bastodon/app/workers/pubsubhubbub/delivery_worker.rb
Eugen Rochko 1618b68bfa HTTP signatures (#4146)
* Add Request class with HTTP signature generator

Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06

* Add HTTP signature verification concern

* Add test for SignatureVerification concern

* Add basic test for Request class

* Make PuSH subscribe/unsubscribe requests use new Request class

Accidentally fix lease_seconds not being set and sent properly, and
change the new minimum subscription duration to 1 day

* Make all PuSH workers use new Request class

* Make Salmon sender use new Request class

* Make FetchLinkService use new Request class

* Make FetchAtomService use the new Request class

* Make Remotable use the new Request class

* Make ResolveRemoteAccountService use the new Request class

* Add more tests

* Allow +-30 seconds window for signed request to remain valid

* Disable time window validation for signed requests, restore 7 days
as PuSH subscription duration (which was previous default due to a bug)
2017-07-14 20:41:49 +02:00

83 lines
1.8 KiB
Ruby

# frozen_string_literal: true
class Pubsubhubbub::DeliveryWorker
include Sidekiq::Worker
include RoutingHelper
sidekiq_options queue: 'push', retry: 3, dead: false
sidekiq_retry_in do |count|
5 * (count + 1)
end
attr_reader :subscription, :payload
def perform(subscription_id, payload)
@subscription = Subscription.find(subscription_id)
@payload = payload
process_delivery unless blocked_domain?
end
private
def process_delivery
payload_delivery
raise "Delivery failed for #{subscription.callback_url}: HTTP #{payload_delivery.code}" unless response_successful?
subscription.touch(:last_successful_delivery_at)
end
def payload_delivery
@_payload_delivery ||= callback_post_payload
end
def callback_post_payload
request = Request.new(:post, subscription.callback_url, body: payload)
request.add_headers(headers)
request.perform
end
def blocked_domain?
DomainBlock.blocked?(host)
end
def host
Addressable::URI.parse(subscription.callback_url).normalize.host
end
def headers
{
'Content-Type' => 'application/atom+xml',
'Link' => link_header,
}.merge(signature_headers.to_h)
end
def link_header
LinkHeader.new([hub_link_header, self_link_header]).to_s
end
def hub_link_header
[api_push_url, [%w(rel hub)]]
end
def self_link_header
[account_url(subscription.account, format: :atom), [%w(rel self)]]
end
def signature_headers
{ 'X-Hub-Signature' => payload_signature } if subscription.secret?
end
def payload_signature
"sha1=#{hmac_payload_digest}"
end
def hmac_payload_digest
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), subscription.secret, payload)
end
def response_successful?
payload_delivery.code > 199 && payload_delivery.code < 300
end
end