fix: don't http sign proxy cloaks
This commit is contained in:
parent
d9d7acbe98
commit
018a399ee3
GPG key ID:
A4895B84D311642C
2 changed files with 19 additions and 15 deletions
|
|
@ -99,6 +99,13 @@ pub trait Fetcher {
|
|||
|
||||
async fn fetch_thread(&self, id: &str, tx: &impl ConnectionTrait) -> Result<(), RequestError>;
|
||||
|
||||
fn client(domain: &str) -> reqwest::Client {
|
||||
reqwest::Client::builder()
|
||||
.user_agent(format!("upub+{} ({domain})", crate::VERSION))
|
||||
.build()
|
||||
.expect("failed building http client, check system tls or resolver")
|
||||
}
|
||||
|
||||
async fn request(
|
||||
method: reqwest::Method,
|
||||
url: &str,
|
||||
|
|
@ -130,11 +137,10 @@ pub trait Fetcher {
|
|||
.build_manually(&method.to_string().to_lowercase(), &path, headers_map)
|
||||
.sign(key)?;
|
||||
|
||||
let response = reqwest::Client::new()
|
||||
.request(method.clone(), url)
|
||||
let response = Self::client(domain)
|
||||
.request(method, url)
|
||||
.header(ACCEPT, "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"")
|
||||
.header(CONTENT_TYPE, "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"")
|
||||
.header(USER_AGENT, format!("upub+{} ({domain})", crate::VERSION))
|
||||
.header("Host", host.clone())
|
||||
.header("Date", date.clone())
|
||||
.header("Digest", digest)
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ use axum::{extract::{Path, Query, State}, http::HeaderMap, response::{IntoRespon
|
|||
use reqwest::Method;
|
||||
use upub::{traits::{Cloaker, Fetcher}, Context};
|
||||
|
||||
use crate::{builders::JsonLD, ApiError, ApiResult, AuthIdentity, Identity};
|
||||
use crate::{builders::JsonLD, ApiError, AuthIdentity};
|
||||
|
||||
|
||||
pub async fn view(
|
||||
|
|
@ -76,20 +76,18 @@ pub async fn cloak_proxy(
|
|||
let uri = ctx.uncloak(&hmac, &uri)
|
||||
.ok_or_else(ApiError::unauthorized)?;
|
||||
|
||||
let resp = Context::request(
|
||||
Method::GET,
|
||||
&uri,
|
||||
None,
|
||||
ctx.base(),
|
||||
ctx.pkey(),
|
||||
&format!("{}+proxy", ctx.domain()),
|
||||
)
|
||||
.await?
|
||||
.error_for_status()?;
|
||||
|
||||
let resp = Context::client(ctx.domain())
|
||||
.get(uri)
|
||||
.send()
|
||||
.await?
|
||||
.error_for_status()?;
|
||||
|
||||
let headers = resp.headers().clone();
|
||||
// TODO can we stream the response body as it comes?
|
||||
let body = resp.bytes().await?.to_vec();
|
||||
|
||||
// TODO not so great to just try parsing json, but this should be a cheap check as most things we
|
||||
// proxy are not json (as in, dont start with '{')
|
||||
if serde_json::from_slice::<serde_json::Value>(&body).is_ok() {
|
||||
return Err(ApiError::forbidden());
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue