[feat] check inbox signature
This commit is contained in:
parent
7027a4a07a
commit
0f9761ff5c
3 changed files with 44 additions and 4 deletions
11
demo/actor.py
Normal file
11
demo/actor.py
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
"""ActivityPub Actor"""
|
||||||
|
import demo.activitypub as ap
|
||||||
|
|
||||||
|
|
||||||
|
def fetch_actor(
|
||||||
|
actor_url: str,
|
||||||
|
) -> dict:
|
||||||
|
"""Fetch actor"""
|
||||||
|
ap_object = ap.fetch(actor_url)
|
||||||
|
return ap_object
|
|
@ -8,7 +8,7 @@ from dataclasses import dataclass
|
||||||
from Crypto.Hash import SHA256
|
from Crypto.Hash import SHA256
|
||||||
from Crypto.Signature import PKCS1_v1_5
|
from Crypto.Signature import PKCS1_v1_5
|
||||||
from Crypto.PublicKey import RSA
|
from Crypto.PublicKey import RSA
|
||||||
from httpx import Headers
|
from werkzeug.datastructures import Headers
|
||||||
|
|
||||||
|
|
||||||
@dataclass
|
@dataclass
|
||||||
|
|
|
@ -1,19 +1,48 @@
|
||||||
"""Request checker"""
|
"""Request checker"""
|
||||||
|
import json
|
||||||
|
|
||||||
from flask import Request, abort
|
from flask import Request, abort
|
||||||
from demo.httpsig import HttpSignature
|
from demo.httpsig import HttpSignature, SignedData
|
||||||
|
from demo.actor import fetch_actor
|
||||||
|
|
||||||
|
|
||||||
def inbox_prechecker(
|
def inbox_prechecker(
|
||||||
request: Request,
|
request: Request,
|
||||||
) -> bool:
|
) -> bool:
|
||||||
"""Inbox request prechecker"""
|
"""Inbox request prechecker"""
|
||||||
|
payload = request.headers
|
||||||
|
ap_body = request.data
|
||||||
try:
|
try:
|
||||||
payload = request.headers
|
|
||||||
parsec_signature = HttpSignature.parse_signature(
|
parsec_signature = HttpSignature.parse_signature(
|
||||||
payload["signature"]
|
payload["signature"]
|
||||||
)
|
)
|
||||||
print(parsec_signature)
|
|
||||||
except KeyError:
|
except KeyError:
|
||||||
abort(401, "Missing signature key!")
|
abort(401, "Missing signature key!")
|
||||||
|
|
||||||
|
actor_id = request.get_json()["actor"]
|
||||||
|
actor = fetch_actor(actor_id)
|
||||||
|
|
||||||
|
try:
|
||||||
|
pub_key = actor["publicKey"]["publicKeyPem"]
|
||||||
|
except json.JSONDecodeError:
|
||||||
|
raise ValueError
|
||||||
|
except KeyError:
|
||||||
|
print("actore gone?")
|
||||||
|
raise KeyError
|
||||||
|
|
||||||
|
sigdate = SignedData(
|
||||||
|
method = request.method,
|
||||||
|
path = request.path,
|
||||||
|
signed_list = parsec_signature["headers"],
|
||||||
|
body_digest = HttpSignature.calculation_digest(ap_body),
|
||||||
|
headers = request.headers,
|
||||||
|
)
|
||||||
|
|
||||||
|
is_verify = HttpSignature.verify_signature(
|
||||||
|
HttpSignature.build_signature_string(sigdate),
|
||||||
|
parsec_signature["signature"],
|
||||||
|
pub_key,
|
||||||
|
)
|
||||||
|
|
||||||
|
print(is_verify)
|
||||||
return True
|
return True
|
||||||
|
|
Loading…
Reference in a new issue