authorized fetch #217
Created by: dakkar
What
When receiving GET requests for application/activity+json
content, check that the request is properly signed, and not from an instance we've blocked
Why
This is variously called "secure mode" or "authorised fetch" in other fedi software. The main purposed is to make it hard for blocked instances to access data about our users/notes. They can, of course, still look at the HTML+JS output, but that's a bigger pain (and an admin can e.g. restrict seeing the various timelines to logged-in users, via roles).
Additional info (optional)
The implementation is copied from the other places we already check HTTP signatures, and cross-checked with Firefish's implementation.
I'm defaulting it to "false", so we don't surprise admins/users with this rather big change.
I've called the config key checkActivityPubGetSignature
to mirror the existing signToActivityPubGet
, but I'm not particularly attached to the name.
We'll need to test this a lot, though! I know that this code can talk to another instance of itself, but that's it!
Checklist
-
Read the contribution guide -
Test working in a local environment -
(If needed) Add story of storybook -
(If needed) Update CHANGELOG.md -
(If possible) Add tests