GKaszewski/k-ap
1
0
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f08d11034de72f3e05814136a0abbe99b199b7d1
k-ap/src/federation.rs
Gabriel Kaszewski f08d11034d feat: expose signed_fetch for authorized-fetch / Secure Mode 
Builder: .signed_fetch_actor_id(uuid) sets instance-level signing actor.
Service: .signed_fetch(&url) performs a signed GET returning raw JSON.

Closes #2
2026-05-30 02:43:51 +02:00

68 lines
2.3 KiB
Rust
Raw Blame History

use activitypub_federation::config::{Data, FederationConfig, FederationMiddleware, UrlVerifier};
use activitypub_federation::error::Error as FedError;
use url::Url;
use crate::actors::DbActor;
use crate::data::FederationData;
#[derive(Clone)]
struct PermissiveVerifier;
#[async_trait::async_trait]
impl UrlVerifier for PermissiveVerifier {
async fn verify(&self, _url: &Url) -> Result<(), FedError> {
Ok(())
}
}
#[derive(Clone)]
pub struct ApFederationConfig(pub FederationConfig<FederationData>);
impl ApFederationConfig {
/// Create a new federation config.
///
/// **HTTP signature / Digest behavior:**
/// - Production (`debug = false`): strict normalization + **requires `Digest` header** on every
/// inbound POST. All major AP implementations (Mastodon, Pleroma, Pixelfed) include it.
/// - Debug (`debug = true`): relaxes Digest requirement, disables signature verification,
/// and accepts any URL. **Never use in production.**
///
/// Outbound signing always uses Mastodon compat mode regardless of this flag.
///
/// When `signing_actor` is provided, all outgoing fetch requests (GETs) are
/// signed with that actor's keypair — required for instances with
/// authorized-fetch / Secure Mode enabled.
pub async fn new(
data: FederationData,
debug: bool,
signing_actor: Option<&DbActor>,
) -> anyhow::Result<Self> {
let config = if debug {
FederationConfig::builder()
.domain(&data.domain)
.app_data(data)
.debug(true)
.http_signature_compat(true)
.url_verifier(Box::new(PermissiveVerifier))
.build()
.await?
} else {
let mut builder = FederationConfig::builder();
builder.domain(&data.domain).app_data(data).debug(false);
if let Some(actor) = signing_actor {
builder.signed_fetch_actor(actor);
}
builder.build().await?
};
Ok(Self(config))
}
pub fn to_request_data(&self) -> Data<FederationData> {
self.0.to_request_data()
}
pub fn middleware(&self) -> FederationMiddleware<FederationData> {
FederationMiddleware::new(self.0.clone())
}
}
Reference in New Issue View Git Blame Copy Permalink