Merge pull request #59 from umonaca/bugfix-digest

Fix compatibility with Mastodon 3.2.1, Pleroma and Misskey
This commit is contained in:
Darius Kazemi 2020-10-26 12:06:32 -07:00 committed by GitHub
commit f7a85d0c19
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 9 deletions

View File

@ -16,23 +16,31 @@ function signAndSend(message, name, domain, req, res, targetDomain) {
return res.status(404).send(`No record found for ${name}.`); return res.status(404).send(`No record found for ${name}.`);
} }
else { else {
// digest
const digest = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
let privkey = result.privkey; let privkey = result.privkey;
const signer = crypto.createSign('sha256'); const signer = crypto.createSign('sha256');
let d = new Date(); let d = new Date();
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}`; let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digest}`;
signer.update(stringToSign); signer.update(stringToSign);
signer.end(); signer.end();
const signature = signer.sign(privkey); const signature = signer.sign(privkey);
const signature_b64 = signature.toString('base64'); const signature_b64 = signature.toString('base64');
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date",signature="${signature_b64}"`; const algorithm = 'rsa-sha256';
let header = `keyId="https://${domain}/u/${name}",algorithm="${algorithm}",headers="(request-target) host date digest",signature="${signature_b64}"`;
console.log('signature:',header); console.log('signature:',header);
console.log('message:',message); console.log('message:',message);
request({ request({
url: inbox, url: inbox,
headers: { headers: {
'Host': targetDomain, 'Host': targetDomain,
'Date': d.toUTCString(), 'Date': d.toUTCString(),
'Signature': header 'Signature': header,
'Digest': `SHA-256=${digest}`,
'Content-Type': 'application/activity+json',
'Accept': 'application/activity+json'
}, },
method: 'POST', method: 'POST',
json: true, json: true,
@ -47,7 +55,7 @@ function sendAcceptMessage(thebody, name, domain, req, res, targetDomain) {
const guid = crypto.randomBytes(16).toString('hex'); const guid = crypto.randomBytes(16).toString('hex');
console.log(thebody); console.log(thebody);
let message = { let message = {
'@context': 'https://www.w3.org/ns/activitystreams', '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'],
'id': `https://${domain}/${guid}`, 'id': `https://${domain}/${guid}`,
'type': 'Accept', 'type': 'Accept',
'actor': `https://${domain}/u/${name}`, 'actor': `https://${domain}/u/${name}`,

View File

@ -171,22 +171,29 @@ function signAndSend(message, name, domain, req, res, targetDomain, inbox) {
console.log(`No record found for ${name}.`); console.log(`No record found for ${name}.`);
} }
else { else {
// digest
const digest = crypto.createHash('sha256').update(JSON.stringify(message)).digest('base64');
let privkey = result.privkey; let privkey = result.privkey;
const signer = crypto.createSign('sha256'); const signer = crypto.createSign('sha256');
let d = new Date(); let d = new Date();
let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}`; let stringToSign = `(request-target): post ${inboxFragment}\nhost: ${targetDomain}\ndate: ${d.toUTCString()}\ndigest: SHA-256=${digest}`;
signer.update(stringToSign); signer.update(stringToSign);
signer.end(); signer.end();
const signature = signer.sign(privkey); const signature = signer.sign(privkey);
const signature_b64 = signature.toString('base64'); const signature_b64 = signature.toString('base64');
let header = `keyId="https://${domain}/u/${name}",headers="(request-target) host date",signature="${signature_b64}"`; const algorithm = 'rsa-sha256';
let header = `keyId="https://${domain}/u/${name}",algorithm="${algorithm}",headers="(request-target) host date digest",signature="${signature_b64}"`;
//console.log('signature:',header); //console.log('signature:',header);
request({ request({
url: inbox, url: inbox,
headers: { headers: {
'Host': targetDomain, 'Host': targetDomain,
'Date': d.toUTCString(), 'Date': d.toUTCString(),
'Signature': header 'Signature': header,
'Digest': `SHA-256=${digest}`,
'Content-Type': 'application/activity+json',
'Accept': 'application/activity+json'
}, },
method: 'POST', method: 'POST',
json: true, json: true,
@ -201,8 +208,7 @@ function createMessage(text, name, domain, item, follower, guidNote) {
let d = new Date(); let d = new Date();
let out = { let out = {
'@context': 'https://www.w3.org/ns/activitystreams', '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'],
'id': `https://${domain}/m/${guidCreate}`, 'id': `https://${domain}/m/${guidCreate}`,
'type': 'Create', 'type': 'Create',
'actor': `https://${domain}/u/${name}`, 'actor': `https://${domain}/u/${name}`,