verify signatures produced by Discourse #111

2025-01-23 19:36:56 -08:00 · 2024-05-27 22:44:42 +12:00 · 2024-05-27 22:44:42 +12:00 · 53b64942c9
commit 53b64942c9
parent d1f7d35a83
1 changed files with 15 additions and 0 deletions
--- a/app/activitypub/signature.py
+++ b/app/activitypub/signature.py
@ -172,6 +172,17 @@ class RsaKeys:
        return private_key_serialized, public_key_serialized


+# Signatures
+def signature_part(signature, key):
+    parts = signature.split(',')
+    for part in parts:
+        part_parts = part.split('=')
+        part_parts[0] = part_parts[0].strip()
+        if part_parts[0] == key:
+            return part_parts[1].strip().replace('"', '')
+    return ''
+
+
 class HttpSignature:
    """
    Allows for calculation and verification of HTTP signatures
@ -198,6 +209,10 @@ class HttpSignature:
        for header_name in header_names:
            if header_name == "(request-target)":
                value = f"{request.method.lower()} {request.path}"
+            elif header_name == '(created)':
+                value = signature_part(request.headers.get('Signature'), 'created')  # Don't use parse_signature because changing HttpSignatureDetails changes everything & I don't have the spoons for that ATM.
+            elif header_name == '(expires)':
+                value = signature_part(request.headers.get('Signature'), 'expires')
            elif header_name == "content-type":
                value = request.headers.get("Content-Type", "")
            elif header_name == "content-length":