Sign GET request to other instances

plume-common/src/activity_pub/inbox.rs

@@ -1,6 +1,11 @@
-use reqwest::header::{HeaderValue, ACCEPT};
+use reqwest::{
+    header::{HeaderValue, HOST},
+    Url,
+};
 use std::fmt::Debug;
 
+use super::{request, sign::Signer};
+
 /// Represents an ActivityPub inbox.
 ///
 /// It routes an incoming Activity through the registered handlers.
@@ -311,6 +316,14 @@ pub trait FromId<C>: Sized {
         id: &str,
         proxy: Option<reqwest::Proxy>,
     ) -> Result<Self::Object, (Option<serde_json::Value>, Self::Error)> {
+        let mut headers = request::headers();
+        let url = Url::parse(id).map_err(|_| (None, InboxError::DerefError.into()))?;
+        if !url.has_host() {
+            return Err((None, InboxError::DerefError.into()));
+        }
+        let host_header_value = HeaderValue::from_str(&url.host_str().expect("Unreachable"))
+            .map_err(|_| (None, InboxError::DerefError.into()))?;
+        headers.insert(HOST, host_header_value);
         if let Some(proxy) = proxy {
             reqwest::ClientBuilder::new().proxy(proxy)
         } else {
@@ -320,13 +333,13 @@ pub trait FromId<C>: Sized {
         .build()
         .map_err(|_| (None, InboxError::DerefError.into()))?
         .get(id)
+        .headers(headers.clone())
         .header(
-            ACCEPT,
+            "Signature",
-            HeaderValue::from_str(
+            request::signature(
-                &super::ap_accept_header()
+                Self::get_sender(),
-                    .into_iter()
+                &headers,
-                    .collect::<Vec<_>>()
+                ("get", url.path(), url.query()),
-                    .join(", "),
             )
             .map_err(|_| (None, InboxError::DerefError.into()))?,
         )
@@ -347,6 +360,8 @@ pub trait FromId<C>: Sized {
 
     /// Tries to find a `Self` with a given ID (`id`), using `ctx` (a database)
     fn from_db(ctx: &C, id: &str) -> Result<Self, Self::Error>;
+
+    fn get_sender() -> &'static dyn Signer;
 }
 
 /// Should be implemented by anything representing an ActivityPub actor.

plume-common/src/activity_pub/request.rs

@@ -118,8 +118,8 @@ type Path<'a> = &'a str;
 type Query<'a> = &'a str;
 type RequestTarget<'a> = (Method<'a>, Path<'a>, Option<Query<'a>>);
 
-pub fn signature<S: Signer>(
+pub fn signature(
-    signer: &S,
+    signer: &dyn Signer,
     headers: &HeaderMap,
     request_target: RequestTarget,
 ) -> Result<HeaderValue, Error> {

plume-models/src/blogs.rs

@@ -443,6 +443,10 @@ impl FromId<DbConn> for Blog {
             },
         )
     }
+
+    fn get_sender() -> &'static dyn sign::Signer {
+        Instance::get_local_instance_user().expect("Failed to local instance user")
+    }
 }
 
 impl AsActor<&PlumeRocket> for Blog {

plume-models/src/comments.rs

@@ -21,6 +21,7 @@ use diesel::{self, ExpressionMethods, QueryDsl, RunQueryDsl, SaveChangesDsl};
 use plume_common::{
     activity_pub::{
         inbox::{AsActor, AsObject, FromId},
+        sign::Signer,
         Id, IntoId, PUBLIC_VISIBILITY,
     },
     utils,
@@ -328,6 +329,10 @@ impl FromId<DbConn> for Comment {
         comm.notify(conn)?;
         Ok(comm)
     }
+
+    fn get_sender() -> &'static dyn Signer {
+        Instance::get_local_instance_user().expect("Failed to local instance user")
+    }
 }
 
 impl AsObject<User, Create, &DbConn> for Comment {

plume-models/src/follows.rs

@@ -1,6 +1,6 @@
 use crate::{
-    ap_url, db_conn::DbConn, notifications::*, schema::follows, users::User, Connection, Error,
+    ap_url, db_conn::DbConn, instance::Instance, notifications::*, schema::follows, users::User,
-    Result, CONFIG,
+    Connection, Error, Result, CONFIG,
 };
 use activitypub::activity::{Accept, Follow as FollowAct, Undo};
 use diesel::{self, ExpressionMethods, QueryDsl, RunQueryDsl, SaveChangesDsl};
@@ -183,6 +183,10 @@ impl FromId<DbConn> for Follow {
         .map_err(|(_, e)| e)?;
         Follow::accept_follow(conn, &actor, &target, follow, actor.id, target.id)
     }
+
+    fn get_sender() -> &'static dyn Signer {
+        Instance::get_local_instance_user().expect("Failed to local instance user")
+    }
 }
 
 impl AsObject<User, Undo, &DbConn> for Follow {

plume-models/src/likes.rs

@@ -1,12 +1,13 @@
 use crate::{
-    db_conn::DbConn, notifications::*, posts::Post, schema::likes, timeline::*, users::User,
+    db_conn::DbConn, instance::Instance, notifications::*, posts::Post, schema::likes, timeline::*,
-    Connection, Error, Result, CONFIG,
+    users::User, Connection, Error, Result, CONFIG,
 };
 use activitypub::activity;
 use chrono::NaiveDateTime;
 use diesel::{self, ExpressionMethods, QueryDsl, RunQueryDsl};
 use plume_common::activity_pub::{
     inbox::{AsActor, AsObject, FromId},
+    sign::Signer,
     Id, IntoId, PUBLIC_VISIBILITY,
 };
 
@@ -137,6 +138,10 @@ impl FromId<DbConn> for Like {
         res.notify(conn)?;
         Ok(res)
     }
+
+    fn get_sender() -> &'static dyn Signer {
+        Instance::get_local_instance_user().expect("Failed to local instance user")
+    }
 }
 
 impl AsObject<User, activity::Undo, &DbConn> for Like {

plume-models/src/posts.rs

@@ -15,6 +15,7 @@ use once_cell::sync::Lazy;
 use plume_common::{
     activity_pub::{
         inbox::{AsActor, AsObject, FromId},
+        sign::Signer,
         Hashtag, Id, IntoId, Licensed, Source, PUBLIC_VISIBILITY,
     },
     utils::{iri_percent_encode_seg, md_to_html},
@@ -759,6 +760,10 @@ impl FromId<DbConn> for Post {
 
         Ok(post)
     }
+
+    fn get_sender() -> &'static dyn Signer {
+        Instance::get_local_instance_user().expect("Failed to local instance user")
+    }
 }
 
 impl AsObject<User, Create, &DbConn> for Post {
@@ -830,6 +835,10 @@ impl FromId<DbConn> for PostUpdate {
             tags: updated.object.object_props.tag,
         })
     }
+
+    fn get_sender() -> &'static dyn Signer {
+        Instance::get_local_instance_user().expect("Failed to local instance user")
+    }
 }
 
 impl AsObject<User, Update, &DbConn> for PostUpdate {

plume-models/src/reshares.rs

@@ -1,12 +1,13 @@
 use crate::{
-    db_conn::DbConn, notifications::*, posts::Post, schema::reshares, timeline::*, users::User,
+    db_conn::DbConn, instance::Instance, notifications::*, posts::Post, schema::reshares,
-    Connection, Error, Result, CONFIG,
+    timeline::*, users::User, Connection, Error, Result, CONFIG,
 };
 use activitypub::activity::{Announce, Undo};
 use chrono::NaiveDateTime;
 use diesel::{self, ExpressionMethods, QueryDsl, RunQueryDsl};
 use plume_common::activity_pub::{
     inbox::{AsActor, AsObject, FromId},
+    sign::Signer,
     Id, IntoId, PUBLIC_VISIBILITY,
 };
 
@@ -162,6 +163,10 @@ impl FromId<DbConn> for Reshare {
         res.notify(conn)?;
         Ok(res)
     }
+
+    fn get_sender() -> &'static dyn Signer {
+        Instance::get_local_instance_user().expect("Failed to local instance user")
+    }
 }
 
 impl AsObject<User, Undo, &DbConn> for Reshare {

plume-models/src/users.rs

@@ -1039,6 +1039,10 @@ impl FromId<DbConn> for User {
 
         Ok(user)
     }
+
+    fn get_sender() -> &'static dyn Signer {
+        Instance::get_local_instance_user().expect("Failed to local instance user")
+    }
 }
 
 impl AsActor<&DbConn> for User {