From 63a7879c29bfa2bbc4f8dd6bacac09bcdacb6f86 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 25 Jun 2023 23:02:02 -0600 Subject: [PATCH] Update ActivityPubFetchService --- app/Services/ActivityPubFetchService.php | 4 ++-- app/Util/ActivityPub/HttpSignature.php | 11 +++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/app/Services/ActivityPubFetchService.php b/app/Services/ActivityPubFetchService.php index f44779ab1..d0accdcdc 100644 --- a/app/Services/ActivityPubFetchService.php +++ b/app/Services/ActivityPubFetchService.php @@ -21,9 +21,9 @@ class ActivityPubFetchService 'Accept' => 'application/activity+json, application/ld+json', ]; - $headers = HttpSignature::instanceActorSign($url, false, $baseHeaders); + $headers = HttpSignature::instanceActorSign($url, false, $baseHeaders, 'get'); $headers['Accept'] = 'application/activity+json, application/ld+json'; - $headers['User-Agent'] = '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')'; + $headers['User-Agent'] = 'PixelFedBot/1.0.0 (Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')'; try { $res = Http::withHeaders($headers) diff --git a/app/Util/ActivityPub/HttpSignature.php b/app/Util/ActivityPub/HttpSignature.php index 835c855c1..5bfdcac09 100644 --- a/app/Util/ActivityPub/HttpSignature.php +++ b/app/Util/ActivityPub/HttpSignature.php @@ -33,7 +33,7 @@ class HttpSignature { return self::_headersToCurlArray($headers); } - public static function instanceActorSign($url, $body = false, $addlHeaders = []) + public static function instanceActorSign($url, $body = false, $addlHeaders = [], $method = 'post') { $keyId = config('app.url') . '/i/actor#main-key'; $privateKey = Cache::rememberForever(InstanceActor::PKI_PRIVATE, function() { @@ -42,7 +42,7 @@ class HttpSignature { if($body) { $digest = self::_digest($body); } - $headers = self::_headersToSign($url, $body ? $digest : false); + $headers = self::_headersToSign($url, $body ? $digest : false, $method); $headers = array_merge($headers, $addlHeaders); $stringToSign = self::_headersToSigningString($headers); $signedHeaders = implode(' ', array_map('strtolower', array_keys($headers))); @@ -125,11 +125,14 @@ class HttpSignature { return base64_encode(hash('sha256', $body, true)); } - protected static function _headersToSign($url, $digest = false) { + protected static function _headersToSign($url, $digest = false, $method = 'post') { $date = new DateTime('UTC'); + if(!in_array($method, ['post', 'get'])) { + throw new \Exception('Invalid method used to sign headers in HttpSignature'); + } $headers = [ - '(request-target)' => 'post '.parse_url($url, PHP_URL_PATH), + '(request-target)' => $method . ' '.parse_url($url, PHP_URL_PATH), 'Host' => parse_url($url, PHP_URL_HOST), 'Date' => $date->format('D, d M Y H:i:s \G\M\T'), ];