heartles/egirlskey
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

merge: feat: implement attachLdSignatureForRelays to control signing of Relayed activities (#599) (!579)

Browse source 
View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/579

Closes #599

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <marie@kaifa.ch>
This commit is contained in:
dakkar 2024-08-06 10:40:14 +00:00
commit 9de422280f
6 changed files with 36 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
packages/backend/src/config.ts
View file

@ -96,6 +96,7 @@ type Source = {
customMOTD?: string[];
signToActivityPubGet?: boolean;
attachLdSignatureForRelays?: boolean;
checkActivityPubGetSignature?: boolean;
perChannelMaxNoteCacheCount?: number;
@ -162,6 +163,7 @@ export type Config = {
proxyRemoteFiles: boolean | undefined;
customMOTD: string[] | undefined;
signToActivityPubGet: boolean;
attachLdSignatureForRelays: boolean;
checkActivityPubGetSignature: boolean | undefined;
version: string;
@ -299,6 +301,7 @@ export function loadConfig(): Config {
proxyRemoteFiles: config.proxyRemoteFiles,
customMOTD: config.customMOTD,
signToActivityPubGet: config.signToActivityPubGet ?? true,
attachLdSignatureForRelays: config.attachLdSignatureForRelays ?? true,
checkActivityPubGetSignature: config.checkActivityPubGetSignature,
mediaProxy: externalMediaProxy ?? internalMediaProxy,
externalMediaProxyEnabled: externalMediaProxy !== null && externalMediaProxy !== internalMediaProxy,

7
packages/backend/src/core/activitypub/ApRendererService.ts
View file

@ -793,6 +793,13 @@ export class ApRendererService {
@bindThis
public async attachLdSignature(activity: any, user: { id: MiUser['id']; host: null; }): Promise<IActivity> {
// Linked Data signatures are cryptographic signatures attached to each activity to provide proof of authenticity.
// When using authorized fetch, this is often undesired as any signed activity can be forwarded to a blocked instance by relays and other instances.
// This setting allows admins to disable LD signatures for increased privacy, at the expense of fewer relayed activities and additional inbound fetch (GET) requests.
if (!this.config.attachLdSignatureForRelays) {
return activity;
}
const keypair = await this.userKeypairService.getUserKeypair(user.id);
const jsonLd = this.jsonLdService.use();