fetch: add authorized_fetch()

2024-11-21 19:51:00 +00:00 · 2023-05-14 22:44:26 +02:00 · 2023-05-14 22:44:26 +02:00 · e8b2b807b2
commit e8b2b807b2
parent c0601f8eef
4 changed files with 63 additions and 15 deletions
--- a/src/digest.rs
+++ b/src/digest.rs
@ -0,0 +1,20 @@
+use http_digest_headers::{DigestHeader, DigestMethod};
+
+pub fn generate_header(body: &[u8]) -> Result<String, ()> {
+    let mut digest_header = DigestHeader::new()
+        .with_method(DigestMethod::SHA256, body)
+        .map(|h| format!("{}", h))
+        .map_err(|_| ())?;
+
+    // mastodon expects uppercase algo name
+    if digest_header.starts_with("sha-") {
+        digest_header.replace_range(..4, "SHA-");
+    }
+    // mastodon uses base64::alphabet::STANDARD, not base64::alphabet::URL_SAFE
+    digest_header.replace_range(
+        7..,
+        &digest_header[7..].replace('-', "+").replace('_', "/")
+    );
+
+    Ok(digest_header)
+}
--- a/src/fetch.rs
+++ b/src/fetch.rs
@ -1,4 +1,8 @@
+use http::StatusCode;
 use serde::de::DeserializeOwned;
+use sigh::{PrivateKey, SigningConfig, alg::RsaSha256};
+use crate::digest;
+use crate::send::SendError;

 pub async fn fetch<T>(client: &reqwest::Client, url: &str) -> Result<T, reqwest::Error>
 where
@ -11,3 +15,38 @@ where
        .json()
        .await
 }
+
+pub async fn authorized_fetch<T>(
+    client: &reqwest::Client,
+    uri: &str,
+    key_id: &str,
+    private_key: &PrivateKey,
+) -> Result<T, SendError>
+where
+    T: DeserializeOwned,
+{
+    let url = reqwest::Url::parse(uri)
+        .map_err(|_| SendError::InvalidUri)?;
+    let host = format!("{}", url.host().ok_or(SendError::InvalidUri)?);
+    let digest_header = digest::generate_header(&[])
+        .expect("digest::generate_header");
+    let mut req = http::Request::builder()
+        .uri(uri)
+        .header("host", &host)
+        .header("content-type", "application/activity+json")
+        .header("date", chrono::Utc::now().to_rfc2822()
+            .replace("+0000", "GMT"))
+        .header("accept", "application/activity+json")
+        .header("digest", digest_header)
+        .body(vec![])?;
+    SigningConfig::new(RsaSha256, private_key, key_id)
+        .sign(&mut req)?;
+    let req: reqwest::Request = req.try_into()?;
+    let res = client.execute(req)
+        .await?;
+    if res.status() >= StatusCode::OK && res.status() < StatusCode::MULTIPLE_CHOICES {
+        Ok(res.json().await?)
+    } else {
+        Err(SendError::Response(format!("{}", res.text().await?)))
+    }
+}
--- a/src/main.rs
+++ b/src/main.rs
@ -17,8 +17,8 @@ use tracing_subscriber::{layer::SubscriberExt, util::SubscriberInitExt};
 mod config;
 mod actor;
 mod db;
+mod digest;
 mod fetch;
-pub use fetch::fetch;
 mod send;
 mod stream;
 mod relay;
--- a/src/send.rs
+++ b/src/send.rs
@ -47,22 +47,11 @@ pub async fn send_raw(
    private_key: &PrivateKey,
    body: Arc<Vec<u8>>,
 ) -> Result<(), SendError> {
-    let mut digest_header = DigestHeader::new()
-        .with_method(DigestMethod::SHA256, &body)
-        .map(|h| format!("{}", h))
-        .map_err(|_| SendError::Digest)?;
-    if digest_header.starts_with("sha-") {
-        digest_header.replace_range(..4, "SHA-");
-    }
-    // mastodon uses base64::alphabet::STANDARD, not base64::alphabet::URL_SAFE
-    digest_header.replace_range(
-        7..,
-        &digest_header[7..].replace('-', "+").replace('_', "/")
-    );
-
    let url = reqwest::Url::parse(uri)
-        .map_err(|_| SendError::InvalidUri)?;
+        .map_err(|_| Error::InvalidUri)?;
    let host = format!("{}", url.host().ok_or(SendError::InvalidUri)?);
+    let digest_header = digest::generate_header(&body)
+        .map_err(|()| SendError::Digest)?;
    let mut req = http::Request::builder()
        .method("POST")
        .uri(uri)