[feat] check inbox signature
This commit is contained in:
parent
7027a4a07a
commit
0f9761ff5c
3 changed files with 44 additions and 4 deletions
11
demo/actor.py
Normal file
11
demo/actor.py
Normal file
|
@ -0,0 +1,11 @@
|
|||
#!/usr/bin/env python3
|
||||
"""ActivityPub Actor"""
|
||||
import demo.activitypub as ap
|
||||
|
||||
|
||||
def fetch_actor(
|
||||
actor_url: str,
|
||||
) -> dict:
|
||||
"""Fetch actor"""
|
||||
ap_object = ap.fetch(actor_url)
|
||||
return ap_object
|
|
@ -8,7 +8,7 @@ from dataclasses import dataclass
|
|||
from Crypto.Hash import SHA256
|
||||
from Crypto.Signature import PKCS1_v1_5
|
||||
from Crypto.PublicKey import RSA
|
||||
from httpx import Headers
|
||||
from werkzeug.datastructures import Headers
|
||||
|
||||
|
||||
@dataclass
|
||||
|
|
|
@ -1,19 +1,48 @@
|
|||
"""Request checker"""
|
||||
import json
|
||||
|
||||
from flask import Request, abort
|
||||
from demo.httpsig import HttpSignature
|
||||
from demo.httpsig import HttpSignature, SignedData
|
||||
from demo.actor import fetch_actor
|
||||
|
||||
|
||||
def inbox_prechecker(
|
||||
request: Request,
|
||||
) -> bool:
|
||||
"""Inbox request prechecker"""
|
||||
payload = request.headers
|
||||
ap_body = request.data
|
||||
try:
|
||||
payload = request.headers
|
||||
parsec_signature = HttpSignature.parse_signature(
|
||||
payload["signature"]
|
||||
)
|
||||
print(parsec_signature)
|
||||
except KeyError:
|
||||
abort(401, "Missing signature key!")
|
||||
|
||||
actor_id = request.get_json()["actor"]
|
||||
actor = fetch_actor(actor_id)
|
||||
|
||||
try:
|
||||
pub_key = actor["publicKey"]["publicKeyPem"]
|
||||
except json.JSONDecodeError:
|
||||
raise ValueError
|
||||
except KeyError:
|
||||
print("actore gone?")
|
||||
raise KeyError
|
||||
|
||||
sigdate = SignedData(
|
||||
method = request.method,
|
||||
path = request.path,
|
||||
signed_list = parsec_signature["headers"],
|
||||
body_digest = HttpSignature.calculation_digest(ap_body),
|
||||
headers = request.headers,
|
||||
)
|
||||
|
||||
is_verify = HttpSignature.verify_signature(
|
||||
HttpSignature.build_signature_string(sigdate),
|
||||
parsec_signature["signature"],
|
||||
pub_key,
|
||||
)
|
||||
|
||||
print(is_verify)
|
||||
return True
|
||||
|
|
Loading…
Reference in a new issue