diff options
author | Andrew Godwin | 2022-11-06 13:48:04 -0700 |
---|---|---|
committer | Andrew Godwin | 2022-11-06 13:48:04 -0700 |
commit | dbe57075d386d7474bafc208b654507d9a2d769e (patch) | |
tree | 96b779d17753669f42b7569ec4ec66834b0673f4 /core | |
parent | 8aec395331a1e9ec4ef1ea38aa20b8517131133b (diff) | |
download | takahe-dbe57075d386d7474bafc208b654507d9a2d769e.tar.gz takahe-dbe57075d386d7474bafc208b654507d9a2d769e.tar.bz2 takahe-dbe57075d386d7474bafc208b654507d9a2d769e.zip |
Rework to a domains model for better vhosting
Diffstat (limited to 'core')
-rw-r--r-- | core/context.py | 4 | ||||
-rw-r--r-- | core/ld.py | 11 | ||||
-rw-r--r-- | core/signatures.py | 48 |
3 files changed, 60 insertions, 3 deletions
diff --git a/core/context.py b/core/context.py index 38a268c..026ac11 100644 --- a/core/context.py +++ b/core/context.py @@ -2,4 +2,6 @@ from django.conf import settings def config_context(request): - return {"config": {"site_name": settings.SITE_NAME}} + return { + "config": {"site_name": settings.SITE_NAME}, + } @@ -252,7 +252,7 @@ def builtin_document_loader(url: str, options={}): ) -def canonicalise(json_data): +def canonicalise(json_data, include_security=False): """ Given an ActivityPub JSON-LD document, round-trips it through the LD systems to end up in a canonicalised, compacted format. @@ -264,5 +264,12 @@ def canonicalise(json_data): raise ValueError("Pass decoded JSON data into LDDocument") return jsonld.compact( jsonld.expand(json_data), - ["https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1"], + ( + [ + "https://www.w3.org/ns/activitystreams", + "https://w3id.org/security/v1", + ] + if include_security + else "https://www.w3.org/ns/activitystreams" + ), ) diff --git a/core/signatures.py b/core/signatures.py new file mode 100644 index 0000000..bcacb68 --- /dev/null +++ b/core/signatures.py @@ -0,0 +1,48 @@ +import base64 +from typing import Any, Dict, List + +from cryptography.hazmat.primitives import hashes +from django.http import HttpRequest + + +class HttpSignature: + """ + Allows for calculation and verification of HTTP signatures + """ + + @classmethod + def calculate_digest(cls, data, algorithm="sha-256") -> str: + """ + Calculates the digest header value for a given HTTP body + """ + if algorithm == "sha-256": + digest = hashes.Hash(hashes.SHA256()) + digest.update(data) + return "SHA-256=" + base64.b64encode(digest.finalize()).decode("ascii") + else: + raise ValueError(f"Unknown digest algorithm {algorithm}") + + @classmethod + def headers_from_request(cls, request: HttpRequest, header_names: List[str]) -> str: + """ + Creates the to-be-signed header payload from a Django request""" + headers = {} + for header_name in header_names: + if header_name == "(request-target)": + value = f"post {request.path}" + elif header_name == "content-type": + value = request.META["CONTENT_TYPE"] + else: + value = request.META[f"HTTP_{header_name.upper()}"] + headers[header_name] = value + return "\n".join(f"{name.lower()}: {value}" for name, value in headers.items()) + + @classmethod + def parse_signature(cls, signature) -> Dict[str, Any]: + signature_details = {} + for item in signature.split(","): + name, value = item.split("=", 1) + value = value.strip('"') + signature_details[name.lower()] = value + signature_details["headers"] = signature_details["headers"].split() + return signature_details |