Halaman utama Jelajahi Bantuan
Daftar Masuk
oleg
/
pixelfed
cermin dari https://github.com/pixelfed/pixelfed.git
1
0
Fork 0
Berkas Masalah 0 Wiki
Jelajahi Sumber

Fixes #719, add blind key rotation

Daniel Supernault 6 tahun lalu
induk
714e47f387
melakukan
2d2c9a60f8
1 mengubah file dengan 40 tambahan dan 4 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 40 4
      app/Http/Controllers/FederationController.php

+ 40 - 4
app/Http/Controllers/FederationController.php
Tampilan Berkas 

@@ -180,6 +180,20 @@ XML;
 
         if($profile->status != null) {
 
             return ProfileController::accountCheck($profile);
 
         }
 
+        $body = $request->getContent();
 
+        $bodyDecoded = json_decode($body, true, 8);
 
+        if($this->verifySignature($request, $profile) == true) {
 
+            InboxWorker::dispatch($request->headers->all(), $profile, $bodyDecoded);
 
+        } else if($this->blindKeyRotation($request, $profile) == true) {
 
+            InboxWorker::dispatch($request->headers->all(), $profile, $bodyDecoded);
 
+        } else {
 
+            abort(400, 'Bad Signature');
 
+        }
 
+        return;
 
+    }
 
+
 
+    protected function verifySignature(Request $request, Profile $profile)
 
+    {
 
         $body = $request->getContent();
 
         $bodyDecoded = json_decode($body, true, 8);
 
         $signature = $request->header('signature');
 
@@ -209,11 +223,33 @@ XML;
 
         $pkey = openssl_pkey_get_public($actor->public_key);
 
         $inboxPath = "/users/{$profile->username}/inbox";
 
         list($verified, $headers) = HTTPSignature::verify($pkey, $signatureData, $request->headers->all(), $inboxPath, $body);
 
-        if($verified !== 1) { 
-            abort(400, 'Invalid signature.');
 
+        if($verified == 1) { 
+            return true;
 
+        } else {
 
+            return false;
 
         }
 
-        InboxWorker::dispatch($request->headers->all(), $profile, $bodyDecoded);
 
-        return;
 
+    }
 
+
 
+    protected function blindKeyRotation(Request $request, Profile $profile)
 
+    {
 
+        $signature = $request->header('signature');
 
+        if(!$signature) {
 
+            abort(400, 'Missing signature header');
 
+        }
 
+        $signatureData = HttpSignature::parseSignatureHeader($signature);
 
+        $keyId = Helpers::validateUrl($signatureData['keyId']);
 
+        $actor = Profile::whereKeyId($keyId)->first();
 
+        $res = Zttp::timeout(5)->withHeaders([
 
+          'Accept'     => 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
 
+          'User-Agent' => 'PixelFedBot v0.1 - https://pixelfed.org',
 
+        ])->get($actor->remote_url);
 
+        $res = json_decode($res->body(), true, 8);
 
+        if($res['publicKey']['id'] !== $actor->key_id) {
 
+            return false;
 
+        }
 
+        $actor->public_key = $res['publicKey']['publicKeyPem'];
 
+        $actor->save();
 
+        return $this->verifySignature($request, $profile);
 
     }
 
 
     public function userFollowing(Request $request, $username)