aitzol/Plume
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement Signer for Instance

Browse Source
This commit is contained in:
Kitaiti Makoto 2021-09-23 21:43:58 +09:00
parent 34b8fd83c1
commit 6e4def4cc5
2 changed files with 109 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
plume-models/src/instance.rs
View File

@ -9,11 +9,21 @@ use crate::{
use activitypub::{actor::Service, CustomObject}; use activitypub::{actor::Service, CustomObject};
use chrono::NaiveDateTime; use chrono::NaiveDateTime;
use diesel::{self, ExpressionMethods, QueryDsl, RunQueryDsl}; use diesel::{self, ExpressionMethods, QueryDsl, RunQueryDsl};
use openssl::{
hash::MessageDigest,
pkey::{PKey, Private},
rsa::Rsa,
sign,
};
use plume_common::{ use plume_common::{
activity_pub::{sign::gen_keypair, ApSignature, PublicKey}, activity_pub::{
sign::{gen_keypair, Signer},
ApSignature, PublicKey,
},
utils::md_to_html, utils::md_to_html,
}; };
use std::sync::RwLock; use std::sync::RwLock;
use tracing::warn;
pub type CustomService = CustomObject<ApSignature, Service>; pub type CustomService = CustomObject<ApSignature, Service>;
@ -270,13 +280,26 @@ impl Instance {
.map_err(Error::from) .map_err(Error::from)
} }
pub fn get_keypair(&self) -> Result<PKey<Private>> {
PKey::from_rsa(Rsa::private_key_from_pem(
self.private_key.clone()?.as_ref(),
)?)
.map_err(Error::from)
}
/// This is experimental and might change in the future.
/// Currently "!" sign is used but it's not decided.
pub fn ap_url(&self) -> String {
ap_url(&format!(
"{}/!/{}",
Self::get_local().unwrap().public_domain,
self.public_domain
))
}
pub fn to_activity(&self) -> Result<CustomService> { pub fn to_activity(&self) -> Result<CustomService> {
let mut actor = Service::default(); let mut actor = Service::default();
let id = ap_url(&format!( let id = self.ap_url();
"{}/!/{}",
Self::get_local()?.public_domain,
self.public_domain
));
actor.object_props.set_id_string(id.clone())?; actor.object_props.set_id_string(id.clone())?;
actor.object_props.set_name_string(self.name.clone())?; actor.object_props.set_name_string(self.name.clone())?;
@ -324,6 +347,34 @@ impl NewInstance {
} }
} }
impl Signer for Instance {
type Error = Error;
fn get_key_id(&self) -> String {
format!("{}#main-key", self.ap_url())
}
fn sign(&self, to_sign: &str) -> Result<Vec<u8>> {
let key = self.get_keypair()?;
let mut signer = sign::Signer::new(MessageDigest::sha256(), &key)?;
signer.update(to_sign.as_bytes())?;
signer.sign_to_vec().map_err(Error::from)
}
fn verify(&self, data: &str, signature: &[u8]) -> Result<bool> {
if self.public_key.is_none() {
warn!("missing public key for {}", self.public_domain);
return Err(Error::Signature);
}
let key = PKey::from_rsa(Rsa::public_key_from_pem(
self.public_key.clone().unwrap().as_ref(),
)?)?;
let mut verifier = sign::Verifier::new(MessageDigest::sha256(), &key)?;
verifier.update(data.as_bytes())?;
verifier.verify(&signature).map_err(Error::from)
}
}
#[cfg(test)] #[cfg(test)]
pub(crate) mod tests { pub(crate) mod tests {
use super::*; use super::*;

104
po/plume/plume.pot
View File

@ -60,83 +60,83 @@ msgstr ""
msgid "Optional" msgid "Optional"
msgstr "" msgstr ""
# src/routes/blogs.rs:63 # src/routes/blogs.rs:67
msgid "To create a new blog, you need to be logged in" msgid "To create a new blog, you need to be logged in"
msgstr "" msgstr ""
# src/routes/blogs.rs:102 # src/routes/blogs.rs:109
msgid "A blog with the same name already exists." msgid "A blog with the same name already exists."
msgstr "" msgstr ""
# src/routes/blogs.rs:140 # src/routes/blogs.rs:147
msgid "Your blog was successfully created!" msgid "Your blog was successfully created!"
msgstr "" msgstr ""
# src/routes/blogs.rs:159 # src/routes/blogs.rs:165
msgid "Your blog was deleted." msgid "Your blog was deleted."
msgstr "" msgstr ""
# src/routes/blogs.rs:167 # src/routes/blogs.rs:173
msgid "You are not allowed to delete this blog." msgid "You are not allowed to delete this blog."
msgstr "" msgstr ""
# src/routes/blogs.rs:218 # src/routes/blogs.rs:223
msgid "You are not allowed to edit this blog." msgid "You are not allowed to edit this blog."
msgstr "" msgstr ""
# src/routes/blogs.rs:274 # src/routes/blogs.rs:279
msgid "You can't use this media as a blog icon." msgid "You can't use this media as a blog icon."
msgstr "" msgstr ""
# src/routes/blogs.rs:292 # src/routes/blogs.rs:297
msgid "You can't use this media as a blog banner." msgid "You can't use this media as a blog banner."
msgstr "" msgstr ""
# src/routes/blogs.rs:326 # src/routes/blogs.rs:331
msgid "Your blog information have been updated." msgid "Your blog information have been updated."
msgstr "" msgstr ""
# src/routes/comments.rs:99 # src/routes/comments.rs:100
msgid "Your comment has been posted." msgid "Your comment has been posted."
msgstr "" msgstr ""
# src/routes/comments.rs:178 # src/routes/comments.rs:177
msgid "Your comment has been deleted." msgid "Your comment has been deleted."
msgstr "" msgstr ""
# src/routes/instance.rs:118 # src/routes/instance.rs:147
msgid "Instance settings have been saved." msgid "Instance settings have been saved."
msgstr "" msgstr ""
# src/routes/instance.rs:150 # src/routes/instance.rs:180
msgid "{} has been unblocked." msgid "{} has been unblocked."
msgstr "" msgstr ""
# src/routes/instance.rs:152 # src/routes/instance.rs:182
msgid "{} has been blocked." msgid "{} has been blocked."
msgstr "" msgstr ""
# src/routes/instance.rs:201 # src/routes/instance.rs:233
msgid "Blocks deleted" msgid "Blocks deleted"
msgstr "" msgstr ""
# src/routes/instance.rs:216 # src/routes/instance.rs:249
msgid "Email already blocked" msgid "Email already blocked"
msgstr "" msgstr ""
# src/routes/instance.rs:221 # src/routes/instance.rs:254
msgid "Email Blocked" msgid "Email Blocked"
msgstr "" msgstr ""
# src/routes/instance.rs:312 # src/routes/instance.rs:347
msgid "You can't change your own rights." msgid "You can't change your own rights."
msgstr "" msgstr ""
# src/routes/instance.rs:323 # src/routes/instance.rs:358
msgid "You are not allowed to take this action." msgid "You are not allowed to take this action."
msgstr "" msgstr ""
# src/routes/instance.rs:359 # src/routes/instance.rs:393
msgid "Done." msgid "Done."
msgstr "" msgstr ""
@ -144,23 +144,23 @@ msgstr ""
msgid "To like a post, you need to be logged in" msgid "To like a post, you need to be logged in"
msgstr "" msgstr ""
# src/routes/medias.rs:145 # src/routes/medias.rs:158
msgid "Your media have been deleted." msgid "Your media have been deleted."
msgstr "" msgstr ""
# src/routes/medias.rs:150 # src/routes/medias.rs:163
msgid "You are not allowed to delete this media." msgid "You are not allowed to delete this media."
msgstr "" msgstr ""
# src/routes/medias.rs:167 # src/routes/medias.rs:180
msgid "Your avatar has been updated." msgid "Your avatar has been updated."
msgstr "" msgstr ""
# src/routes/medias.rs:172 # src/routes/medias.rs:185
msgid "You are not allowed to use this media." msgid "You are not allowed to use this media."
msgstr "" msgstr ""
# src/routes/notifications.rs:28 # src/routes/notifications.rs:29
msgid "To see your notifications, you need to be logged in" msgid "To see your notifications, you need to be logged in"
msgstr "" msgstr ""
@ -168,51 +168,51 @@ msgstr ""
msgid "This post isn't published yet." msgid "This post isn't published yet."
msgstr "" msgstr ""
# src/routes/posts.rs:126 # src/routes/posts.rs:125
msgid "To write a new post, you need to be logged in" msgid "To write a new post, you need to be logged in"
msgstr "" msgstr ""
# src/routes/posts.rs:143 # src/routes/posts.rs:146
msgid "You are not an author of this blog." msgid "You are not an author of this blog."
msgstr "" msgstr ""
# src/routes/posts.rs:150 # src/routes/posts.rs:153
msgid "New post" msgid "New post"
msgstr "" msgstr ""
# src/routes/posts.rs:195 # src/routes/posts.rs:198
msgid "Edit {0}" msgid "Edit {0}"
msgstr "" msgstr ""
# src/routes/posts.rs:264 # src/routes/posts.rs:267
msgid "You are not allowed to publish on this blog." msgid "You are not allowed to publish on this blog."
msgstr "" msgstr ""
# src/routes/posts.rs:363 # src/routes/posts.rs:367
msgid "Your article has been updated." msgid "Your article has been updated."
msgstr "" msgstr ""
# src/routes/posts.rs:553 # src/routes/posts.rs:556
msgid "Your article has been saved." msgid "Your article has been saved."
msgstr "" msgstr ""
# src/routes/posts.rs:560 # src/routes/posts.rs:563
msgid "New article" msgid "New article"
msgstr "" msgstr ""
# src/routes/posts.rs:597 # src/routes/posts.rs:601
msgid "You are not allowed to delete this article." msgid "You are not allowed to delete this article."
msgstr "" msgstr ""
# src/routes/posts.rs:622 # src/routes/posts.rs:625
msgid "Your article has been deleted." msgid "Your article has been deleted."
msgstr "" msgstr ""
# src/routes/posts.rs:627 # src/routes/posts.rs:630
msgid "It looks like the article you tried to delete doesn't exist. Maybe it is already gone?" msgid "It looks like the article you tried to delete doesn't exist. Maybe it is already gone?"
msgstr "" msgstr ""
# src/routes/posts.rs:667 # src/routes/posts.rs:672
msgid "Couldn't obtain enough information about your account. Please make sure your username is correct." msgid "Couldn't obtain enough information about your account. Please make sure your username is correct."
msgstr "" msgstr ""
@ -220,63 +220,63 @@ msgstr ""
msgid "To reshare a post, you need to be logged in" msgid "To reshare a post, you need to be logged in"
msgstr "" msgstr ""
# src/routes/session.rs:88 # src/routes/session.rs:95
msgid "You are now connected." msgid "You are now connected."
msgstr "" msgstr ""
# src/routes/session.rs:109 # src/routes/session.rs:116
msgid "You are now logged off." msgid "You are now logged off."
msgstr "" msgstr ""
# src/routes/session.rs:154 # src/routes/session.rs:162
msgid "Password reset" msgid "Password reset"
msgstr "" msgstr ""
# src/routes/session.rs:155 # src/routes/session.rs:163
msgid "Here is the link to reset your password: {0}" msgid "Here is the link to reset your password: {0}"
msgstr "" msgstr ""
# src/routes/session.rs:215 # src/routes/session.rs:235
msgid "Your password was successfully reset." msgid "Your password was successfully reset."
msgstr "" msgstr ""
# src/routes/user.rs:142 # src/routes/user.rs:74
msgid "To access your dashboard, you need to be logged in" msgid "To access your dashboard, you need to be logged in"
msgstr "" msgstr ""
# src/routes/user.rs:164 # src/routes/user.rs:96
msgid "You are no longer following {}." msgid "You are no longer following {}."
msgstr "" msgstr ""
# src/routes/user.rs:181 # src/routes/user.rs:113
msgid "You are now following {}." msgid "You are now following {}."
msgstr "" msgstr ""
# src/routes/user.rs:261 # src/routes/user.rs:190
msgid "To subscribe to someone, you need to be logged in" msgid "To subscribe to someone, you need to be logged in"
msgstr "" msgstr ""
# src/routes/user.rs:365 # src/routes/user.rs:299
msgid "To edit your profile, you need to be logged in" msgid "To edit your profile, you need to be logged in"
msgstr "" msgstr ""
# src/routes/user.rs:411 # src/routes/user.rs:345
msgid "Your profile has been updated." msgid "Your profile has been updated."
msgstr "" msgstr ""
# src/routes/user.rs:438 # src/routes/user.rs:373
msgid "Your account has been deleted." msgid "Your account has been deleted."
msgstr "" msgstr ""
# src/routes/user.rs:444 # src/routes/user.rs:379
msgid "You can't delete someone else's account." msgid "You can't delete someone else's account."
msgstr "" msgstr ""
# src/routes/user.rs:528 # src/routes/user.rs:463
msgid "Registrations are closed on this instance." msgid "Registrations are closed on this instance."
msgstr "" msgstr ""
# src/routes/user.rs:551 # src/routes/user.rs:486
msgid "Your account has been created. Now you just need to log in, before you can use it." msgid "Your account has been created. Now you just need to log in, before you can use it."
msgstr "" msgstr ""