Add signed GET for secure mode compatibility

app/Services/ActivityPubFetchService.php

@@ -9,51 +9,16 @@ use App\Util\ActivityPub\HttpSignature;
 
 class ActivityPubFetchService
 {
-	public $signed = true;
-	public $actor;
-	public $url;
-	public $headers = [
-		'Accept'		=> 'application/activity+json, application/json',
-		'User-Agent'	=> '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')'
-	];
-
-	public static function queue()
-	{
-		return new self;
-	}
-
-	public function signed($signed = true)
-	{
-		$this->signed = $signed;
-		return $this;
-	}
-
-	public function actor($profile)
-	{
-		$this->actor = $profile;
-		return $this;
-	}
-
-	public function url($url)
-	{
-		if(!Helpers::validateUrl($url)) {
-			throw new \Exception('Invalid URL');
-		}
-		$this->url = $url;
-		return $this;
-	}
-
-	public function get()
-	{
-		if($this->signed == true && $this->actor == null) {
-			throw new \Exception('Cannot sign request without actor');
-		}
-		return $this->signedRequest();
-	}
-
-	protected function signedRequest()
+	public static function get($url)
 	{
-		$this->headers = HttpSignature::sign($this->actor, $this->url, false, $this->headers);
-		return Zttp::withHeaders($this->headers)->get($this->url)->body();
+		$headers = HttpSignature::instanceActorSign($url, false, [
+			'Accept'		=> 'application/activity+json, application/json',
+			'User-Agent'	=> '(Pixelfed/'.config('pixelfed.version').'; +'.config('app.url').')'
+		]);
+
+		return Zttp::withHeaders($headers)
+			->timeout(30)
+			->get($url)
+			->body();
 	}
 }

app/Util/ActivityPub/Helpers.php

@@ -23,6 +23,7 @@ use App\Jobs\ImageOptimizePipeline\{ImageOptimize,ImageThumbnail};
 use App\Jobs\StatusPipeline\NewStatusPipeline;
 use App\Util\ActivityPub\HttpSignature;
 use Illuminate\Support\Str;
+use App\Services\ActivityPubFetchService;
 use App\Services\ActivityPubDeliveryService;
 use App\Services\MediaPathService;
 use App\Services\MediaStorageService;
@@ -214,8 +215,8 @@ class Helpers {
 		$ttl = now()->addMinutes(5);
 
 		return Cache::remember($key, $ttl, function() use($url) {
-			$res = Zttp::withoutVerifying()->withHeaders(self::zttpUserAgent())->get($url);
-			$res = json_decode($res->body(), true, 8);
+			$res = ActivityPubFetchService::get($url);
+			$res = json_decode($res, true, 8);
 			if(json_last_error() == JSON_ERROR_NONE) {
 				return $res;
 			} else {

app/Util/ActivityPub/HttpSignature.php

@@ -43,7 +43,7 @@ class HttpSignature {
       $digest = self::_digest($body);
     }
     $headers = self::_headersToSign($url, $body ? $digest : false);
-    $headers = array_merge($headers, $addlHeaders);
+    $headers = array_unique(array_merge($headers, $addlHeaders));
     $stringToSign = self::_headersToSigningString($headers);
     $signedHeaders = implode(' ', array_map('strtolower', array_keys($headers)));
     $key = openssl_pkey_get_private($privateKey);
@@ -53,7 +53,7 @@ class HttpSignature {
     unset($headers['(request-target)']);
     $headers['Signature'] = $signatureHeader;
 
-    return self::_headersToCurlArray($headers);
+    return $headers;
   }
 
   public static function parseSignatureHeader($signature) {