Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Pleroma
pleroma
Commits
a9c23e1c
Commit
a9c23e1c
authored
Dec 12, 2017
by
lain
Browse files
Add plug to validate signed http requests.
parent
e2e63650
Changes
3
Hide whitespace changes
Inline
Side-by-side
lib/pleroma/plugs/http_signature.ex
0 → 100644
View file @
a9c23e1c
defmodule
Pleroma
.
Web
.
Plugs
.
HTTPSignaturePlug
do
alias
Pleroma
.
Web
.
HTTPSignatures
import
Plug
.
Conn
def
init
(
options
)
do
options
end
def
call
(
conn
,
opts
)
do
if
get_req_header
(
conn
,
"signature"
)
do
conn
=
conn
|>
put_req_header
(
"(request-target)"
,
String
.
downcase
(
"
#{
conn
.
method
}
#{
conn
.
request_path
}
"
))
assign
(
conn
,
:valid_signature
,
HTTPSignatures
.
validate_conn
(
conn
))
else
conn
end
end
end
lib/pleroma/user.ex
View file @
a9c23e1c
...
...
@@ -376,4 +376,14 @@ def delete (%User{} = user) do
:ok
end
def
get_public_key_for_ap_id
(
ap_id
)
do
with
%
User
{}
=
user
<-
get_cached_by_ap_id
(
ap_id
),
%{
info:
%{
"magic_key"
=>
magic_key
}}
<-
user
,
public_key
<-
Pleroma
.
Web
.
Salmon
.
decode_key
(
magic_key
)
do
{
:ok
,
public_key
}
else
_
->
:error
end
end
end
lib/pleroma/web/http_signatures/http_signatures.ex
View file @
a9c23e1c
# https://tools.ietf.org/html/draft-cavage-http-signatures-08
defmodule
Pleroma
.
Web
.
HTTPSignatures
do
alias
Pleroma
.
User
def
split_signature
(
sig
)
do
default
=
%{
"headers"
=>
"date"
}
...
...
@@ -18,7 +20,18 @@ def split_signature(sig) do
def
validate
(
headers
,
signature
,
public_key
)
do
sigstring
=
build_signing_string
(
headers
,
signature
[
"headers"
])
{
:ok
,
sig
}
=
Base
.
decode64
(
signature
[
"signature"
])
verify
=
:public_key
.
verify
(
sigstring
,
:sha256
,
sig
,
public_key
)
:public_key
.
verify
(
sigstring
,
:sha256
,
sig
,
public_key
)
end
def
validate_conn
(
conn
)
do
# TODO: How to get the right key and see if it is actually valid for that request.
# For now, fetch the key for the actor.
with
actor_id
<-
conn
.
params
[
"actor"
],
{
:ok
,
public_key
}
<-
User
.
get_public_key_for_ap_id
(
actor_id
)
do
validate_conn
(
conn
,
public_key
)
else
_
->
false
end
end
def
validate_conn
(
conn
,
public_key
)
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment