HTTP signatures (#4146)

* Add Request class with HTTP signature generator

Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06

* Add HTTP signature verification concern

* Add test for SignatureVerification concern

* Add basic test for Request class

* Make PuSH subscribe/unsubscribe requests use new Request class

Accidentally fix lease_seconds not being set and sent properly, and
change the new minimum subscription duration to 1 day

* Make all PuSH workers use new Request class

* Make Salmon sender use new Request class

* Make FetchLinkService use new Request class

* Make FetchAtomService use the new Request class

* Make Remotable use the new Request class

* Make ResolveRemoteAccountService use the new Request class

* Add more tests

* Allow +-30 seconds window for signed request to remain valid

* Disable time window validation for signed requests, restore 7 days
as PuSH subscription duration (which was previous default due to a bug)

This commit is contained in:

Eugen Rochko

2017-07-14 20:41:49 +02:00

• committed by

GitHub

parent c1f201c49a

commit 1618b68bfa

23 changed files with 379 additions and 90 deletions

									
										4

app/models/subscription.rb
									
										View file
										
				@ -16,8 +16,8 @@

				#

				class Subscription < ApplicationRecord

				  MIN_EXPIRATION = 7.days.seconds.to_i

				  MAX_EXPIRATION = 30.days.seconds.to_i

				  MIN_EXPIRATION = 1.day.to_i

				  MAX_EXPIRATION = 30.days.to_i

				  belongs_to :account, required: true

Rows
Columns

HTTP signatures (#4146)

4 app/models/subscription.rb Unescape Escape View file

4

app/models/subscription.rb

View file