Move signed request onto Identity as a shortcut

This commit is contained in:
Andrew Godwin 2022-11-20 18:32:55 -07:00
parent 5ddce16213
commit 97a841d1bb
3 changed files with 31 additions and 22 deletions

View file

@ -3,7 +3,6 @@ from django.db import models
from activities.models.timeline_event import TimelineEvent from activities.models.timeline_event import TimelineEvent
from core.ld import canonicalise from core.ld import canonicalise
from core.signatures import HttpSignature
from stator.models import State, StateField, StateGraph, StatorModel from stator.models import State, StateField, StateGraph, StatorModel
@ -31,11 +30,10 @@ class FanOutStates(StateGraph):
# Send it to the remote inbox # Send it to the remote inbox
post = await fan_out.subject_post.afetch_full() post = await fan_out.subject_post.afetch_full()
# Sign it and send it # Sign it and send it
await HttpSignature.signed_request( await post.author.signed_request(
method="post",
uri=fan_out.identity.inbox_uri, uri=fan_out.identity.inbox_uri,
body=canonicalise(post.to_create_ap()), body=canonicalise(post.to_create_ap()),
private_key=post.author.private_key,
key_id=post.author.public_key_id,
) )
# Handle boosts/likes # Handle boosts/likes
elif fan_out.type == FanOut.Types.interaction: elif fan_out.type == FanOut.Types.interaction:
@ -48,11 +46,10 @@ class FanOutStates(StateGraph):
) )
else: else:
# Send it to the remote inbox # Send it to the remote inbox
await HttpSignature.signed_request( await interaction.identity.signed_request(
method="post",
uri=fan_out.identity.inbox_uri, uri=fan_out.identity.inbox_uri,
body=canonicalise(interaction.to_ap()), body=canonicalise(interaction.to_ap()),
private_key=interaction.identity.private_key,
key_id=interaction.identity.public_key_id,
) )
# Handle undoing boosts/likes # Handle undoing boosts/likes
elif fan_out.type == FanOut.Types.undo_interaction: elif fan_out.type == FanOut.Types.undo_interaction:
@ -65,11 +62,10 @@ class FanOutStates(StateGraph):
) )
else: else:
# Send an undo to the remote inbox # Send an undo to the remote inbox
await HttpSignature.signed_request( await interaction.identity.signed_request(
method="post",
uri=fan_out.identity.inbox_uri, uri=fan_out.identity.inbox_uri,
body=canonicalise(interaction.to_undo_ap()), body=canonicalise(interaction.to_undo_ap()),
private_key=interaction.identity.private_key,
key_id=interaction.identity.public_key_id,
) )
else: else:
raise ValueError(f"Cannot fan out with type {fan_out.type}") raise ValueError(f"Cannot fan out with type {fan_out.type}")

View file

@ -3,7 +3,6 @@ from typing import Optional
from django.db import models, transaction from django.db import models, transaction
from core.ld import canonicalise from core.ld import canonicalise
from core.signatures import HttpSignature
from stator.models import State, StateField, StateGraph, StatorModel from stator.models import State, StateField, StateGraph, StatorModel
from users.models.identity import Identity from users.models.identity import Identity
@ -38,11 +37,10 @@ class FollowStates(StateGraph):
if not follow.source.local: if not follow.source.local:
return cls.remote_requested return cls.remote_requested
# Sign it and send it # Sign it and send it
await HttpSignature.signed_request( await follow.source.signed_request(
method="post",
uri=follow.target.inbox_uri, uri=follow.target.inbox_uri,
body=canonicalise(follow.to_ap()), body=canonicalise(follow.to_ap()),
private_key=follow.source.private_key,
key_id=follow.source.public_key_id,
) )
return cls.local_requested return cls.local_requested
@ -58,11 +56,10 @@ class FollowStates(StateGraph):
source server. source server.
""" """
follow = await instance.afetch_full() follow = await instance.afetch_full()
await HttpSignature.signed_request( await follow.target.signed_request(
method="post",
uri=follow.source.inbox_uri, uri=follow.source.inbox_uri,
body=canonicalise(follow.to_accept_ap()), body=canonicalise(follow.to_accept_ap()),
private_key=follow.target.private_key,
key_id=follow.target.public_key_id,
) )
return cls.accepted return cls.accepted
@ -72,11 +69,10 @@ class FollowStates(StateGraph):
Delivers the Undo object to the target server Delivers the Undo object to the target server
""" """
follow = await instance.afetch_full() follow = await instance.afetch_full()
await HttpSignature.signed_request( await follow.source.signed_request(
method="post",
uri=follow.target.inbox_uri, uri=follow.target.inbox_uri,
body=canonicalise(follow.to_undo_ap()), body=canonicalise(follow.to_undo_ap()),
private_key=follow.source.private_key,
key_id=follow.source.public_key_id,
) )
return cls.undone_remotely return cls.undone_remotely

View file

@ -1,5 +1,5 @@
from functools import partial from functools import partial
from typing import Optional, Tuple from typing import Dict, Literal, Optional, Tuple
from urllib.parse import urlparse from urllib.parse import urlparse
import httpx import httpx
@ -13,7 +13,7 @@ from django.utils import timezone
from core.exceptions import ActorMismatchError from core.exceptions import ActorMismatchError
from core.html import sanitize_post from core.html import sanitize_post
from core.ld import canonicalise, media_type_from_filename from core.ld import canonicalise, media_type_from_filename
from core.signatures import RsaKeys from core.signatures import HttpSignature, RsaKeys
from core.uploads import upload_namer from core.uploads import upload_namer
from stator.models import State, StateField, StateGraph, StatorModel from stator.models import State, StateField, StateGraph, StatorModel
from users.models.domain import Domain from users.models.domain import Domain
@ -384,6 +384,23 @@ class Identity(StatorModel):
### Cryptography ### ### Cryptography ###
async def signed_request(
self,
method: Literal["get", "post"],
uri: str,
body: Optional[Dict] = None,
):
"""
Performs a signed request on behalf of the System Actor.
"""
return await HttpSignature.signed_request(
method=method,
uri=uri,
body=body,
private_key=self.private_key,
key_id=self.public_key_id,
)
def generate_keypair(self): def generate_keypair(self):
if not self.local: if not self.local:
raise ValueError("Cannot generate keypair for remote user") raise ValueError("Cannot generate keypair for remote user")