Commit graph

904 commits

Author SHA1 Message Date
fr33domlover
6c186355f3 Change some top-level routes' breadcrumbs to be under HomeR 2019-03-22 05:17:58 +00:00
fr33domlover
c27636a438 Add route /publish for sending activities, getOutboxR now free to return outbox 2019-03-22 05:17:54 +00:00
fr33domlover
d40e1b8891 In outbox post form, provide parent and context, and default to ticket comment 2019-03-21 23:56:47 +00:00
fr33domlover
ad3a20d783 Receive remote comments on local ticket discussion 2019-03-21 22:57:15 +00:00
fr33domlover
72f96a0dff When verifying HTTPsig, return iid&rsid and remove duplicate shared usage check
* Adapt DB related code to return the InstanceId and RemoteSharerId
* Previously, when fetching a known shared key, we were running a DB
  check/update for the shared usage record. I noticed - and hopefully I
  correctly noticed - that this check already runs when we discover the keyId
  points to a shared key we already know. So, after successful sig
  verification, there's no need to run the check again. So I removed it.
2019-03-21 21:38:59 +00:00
fr33domlover
061c84349d Recognize the 3 variants of the Public collection URI when parsing audience 2019-03-21 19:13:36 +00:00
fr33domlover
77324442fc Fetch local messages by LocalMessageId, not by MessageId 2019-03-21 19:06:52 +00:00
fr33domlover
9b916c9b75 Add ID URI field to RemoteMessage 2019-03-20 13:12:22 +00:00
fr33domlover
68b0ae7829 When receiving HTTP signed request, check the keyId host for weird cases
- Exclude hosts without periods, so things like localhost and IPv6 are rejected
- Exclude hosts without letters, so things like IPv4 are rejected
- Exclude the instance's own host, just in case somehow some fake activity
  slips in and gets approved, maybe even accidentally when delivered by another
  server
2019-03-20 12:27:40 +00:00
fr33domlover
747bbd5f0c Publish actor documents for projects, and add some new properties to Actor 2019-03-20 12:01:10 +00:00
fr33domlover
ade1157a04 Add a custom ActivityPub actor type: Project 2019-03-20 10:36:00 +00:00
fr33domlover
3f2a178830 New module Yesod.FedURI: Render routes into FedURI and LocalURI 2019-03-20 10:08:36 +00:00
fr33domlover
6f3df6d569 Allow actors not to list any public keys at all 2019-03-20 09:31:08 +00:00
fr33domlover
716487f2b8 In ticket comment tree, support mixing local and remote (federated) comments 2019-03-20 08:07:37 +00:00
fr33domlover
e0de4cdcc7 Remove Discussion's nextMessage field, it's not being used anymore 2019-03-18 20:18:25 +00:00
fr33domlover
4b351ef62e Automatically set approot to https://HOST and require Host header to match 2019-03-16 17:15:31 +00:00
fr33domlover
a9eaf35d5e When verifying HTTP sig, require ActivityPub-Actor to be signed only if present 2019-03-16 15:48:25 +00:00
fr33domlover
475e398d6d Switch ticket comment IDs to use Hashids-of-MessageId instead of custom number 2019-03-15 16:36:02 +00:00
fr33domlover
9e881554ea Make frg:isShared key property optional, it was accidentally required 2019-03-15 16:33:10 +00:00
fr33domlover
0e0afa78f9 Parse/encoding audience targetting activity fields 2019-03-14 02:30:36 +00:00
fr33domlover
24c091a248 Add activity types Follow, Accept, Reject 2019-03-13 23:37:58 +00:00
fr33domlover
a8bb43255f Explain keyfile loading in INSTALL.md 2019-03-11 02:22:34 +00:00
fr33domlover
f6cbc1eb8a Use file based switches to relax keyfile loading rules 2019-03-11 02:01:41 +00:00
fr33domlover
2a39378468 HTTP Signature verification: RSA-SHA256 and PEM/ASN1 support
Before, things worked like this:

* Only signatures of Ed25519 keys could be verified
* Key encoding placed the plain binary Ed25519 key in the PEM, instead of the
  key's ASN1 encoding

With this patch it now works like this:

* Ed25519 signatures are supported as before
* RSA keys are now supported too, assuming RSA-SHA256 signatures
* Both Ed25519 and RSA keys are encoded and decoded using actual PEM with ASN1
2019-03-10 23:15:42 +00:00
fr33domlover
ef57f29a54 Adapt Activity/Create/Note to new ActivityPub typeclass and add safety checks 2019-03-10 06:42:03 +00:00
fr33domlover
61d1aa6720 Define HMAC based access token and switch CapSignKey from Ed25519 to HMAC 2019-03-09 21:21:36 +00:00
fr33domlover
fdbe46741b When POSTing an activity, protect remote actor DB insertion with withHostLock 2019-03-09 17:12:43 +00:00
fr33domlover
e341f62587 Fix typo in comment 2019-03-09 15:44:31 +00:00
fr33domlover
468202cf45 Fix instance mutex deadlock, accidentally initialized the MVar empty 2019-03-09 15:43:30 +00:00
fr33domlover
37216d9045 Move remote actor DB code from Foundation to separate module 2019-03-09 15:40:02 +00:00
fr33domlover
b0e33af4d8 Fix typo in actor key route 2019-03-06 01:49:55 +00:00
fr33domlover
043022d117 When verifying HTTP sig, make Ed25519 verification failure message clearer 2019-03-06 01:31:30 +00:00
fr33domlover
c26289cf42 Don't check CSRF token in InboxR, POSTs there freely come from other servers 2019-03-05 09:00:22 +00:00
fr33domlover
6e721797e9 Catch sig generation error when sending signed HTTP POST 2019-03-05 08:26:41 +00:00
fr33domlover
97594dc945 Fix default actor URI in OutboxR form, from /p to /s 2019-03-04 20:12:19 +00:00
fr33domlover
378ca1b3d4 Fix bug in FedURI parsing 2019-03-04 20:11:58 +00:00
fr33domlover
bb662e798f Display clearer error message when GETing recipient actor fails 2019-03-04 15:47:22 +00:00
fr33domlover
78b5bad2c4 Support bypassing email verification of new users 2019-03-04 14:51:51 +00:00
fr33domlover
c41f1183e0 Display instance host at the top of all pages 2019-03-04 09:06:23 +00:00
fr33domlover
ad034dbacc Make the registration switch work again 2019-03-04 08:14:36 +00:00
fr33domlover
9c3cb27619 Add persistent-graph to update-deps.sh 2019-03-02 19:30:38 +00:00
fr33domlover
6bbba4ce5c Use MVars to protect concurrenct access to instance/actor/key DB records 2019-03-02 19:13:51 +00:00
fr33domlover
f09bdd4141 Add key storage mode that replaces old keys instead of rejecting new ones 2019-02-26 14:00:22 +00:00
fr33domlover
2e705b6868 Make key storage limits configurable instead of hardcoding to 2 2019-02-24 01:35:07 +00:00
fr33domlover
17524b6ee1 Remove hardcoded-to-2 limit on length of an actor's list of public keys 2019-02-24 01:21:42 +00:00
fr33domlover
0912b8e291 Use the DB for checking key usage by actors
* When we refetch a personal key, we never need to separately fetch the actor
* When we refetch a shared key, check usage in DB and insert usage to DB
2019-02-23 17:17:52 +00:00
fr33domlover
b53a7b4f48 Refactor actor key fetching code a bit 2019-02-22 08:30:43 +00:00
fr33domlover
1affe269bb Refactor HTTP sig verification DB update code 2019-02-22 07:20:19 +00:00
fr33domlover
d3e14b3edf Add LocalURI type for recording shared URI host 2019-02-21 23:59:53 +00:00
fr33domlover
aefb2aaee7 Add InstanceURI datatype 2019-02-20 07:40:25 +00:00