davrot/forgejo_backup
1
0
Fork 0
mirror of https://codeberg.org/davrot/forgejo.git synced 2025-06-26 08:00:02 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(activitiypub): enable HTTP signatures on all ActivityPub endpoints (#7035)

Browse source 
- Set the right keyID and use the right signing keys for outgoing requests.
- Verify the HTTP signature of all incoming requests, except for the server actor.
- Caches keys of incoming requests for users and servers actors.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7035
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
This commit is contained in:
famfo 2025-04-03 15:24:15 +00:00 committed by David Rotermund
parent 376c2aec8a
commit 4c18778bbf
22 changed files with 681 additions and 122 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/activitypub/client.go
View file

@ -191,10 +191,17 @@ func (c *Client) GetBody(uri string) ([]byte, error) {
return nil, err
}
defer response.Body.Close()
body, err := io.ReadAll(response.Body)
if response.ContentLength > setting.Federation.MaxSize {
return nil, fmt.Errorf("Request returned %d bytes (max allowed incomming size: %d bytes)", response.ContentLength, setting.Federation.MaxSize)
} else if response.ContentLength == -1 {
log.Warn("Request to %v returned an unknown content length, response may be truncated to %d bytes", uri, setting.Federation.MaxSize)
}
body, err := io.ReadAll(io.LimitReader(response.Body, setting.Federation.MaxSize))
if err != nil {
return nil, err
}
log.Debug("Client: got body: %v", charLimiter(string(body), 120))
return body, nil
}