Include (request-target) and Host header to HTTP Signature

plume-common/src/activity_pub/mod.rs

@@ -1,6 +1,6 @@
 use activitypub::{Activity, Link, Object};
 use array_tool::vec::Uniq;
-use reqwest::r#async::ClientBuilder;
+use reqwest::{header::HeaderValue, r#async::ClientBuilder, Url};
 use rocket::{
     http::Status,
     request::{FromRequest, Request},
@@ -143,6 +143,20 @@ where
     for inbox in boxes {
         let body = signed.to_string();
         let mut headers = request::headers();
+        let url = Url::parse(&inbox);
+        if url.is_err() {
+            warn!("Inbox is invalid URL: {:?}", &inbox);
+            continue;
+        }
+        let url = url.unwrap();
+        if !url.has_host() {
+            warn!("Inbox doesn't have host: {:?}", &inbox);
+            continue;
+        };
+        headers.insert(
+            "Host",
+            HeaderValue::from_str(&url.host_str().unwrap()).unwrap(),
+        );
         headers.insert("Digest", request::Digest::digest(&body));
         rt.spawn(
             client
@@ -150,7 +164,7 @@ where
                 .headers(headers.clone())
                 .header(
                     "Signature",
-                    request::signature(sender, &headers)
+                    request::signature(sender, &headers, "post", url.path(), url.query())
                         .expect("activity_pub::broadcast: request signature error"),
                 )
                 .body(body)

plume-common/src/activity_pub/request.rs

@@ -112,25 +112,46 @@ pub fn headers() -> HeaderMap {
     headers
 }
 
-pub fn signature<S: Signer>(signer: &S, headers: &HeaderMap) -> Result<HeaderValue, Error> {
-    let signed_string = headers
+type Method<'a> = &'a str;
+type Path<'a> = &'a str;
+type Query<'a> = &'a str;
+
+pub fn signature<S: Signer>(
+    signer: &S,
+    headers: &HeaderMap,
+    method: Method,
+    path: Path,
+    query: Option<Query>,
+) -> Result<HeaderValue, Error> {
+    let origin_form = if let Some(query) = query {
+        format!("{}?{}", path, query)
+    } else {
+        path.to_string()
+    };
+
+    let mut headers = headers
         .iter()
         .map(|(h, v)| {
-            format!(
-                "{}: {}",
+            (
                 h.as_str().to_lowercase(),
                 v.to_str()
-                    .expect("request::signature: invalid header error")
+                    .expect("request::signature: invalid header error"),
             )
         })
+        .collect::<Vec<(String, &str)>>();
+    let request_target = format!("{} {}", method.to_lowercase(), origin_form);
+    headers.push(("(request-target)".to_string(), &request_target));
+
+    let signed_string = headers
+        .iter()
+        .map(|(h, v)| format!("{}: {}", h, v))
         .collect::<Vec<String>>()
         .join("\n");
     let signed_headers = headers
         .iter()
-        .map(|(h, _)| h.as_str())
+        .map(|(h, _)| h.as_ref())
         .collect::<Vec<&str>>()
-        .join(" ")
-        .to_lowercase();
+        .join(" ");
 
     let data = signer.sign(&signed_string).map_err(|_| Error())?;
     let sign = base64::encode(&data);