diff --git a/config/config.exs b/config/config.exs index 960a55cd8..4ee3a705f 100644 --- a/config/config.exs +++ b/config/config.exs @@ -365,6 +365,12 @@ note_replies_output_limit: 5, sign_object_fetches: true, authorized_fetch_mode: false, + spoof_object_fetch_signatures: false, + spoofed_key: "-----BEGIN RSA PRIVATE KEY----- +overwrite this with your internal.fetch key rippen from donor instance DB +yes, just like that, newlines are important +-----END RSA PRIVATE KEY-----", + spoofed_instance: "https://funnydomain.example", max_collection_objects: 50 config :pleroma, :streamer, diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex index aeaf05986..4defce664 100644 --- a/lib/pleroma/object/fetcher.ex +++ b/lib/pleroma/object/fetcher.ex @@ -3,7 +3,10 @@ # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Object.Fetcher do + @behaviour HTTPSignatures.Adapter + alias Pleroma.HTTP + alias Pleroma.Keys alias Pleroma.Instances alias Pleroma.Maps alias Pleroma.Object @@ -203,13 +206,31 @@ def fetch_object_from_id!(id, options \\ []) do defp make_signature(id, date) do uri = URI.parse(id) - signature = + spoofed_pem = Pleroma.Config.get([:activitypub, :spoofed_key]) + # workaround for syntax shite disallowing me from defining signature in "if" block + spoofed_key = if Pleroma.Config.get([:activitypub, :spoof_object_fetch_signatures]) do + with {:ok, private_key, _} <- Keys.keys_from_pem(spoofed_pem) do + private_key + end + else + "" + end + spoofed_instance = Pleroma.Config.get([:activitypub, :spoofed_instance]) + + signature = if Pleroma.Config.get([:activitypub, :spoof_object_fetch_signatures]) do + HTTPSignatures.sign(spoofed_key, spoofed_instance <> "/internal/fetch#main-key", %{ + "(request-target)": "get #{uri.path}", + host: uri.host, + date: date + }) + else InternalFetchActor.get_actor() |> Signature.sign(%{ "(request-target)": "get #{uri.path}", host: uri.host, date: date }) + end {"signature", signature} end