From 1e42ab1ee3c7b3935039b767c5b27d62dc01bfd3 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Fri, 7 Jun 2024 02:18:11 +0200
Subject: [PATCH] fetch, send: run signature in spawn_blocking

---
 src/fetch.rs | 15 +++++++++++----
 src/send.rs  | 15 +++++++++++----
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/src/fetch.rs b/src/fetch.rs
index 9cfb74a..eb4e09f 100644
--- a/src/fetch.rs
+++ b/src/fetch.rs
@@ -2,6 +2,7 @@ use std::time::SystemTime;
 use http::StatusCode;
 use serde::de::DeserializeOwned;
 use sigh::{PrivateKey, SigningConfig, alg::RsaSha256};
+use tokio::task::spawn_blocking;
 use crate::{digest, error::Error};
 
 pub async fn authorized_fetch<T>(
@@ -26,11 +27,17 @@ where
         .header("accept", "application/activity+json")
         .header("digest", digest_header)
         .body(vec![])?;
-    SigningConfig::new(RsaSha256, private_key, key_id)
-        .sign(&mut req)?;
+    let private_key = private_key.clone();
+    let key_id = key_id.to_string();
+    let req = spawn_blocking(move || {
+        SigningConfig::new(RsaSha256, &private_key, &key_id).sign(&mut req)?;
+        Ok(req)
+    })
+    .await
+    .map_err(|e| Error::Response(format!("{e}")))?
+    .map_err(|e: sigh::Error| Error::Response(format!("{e}")))?;
     let req: reqwest::Request = req.try_into()?;
-    let res = client.execute(req)
-        .await?;
+    let res = client.execute(req).await?;
     if res.status() >= StatusCode::OK && res.status() < StatusCode::MULTIPLE_CHOICES {
         Ok(res.json().await?)
     } else {
diff --git a/src/send.rs b/src/send.rs
index 58a0d5c..fe87003 100644
--- a/src/send.rs
+++ b/src/send.rs
@@ -6,6 +6,7 @@ use http::StatusCode;
 use metrics::histogram;
 use serde::Serialize;
 use sigh::{PrivateKey, SigningConfig, alg::RsaSha256};
+use tokio::task::spawn_blocking;
 use crate::{digest, error::Error};
 
 pub async fn send<T: Serialize>(
@@ -42,12 +43,18 @@ pub async fn send_raw(
         .header("digest", digest_header)
         .body(body.as_ref().clone())?;
     let t1 = Instant::now();
-    SigningConfig::new(RsaSha256, private_key, key_id)
-        .sign(&mut req)?;
+    let private_key = private_key.clone();
+    let key_id = key_id.to_string();
+    let req = spawn_blocking(move || {
+        SigningConfig::new(RsaSha256, &private_key, &key_id).sign(&mut req)?;
+        Ok(req)
+    })
+    .await
+    .map_err(|e| Error::Response(format!("{e}")))?
+    .map_err(|e: sigh::Error| Error::Response(format!("{e}")))?;
     let t2 = Instant::now();
     let req: reqwest::Request = req.try_into()?;
-    let res = client.execute(req)
-        .await?;
+    let res = client.execute(req).await?;
     let t3 = Instant::now();
     histogram!("relay_http_request_duration")
         .record(t2 - t1);