Mikaela/Limnoria
1
0
Fork 0
mirror of https://github.com/Mikaela/Limnoria.git synced 2024-11-19 08:59:27 +01:00
Code Issues Projects Releases Wiki Activity

Fediverse: Sign headers Date and Host to prevent replays.

Browse Source
This commit is contained in:
Valentin Lorentz 2020-05-09 22:18:03 +02:00
parent 5c5cad5851
commit cf2142ddd2
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
plugins/Fediverse/activitypub.py
View File

@ -30,7 +30,9 @@
import os
import json
import email
import base64
import datetime
import functools
import contextlib
import urllib.parse
@ -44,7 +46,7 @@ from cryptography.hazmat.primitives.asymmetric.rsa import generate_private_key
from supybot import commands, conf
from supybot.utils import web
from supybot.utils import gen, web
XRD_URI = "{http://docs.oasis-open.org/ns/xri/xrd-1.0}"
@ -189,14 +191,22 @@ def get_public_key_pem():
def signed_request(url, headers=None, data=None):
method = "get" if data is None else "post"
instance_actor_url = get_instance_actor_url()
headers = headers or {}
headers = gen.InsensitivePreservingDict(headers or {})
if 'Date' not in headers:
headers['Date'] = email.utils.formatdate(usegmt=True)
if instance_actor_url:
parsed_url = urllib.parse.urlparse(url)
signed_headers = [
(
"(request-target)",
method + " " + urllib.parse.urlparse(url).path,
)
method + " " + parsed_url.path,
),
(
"host",
parsed_url.hostname,
),
]
for (header_name, header_value) in headers.items():
signed_headers.append((header_name.lower(), header_value))