feat(activitiypub): enable HTTP signatures on all ActivityPub endpoints (#7035)

- Set the right keyID and use the right signing keys for outgoing requests. - Verify the HTTP signature of all incoming requests, except for the server actor. - Caches keys of incoming requests for users and servers actors. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7035 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: famfo <famfo@famfo.xyz> Co-committed-by: famfo <famfo@famfo.xyz>
2025-04-03 15:24:15 +00:00 · 2025-04-03 15:24:15 +00:00 · 77b0275572
commit 77b0275572
parent ba5b157f7e
22 changed files with 681 additions and 122 deletions
--- a/modules/activitypub/client.go
+++ b/modules/activitypub/client.go
@ -191,10 +191,17 @@ func (c *Client) GetBody(uri string) ([]byte, error) {
 		return nil, err
 	}
 	defer response.Body.Close()
-	body, err := io.ReadAll(response.Body)
+	if response.ContentLength > setting.Federation.MaxSize {
+		return nil, fmt.Errorf("Request returned %d bytes (max allowed incomming size: %d bytes)", response.ContentLength, setting.Federation.MaxSize)
+	} else if response.ContentLength == -1 {
+		log.Warn("Request to %v returned an unknown content length, response may be truncated to %d bytes", uri, setting.Federation.MaxSize)
+	}
+
+	body, err := io.ReadAll(io.LimitReader(response.Body, setting.Federation.MaxSize))
 	if err != nil {
 		return nil, err
 	}
+
 	log.Debug("Client: got body: %v", charLimiter(string(body), 120))
 	return body, nil
 }
--- a/modules/setting/federation.go
+++ b/modules/setting/federation.go
@ -15,18 +15,20 @@ var (
 		Enabled             bool
 		ShareUserStatistics bool
 		MaxSize             int64
-		Algorithms          []string
+		SignatureAlgorithms []string
 		DigestAlgorithm     string
 		GetHeaders          []string
 		PostHeaders         []string
+		SignatureEnforced   bool
 	}{
 		Enabled:             false,
 		ShareUserStatistics: true,
 		MaxSize:             4,
-		Algorithms:          []string{"rsa-sha256", "rsa-sha512", "ed25519"},
+		SignatureAlgorithms: []string{"rsa-sha256", "rsa-sha512", "ed25519"},
 		DigestAlgorithm:     "SHA-256",
 		GetHeaders:          []string{"(request-target)", "Date", "Host"},
 		PostHeaders:         []string{"(request-target)", "Date", "Host", "Digest"},
+		SignatureEnforced:   true,
 	}
 )

@ -44,8 +46,8 @@ func loadFederationFrom(rootCfg ConfigProvider) {
 	// Get MaxSize in bytes instead of MiB
 	Federation.MaxSize = 1 << 20 * Federation.MaxSize

-	HttpsigAlgs = make([]httpsig.Algorithm, len(Federation.Algorithms))
-	for i, alg := range Federation.Algorithms {
+	HttpsigAlgs = make([]httpsig.Algorithm, len(Federation.SignatureAlgorithms))
+	for i, alg := range Federation.SignatureAlgorithms {
 		HttpsigAlgs[i] = httpsig.Algorithm(alg)
 	}
 }
--- a/modules/test/distant_federation_server_mock.go
+++ b/modules/test/distant_federation_server_mock.go
@ -95,7 +95,7 @@ func (mock *FederationServerMock) DistantServer(t *testing.T) *httptest.Server {
 			})
 	}
 	for _, repository := range mock.Repositories {
-		federatedRoutes.HandleFunc(fmt.Sprintf("/api/v1/activitypub/repository-id/%v/inbox/", repository.ID),
+		federatedRoutes.HandleFunc(fmt.Sprintf("/api/v1/activitypub/repository-id/%v/inbox", repository.ID),
 			func(res http.ResponseWriter, req *http.Request) {
 				if req.Method != "POST" {
 					t.Errorf("POST expected at: %q", req.URL.EscapedPath())