linstrom/web/shared/client.go

package webshared

import (
	"io"
	"net/http"
	"time"

	"git.mstar.dev/mstar/linstrom/config"
)

// No init needed, zero value is good

var RequestClient = http.Client{}

// Sign a given outbound request for authorized fetch.
// At the end, the Signature header will have the signature needed,
// nothing else is modified.
// If the request is POST, the postBody must contain the raw body of
// the request and the Digest header will also be added
func SignRequest(r *http.Request, keyId string, privateKeyBytes, postBody []byte) error {
	method := r.Method
	headers := r.Header
	if dateString := headers.Get("Date"); dateString != "" {
	} else {
		headers.Set("Date", time.Now().UTC().Format(http.TimeFormat))
	}
	applyBodyHash(headers, postBody)
	// Filter for only the date, host, digest and request-target headers
	var signedString string
	var usedHeaders []string
	if config.GlobalConfig.Experimental.UseEd25519Keys {
		tmp, tmp2, err := CreateSignatureED(method, r.URL, headers, privateKeyBytes)
		if err != nil {
			return err
		}
		signedString = tmp
		usedHeaders = tmp2
	} else {
		tmp, tmp2, err := CreateSignatureRSA(method, r.URL, headers, privateKeyBytes)
		if err != nil {
			return err
		}
		signedString = tmp
		usedHeaders = tmp2
	}
	signature := CreateSignatureHeaderContent(
		keyId,
		signedString,
		usedHeaders...,
	)
	headers.Set("Signature", signature)
	return nil
}

func NewRequest(method string, url string, body io.Reader) (*http.Request, error) {
	req, err := http.NewRequest(method, url, body)
	if err != nil {
		return nil, err
	}
	req.Header.Add(
		"User-Agent",
		"Linstrom v0.0.0-pre-alpha ("+config.GlobalConfig.General.GetFullDomain()+")",
	)
	req.Header.Add("Date", time.Now().UTC().Format(http.TimeFormat))
	return req, nil
}