: { url: string, method: string, headers: any[] }) => string;
}; };

View File

@ -22,34 +22,45 @@ export const signedFetch = async (url: string, init: RequestInit, signedInit: Si
const signedHeaders: HeadersInit = [ const signedHeaders: HeadersInit = [
["Date", new Date().toUTCString()], ["Date", new Date().toUTCString()],
["Host", new URL(url).host], ["Host", new URL(url).host],
["Content-Type", `application/ld+json; profile="${CONTEXT}"`]
]; ];
const newHeaders = new Headers(); const headerNames = ["(request-target)", "host", "date"];
if (signedInit.digest && init.body) { if (init.method === "POST") {
signedHeaders.push(["Digest", signedInit.digest]); headerNames.push("digest");
}
else if (init.method === "POST" && init.body) { if (init.body) {
if (Buffer.isBuffer(init.body) || typeof init.body === "string") { if (signedInit.digest) {
signedHeaders.push(["Digest", hashDigest(init.body)]); signedHeaders.push(["Digest", signedInit.digest]);
}
else {
if (Buffer.isBuffer(init.body) || typeof init.body === "string") {
signedHeaders.push(["Digest", hashDigest(init.body)]);
}
else throw "unsupported body type";
}
} }
else throw "unsupported body type"; else throw "missing body";
const signer = new Sha256Signer({
privateKey: signedInit.privateKey,
publicKeyId: signedInit.keyId
});
const signature = signer.sign({
url,
method: init.method as string,
headers: signedHeaders
});
newHeaders.set("Authorization", `Signature ${signature}`);
} }
const signer = new Sha256Signer({
privateKey: signedInit.privateKey,
publicKeyId: signedInit.keyId
}, headerNames);
const signature = signer.sign({
url,
method: init.method as string,
headers: signedHeaders
});
const newHeaders = new Headers(
[
["Signature", signature],
["Content-Type", `application/ld+json; profile="${CONTEXT}"`]
]
);
if (Array.isArray(init.headers) || !init.headers) { if (Array.isArray(init.headers) || !init.headers) {
for (const header of (init.headers || [])) { for (const header of (init.headers || [])) {
if (Array.isArray(header)) if (Array.isArray(header))