mirror of
https://github.com/mastodon/mastodon.git
synced 2025-01-18 08:01:57 +01:00
1618b68bfa
* Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
89 lines
1.9 KiB
Ruby
89 lines
1.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Pubsubhubbub::ConfirmationWorker
|
|
include Sidekiq::Worker
|
|
include RoutingHelper
|
|
|
|
sidekiq_options queue: 'push', retry: false
|
|
|
|
attr_reader :subscription, :mode, :secret, :lease_seconds
|
|
|
|
def perform(subscription_id, mode, secret = nil, lease_seconds = nil)
|
|
@subscription = Subscription.find(subscription_id)
|
|
@mode = mode
|
|
@secret = secret
|
|
@lease_seconds = lease_seconds
|
|
process_confirmation
|
|
end
|
|
|
|
private
|
|
|
|
def process_confirmation
|
|
prepare_subscription
|
|
|
|
confirm_callback
|
|
logger.debug "Confirming PuSH subscription for #{subscription.callback_url} with challenge #{challenge}: #{callback_response_body}"
|
|
|
|
update_subscription
|
|
end
|
|
|
|
def update_subscription
|
|
if successful_subscribe?
|
|
subscription.save!
|
|
elsif successful_unsubscribe?
|
|
subscription.destroy!
|
|
end
|
|
end
|
|
|
|
def successful_subscribe?
|
|
subscribing? && response_matches_challenge?
|
|
end
|
|
|
|
def successful_unsubscribe?
|
|
(unsubscribing? && response_matches_challenge?) || !subscription.confirmed?
|
|
end
|
|
|
|
def response_matches_challenge?
|
|
callback_response_body == challenge
|
|
end
|
|
|
|
def subscribing?
|
|
mode == 'subscribe'
|
|
end
|
|
|
|
def unsubscribing?
|
|
mode == 'unsubscribe'
|
|
end
|
|
|
|
def confirm_callback
|
|
@_confirm_callback ||= callback_get_with_params
|
|
end
|
|
|
|
def callback_get_with_params
|
|
Request.new(:get, subscription.callback_url, params: callback_params).perform
|
|
end
|
|
|
|
def callback_response_body
|
|
confirm_callback.body.to_s
|
|
end
|
|
|
|
def callback_params
|
|
{
|
|
'hub.topic': account_url(subscription.account, format: :atom),
|
|
'hub.mode': mode,
|
|
'hub.challenge': challenge,
|
|
'hub.lease_seconds': subscription.lease_seconds,
|
|
}
|
|
end
|
|
|
|
def prepare_subscription
|
|
subscription.secret = secret
|
|
subscription.lease_seconds = lease_seconds
|
|
subscription.confirmed = true
|
|
end
|
|
|
|
def challenge
|
|
@_challenge ||= SecureRandom.hex
|
|
end
|
|
end
|