Add host/digest to HTTP signature

This commit is contained in:
mei23 2018-08-30 20:52:35 +09:00
parent f802fe57b9
commit dddf7834cc
1 changed files with 12 additions and 3 deletions

View File

@ -2,6 +2,7 @@ import { request } from 'https';
const { sign } = require('http-signature');
import { URL } from 'url';
import * as debug from 'debug';
const crypto = require('crypto');
import config from '../../config';
import { ILocalUser } from '../../models/user';
@ -13,6 +14,12 @@ export default (user: ILocalUser, url: string, object: any) => new Promise((reso
const { protocol, hostname, port, pathname, search } = new URL(url);
const data = JSON.stringify(object);
const sha256 = crypto.createHash('sha256');
sha256.update(data);
const hash = sha256.digest('base64');
const req = request({
protocol,
hostname,
@ -20,7 +27,8 @@ export default (user: ILocalUser, url: string, object: any) => new Promise((reso
method: 'POST',
path: pathname + search,
headers: {
'Content-Type': 'application/activity+json'
'Content-Type': 'application/activity+json',
'Digest': `SHA-256=${hash}`
}
}, res => {
log(`${url} --> ${res.statusCode}`);
@ -35,7 +43,8 @@ export default (user: ILocalUser, url: string, object: any) => new Promise((reso
sign(req, {
authorizationHeaderName: 'Signature',
key: user.keypair,
keyId: `${config.url}/users/${user._id}/publickey`
keyId: `${config.url}/users/${user._id}/publickey`,
headers: ['date', 'host', 'digest']
});
// Signature: Signature ... => Signature: ...
@ -43,5 +52,5 @@ export default (user: ILocalUser, url: string, object: any) => new Promise((reso
sig = sig.replace(/^Signature /, '');
req.setHeader('Signature', sig);
req.end(JSON.stringify(object));
req.end(data);
});