mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-11-04 08:21:11 +00:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/modules/setting/federation.go
famfo 77b0275572 feat(activitiypub): enable HTTP signatures on all ActivityPub endpoints (#7035) 
- Set the right keyID and use the right signing keys for outgoing requests.
- Verify the HTTP signature of all incoming requests, except for the server actor.
- Caches keys of incoming requests for users and servers actors.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7035
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
2025-04-03 15:24:15 +00:00

53 lines
1.5 KiB
Go
Raw Blame History

// Copyright 2021 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package setting
import (
"forgejo.org/modules/log"
"github.com/42wim/httpsig"
)
// Federation settings
var (
Federation = struct {
Enabled bool
ShareUserStatistics bool
MaxSize int64
SignatureAlgorithms []string
DigestAlgorithm string
GetHeaders []string
PostHeaders []string
SignatureEnforced bool
}{
Enabled: false,
ShareUserStatistics: true,
MaxSize: 4,
SignatureAlgorithms: []string{"rsa-sha256", "rsa-sha512", "ed25519"},
DigestAlgorithm: "SHA-256",
GetHeaders: []string{"(request-target)", "Date", "Host"},
PostHeaders: []string{"(request-target)", "Date", "Host", "Digest"},
SignatureEnforced: true,
}
)
// HttpsigAlgs is a constant slice of httpsig algorithm objects
var HttpsigAlgs []httpsig.Algorithm
func loadFederationFrom(rootCfg ConfigProvider) {
if err := rootCfg.Section("federation").MapTo(&Federation); err != nil {
log.Fatal("Failed to map Federation settings: %v", err)
} else if !httpsig.IsSupportedDigestAlgorithm(Federation.DigestAlgorithm) {
log.Fatal("unsupported digest algorithm: %s", Federation.DigestAlgorithm)
return
}
// Get MaxSize in bytes instead of MiB
Federation.MaxSize = 1 << 20 * Federation.MaxSize
HttpsigAlgs = make([]httpsig.Algorithm, len(Federation.SignatureAlgorithms))
for i, alg := range Federation.SignatureAlgorithms {
HttpsigAlgs[i] = httpsig.Algorithm(alg)
}
}
Reference in a new issue View git blame Copy permalink