Add ActivityPub secure mode (#11269)

* Add HTTP signature requirement for served ActivityPub resources * Change `SECURE_MODE` to `AUTHORIZED_FETCH` * Add 'Signature' to 'Vary' header and improve code style * Improve code style by adding `public_fetch_mode?` method
2019-07-11 20:11:09 +02:00 · 2019-07-11 20:11:09 +02:00 · 5bf67ca913
commit 5bf67ca913
parent 4e1260feaa
14 changed files with 89 additions and 34 deletions
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@ -8,11 +8,12 @@ class StatusesController < ApplicationController

  layout 'public'

+  before_action :require_signature!, only: :show, if: -> { request.format == :json && authorized_fetch_mode? }
  before_action :set_status
  before_action :set_instance_presenter
  before_action :set_link_headers
-  before_action :redirect_to_original, only: [:show]
-  before_action :set_referrer_policy_header, only: [:show]
+  before_action :redirect_to_original, only: :show
+  before_action :set_referrer_policy_header, only: :show
  before_action :set_cache_headers
  before_action :set_body_classes
  before_action :set_autoplay, only: :embed
@ -30,14 +31,14 @@ class StatusesController < ApplicationController
      end

      format.json do
-        expires_in 3.minutes, public: @status.distributable?
+        expires_in 3.minutes, public: @status.distributable? && public_fetch_mode?
        render json: @status, content_type: 'application/activity+json', serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter
      end
    end
  end

  def activity
-    expires_in 3.minutes, public: @status.distributable?
+    expires_in 3.minutes, public: @status.distributable? && public_fetch_mode?
    render json: @status, content_type: 'application/activity+json', serializer: ActivityPub::ActivitySerializer, adapter: ActivityPub::Adapter
  end