|
|
@@ -3,7 +3,6 @@ |
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only |
|
|
|
|
|
|
|
defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do |
|
|
|
alias Pleroma.Web.ActivityPub.Utils |
|
|
|
import Plug.Conn |
|
|
|
require Logger |
|
|
|
|
|
|
@@ -16,38 +15,30 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do |
|
|
|
end |
|
|
|
|
|
|
|
def call(conn, _opts) do |
|
|
|
user = Utils.get_ap_id(conn.params["actor"]) |
|
|
|
Logger.debug("Checking sig for #{user}") |
|
|
|
[signature | _] = get_req_header(conn, "signature") |
|
|
|
|
|
|
|
cond do |
|
|
|
signature && String.contains?(signature, user) -> |
|
|
|
# set (request-target) header to the appropriate value |
|
|
|
# we also replace the digest header with the one we computed |
|
|
|
conn = |
|
|
|
conn |
|
|
|
|> put_req_header( |
|
|
|
"(request-target)", |
|
|
|
String.downcase("#{conn.method}") <> " #{conn.request_path}" |
|
|
|
) |
|
|
|
|
|
|
|
conn = |
|
|
|
if conn.assigns[:digest] do |
|
|
|
conn |
|
|
|
|> put_req_header("digest", conn.assigns[:digest]) |
|
|
|
else |
|
|
|
conn |
|
|
|
end |
|
|
|
|
|
|
|
assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn)) |
|
|
|
if signature do |
|
|
|
# set (request-target) header to the appropriate value |
|
|
|
# we also replace the digest header with the one we computed |
|
|
|
conn = |
|
|
|
conn |
|
|
|
|> put_req_header( |
|
|
|
"(request-target)", |
|
|
|
String.downcase("#{conn.method}") <> " #{conn.request_path}" |
|
|
|
) |
|
|
|
|
|
|
|
signature -> |
|
|
|
Logger.debug("Signature not from actor") |
|
|
|
assign(conn, :valid_signature, false) |
|
|
|
conn = |
|
|
|
if conn.assigns[:digest] do |
|
|
|
conn |
|
|
|
|> put_req_header("digest", conn.assigns[:digest]) |
|
|
|
else |
|
|
|
conn |
|
|
|
end |
|
|
|
|
|
|
|
true -> |
|
|
|
Logger.debug("No signature header!") |
|
|
|
conn |
|
|
|
assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn)) |
|
|
|
else |
|
|
|
Logger.debug("No signature header!") |
|
|
|
conn |
|
|
|
end |
|
|
|
end |
|
|
|
end |