kevadesu/forgejo
1
0
Fork 1
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-08-14 15:16:49 +02:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/routers/api/v1/activitypub/reqsignature.go
Michael Jerger 388e4eb44b fix: assorted ActivityPub code only refactors (#8708) 
Fix parts of issue #8221 and part of PR #4767

Is linked to https://codeberg.org/forgejo/forgejo/pulls/8274

The commit 555f6e57ad fixes timeout forgejo/forgejo#8274 (Kommentar)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8708
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2025-07-28 15:17:29 +02:00

94 lines
2.6 KiB
Go
Raw Blame History

// Copyright 2022 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package activitypub
import (
"net/http"
"forgejo.org/modules/log"
"forgejo.org/modules/setting"
services_context "forgejo.org/services/context"
"forgejo.org/services/federation"
"github.com/42wim/httpsig"
)
func verifyHTTPUserOrInstanceSignature(ctx services_context.APIContext) (authenticated bool, err error) {
if !setting.Federation.SignatureEnforced {
return true, nil
}
r := ctx.Req
// 1. Figure out what key we need to verify
v, err := httpsig.NewVerifier(r)
if err != nil {
return false, err
}
signatureAlgorithm := httpsig.Algorithm(setting.Federation.SignatureAlgorithms[0])
pubKey, err := federation.FindOrCreateFederatedUserKey(ctx, v.KeyId())
if err != nil || pubKey == nil {
pubKey, err = federation.FindOrCreateFederationHostKey(ctx, v.KeyId())
if err != nil {
return false, err
}
}
err = v.Verify(pubKey, signatureAlgorithm)
if err != nil {
return false, err
}
return true, nil
}
func verifyHTTPUserSignature(ctx services_context.APIContext) (authenticated bool, err error) {
if !setting.Federation.SignatureEnforced {
return true, nil
}
r := ctx.Req
// 1. Figure out what key we need to verify
v, err := httpsig.NewVerifier(r)
if err != nil {
return false, err
}
signatureAlgorithm := httpsig.Algorithm(setting.Federation.SignatureAlgorithms[0])
pubKey, err := federation.FindOrCreateFederatedUserKey(ctx, v.KeyId())
if err != nil {
return false, err
}
err = v.Verify(pubKey, signatureAlgorithm)
if err != nil {
return false, err
}
return true, nil
}
// ReqHTTPSignature function
func ReqHTTPUserOrInstanceSignature() func(ctx *services_context.APIContext) {
return func(ctx *services_context.APIContext) {
if authenticated, err := verifyHTTPUserOrInstanceSignature(*ctx); err != nil {
log.Warn("verifyHttpSignatures failed: %v", err)
ctx.Error(http.StatusBadRequest, "reqSignature", "request signature verification failed")
} else if !authenticated {
ctx.Error(http.StatusForbidden, "reqSignature", "request signature verification failed")
}
}
}
// ReqHTTPUserSignature function
func ReqHTTPUserSignature() func(ctx *services_context.APIContext) {
return func(ctx *services_context.APIContext) {
if authenticated, err := verifyHTTPUserSignature(*ctx); err != nil {
log.Warn("verifyHttpSignatures failed: %v", err)
ctx.Error(http.StatusBadRequest, "reqSignature", "request signature verification failed")
} else if !authenticated {
ctx.Error(http.StatusForbidden, "reqSignature", "request signature verification failed")
}
}
}
Reference in a new issue View git blame Copy permalink