add signature verify

ahnlabcloudmatelabs · Oct 26, 2023 · 5ddf267 · 5ddf267
1 parent 0c2d235
commit 5ddf267
Show file tree

Hide file tree

Showing 8 changed files with 886 additions and 1 deletion.
diff --git a/.github/workflows/gotest.yml b/.github/workflows/gotest.yml
@@ -0,0 +1,22 @@
+name: Go Test
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: [ '1.21.x' ]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Go ${{ matrix.go-version }}
+        uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+
+      - name: Test
+        run: go test test/*.go
diff --git a/README.md b/README.md
@@ -10,6 +10,8 @@
 
 ![Golang](https://img.shields.io/badge/Go-00ADD8?style=for-the-badge&logo=go&logoColor=white)
 
+[![Go Test](https://github.com/cloudmatelabs/go-activitypub-signature-header/actions/workflows/gotest.yml/badge.svg)](https://github.com/cloudmatelabs/go-activitypub-signature-header/actions/workflows/gotest.yml)
+
 </div>
 
 ## Install
@@ -20,10 +22,13 @@ go get -u github.com/cloudmatelabs/go-activitypub-signature-header
 
 ## Introduce
 
-This library is generate `Signature` header for the connect with ActivityPub federations  
+This library is generate `Signature` header for the connect with ActivityPub federations.  
+And verify the `Signature` header.
 
 ## Usage
 
+### Sign `Signature` header
+
 ```go
 import (
   "crypto"
@@ -75,6 +80,40 @@ resty.New().R().
   Post("https://" + host + path)
 ```
 
+### Verify `Signature` header
+
+```go
+import (
+  signature_header "github.com/cloudmatelabs/go-activitypub-signature-header"
+)
+
+verifier := signature_header.Verifier{
+  Method: "POST",
+  URL: "https://snippet.social/@juunini/inbox",
+  Headers: map[string]string{
+    "Signature": "...",
+    "Host": "...",
+    "Date": "...",
+    "Digest": "...",
+    "Authorization": "...",
+    "...": "...",
+  },
+}
+
+// Recommended
+err := verifier.VerifyWithPublicKey(publicKey)
+err := verifier.VerifyWithPublicKeyStr(publicKeyStr)
+
+// You can use, but not recommended
+err := verifier.VerifyWithActor("https://yodangang.express/@juunini")
+err := verifier.VerifyWithBody([]byte("{...}"))
+```
+
 ## License
 
 [MIT](LICENSE)
+
+But, this library use [httpsig].  
+[httpsig] is licensed under the [BSD 3-Clause License](https://github.com/go-fed/httpsig/blob/master/LICENSE)
+
+[httpsig]: https://github.com/go-fed/httpsig
diff --git a/go.mod b/go.mod
@@ -1,3 +1,12 @@
 module github.com/cloudmatelabs/go-activitypub-signature-header
 
 go 1.21.3
+
+require (
+	github.com/cloudmatelabs/go-jsonld-helper v0.0.2 // indirect
+	github.com/go-fed/httpsig v1.1.0 // indirect
+	github.com/piprate/json-gold v0.5.0 // indirect
+	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
+	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 // indirect
+	golang.org/x/sys v0.0.0-20190412213103-97732733099d // indirect
+)
diff --git a/go.sum b/go.sum
@@ -0,0 +1,16 @@
+github.com/cloudmatelabs/go-jsonld-helper v0.0.2 h1:nVKR1bfpW4F6hUZwWvFdAE0W7e7mewLPxPssQ5M4k8k=
+github.com/cloudmatelabs/go-jsonld-helper v0.0.2/go.mod h1:NrvLr7NuZX60USOVLVdw3ckUBobvK4QPsgWVfaTRDos=
+github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI=
+github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM=
+github.com/piprate/json-gold v0.5.0 h1:RmGh1PYboCFcchVFuh2pbSWAZy4XJaqTMU4KQYsApbM=
+github.com/piprate/json-gold v0.5.0/go.mod h1:WZ501QQMbZZ+3pXFPhQKzNwS1+jls0oqov3uQ2WasLs=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
+github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=