1618b68bfa
* Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
83 lines
1.8 KiB
Ruby
83 lines
1.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class Pubsubhubbub::DeliveryWorker
|
|
include Sidekiq::Worker
|
|
include RoutingHelper
|
|
|
|
sidekiq_options queue: 'push', retry: 3, dead: false
|
|
|
|
sidekiq_retry_in do |count|
|
|
5 * (count + 1)
|
|
end
|
|
|
|
attr_reader :subscription, :payload
|
|
|
|
def perform(subscription_id, payload)
|
|
@subscription = Subscription.find(subscription_id)
|
|
@payload = payload
|
|
process_delivery unless blocked_domain?
|
|
end
|
|
|
|
private
|
|
|
|
def process_delivery
|
|
payload_delivery
|
|
|
|
raise "Delivery failed for #{subscription.callback_url}: HTTP #{payload_delivery.code}" unless response_successful?
|
|
|
|
subscription.touch(:last_successful_delivery_at)
|
|
end
|
|
|
|
def payload_delivery
|
|
@_payload_delivery ||= callback_post_payload
|
|
end
|
|
|
|
def callback_post_payload
|
|
request = Request.new(:post, subscription.callback_url, body: payload)
|
|
request.add_headers(headers)
|
|
request.perform
|
|
end
|
|
|
|
def blocked_domain?
|
|
DomainBlock.blocked?(host)
|
|
end
|
|
|
|
def host
|
|
Addressable::URI.parse(subscription.callback_url).normalize.host
|
|
end
|
|
|
|
def headers
|
|
{
|
|
'Content-Type' => 'application/atom+xml',
|
|
'Link' => link_header,
|
|
}.merge(signature_headers.to_h)
|
|
end
|
|
|
|
def link_header
|
|
LinkHeader.new([hub_link_header, self_link_header]).to_s
|
|
end
|
|
|
|
def hub_link_header
|
|
[api_push_url, [%w(rel hub)]]
|
|
end
|
|
|
|
def self_link_header
|
|
[account_url(subscription.account, format: :atom), [%w(rel self)]]
|
|
end
|
|
|
|
def signature_headers
|
|
{ 'X-Hub-Signature' => payload_signature } if subscription.secret?
|
|
end
|
|
|
|
def payload_signature
|
|
"sha1=#{hmac_payload_digest}"
|
|
end
|
|
|
|
def hmac_payload_digest
|
|
OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha1'), subscription.secret, payload)
|
|
end
|
|
|
|
def response_successful?
|
|
payload_delivery.code > 199 && payload_delivery.code < 300
|
|
end
|
|
end
|