GoToSocial/internal/api/security/signaturecheck.go

package security

import (
	"net/http"
	"net/url"

	"github.com/superseriousbusiness/gotosocial/internal/ap"
	"github.com/superseriousbusiness/gotosocial/internal/log"

	"github.com/gin-gonic/gin"
	"github.com/go-fed/httpsig"
)

// SignatureCheck checks whether an incoming http request has been signed. If so, it will check if the domain
// that signed the request is permitted to access the server. If it is permitted, the handler will set the key
// verifier and the signature in the gin context for use down the line.
func (m *Module) SignatureCheck(c *gin.Context) {
	// create the verifier from the request
	// if the request is signed, it will have a signature header
	verifier, err := httpsig.NewVerifier(c.Request)
	if err == nil {
		// the request was signed!

		// The key ID should be given in the signature so that we know where to fetch it from the remote server.
		// This will be something like https://example.org/users/whatever_requesting_user#main-key
		requestingPublicKeyID, err := url.Parse(verifier.KeyId())
		if err == nil && requestingPublicKeyID != nil {
			// we managed to parse the url!

			// if the domain is blocked we want to bail as early as possible
			blocked, err := m.db.IsURIBlocked(c.Request.Context(), requestingPublicKeyID)
			if err != nil {
				log.Errorf("could not tell if domain %s was blocked or not: %s", requestingPublicKeyID.Host, err)
				c.AbortWithStatus(http.StatusInternalServerError)
				return
			}
			if blocked {
				log.Infof("domain %s is blocked", requestingPublicKeyID.Host)
				c.AbortWithStatus(http.StatusForbidden)
				return
			}

			// set the verifier and signature on the context here to save some work further down the line
			c.Set(string(ap.ContextRequestingPublicKeyVerifier), verifier)
			signature := c.GetHeader("Signature")
			if signature != "" {
				c.Set(string(ap.ContextRequestingPublicKeySignature), signature)
			}
		}
	}
}
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`package security`

			`import (`
			`"net/http"`
			`"net/url"`

Remove unnecessary storage config variables (#344) * rewire config to not use extraneous serve vars * rename 'file' to 'local' for consistency * use Type and Size again 2021-12-20 15:19:53 +01:00			`"github.com/superseriousbusiness/gotosocial/internal/ap"`
[chore] use our own logging implementation (#716) * first commit Signed-off-by: kim <grufwub@gmail.com> * replace logging with our own log library Signed-off-by: kim <grufwub@gmail.com> * fix imports Signed-off-by: kim <grufwub@gmail.com> * fix log imports Signed-off-by: kim <grufwub@gmail.com> * add license text Signed-off-by: kim <grufwub@gmail.com> * fix package import cycle between config and log package Signed-off-by: kim <grufwub@gmail.com> * fix empty kv.Fields{} being passed to WithFields() Signed-off-by: kim <grufwub@gmail.com> * fix uses of log.WithFields() with whitespace issues and empty slices Signed-off-by: kim <grufwub@gmail.com> * linter related grumbling Signed-off-by: kim <grufwub@gmail.com> * gofmt the codebase! also fix more log.WithFields() formatting issues Signed-off-by: kim <grufwub@gmail.com> * update testrig code to match new changes Signed-off-by: kim <grufwub@gmail.com> * fix error wrapping in non fmt.Errorf function Signed-off-by: kim <grufwub@gmail.com> * add benchmarking of log.Caller() vs non-cached Signed-off-by: kim <grufwub@gmail.com> * fix syslog tests, add standard build tags to test runner to ensure consistency Signed-off-by: kim <grufwub@gmail.com> * make syslog tests more robust Signed-off-by: kim <grufwub@gmail.com> * fix caller depth arithmatic (is that how you spell it?) Signed-off-by: kim <grufwub@gmail.com> * update to use unkeyed fields in kv.Field{} instances Signed-off-by: kim <grufwub@gmail.com> * update go-kv library Signed-off-by: kim <grufwub@gmail.com> * update libraries list Signed-off-by: kim <grufwub@gmail.com> * fuck you linter get nerfed Signed-off-by: kim <grufwub@gmail.com> Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com> 2022-07-19 10:47:55 +02:00			`"github.com/superseriousbusiness/gotosocial/internal/log"`
Remove unnecessary storage config variables (#344) * rewire config to not use extraneous serve vars * rename 'file' to 'local' for consistency * use Type and Size again 2021-12-20 15:19:53 +01:00
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`"github.com/gin-gonic/gin"`
			`"github.com/go-fed/httpsig"`
			`)`

			`// SignatureCheck checks whether an incoming http request has been signed. If so, it will check if the domain`
			`// that signed the request is permitted to access the server. If it is permitted, the handler will set the key`
federated authentication better logging + tidying (#232) * change trace logging in authenticator * messing about * lil changes * go fmt * error fix * Fix broken test 2021-09-16 11:35:09 +02:00			`// verifier and the signature in the gin context for use down the line.`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`func (m Module) SignatureCheck(c gin.Context) {`
			`// create the verifier from the request`
			`// if the request is signed, it will have a signature header`
			`verifier, err := httpsig.NewVerifier(c.Request)`
			`if err == nil {`
			`// the request was signed!`

			`// The key ID should be given in the signature so that we know where to fetch it from the remote server.`
			`// This will be something like https://example.org/users/whatever_requesting_user#main-key`
			`requestingPublicKeyID, err := url.Parse(verifier.KeyId())`
			`if err == nil && requestingPublicKeyID != nil {`
			`// we managed to parse the url!`

			`// if the domain is blocked we want to bail as early as possible`
Pg to bun (#148) * start moving to bun * changing more stuff * more * and yet more * tests passing * seems stable now * more big changes * small fix * little fixes 2021-08-25 15:34:33 +02:00			`blocked, err := m.db.IsURIBlocked(c.Request.Context(), requestingPublicKeyID)`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`if err != nil {`
[chore] use our own logging implementation (#716) * first commit Signed-off-by: kim <grufwub@gmail.com> * replace logging with our own log library Signed-off-by: kim <grufwub@gmail.com> * fix imports Signed-off-by: kim <grufwub@gmail.com> * fix log imports Signed-off-by: kim <grufwub@gmail.com> * add license text Signed-off-by: kim <grufwub@gmail.com> * fix package import cycle between config and log package Signed-off-by: kim <grufwub@gmail.com> * fix empty kv.Fields{} being passed to WithFields() Signed-off-by: kim <grufwub@gmail.com> * fix uses of log.WithFields() with whitespace issues and empty slices Signed-off-by: kim <grufwub@gmail.com> * linter related grumbling Signed-off-by: kim <grufwub@gmail.com> * gofmt the codebase! also fix more log.WithFields() formatting issues Signed-off-by: kim <grufwub@gmail.com> * update testrig code to match new changes Signed-off-by: kim <grufwub@gmail.com> * fix error wrapping in non fmt.Errorf function Signed-off-by: kim <grufwub@gmail.com> * add benchmarking of log.Caller() vs non-cached Signed-off-by: kim <grufwub@gmail.com> * fix syslog tests, add standard build tags to test runner to ensure consistency Signed-off-by: kim <grufwub@gmail.com> * make syslog tests more robust Signed-off-by: kim <grufwub@gmail.com> * fix caller depth arithmatic (is that how you spell it?) Signed-off-by: kim <grufwub@gmail.com> * update to use unkeyed fields in kv.Field{} instances Signed-off-by: kim <grufwub@gmail.com> * update go-kv library Signed-off-by: kim <grufwub@gmail.com> * update libraries list Signed-off-by: kim <grufwub@gmail.com> * fuck you linter get nerfed Signed-off-by: kim <grufwub@gmail.com> Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com> 2022-07-19 10:47:55 +02:00			`log.Errorf("could not tell if domain %s was blocked or not: %s", requestingPublicKeyID.Host, err)`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`c.AbortWithStatus(http.StatusInternalServerError)`
			`return`
			`}`
Database updates (#144) * start moving some database stuff around * continue moving db stuff around * more fiddling * more updates * and some more * and yet more * i broke SOMETHING but what, it's a mystery * tidy up * vendor ttlcache * use ttlcache * fix up some tests * rename some stuff * little reminder * some more updates 2021-08-20 12:26:56 +02:00			`if blocked {`
[chore] use our own logging implementation (#716) * first commit Signed-off-by: kim <grufwub@gmail.com> * replace logging with our own log library Signed-off-by: kim <grufwub@gmail.com> * fix imports Signed-off-by: kim <grufwub@gmail.com> * fix log imports Signed-off-by: kim <grufwub@gmail.com> * add license text Signed-off-by: kim <grufwub@gmail.com> * fix package import cycle between config and log package Signed-off-by: kim <grufwub@gmail.com> * fix empty kv.Fields{} being passed to WithFields() Signed-off-by: kim <grufwub@gmail.com> * fix uses of log.WithFields() with whitespace issues and empty slices Signed-off-by: kim <grufwub@gmail.com> * linter related grumbling Signed-off-by: kim <grufwub@gmail.com> * gofmt the codebase! also fix more log.WithFields() formatting issues Signed-off-by: kim <grufwub@gmail.com> * update testrig code to match new changes Signed-off-by: kim <grufwub@gmail.com> * fix error wrapping in non fmt.Errorf function Signed-off-by: kim <grufwub@gmail.com> * add benchmarking of log.Caller() vs non-cached Signed-off-by: kim <grufwub@gmail.com> * fix syslog tests, add standard build tags to test runner to ensure consistency Signed-off-by: kim <grufwub@gmail.com> * make syslog tests more robust Signed-off-by: kim <grufwub@gmail.com> * fix caller depth arithmatic (is that how you spell it?) Signed-off-by: kim <grufwub@gmail.com> * update to use unkeyed fields in kv.Field{} instances Signed-off-by: kim <grufwub@gmail.com> * update go-kv library Signed-off-by: kim <grufwub@gmail.com> * update libraries list Signed-off-by: kim <grufwub@gmail.com> * fuck you linter get nerfed Signed-off-by: kim <grufwub@gmail.com> Co-authored-by: tobi <31960611+tsmethurst@users.noreply.github.com> 2022-07-19 10:47:55 +02:00			`log.Infof("domain %s is blocked", requestingPublicKeyID.Host)`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`c.AbortWithStatus(http.StatusForbidden)`
			`return`
			`}`

federated authentication better logging + tidying (#232) * change trace logging in authenticator * messing about * lil changes * go fmt * error fix * Fix broken test 2021-09-16 11:35:09 +02:00			`// set the verifier and signature on the context here to save some work further down the line`
Remove unnecessary storage config variables (#344) * rewire config to not use extraneous serve vars * rename 'file' to 'local' for consistency * use Type and Size again 2021-12-20 15:19:53 +01:00			`c.Set(string(ap.ContextRequestingPublicKeyVerifier), verifier)`
federated authentication better logging + tidying (#232) * change trace logging in authenticator * messing about * lil changes * go fmt * error fix * Fix broken test 2021-09-16 11:35:09 +02:00			`signature := c.GetHeader("Signature")`
			`if signature != "" {`
Remove unnecessary storage config variables (#344) * rewire config to not use extraneous serve vars * rename 'file' to 'local' for consistency * use Type and Size again 2021-12-20 15:19:53 +01:00			`c.Set(string(ap.ContextRequestingPublicKeySignature), signature)`
federated authentication better logging + tidying (#232) * change trace logging in authenticator * messing about * lil changes * go fmt * error fix * Fix broken test 2021-09-16 11:35:09 +02:00			`}`
Domain block (#76) * start work on admin domain blocking * move stuff around + further work on domain blocks * move + restructure processor * prep work for deleting account * tidy * go fmt * formatting * domain blocking more work * check domain blocks way earlier on * progress on delete account * delete more stuff when an account is gone * and more... * domain blocky block block * get individual domain block, delete a block 2021-07-05 13:23:03 +02:00			`}`
			`}`
			`}`