Move signed request onto Identity as a shortcut

3 files changed, 31 insertions, 22 deletions

diff --git a/activities/models/fan_out.py b/activities/models/fan_out.py
index 6ebbe0a..285ecc2 100644
--- a/activities/models/fan_out.py
+++ b/activities/models/fan_out.py
@@ -3,7 +3,6 @@ from django.db import models
 
 from activities.models.timeline_event import TimelineEvent
 from core.ld import canonicalise
-from core.signatures import HttpSignature
 from stator.models import State, StateField, StateGraph, StatorModel
 
 
@@ -31,11 +30,10 @@ class FanOutStates(StateGraph):
                 # Send it to the remote inbox
                 post = await fan_out.subject_post.afetch_full()
                 # Sign it and send it
-                await HttpSignature.signed_request(
+                await post.author.signed_request(
+                    method="post",
                     uri=fan_out.identity.inbox_uri,
                     body=canonicalise(post.to_create_ap()),
-                    private_key=post.author.private_key,
-                    key_id=post.author.public_key_id,
                 )
         # Handle boosts/likes
         elif fan_out.type == FanOut.Types.interaction:
@@ -48,11 +46,10 @@ class FanOutStates(StateGraph):
                 )
             else:
                 # Send it to the remote inbox
-                await HttpSignature.signed_request(
+                await interaction.identity.signed_request(
+                    method="post",
                     uri=fan_out.identity.inbox_uri,
                     body=canonicalise(interaction.to_ap()),
-                    private_key=interaction.identity.private_key,
-                    key_id=interaction.identity.public_key_id,
                 )
         # Handle undoing boosts/likes
         elif fan_out.type == FanOut.Types.undo_interaction:
@@ -65,11 +62,10 @@ class FanOutStates(StateGraph):
                 )
             else:
                 # Send an undo to the remote inbox
-                await HttpSignature.signed_request(
+                await interaction.identity.signed_request(
+                    method="post",
                     uri=fan_out.identity.inbox_uri,
                     body=canonicalise(interaction.to_undo_ap()),
-                    private_key=interaction.identity.private_key,
-                    key_id=interaction.identity.public_key_id,
                 )
         else:
             raise ValueError(f"Cannot fan out with type {fan_out.type}")
diff --git a/users/models/follow.py b/users/models/follow.py
index e741c56..5f0d6ab 100644
--- a/users/models/follow.py
+++ b/users/models/follow.py
@@ -3,7 +3,6 @@ from typing import Optional
 from django.db import models, transaction
 
 from core.ld import canonicalise
-from core.signatures import HttpSignature
 from stator.models import State, StateField, StateGraph, StatorModel
 from users.models.identity import Identity
 
@@ -38,11 +37,10 @@ class FollowStates(StateGraph):
         if not follow.source.local:
             return cls.remote_requested
         # Sign it and send it
-        await HttpSignature.signed_request(
+        await follow.source.signed_request(
+            method="post",
             uri=follow.target.inbox_uri,
             body=canonicalise(follow.to_ap()),
-            private_key=follow.source.private_key,
-            key_id=follow.source.public_key_id,
         )
         return cls.local_requested
 
@@ -58,11 +56,10 @@ class FollowStates(StateGraph):
         source server.
         """
         follow = await instance.afetch_full()
-        await HttpSignature.signed_request(
+        await follow.target.signed_request(
+            method="post",
             uri=follow.source.inbox_uri,
             body=canonicalise(follow.to_accept_ap()),
-            private_key=follow.target.private_key,
-            key_id=follow.target.public_key_id,
         )
         return cls.accepted
 
@@ -72,11 +69,10 @@ class FollowStates(StateGraph):
         Delivers the Undo object to the target server
         """
         follow = await instance.afetch_full()
-        await HttpSignature.signed_request(
+        await follow.source.signed_request(
+            method="post",
             uri=follow.target.inbox_uri,
             body=canonicalise(follow.to_undo_ap()),
-            private_key=follow.source.private_key,
-            key_id=follow.source.public_key_id,
         )
         return cls.undone_remotely
 
diff --git a/users/models/identity.py b/users/models/identity.py
index 98e7df9..c2edf92 100644
--- a/users/models/identity.py
+++ b/users/models/identity.py
@@ -1,5 +1,5 @@
 from functools import partial
-from typing import Optional, Tuple
+from typing import Dict, Literal, Optional, Tuple
 from urllib.parse import urlparse
 
 import httpx
@@ -13,7 +13,7 @@ from django.utils import timezone
 from core.exceptions import ActorMismatchError
 from core.html import sanitize_post
 from core.ld import canonicalise, media_type_from_filename
-from core.signatures import RsaKeys
+from core.signatures import HttpSignature, RsaKeys
 from core.uploads import upload_namer
 from stator.models import State, StateField, StateGraph, StatorModel
 from users.models.domain import Domain
@@ -384,6 +384,23 @@ class Identity(StatorModel):
 
     ### Cryptography ###
 
+    async def signed_request(
+        self,
+        method: Literal["get", "post"],
+        uri: str,
+        body: Optional[Dict] = None,
+    ):
+        """
+        Performs a signed request on behalf of the System Actor.
+        """
+        return await HttpSignature.signed_request(
+            method=method,
+            uri=uri,
+            body=body,
+            private_key=self.private_key,
+            key_id=self.public_key_id,
+        )
+
     def generate_keypair(self):
         if not self.local:
             raise ValueError("Cannot generate keypair for remote user")