snac2/http.c

/* snac - A simple, minimalistic ActivityPub instance */
/* copyright (c) 2022 grunfink - MIT license */

#include "xs.h"
#include "xs_io.h"
#include "xs_encdec.h"
#include "xs_openssl.h"
#include "xs_curl.h"

#include "snac.h"

d_char *http_signed_request(snac *snac, char *method, char *url,
                        d_char *headers,
                        d_char *body, int b_size,
                        int *status, d_char **payload, int *p_size)
/* does a signed HTTP request */
{
    xs *l1;
    xs *date;
    xs *digest;
    xs *s64;
    xs *signature;
    xs *hdrs;
    char *host;
    char *target;
    char *seckey;
    char *k, *v;
    d_char *response;

    date = xs_utc_time("%a, %d %b %Y %H:%M:%S GMT");

    {
        xs *s = xs_replace(url, "https:/" "/", "");
        l1 = xs_split_n(s, "/", 1);
    }

    /* strip the url to get host and target */
    host = xs_list_get(l1, 0);

    if (xs_list_len(l1) == 2)
        target = xs_list_get(l1, 1);
    else
        target = "";

    /* digest */
    {
        xs *s;

        if (body != NULL)
            s = xs_sha256_base64(body, b_size);
        else
            s = xs_sha256_base64("", 0);

        digest = xs_fmt("SHA-256=%s", s);
    }

    seckey = xs_dict_get(snac->key, "secret");

    {
        /* build the string to be signed */
        xs *s = xs_fmt("(request-target): %s /%s\n"
                       "host: %s\n"
                       "digest: %s\n"
                       "date: %s",
                    strcmp(method, "POST") == 0 ? "post" : "get",
                    target, host, digest, date);

        s64 = xs_rsa_sign(seckey, s, strlen(s));
    }

    /* build now the signature header */
    signature = xs_fmt("keyId=\"%s#main-key\","
                       "algorithm=\"rsa-sha256\","
                       "headers=\"(request-target) host digest date\","
                       "signature=\"%s\"",
                        snac->actor, s64);

    /* transfer the original headers */
    hdrs = xs_dict_new();
    while (xs_dict_iter(&headers, &k, &v))
        hdrs = xs_dict_append(hdrs, k, v);

    /* add the new headers */
    if (strcmp(method, "POST") == 0)
        hdrs = xs_dict_append(hdrs, "content-type", "application/activity+json");
    else
        hdrs = xs_dict_append(hdrs, "accept",       "application/activity+json");

    hdrs = xs_dict_append(hdrs, "date",         date);
    hdrs = xs_dict_append(hdrs, "signature",    signature);
    hdrs = xs_dict_append(hdrs, "digest",       digest);
    hdrs = xs_dict_append(hdrs, "host",         host);
    hdrs = xs_dict_append(hdrs, "user-agent",   "snac/2.x");

    response = xs_http_request(method, url, hdrs,
                           body, b_size, status, payload, p_size);

    srv_archive("SEND", hdrs, body, b_size, *status, response, *payload, *p_size);

    return response;
}
[http.c] new file. 2022-09-20 21:12:21 +03:00			`/* snac - A simple, minimalistic ActivityPub instance */`
			`/* copyright (c) 2022 grunfink - MIT license */`

			`#include "xs.h"`
			`#include "xs_io.h"`
			`#include "xs_encdec.h"`
			`#include "xs_openssl.h"`
			`#include "xs_curl.h"`

			`#include "snac.h"`

			`d_char http_signed_request(snac snac, char method, char url,`
			`d_char *headers,`
			`d_char *body, int b_size,`
			`int status, d_char payload, int p_size)`
Added http signed request code (untested). 2022-09-20 22:00:16 +03:00			`/* does a signed HTTP request */`
[http.c] new file. 2022-09-20 21:12:21 +03:00			`{`
Added http signed request code (untested). 2022-09-20 22:00:16 +03:00			`xs *l1;`
			`xs *date;`
Minor tweak in http signatures. 2022-09-25 19:54:05 +03:00			`xs *digest;`
Added http signed request code (untested). 2022-09-20 22:00:16 +03:00			`xs *s64;`
			`xs *signature;`
Use its own copy of the headers in http_signed_request(). 2022-09-21 09:57:02 +03:00			`xs *hdrs;`
Added http signed request code (untested). 2022-09-20 22:00:16 +03:00			`char *host;`
			`char *target;`
			`char *seckey;`
Use its own copy of the headers in http_signed_request(). 2022-09-21 09:57:02 +03:00			`char k, v;`
Fixed a bug in the digest header. 2022-09-25 19:50:53 +03:00			`d_char *response;`
Added http signed request code (untested). 2022-09-20 22:00:16 +03:00
			`date = xs_utc_time("%a, %d %b %Y %H:%M:%S GMT");`

			`{`
			`xs *s = xs_replace(url, "https:/" "/", "");`
			`l1 = xs_split_n(s, "/", 1);`
			`}`

			`/* strip the url to get host and target */`
			`host = xs_list_get(l1, 0);`

			`if (xs_list_len(l1) == 2)`
			`target = xs_list_get(l1, 1);`
			`else`
			`target = "";`

			`/* digest */`
Minor tweak in http signatures. 2022-09-25 19:54:05 +03:00			`{`
			`xs *s;`
Fixed a bug in the digest header. 2022-09-25 19:50:53 +03:00
Minor tweak in http signatures. 2022-09-25 19:54:05 +03:00			`if (body != NULL)`
			`s = xs_sha256_base64(body, b_size);`
			`else`
			`s = xs_sha256_base64("", 0);`

			`digest = xs_fmt("SHA-256=%s", s);`
			`}`
Added http signed request code (untested). 2022-09-20 22:00:16 +03:00
			`seckey = xs_dict_get(snac->key, "secret");`

			`{`
			`/* build the string to be signed */`
			`xs *s = xs_fmt("(request-target): %s /%s\n"`
			`"host: %s\n"`
Fixed a bug in the digest header. 2022-09-25 19:50:53 +03:00			`"digest: %s\n"`
Added http signed request code (untested). 2022-09-20 22:00:16 +03:00			`"date: %s",`
			`strcmp(method, "POST") == 0 ? "post" : "get",`
			`target, host, digest, date);`

			`s64 = xs_rsa_sign(seckey, s, strlen(s));`
			`}`

			`/* build now the signature header */`
			`signature = xs_fmt("keyId=\"%s#main-key\","`
			`"algorithm=\"rsa-sha256\","`
			`"headers=\"(request-target) host digest date\","`
			`"signature=\"%s\"",`
			`snac->actor, s64);`

Use its own copy of the headers in http_signed_request(). 2022-09-21 09:57:02 +03:00			`/* transfer the original headers */`
			`hdrs = xs_dict_new();`
			`while (xs_dict_iter(&headers, &k, &v))`
			`hdrs = xs_dict_append(hdrs, k, v);`
Added http signed request code (untested). 2022-09-20 22:00:16 +03:00
Use its own copy of the headers in http_signed_request(). 2022-09-21 09:57:02 +03:00			`/* add the new headers */`
Serve the actor as the correct content-type. 2022-09-26 13:29:26 +03:00			`if (strcmp(method, "POST") == 0)`
			`hdrs = xs_dict_append(hdrs, "content-type", "application/activity+json");`
			`else`
			`hdrs = xs_dict_append(hdrs, "accept", "application/activity+json");`

Use its own copy of the headers in http_signed_request(). 2022-09-21 09:57:02 +03:00			`hdrs = xs_dict_append(hdrs, "date", date);`
			`hdrs = xs_dict_append(hdrs, "signature", signature);`
			`hdrs = xs_dict_append(hdrs, "digest", digest);`
More sign work (I'm tired). 2022-09-25 22:45:58 +03:00			`hdrs = xs_dict_append(hdrs, "host", host);`
Use its own copy of the headers in http_signed_request(). 2022-09-21 09:57:02 +03:00			`hdrs = xs_dict_append(hdrs, "user-agent", "snac/2.x");`

Fixed a bug in the digest header. 2022-09-25 19:50:53 +03:00			`response = xs_http_request(method, url, hdrs,`
More work in http signed request. 2022-09-21 10:31:05 +03:00			`body, b_size, status, payload, p_size);`
Fixed a bug in the digest header. 2022-09-25 19:50:53 +03:00
			`srv_archive("SEND", hdrs, body, b_size, status, response, payload, *p_size);`

			`return response;`
[http.c] new file. 2022-09-20 21:12:21 +03:00			`}`