diff options
author | silverwind <me@silverwind.io> | 2023-07-09 13:58:06 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-09 11:58:06 +0000 |
commit | 887a683af97b570a0fb117068c980f3086133ae4 (patch) | |
tree | c9d5d41c40a9d2fbeb40a8be27a60d5c13132b69 /routers/api/v1/activitypub | |
parent | 115f40e43368fefc776232a2df289b2fcadbb11d (diff) | |
download | gitea-887a683af97b570a0fb117068c980f3086133ae4.tar.gz gitea-887a683af97b570a0fb117068c980f3086133ae4.zip |
Update tool dependencies, lock govulncheck and actionlint (#25655)
- Update all tool dependencies
- Lock `govulncheck` and `actionlint` to their latest tags
---------
Co-authored-by: 6543 <m.huber@kithara.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Diffstat (limited to 'routers/api/v1/activitypub')
-rw-r--r-- | routers/api/v1/activitypub/reqsignature.go | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/routers/api/v1/activitypub/reqsignature.go b/routers/api/v1/activitypub/reqsignature.go index 2d945c27a5..3f60ed7776 100644 --- a/routers/api/v1/activitypub/reqsignature.go +++ b/routers/api/v1/activitypub/reqsignature.go @@ -25,19 +25,16 @@ func getPublicKeyFromResponse(b []byte, keyID *url.URL) (p crypto.PublicKey, err person := ap.PersonNew(ap.IRI(keyID.String())) err = person.UnmarshalJSON(b) if err != nil { - err = fmt.Errorf("ActivityStreams type cannot be converted to one known to have publicKey property: %w", err) - return + return nil, fmt.Errorf("ActivityStreams type cannot be converted to one known to have publicKey property: %w", err) } pubKey := person.PublicKey if pubKey.ID.String() != keyID.String() { - err = fmt.Errorf("cannot find publicKey with id: %s in %s", keyID, string(b)) - return + return nil, fmt.Errorf("cannot find publicKey with id: %s in %s", keyID, string(b)) } pubKeyPem := pubKey.PublicKeyPem block, _ := pem.Decode([]byte(pubKeyPem)) if block == nil || block.Type != "PUBLIC KEY" { - err = fmt.Errorf("could not decode publicKeyPem to PUBLIC KEY pem block type") - return + return nil, fmt.Errorf("could not decode publicKeyPem to PUBLIC KEY pem block type") } p, err = x509.ParsePKIXPublicKey(block.Bytes) return p, err @@ -49,13 +46,12 @@ func fetch(iri *url.URL) (b []byte, err error) { req.Header("User-Agent", "Gitea/"+setting.AppVer) resp, err := req.Response() if err != nil { - return + return nil, err } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - err = fmt.Errorf("url IRI fetch [%s] failed with status (%d): %s", iri, resp.StatusCode, resp.Status) - return + return nil, fmt.Errorf("url IRI fetch [%s] failed with status (%d): %s", iri, resp.StatusCode, resp.Status) } b, err = io.ReadAll(io.LimitReader(resp.Body, setting.Federation.MaxSize)) return b, err @@ -67,21 +63,21 @@ func verifyHTTPSignatures(ctx *gitea_context.APIContext) (authenticated bool, er // 1. Figure out what key we need to verify v, err := httpsig.NewVerifier(r) if err != nil { - return + return false, err } ID := v.KeyId() idIRI, err := url.Parse(ID) if err != nil { - return + return false, err } // 2. Fetch the public key of the other actor b, err := fetch(idIRI) if err != nil { - return + return false, err } pubKey, err := getPublicKeyFromResponse(b, idIRI) if err != nil { - return + return false, err } // 3. Verify the other actor's key algo := httpsig.Algorithm(setting.Federation.Algorithms[0]) |