use @misskey-dev/node-http-message-signatures

2024-02-29 21:05:31 +00:00 · 2024-02-29 21:05:31 +00:00 · a1e6cb02b8
commit a1e6cb02b8
parent a4e7d6940b
8 changed files with 45 additions and 211 deletions
--- a/packages/backend/src/queue/processors/InboxProcessorService.ts
+++ b/packages/backend/src/queue/processors/InboxProcessorService.ts
@ -5,8 +5,8 @@

 import { URL } from 'node:url';
 import { Injectable } from '@nestjs/common';
-import httpSignature from '@peertube/http-signature';
 import * as Bull from 'bullmq';
+import { verifyDraftSignature } from '@misskey-dev/node-http-message-signatures';
 import type Logger from '@/logger.js';
 import { MetaService } from '@/core/MetaService.js';
 import { FederatedInstanceService } from '@/core/FederatedInstanceService.js';
@ -51,7 +51,7 @@ export class InboxProcessorService {

 	@bindThis
 	public async process(job: Bull.Job<InboxJobData>): Promise<string> {
-		const signature = job.data.signature;	// HTTP-signature
+		const signature = 'version' in job.data.signature ? job.data.signature.value : job.data.signature;
 		const activity = job.data.activity;

 		//#region Log
@ -103,7 +103,7 @@ export class InboxProcessorService {
 		}

 		// HTTP-Signatureの検証
-		const httpSignatureValidated = httpSignature.verifySignature(signature, authUser.key.keyPem);
+		const httpSignatureValidated = verifyDraftSignature(signature, authUser.key.keyPem);

 		// また、signatureのsignerは、activity.actorと一致する必要がある
 		if (!httpSignatureValidated || authUser.user.uri !== activity.actor) {
--- a/packages/backend/src/queue/types.ts
+++ b/packages/backend/src/queue/types.ts
@ -9,7 +9,23 @@ import type { MiNote } from '@/models/Note.js';
 import type { MiUser } from '@/models/User.js';
 import type { MiWebhook } from '@/models/Webhook.js';
 import type { IActivity } from '@/core/activitypub/type.js';
-import type httpSignature from '@peertube/http-signature';
+import type { ParsedSignature } from '@misskey-dev/node-http-message-signatures';
+
+/**
+ * @peertube/http-signature 時代の古いデータにも対応しておく
+ */
+export interface OldParsedSignature {
+	scheme: 'Signature';
+	params: {
+		keyId: string;
+		algorithm: string;
+		headers: string[];
+		signature: string;
+	};
+	signingString: string;
+	algorithm: string;
+	keyId: string;
+}

 export type DeliverJobData = {
 	/** Actor */
@ -26,7 +42,7 @@ export type DeliverJobData = {

 export type InboxJobData = {
 	activity: IActivity;
-	signature: httpSignature.IParsedSignature;
+	signature: ParsedSignature | OldParsedSignature;
 };

 export type RelationshipJobData = {