Resolve account by signature in inbox

This commit is contained in:
Akihiko Odaki 2018-04-02 18:36:47 +09:00
parent ebae97a1fe
commit 00110e37f2
7 changed files with 72 additions and 56 deletions

View file

@ -1,10 +1,12 @@
import follow from './follow'; import follow from './follow';
import performActivityPub from './perform-activitypub'; import performActivityPub from './perform-activitypub';
import processInbox from './process-inbox';
import reportGitHubFailure from './report-github-failure'; import reportGitHubFailure from './report-github-failure';
const handlers = { const handlers = {
follow, follow,
performActivityPub, performActivityPub,
processInbox,
reportGitHubFailure, reportGitHubFailure,
}; };

View file

@ -2,5 +2,5 @@ import User from '../../models/user';
import act from '../../remote/activitypub/act'; import act from '../../remote/activitypub/act';
export default ({ data }, done) => User.findOne({ _id: data.actor }) export default ({ data }, done) => User.findOne({ _id: data.actor })
.then(actor => act(actor, data.outbox, data.distribute)) .then(actor => act(actor, data.outbox, false))
.then(() => done(), done); .then(() => done(), done);

View file

@ -0,0 +1,38 @@
import { verifySignature } from 'http-signature';
import parseAcct from '../../acct/parse';
import User, { IRemoteUser } from '../../models/user';
import act from '../../remote/activitypub/act';
import resolvePerson from '../../remote/activitypub/resolve-person';
export default ({ data }, done) => (async () => {
const keyIdLower = data.signature.keyId.toLowerCase();
let user;
if (keyIdLower.startsWith('acct:')) {
const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
if (host === null) {
throw 'request was made by local user';
}
user = await User.findOne({ usernameLower: username, hostLower: host }) as IRemoteUser;
} else {
user = await User.findOne({
host: { $ne: null },
'account.publicKey.id': data.signature.keyId
}) as IRemoteUser;
if (user === null) {
user = await resolvePerson(data.signature.keyId);
}
}
if (user === null) {
throw 'failed to resolve user';
}
if (!verifySignature(data.signature, user.account.publicKey.publicKeyPem)) {
throw 'signature verification failed';
}
await act(user, data.inbox, true);
})().then(done, done);

View file

@ -10,18 +10,14 @@ async function isCollection(collection) {
return ['Collection', 'OrderedCollection'].includes(collection.type); return ['Collection', 'OrderedCollection'].includes(collection.type);
} }
export default async (value, usernameLower, hostLower, acctLower) => { export default async (value, verifier?: string) => {
if (!validateUsername(usernameLower)) {
throw new Error();
}
const { resolver, object } = await new Resolver().resolveOne(value); const { resolver, object } = await new Resolver().resolveOne(value);
if ( if (
object === null || object === null ||
object.type !== 'Person' || object.type !== 'Person' ||
typeof object.preferredUsername !== 'string' || typeof object.preferredUsername !== 'string' ||
object.preferredUsername.toLowerCase() !== usernameLower || !validateUsername(object.preferredUsername) ||
!isValidName(object.name) || !isValidName(object.name) ||
!isValidDescription(object.summary) !isValidDescription(object.summary)
) { ) {
@ -41,9 +37,11 @@ export default async (value, usernameLower, hostLower, acctLower) => {
resolved => isCollection(resolved.object) ? resolved.object : null, resolved => isCollection(resolved.object) ? resolved.object : null,
() => null () => null
), ),
webFinger(object.id, acctLower), webFinger(object.id, verifier),
]); ]);
const host = toUnicode(finger.subject.replace(/^.*?@/, ''));
const hostLower = host.replace(/[A-Z]+/, matched => matched.toLowerCase());
const summaryDOM = JSDOM.fragment(object.summary); const summaryDOM = JSDOM.fragment(object.summary);
// Create user // Create user
@ -58,8 +56,8 @@ export default async (value, usernameLower, hostLower, acctLower) => {
postsCount: outbox ? outbox.totalItem || 0 : 0, postsCount: outbox ? outbox.totalItem || 0 : 0,
driveCapacity: 1024 * 1024 * 8, // 8MiB driveCapacity: 1024 * 1024 * 8, // 8MiB
username: object.preferredUsername, username: object.preferredUsername,
usernameLower, usernameLower: object.preferredUsername.toLowerCase(),
host: toUnicode(finger.subject.replace(/^.*?@/, '')), host,
hostLower, hostLower,
account: { account: {
publicKey: { publicKey: {

View file

@ -19,7 +19,7 @@ export default async (username, host, option) => {
throw new Error(); throw new Error();
} }
user = await resolvePerson(self.href, usernameLower, hostLower, acctLower); user = await resolvePerson(self.href, acctLower);
} }
return user; return user;

View file

@ -12,14 +12,22 @@ type IWebFinger = {
subject: string; subject: string;
}; };
export default (query, verifier): Promise<IWebFinger> => new Promise((res, rej) => webFinger.lookup(query, (error, result) => { export default async function resolve(query, verifier?: string): Promise<IWebFinger> {
if (error) { const finger = await new Promise((res, rej) => webFinger.lookup(query, (error, result) => {
return rej(error); if (error) {
return rej(error);
}
res(result.object);
})) as IWebFinger;
if (verifier) {
if (finger.subject.toLowerCase().replace(/^acct:/, '') !== verifier) {
throw 'WebFinger verfification failed';
}
return finger;
} }
if (result.object.subject.toLowerCase().replace(/^acct:/, '') !== verifier) { return resolve(finger.subject, finger.subject.toLowerCase());
return rej('WebFinger verfification failed'); }
}
res(result.object);
}));

View file

@ -1,9 +1,7 @@
import * as bodyParser from 'body-parser'; import * as bodyParser from 'body-parser';
import * as express from 'express'; import * as express from 'express';
import { parseRequest, verifySignature } from 'http-signature'; import { parseRequest } from 'http-signature';
import User, { IRemoteUser } from '../../models/user';
import queue from '../../queue'; import queue from '../../queue';
import parseAcct from '../../acct/parse';
const app = express(); const app = express();
@ -14,48 +12,20 @@ app.post('/@:user/inbox', bodyParser.json({
return true; return true;
} }
}), async (req, res) => { }), async (req, res) => {
let parsed; let signature;
req.headers.authorization = 'Signature ' + req.headers.signature; req.headers.authorization = 'Signature ' + req.headers.signature;
try { try {
parsed = parseRequest(req); signature = parseRequest(req);
} catch (exception) { } catch (exception) {
return res.sendStatus(401); return res.sendStatus(401);
} }
const keyIdLower = parsed.keyId.toLowerCase();
let query;
if (keyIdLower.startsWith('acct:')) {
const { username, host } = parseAcct(keyIdLower.slice('acct:'.length));
if (host === null) {
return res.sendStatus(401);
}
query = { usernameLower: username, hostLower: host };
} else {
query = {
host: { $ne: null },
'account.publicKey.id': parsed.keyId
};
}
const user = await User.findOne(query) as IRemoteUser;
if (user === null) {
return res.sendStatus(401);
}
if (!verifySignature(parsed, user.account.publicKey.publicKeyPem)) {
return res.sendStatus(401);
}
queue.create('http', { queue.create('http', {
type: 'performActivityPub', type: 'processInbox',
actor: user._id, inbox: req.body,
outbox: req.body, signature,
distribute: true,
}).save(); }).save();
return res.status(202).end(); return res.status(202).end();