1
0
Fork 0
forked from alemi/upub

fix: going back to manual http signatures

at least those worked, what the fuck is up with this lib technology...
This commit is contained in:
əlemi 2024-04-13 03:41:36 +02:00
parent d60d29bf98
commit b4e82b551b
Signed by: alemi
GPG key ID: A4895B84D311642C

View file

@ -1,7 +1,4 @@
use std::collections::BTreeMap;
use base64::Engine; use base64::Engine;
use http_signature_normalization::Config;
use openssl::{hash::MessageDigest, pkey::{PKey, Private}, sign::Signer}; use openssl::{hash::MessageDigest, pkey::{PKey, Private}, sign::Signer};
use reqwest::{header::{CONTENT_TYPE, USER_AGENT}, Method, Response}; use reqwest::{header::{CONTENT_TYPE, USER_AGENT}, Method, Response};
use sea_orm::{DatabaseConnection, EntityTrait, IntoActiveModel}; use sea_orm::{DatabaseConnection, EntityTrait, IntoActiveModel};
@ -33,10 +30,10 @@ impl Fetcher {
let host = Context::server(url); let host = Context::server(url);
let date = chrono::Utc::now().format("%a, %d %b %Y %H:%M:%S GMT").to_string(); // lmao @ "GMT" let date = chrono::Utc::now().format("%a, %d %b %Y %H:%M:%S GMT").to_string(); // lmao @ "GMT"
let path = url.replace("https://", "").replace("http://", "").replace(&host, ""); let path = url.replace("https://", "").replace("http://", "").replace(&host, "");
let mut headers : BTreeMap<String, String> = [ // let mut headers : BTreeMap<String, String> = [
("Host".to_string(), host.clone()), // ("Host".to_string(), host.clone()),
("Date".to_string(), date.clone()), // ("Date".to_string(), date.clone()),
].into(); // ].into();
let mut client = reqwest::Client::new() let mut client = reqwest::Client::new()
.request(method, url) .request(method, url)
@ -45,41 +42,41 @@ impl Fetcher {
.header("Host", host.clone()) .header("Host", host.clone())
.header("Date", date.clone()); .header("Date", date.clone());
let mut signature_cfg = Config::new().mastodon_compat(); // let mut signature_cfg = Config::new().mastodon_compat();
// let mut to_sign_raw = format!("(request-target): post {path}\nhost: {host}\ndate: {date}"); let mut to_sign_raw = format!("(request-target): post {path}\nhost: {host}\ndate: {date}");
// let mut headers_to_inspect = "(request-target) host date"; let mut headers_to_inspect = "(request-target) host date";
if let Some(payload) = payload { if let Some(payload) = payload {
let digest = format!("sha-256={}", base64::prelude::BASE64_STANDARD.encode(openssl::sha::sha256(payload.as_bytes()))); let digest = format!("sha-256={}", base64::prelude::BASE64_STANDARD.encode(openssl::sha::sha256(payload.as_bytes())));
// to_sign_raw = format!("(request-target): post {path}\nhost: {host}\ndate: {date}\ndigest: {digest}"); to_sign_raw = format!("(request-target): post {path}\nhost: {host}\ndate: {date}\ndigest: {digest}");
// headers_to_inspect = "(request-target) host date digest"; headers_to_inspect = "(request-target) host date digest";
headers.insert("Digest".to_string(), digest.clone()); // headers.insert("Digest".to_string(), digest.clone());
signature_cfg = signature_cfg.require_header("digest"); // signature_cfg = signature_cfg.require_header("digest");
client = client client = client
.header("Digest", digest) .header("Digest", digest)
.body(payload.to_string()); .body(payload.to_string());
} }
let signature_header = signature_cfg // let signature_header = signature_cfg
.begin_sign("POST", &path, headers) // .begin_sign("POST", &path, headers)
.unwrap() // .unwrap()
.sign(format!("{from}#main-key"), |to_sign| { // .sign(format!("{from}#main-key"), |to_sign| {
// tracing::info!("signature string:\nlib>> {to_sign}\nraw>> {to_sign_raw}"); // // tracing::info!("signature string:\nlib>> {to_sign}\nraw>> {to_sign_raw}");
let mut signer = Signer::new(MessageDigest::sha256(), key)?; // let mut signer = Signer::new(MessageDigest::sha256(), key)?;
signer.update(to_sign.as_bytes())?; // signer.update(to_sign.as_bytes())?;
let signature = base64::prelude::BASE64_URL_SAFE.encode(signer.sign_to_vec()?); // let signature = base64::prelude::BASE64_URL_SAFE.encode(signer.sign_to_vec()?);
Ok(signature) as crate::Result<_> // Ok(signature) as crate::Result<_>
}) // })
.unwrap() // .unwrap()
.signature_header() // .signature_header()
.replace("hs2019", "rsa-sha256"); // TODO what the fuck??? why isn't this customizable??? // .replace("hs2019", "rsa-sha256"); // TODO what the fuck??? why isn't this customizable???
// let signature_header = { let signature_header = {
// let mut signer = Signer::new(MessageDigest::sha256(), key).unwrap(); let mut signer = Signer::new(MessageDigest::sha256(), key).unwrap();
// signer.update(to_sign_raw.as_bytes()).unwrap(); signer.update(to_sign_raw.as_bytes()).unwrap();
// let signature = base64::prelude::BASE64_STANDARD.encode(signer.sign_to_vec().unwrap()); let signature = base64::prelude::BASE64_STANDARD.encode(signer.sign_to_vec().unwrap());
// format!("keyId=\"{from}#main-key\",algorithm=\"rsa-sha256\",headers=\"{headers_to_inspect}\",signature=\"{signature}\"") format!("keyId=\"{from}#main-key\",algorithm=\"rsa-sha256\",headers=\"{headers_to_inspect}\",signature=\"{signature}\"")
// }; };
// tracing::info!("signature headers:\nlib>> {signature_header_lib}\nraw>> {signature_header}"); // tracing::info!("signature headers:\nlib>> {signature_header_lib}\nraw>> {signature_header}");