patches/5spoof.diff


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

diff --git a/config/config.exs b/config/config.exs
index 5d2e3b5ea1a3821629bc3025c1992c3cc21ff2f5..643e77c176e8dec2c304403a4240df8d77c19999 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -362,7 +362,13 @@
   follow_handshake_timeout: 500,
   note_replies_output_limit: 5,
   sign_object_fetches: true,
-  authorized_fetch_mode: false
+  authorized_fetch_mode: false,
+  spoof_object_fetch_signatures: false,
+  spoofed_key: "-----BEGIN RSA PRIVATE KEY-----
+overwrite this with your internal.fetch key rippen from donor instance DB
+yes, just like that, newlines are important
+-----END RSA PRIVATE KEY-----",
+  spoofed_instance: "https://funnydomain.example"
 
 config :pleroma, :streamer,
   workers: 3,
diff --git a/lib/pleroma/object/fetcher.ex b/lib/pleroma/object/fetcher.ex
index deb3dc711598fb94dcee37a04bd1e55317fa5b88..6bc8d8ed71dd3e8a373eaf1420227c9c072bba5c 100644
--- a/lib/pleroma/object/fetcher.ex
+++ b/lib/pleroma/object/fetcher.ex
@@ -3,7 +3,10 @@
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Object.Fetcher do
+  @behaviour HTTPSignatures.Adapter
+
   alias Pleroma.HTTP
+  alias Pleroma.Keys
   alias Pleroma.Maps
   alias Pleroma.Object
   alias Pleroma.Object.Containment
@@ -161,13 +164,31 @@ def fetch_object_from_id!(id, options \\ []) do
   defp make_signature(id, date) do
     uri = URI.parse(id)
 
-    signature =
+    spoofed_pem = Pleroma.Config.get([:activitypub, :spoofed_key])
+    # workaround for syntax shite disallowing me from defining signature in "if" block
+    spoofed_key = if Pleroma.Config.get([:activitypub, :spoof_object_fetch_signatures]) do
+      with {:ok, private_key, _} <- Keys.keys_from_pem(spoofed_pem) do
+        private_key
+      end
+    else
+      ""
+    end
+    spoofed_instance = Pleroma.Config.get([:activitypub, :spoofed_instance])
+
+    signature = if Pleroma.Config.get([:activitypub, :spoof_object_fetch_signatures]) do
+      HTTPSignatures.sign(spoofed_key, spoofed_instance <> "/internal/fetch#main-key", %{
+        "(request-target)": "get #{uri.path}",
+        host: uri.host,
+        date: date
+      })
+    else
       InternalFetchActor.get_actor()
       |> Signature.sign(%{
         "(request-target)": "get #{uri.path}",
         host: uri.host,
         date: date
       })
+    end
 
     {"signature", signature}
   end