fr33domlover
58a56b6743
Make noteId optional, to support taking a Note in postOutboxR
2019-03-23 02:05:30 +00:00
fr33domlover
88d4c976ee
Add route getMessageR, returns an Activity Note for any locally created Message
2019-03-22 20:46:42 +00:00
fr33domlover
6c186355f3
Change some top-level routes' breadcrumbs to be under HomeR
2019-03-22 05:17:58 +00:00
fr33domlover
c27636a438
Add route /publish for sending activities, getOutboxR now free to return outbox
2019-03-22 05:17:54 +00:00
fr33domlover
d40e1b8891
In outbox post form, provide parent and context, and default to ticket comment
2019-03-21 23:56:47 +00:00
fr33domlover
ad3a20d783
Receive remote comments on local ticket discussion
2019-03-21 22:57:15 +00:00
fr33domlover
72f96a0dff
When verifying HTTPsig, return iid&rsid and remove duplicate shared usage check
...
* Adapt DB related code to return the InstanceId and RemoteSharerId
* Previously, when fetching a known shared key, we were running a DB
check/update for the shared usage record. I noticed - and hopefully I
correctly noticed - that this check already runs when we discover the keyId
points to a shared key we already know. So, after successful sig
verification, there's no need to run the check again. So I removed it.
2019-03-21 21:38:59 +00:00
fr33domlover
061c84349d
Recognize the 3 variants of the Public collection URI when parsing audience
2019-03-21 19:13:36 +00:00
fr33domlover
77324442fc
Fetch local messages by LocalMessageId, not by MessageId
2019-03-21 19:06:52 +00:00
fr33domlover
68b0ae7829
When receiving HTTP signed request, check the keyId host for weird cases
...
- Exclude hosts without periods, so things like localhost and IPv6 are rejected
- Exclude hosts without letters, so things like IPv4 are rejected
- Exclude the instance's own host, just in case somehow some fake activity
slips in and gets approved, maybe even accidentally when delivered by another
server
2019-03-20 12:27:40 +00:00
fr33domlover
747bbd5f0c
Publish actor documents for projects, and add some new properties to Actor
2019-03-20 12:01:10 +00:00
fr33domlover
ade1157a04
Add a custom ActivityPub actor type: Project
2019-03-20 10:36:00 +00:00
fr33domlover
3f2a178830
New module Yesod.FedURI: Render routes into FedURI and LocalURI
2019-03-20 10:08:36 +00:00
fr33domlover
6f3df6d569
Allow actors not to list any public keys at all
2019-03-20 09:31:08 +00:00
fr33domlover
716487f2b8
In ticket comment tree, support mixing local and remote (federated) comments
2019-03-20 08:07:37 +00:00
fr33domlover
e0de4cdcc7
Remove Discussion's nextMessage field, it's not being used anymore
2019-03-18 20:18:25 +00:00
fr33domlover
4b351ef62e
Automatically set approot to https://HOST and require Host header to match
2019-03-16 17:15:31 +00:00
fr33domlover
a9eaf35d5e
When verifying HTTP sig, require ActivityPub-Actor to be signed only if present
2019-03-16 15:48:25 +00:00
fr33domlover
475e398d6d
Switch ticket comment IDs to use Hashids-of-MessageId instead of custom number
2019-03-15 16:36:02 +00:00
fr33domlover
9e881554ea
Make frg:isShared key property optional, it was accidentally required
2019-03-15 16:33:10 +00:00
fr33domlover
0e0afa78f9
Parse/encoding audience targetting activity fields
2019-03-14 02:30:36 +00:00
fr33domlover
24c091a248
Add activity types Follow, Accept, Reject
2019-03-13 23:37:58 +00:00
fr33domlover
f6cbc1eb8a
Use file based switches to relax keyfile loading rules
2019-03-11 02:01:41 +00:00
fr33domlover
2a39378468
HTTP Signature verification: RSA-SHA256 and PEM/ASN1 support
...
Before, things worked like this:
* Only signatures of Ed25519 keys could be verified
* Key encoding placed the plain binary Ed25519 key in the PEM, instead of the
key's ASN1 encoding
With this patch it now works like this:
* Ed25519 signatures are supported as before
* RSA keys are now supported too, assuming RSA-SHA256 signatures
* Both Ed25519 and RSA keys are encoded and decoded using actual PEM with ASN1
2019-03-10 23:15:42 +00:00
fr33domlover
ef57f29a54
Adapt Activity/Create/Note to new ActivityPub typeclass and add safety checks
2019-03-10 06:42:03 +00:00
fr33domlover
61d1aa6720
Define HMAC based access token and switch CapSignKey from Ed25519 to HMAC
2019-03-09 21:21:36 +00:00
fr33domlover
fdbe46741b
When POSTing an activity, protect remote actor DB insertion with withHostLock
2019-03-09 17:12:43 +00:00
fr33domlover
e341f62587
Fix typo in comment
2019-03-09 15:44:31 +00:00
fr33domlover
468202cf45
Fix instance mutex deadlock, accidentally initialized the MVar empty
2019-03-09 15:43:30 +00:00
fr33domlover
37216d9045
Move remote actor DB code from Foundation to separate module
2019-03-09 15:40:02 +00:00
fr33domlover
b0e33af4d8
Fix typo in actor key route
2019-03-06 01:49:55 +00:00
fr33domlover
043022d117
When verifying HTTP sig, make Ed25519 verification failure message clearer
2019-03-06 01:31:30 +00:00
fr33domlover
c26289cf42
Don't check CSRF token in InboxR, POSTs there freely come from other servers
2019-03-05 09:00:22 +00:00
fr33domlover
6e721797e9
Catch sig generation error when sending signed HTTP POST
2019-03-05 08:26:41 +00:00
fr33domlover
97594dc945
Fix default actor URI in OutboxR form, from /p to /s
2019-03-04 20:12:19 +00:00
fr33domlover
378ca1b3d4
Fix bug in FedURI parsing
2019-03-04 20:11:58 +00:00
fr33domlover
bb662e798f
Display clearer error message when GETing recipient actor fails
2019-03-04 15:47:22 +00:00
fr33domlover
78b5bad2c4
Support bypassing email verification of new users
2019-03-04 14:51:51 +00:00
fr33domlover
c41f1183e0
Display instance host at the top of all pages
2019-03-04 09:06:23 +00:00
fr33domlover
ad034dbacc
Make the registration switch work again
2019-03-04 08:14:36 +00:00
fr33domlover
6bbba4ce5c
Use MVars to protect concurrenct access to instance/actor/key DB records
2019-03-02 19:13:51 +00:00
fr33domlover
f09bdd4141
Add key storage mode that replaces old keys instead of rejecting new ones
2019-02-26 14:00:22 +00:00
fr33domlover
2e705b6868
Make key storage limits configurable instead of hardcoding to 2
2019-02-24 01:35:07 +00:00
fr33domlover
17524b6ee1
Remove hardcoded-to-2 limit on length of an actor's list of public keys
2019-02-24 01:21:42 +00:00
fr33domlover
0912b8e291
Use the DB for checking key usage by actors
...
* When we refetch a personal key, we never need to separately fetch the actor
* When we refetch a shared key, check usage in DB and insert usage to DB
2019-02-23 17:17:52 +00:00
fr33domlover
b53a7b4f48
Refactor actor key fetching code a bit
2019-02-22 08:30:43 +00:00
fr33domlover
1affe269bb
Refactor HTTP sig verification DB update code
2019-02-22 07:20:19 +00:00
fr33domlover
d3e14b3edf
Add LocalURI type for recording shared URI host
2019-02-21 23:59:53 +00:00
fr33domlover
aefb2aaee7
Add InstanceURI datatype
2019-02-20 07:40:25 +00:00
fr33domlover
4053f2f2b4
Record usage of instance keys in the DB
...
When we verify an HTTP signature,
* If we know the key, check in the DB whether we know the actor lists it. If it
doesn't, and there's room left for keys, HTTP GET the actor and update the DB
accordingly.
* If we know the key but had to update it, do the same, check usage in DB and
update DB if needed
* If we don't know the key, record usage in DB
However,
* If we're GETing a key and discovering it's a shared key, we GET the actor to
verify it lists the key. When we don't know the key at all yet, that's fine
(can be further optimized but it's marginal), but if it's a key we do know,
it means we already know the actor and for now it's enough for us to rely
only on the DB to test usage.
2019-02-19 10:54:55 +00:00