Move stuff, keep working on authenticated fetch

2025-04-12 21:39:25 +02:00 · 2025-04-12 21:39:25 +02:00 · e3a97170a9
commit e3a97170a9
parent f8b3a6ff06
11 changed files with 81 additions and 39 deletions
--- a/web/public/api/activitypub/user.go
+++ b/web/public/api/activitypub/user.go
@ -12,7 +12,7 @@ import (
 	"git.mstar.dev/mstar/goutils/sliceutils"
 	"github.com/rs/zerolog/hlog"

-	"git.mstar.dev/mstar/linstrom/activitypub/shared/types"
+	"git.mstar.dev/mstar/linstrom/activitypub"
 	"git.mstar.dev/mstar/linstrom/config"
 	"git.mstar.dev/mstar/linstrom/storage-new"
 	"git.mstar.dev/mstar/linstrom/storage-new/dbgen"
@ -53,6 +53,7 @@ func users(w http.ResponseWriter, r *http.Request) {
 	}
 	log := hlog.FromRequest(r)
 	userId := r.PathValue("id")
+	log.Debug().Any("headers", r.Header).Msg("request headers")
 	user, err := dbgen.User.Where(dbgen.User.ID.Eq(userId)).
 		Preload(dbgen.User.Icon).Preload(dbgen.User.Banner).
 		Preload(dbgen.User.BeingTypes).
@ -75,7 +76,7 @@ func users(w http.ResponseWriter, r *http.Request) {
 		keyBytes = keyBytesToPem(user.PublicKeyRsa)
 	}
 	data := Outbound{
-		Context:           types.BaseLdContext,
+		Context:           activitypub.BaseLdContext,
 		Id:                apUrl,
 		Type:              "Person",
 		PreferredUsername: user.Username,
@ -136,7 +137,12 @@ func userInbox(w http.ResponseWriter, r *http.Request) {
 	log := hlog.FromRequest(r)
 	userId := r.PathValue("id")
 	data, err := io.ReadAll(r.Body)
-	log.Info().Err(err).Str("userId", userId).Bytes("body", data).Msg("Inbox message")
+	log.Info().
+		Err(err).
+		Str("userId", userId).
+		Bytes("body", data).
+		Any("headers", r.Header).
+		Msg("Inbox message")
 }

 /*
--- a/web/public/api/activitypub/util.go
+++ b/web/public/api/activitypub/util.go
@ -9,7 +9,7 @@ import (

 func userIdToApUrl(id string) string {
 	return fmt.Sprintf(
-		"%s/api/ap/users/%s",
+		"%s/api/activitypub/user/%s",
 		config.GlobalConfig.General.GetFullPublicUrl(),
 		id,
 	)
--- a/web/shared/client.go
+++ b/web/shared/client.go
@ -2,17 +2,20 @@ package webshared

 import (
 	"crypto/sha256"
+	"io"
 	"net/http"
+	"strings"
 	"time"

 	"git.mstar.dev/mstar/goutils/maputils"
+	"github.com/rs/zerolog/log"

 	"git.mstar.dev/mstar/linstrom/config"
 )

 // No init needed, zero value is good

-var RequestClient http.Client
+var RequestClient = http.Client{}

 const xRandomHeader = "X-Auth-Random"

@ -36,35 +39,40 @@ func SignRequest(r *http.Request, keyId string, privateKeyBytes, postBody []byte
 		host = hostString
 	} else {
 		host = config.GlobalConfig.General.GetFullDomain()
-		headers.Set("Date", host)
+		headers.Set("Host", host)
 	}
 	applyBodyHash(headers, postBody)
-	mappedHeaders := maputils.MapSameKeys(headers, func(k string, v []string) string {
+	mappedHeaders := maputils.MapNewKeys(headers, func(k string, v []string) (string, string) {
 		if len(v) > 0 {
-			return v[0]
+			return strings.ToLower(k), v[0]
 		} else {
-			return ""
+			return strings.ToLower(k), ""
 		}
 	})
 	var signedString string
+	var usedHeaders []string
 	if config.GlobalConfig.Experimental.UseEd25519Keys {
-		tmp, err := CreateSignatureED(method, r.URL.RawPath, mappedHeaders, privateKeyBytes)
+		tmp, tmp2, err := CreateSignatureED(method, r.URL.Path, mappedHeaders, privateKeyBytes)
 		if err != nil {
 			return err
 		}
 		signedString = tmp
+		usedHeaders = tmp2
 	} else {
-		tmp, err := CreateSignatureRSA(method, r.URL.RawPath, mappedHeaders, privateKeyBytes)
+		tmp, tmp2, err := CreateSignatureRSA(method, r.URL.Path, mappedHeaders, privateKeyBytes)
 		if err != nil {
 			return err
 		}
 		signedString = tmp
+		usedHeaders = tmp2
 	}
+	log.Debug().Str("string-to-sign", signedString).Any("headers", mappedHeaders).Send()
 	signature := CreateSignatureHeaderContent(
 		keyId,
 		signedString,
-		maputils.KeysFromMap(mappedHeaders)...,
+		usedHeaders...,
 	)
+	log.Debug().Str("signature-header", signature).Send()
 	headers.Set("Signature", signature)
 	return nil
 }
@ -77,3 +85,17 @@ func applyBodyHash(headers http.Header, body []byte) error {
 	headers.Set("Digest", string(hash[:]))
 	return nil
 }
+
+func NewRequest(method string, url string, body io.Reader) (*http.Request, error) {
+	req, err := http.NewRequest(method, url, body)
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Add(
+		"User-Agent",
+		"Linstrom v0.0.0-pre-alpha ("+config.GlobalConfig.General.GetFullDomain()+")",
+	)
+	req.Header.Add("Date", time.Now().Format(time.RFC1123))
+	req.Header.Add("Host", config.GlobalConfig.General.GetFullDomain())
+	return req, nil
+}
--- a/web/shared/signing.go
+++ b/web/shared/signing.go
@ -4,6 +4,9 @@ import (
 	"encoding/base64"
 	"strings"

+	"github.com/rs/zerolog/log"
+
+	"git.mstar.dev/mstar/linstrom/config"
 	"git.mstar.dev/mstar/linstrom/shared"
 )

@ -15,10 +18,10 @@ func CreateSignatureRSA(
 	target string,
 	headers map[string]string,
 	privateKeyBytes []byte,
-) (string, error) {
-	message := genPreSignatureString(method, target, headers)
+) (string, []string, error) {
+	message, usedHeaders := genPreSignatureString(method, target, headers)
 	signed, err := shared.Sign(message, privateKeyBytes, true)
-	return base64.StdEncoding.EncodeToString(signed), err
+	return base64.StdEncoding.EncodeToString(signed), usedHeaders, err
 }

 // Generate the signed string of the headers, method and target
@ -29,24 +32,29 @@ func CreateSignatureED(
 	target string,
 	headers map[string]string,
 	privateKeyBytes []byte,
-) (string, error) {
-	message := genPreSignatureString(method, target, headers)
+) (string, []string, error) {
+	message, usedHeaders := genPreSignatureString(method, target, headers)
 	signed, err := shared.Sign(message, privateKeyBytes, false)
 	if err != nil {
-		return "", err
+		return "", nil, err
 	}
-	return base64.StdEncoding.EncodeToString(signed), nil
+	return base64.StdEncoding.EncodeToString(signed), usedHeaders, nil
 }

-func genPreSignatureString(method, target string, headers map[string]string) string {
+func genPreSignatureString(method, target string, headers map[string]string) (string, []string) {
 	dataBuilder := strings.Builder{}
-	dataBuilder.WriteString("(request-target) ")
+	dataBuilder.WriteString("(request-target): ")
 	dataBuilder.WriteString(strings.ToLower(method) + " ")
 	dataBuilder.WriteString(target + "\n")
+	dataBuilder.WriteString("algorithm: rsa-sha256\n")
+	usedHeaders := []string{"(request-target)", "algorithm"}
 	for k, v := range headers {
 		dataBuilder.WriteString(k + ": " + v + "\n")
+		usedHeaders = append(usedHeaders, k)
 	}
-	return dataBuilder.String()
+	tmp := dataBuilder.String()
+	log.Debug().Str("Raw signature string", tmp).Send()
+	return tmp, usedHeaders
 }

 // Generate the content of the "Signature" header based on
@ -55,6 +63,8 @@ func genPreSignatureString(method, target string, headers map[string]string) str
 func CreateSignatureHeaderContent(userId string, hash string, headerNames ...string) string {
 	builder := strings.Builder{}
 	builder.WriteString("keyId=\"")
+	builder.WriteString(config.GlobalConfig.General.GetFullPublicUrl())
+	builder.WriteString("/api/activitypub/user/")
 	builder.WriteString(userId)
 	builder.WriteString("\",headers=\"")
 	for i, header := range headerNames {
@ -63,7 +73,7 @@ func CreateSignatureHeaderContent(userId string, hash string, headerNames ...str
 			builder.WriteRune(' ')
 		}
 	}
-	builder.WriteString("\",signature=\"")
+	builder.WriteString("\",algorithm=\"rsa-sha256\",signature=\"")
 	builder.WriteString(hash)
 	builder.WriteRune('"')