-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support peertube #40
Comments
Tried adding a comment, no luck, bummer - it crashes out heavily :) |
thanks for testing! i've fixed that bug. we now get a 400 from peertube on the AP request. body below. they're not looking in HTTP headers for our signature, or they're looking in the wrong place, or somehow else they expect a different flavor of HTTP Signature than we currently have working with Mastodon. background:
{
"errors": {
"signature.type": {
"location": "body",
"param": "signature.type",
"msg": "Should have a valid signature type"
},
"signature.created": {
"location": "body",
"param": "signature.created",
"msg": "Should have a valid signature created date"
},
"signature.creator": {
"location": "body",
"param": "signature.creator",
"msg": "Should have a valid signature creator"
},
"signature.signatureValue": {
"location": "body",
"param": "signature.signatureValue",
"msg": "Should have a valid signature value"
}
}
} |
Yes, when sending the signature in the body, I can get past validation, but then I'm greeted with a 500 response :) We'll have to ping jacky to see if he sees anything in the logs which might be useful. |
This looks like the bit here:
|
@swentel errors look basically the same. i suspect they may not support rsa-sha256? any idea which algorithms they do support? or do you think i'm misinterpreting? |
Lemme ask on IRC; it'd be weird if the algo wasn't supported |
IRC might take a while but PeerTube uses |
Yeah so the upper library |
Hi, I'm the developer of peertube. Could you copy the body of your request so I can investigate? If you use HTTP signature (that peertube supports), you don't need to add the |
@Chocobozzz Hey, thanks for jumping in here! Interestingly enough, I'm getting 403 now with or without 'signature' in the header or when I omit signature params from the body. So this is what I'm sending: Headers
Object
If I do not send the signature params, I'm getting the 403 error response now, so it looks like it might be the signature now ?
This is what I got yesterday when for instance signature.type was missing in the body (and no signature in the header)
|
We did some quick debugging on IRC to peertube2.cpy.re, and it looked like the actor object wasn't valid which I was sending. The validation can be seen at https://github.com/Chocobozzz/PeerTube/blob/develop/server/helpers/custom-validators/activitypub/actor.ts#L44 So I experimented a bit with the actor object and sending this now (some urls don't exist, but it seems the validators simply check whether the URL is valid, don't actually do a request), but still 403.
|
@swentel The object behind https://fed.brid.gy/realize.be should be in this format too |
@Chocobozzz hmm which object/property do you mean exactly ? |
This object:
It is missing |
Oh ok, makes sense. I can't control the output of that one sadly enough, that's something that @snarfed will have to add then. |
@Chocobozzz thanks for looking at this! fwiw, AP technically says that
...having said that, though, do you actually need or use those properties to accept an incoming federated post? or does your AP library just validate overly strictly and require them? if you don't use them, any chance you could relax your AP code or library a bit? thanks again for looking! |
i added the example from https://fed.brid.gy/realize.be : {
"@context": "https://www.w3.org/ns/activitystreams",
"type": "Person",
"id": "https://fed.brid.gy/realize.be",
"inbox": "https://fed.brid.gy/realize.be/inbox",
"outbox": "https://fed.brid.gy/realize.be/outbox",
"followers": "https://fed.brid.gy/realize.be/followers",
"following": "https://fed.brid.gy/realize.be/following",
"..."
} |
@snarfed tried it, but is now a 403 at the inbox, will have to check with @Chocobozzz to see what else we're missing. |
Don't hesitate to come on #peertube (freenode) so we can test the federation. If you have a 403 it means peertube rejected the signature. |
for #40. they currently both point to endpoint URLs that don't actually work yet, just like the recently added outbox field.
I tried federating this like to this video on video.antopie.org (running PeerTube v5.0.1) just now, and got this HTTP 403 error: {
"type": "about:blank",
"title": "Forbidden",
"detail": "(request-target) was not a signed header",
"status": 403,
"error": "(request-target) was not a signed header"
} Bridgy Fed log here. Here's the full AS2 object we sent: {
"published": "2023-01-17T13:57:26-08:00",
"content": "likes <a class=\"u-like u-like-of\" href=\"https://video.antopie.org/w/2SwQSiFef99ewJXSnZpyqW\">Imagine \u2013 Playing For Change \u2013 Song Around The World (John Lennon) \u2013 AntTube</a>",
"url": "https://fed.brid.gy/r/https://snarfed.org/2023-01-17_imagine-playing-for-change-song-around-the-world-john-lennon-anttube",
"actor": {
"url": "https://fed.brid.gy/r/https://snarfed.org/",
"image": {
"url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g",
"type": "Image"
},
"type": "Person",
"name": "Ryan Barrett",
"icon": {
"url": "https://secure.gravatar.com/avatar/947b5f3f323da0ef785b6f02d9c265d6?s=96&d=blank&r=g",
"type": "Image"
},
"id": "https://fed.brid.gy/snarfed.org",
"preferredUsername": "[snarfed.org](http://snarfed.org/)"
},
"@context": "https://www.w3.org/ns/activitystreams",
"type": "Like",
"object": "https://video.antopie.org/videos/watch/0f2755a5-1c4f-4c55-bef4-4fce00a8766e",
"id": "https://fed.brid.gy/r/https://snarfed.org/2023-01-17_imagine-playing-for-change-song-around-the-world-john-lennon-anttube",
"cc": [
"https://video.antopie.org/accounts/observatoire_des_armements",
"https://video.antopie.org/video-channels/desarmement",
"https://www.w3.org/ns/activitystreams#Public",
"https://video.antopie.org/accounts/observatoire_des_armements/followers"
],
"to": [
"https://www.w3.org/ns/activitystreams#Public"
]
} |
Looks like the error here is that the |
Evidently it's a special HTTP Signatures thing? And the spec does require it to be included. OK then.
|
Added |
Closing, we now have at least some basic federation with Peertube working. |
for #40, special synthetic HTTP header for HTTP Signatures, required by Peertube. https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12#section-2.3
https://github.com/Chocobozzz/PeerTube
https://docs.joinpeertube.org/lang/en/devdocs/federation.html
apparently it can communicate with mastodon, so sounds hopeful :)
The text was updated successfully, but these errors were encountered: