luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-06-24 10:00:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

feat(activitiypub): enable HTTP signatures on all ActivityPub endpoints (#7035)

Browse source 
- Set the right keyID and use the right signing keys for outgoing requests.
- Verify the HTTP signature of all incoming requests, except for the server actor.
- Caches keys of incoming requests for users and servers actors.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7035
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
This commit is contained in:
famfo 2025-04-03 15:24:15 +00:00 committed by Gusted
parent ba5b157f7e
commit 77b0275572
22 changed files with 681 additions and 122 deletions
Download patch file Download diff file Expand all files Collapse all files

10
routers/api/v1/api.go
View file

@ -840,22 +840,22 @@ func Routes() *web.Route {
m.Group("/activitypub", func() {
// deprecated, remove in 1.20, use /user-id/{user-id} instead
m.Group("/user/{username}", func() {
m.Get("", activitypub.Person)
m.Get("", activitypub.ReqHTTPSignature(), activitypub.Person)
m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.PersonInbox)
}, context.UserAssignmentAPI(), checkTokenPublicOnly())
m.Group("/user-id/{user-id}", func() {
m.Get("", activitypub.Person)
m.Get("", activitypub.ReqHTTPSignature(), activitypub.Person)
m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.PersonInbox)
}, context.UserIDAssignmentAPI(), checkTokenPublicOnly())
m.Group("/actor", func() {
m.Get("", activitypub.Actor)
m.Post("/inbox", activitypub.ActorInbox)
m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.ActorInbox)
})
m.Group("/repository-id/{repository-id}", func() {
m.Get("", activitypub.Repository)
m.Get("", activitypub.ReqHTTPSignature(), activitypub.Repository)
m.Post("/inbox",
bind(forgefed.ForgeLike{}),
// TODO: activitypub.ReqHTTPSignature(),
activitypub.ReqHTTPSignature(),
activitypub.RepositoryInbox)
}, context.RepositoryIDAssignmentAPI())
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryActivityPub))