2019-03-27 14:15:23 +03:00
module code . gitea . io / gitea
2022-06-10 06:34:41 +03:00
go 1.18
2019-03-27 14:15:23 +03:00
require (
2022-02-07 00:45:00 +03:00
code . gitea . io / gitea - vet v0 . 2.2 - 0.20220122151748 - 48 ebc902541b
2022-01-05 07:51:12 +03:00
code . gitea . io / sdk / gitea v0 . 15.1
2022-09-02 00:13:17 +03:00
codeberg . org / gusted / mcaptcha v0 . 0.0 - 20220723083913 - 4 f3072e1d570
2022-03-09 21:06:58 +03:00
gitea . com / go - chi / binding v0 . 0.0 - 20220309004920 - 114340 dabecb
2022-05-15 21:43:27 +03:00
gitea . com / go - chi / cache v0 . 2.0
2021-10-14 05:50:23 +03:00
gitea . com / go - chi / captcha v0 . 0.0 - 20211013065431 - 70641 c1a35d5
2021-12-20 17:12:26 +03:00
gitea . com / go - chi / session v0 . 0.0 - 20211218221615 - e3605d8b28b8
2022-09-02 00:13:17 +03:00
gitea . com / lunny / dingtalk_webhook v0 . 0.0 - 20171025031554 - e3534c89ef96
2022-07-29 14:41:13 +03:00
gitea . com / lunny / levelqueue v0 . 4.2 - 0.20220729054728 - f020868cc2f7
2021-12-19 08:37:18 +03:00
github . com / 42 wim / sshsig v0 . 0.0 - 20211121163825 - 841 cf5bbc121
2021-01-26 18:36:53 +03:00
github . com / NYTimes / gziphandler v1 . 1.1
2022-03-08 14:15:30 +03:00
github . com / PuerkitoBio / goquery v1 . 8.0
2022-09-26 08:50:03 +03:00
github . com / alecthomas / chroma / v2 v2 . 3.0
2022-10-01 16:49:30 +03:00
github . com / blevesearch / bleve / v2 v2 . 3.4
2022-09-02 00:13:17 +03:00
github . com / buildkite / terminal - to - html / v3 v3 . 7.0
2022-10-01 16:49:30 +03:00
github . com / caddyserver / certmagic v0 . 17.2
2021-03-16 01:27:28 +03:00
github . com / chi - middleware / proxy v1 . 1.1
2022-09-02 00:13:17 +03:00
github . com / denisenkom / go - mssqldb v0 . 12.2
2021-06-21 01:00:46 +03:00
github . com / djherbis / buffer v1 . 2.0
github . com / djherbis / nio / v3 v3 . 0.1
2022-09-02 00:13:17 +03:00
github . com / duo - labs / webauthn v0 . 0.0 - 20220815211337 - 00 c9fb5711f5
2020-02-03 22:50:37 +03:00
github . com / dustin / go - humanize v1 . 0.0
2022-09-02 00:13:17 +03:00
github . com / editorconfig / editorconfig - core - go / v2 v2 . 4.5
2022-05-10 13:32:42 +03:00
github . com / emirpasic / gods v1 . 18.1
2022-03-08 14:15:30 +03:00
github . com / ethantkoenig / rupture v1 . 0.1
2022-09-02 00:13:17 +03:00
github . com / felixge / fgprof v0 . 9.3
2022-08-28 12:43:25 +03:00
github . com / fsnotify / fsnotify v1 . 5.4
2022-09-02 00:13:17 +03:00
github . com / gliderlabs / ssh v0 . 3.5
2022-10-01 16:49:30 +03:00
github . com / go - ap / activitypub v0 . 0.0 - 20220917143152 - e4e7018838c0
github . com / go - ap / jsonld v0 . 0.0 - 20220917142617 - 76 bf51585778
2022-03-08 14:15:30 +03:00
github . com / go - chi / chi / v5 v5 . 0.7
2022-05-10 13:32:42 +03:00
github . com / go - chi / cors v1 . 2.1
github . com / go - enry / go - enry / v2 v2 . 8.2
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 08:25:12 +03:00
github . com / go - fed / httpsig v1 . 1.1 - 0.20201223112313 - 55836744818 e
2021-06-10 17:44:25 +03:00
github . com / go - git / go - billy / v5 v5 . 3.1
2022-09-02 00:13:17 +03:00
github . com / go - git / go - git / v5 v5 . 4.3 - 0.20220529141257 - bc1f419cebcf
github . com / go - ldap / ldap / v3 v3 . 4.4
2022-03-30 22:12:02 +03:00
github . com / go - redis / redis / v8 v8 . 11.5
2021-04-23 03:08:53 +03:00
github . com / go - sql - driver / mysql v1 . 6.0
2022-10-01 16:49:30 +03:00
github . com / go - swagger / go - swagger v0 . 30.3
2022-09-02 00:13:17 +03:00
github . com / go - testfixtures / testfixtures / v3 v3 . 8.1
2019-09-09 08:48:21 +03:00
github . com / gobwas / glob v0 . 2.3
2022-03-08 14:15:30 +03:00
github . com / gogs / chardet v0 . 0.0 - 20211120154057 - b7413eaefb8f
2019-07-16 03:13:03 +03:00
github . com / gogs / cron v0 . 0.0 - 20171120032916 - 9 f6c956d3e14
2021-02-01 07:49:25 +03:00
github . com / gogs / go - gogs - client v0 . 0.0 - 20210131175652 - 1 d7215cd8d85
2022-09-02 00:13:17 +03:00
github . com / golang - jwt / jwt / v4 v4 . 4.2
2022-10-01 16:49:30 +03:00
github . com / google / go - github / v45 v45 . 2.0
2022-09-02 00:13:17 +03:00
github . com / google / pprof v0 . 0.0 - 20220829040838 - 70 bd9ae97f40
2022-01-22 20:01:40 +03:00
github . com / google / uuid v1 . 3.0
2021-10-16 17:21:16 +03:00
github . com / gorilla / feeds v1 . 1.1
2021-11-03 03:33:54 +03:00
github . com / gorilla / sessions v1 . 2.1
2022-10-01 16:49:30 +03:00
github . com / hashicorp / go - version v1 . 6.0
2021-07-04 05:06:10 +03:00
github . com / hashicorp / golang - lru v0 . 5.4
2020-10-16 08:06:27 +03:00
github . com / huandu / xstrings v1 . 3.2
2022-03-08 14:15:30 +03:00
github . com / jaytaylor / html2text v0 . 0.0 - 20211105163654 - bc68cce691ba
2022-02-06 23:38:14 +03:00
github . com / json - iterator / go v1 . 1.12
2020-11-06 21:41:42 +03:00
github . com / kballard / go - shellquote v0 . 0.0 - 20180428030007 - 95032 a82bc51
2020-02-11 21:58:23 +03:00
github . com / keybase / go - crypto v0 . 0.0 - 20200123153347 - de78d2cb44f4
2022-10-01 16:49:30 +03:00
github . com / klauspost / compress v1 . 15.11
2022-09-02 00:13:17 +03:00
github . com / klauspost / cpuid / v2 v2 . 1.1
2022-10-01 16:49:30 +03:00
github . com / lib / pq v1 . 10.7
2022-09-02 00:13:17 +03:00
github . com / markbates / goth v1 . 73.0
github . com / mattn / go - isatty v0 . 0.16
2022-10-01 16:49:30 +03:00
github . com / mattn / go - sqlite3 v1 . 14.15
2022-03-08 14:15:30 +03:00
github . com / mholt / archiver / v3 v3 . 5.1
2022-09-28 05:02:41 +03:00
github . com / microcosm - cc / bluemonday v1 . 0.20
2022-10-01 16:49:30 +03:00
github . com / minio / minio - go / v7 v7 . 0.39
github . com / msteinert / pam v1 . 1.0
2020-09-06 22:53:33 +03:00
github . com / nfnt / resize v0 . 0.0 - 20180221191011 - 83 c6a9932646
2022-09-02 00:13:17 +03:00
github . com / niklasfasching / go - org v1 . 6.5
2019-05-25 14:46:14 +03:00
github . com / oliamb / cutter v0 . 2.2
2022-05-10 13:32:42 +03:00
github . com / olivere / elastic / v7 v7 . 0.32
2020-04-03 22:29:12 +03:00
github . com / pkg / errors v0 . 9.1
2021-01-28 19:56:38 +03:00
github . com / pquerna / otp v1 . 3.0
2022-09-02 00:13:17 +03:00
github . com / prometheus / client_golang v1 . 13.0
2022-03-08 14:15:30 +03:00
github . com / quasoft / websspi v1 . 1.2
2022-10-01 16:49:30 +03:00
github . com / santhosh - tekuri / jsonschema / v5 v5 . 0.1
2021-04-23 03:08:53 +03:00
github . com / sergi / go - diff v1 . 2.0
2020-10-16 08:06:27 +03:00
github . com / shurcooL / vfsgen v0 . 0.0 - 20200824052919 - 0 d455de96546
2022-09-02 00:13:17 +03:00
github . com / stretchr / testify v1 . 8.0
2020-09-28 00:09:46 +03:00
github . com / syndtr / goleveldb v1 . 0.0
2019-03-27 14:15:23 +03:00
github . com / tstranex / u2f v1 . 0.0
2022-09-02 00:13:17 +03:00
github . com / unrolled / render v1 . 5.0
2022-10-01 16:49:30 +03:00
github . com / urfave / cli v1 . 22.10
2022-09-02 00:13:17 +03:00
github . com / xanzy / go - gitlab v0 . 73.1
2020-05-10 11:53:04 +03:00
github . com / yohcop / openid - go v1 . 0.0
2022-10-01 16:49:30 +03:00
github . com / yuin / goldmark v1 . 5.2
2022-09-26 08:50:03 +03:00
github . com / yuin / goldmark - highlighting / v2 v2 . 0.0 - 20220924101305 - 151362477 c87
2022-03-08 14:15:30 +03:00
github . com / yuin / goldmark - meta v1 . 1.0
2020-10-03 06:37:53 +03:00
go . jolheiser . com / hcaptcha v0 . 0.4
2020-09-09 01:06:39 +03:00
go . jolheiser . com / pwn v0 . 0.3
2022-10-01 16:49:30 +03:00
golang . org / x / crypto v0 . 0.0 - 20220926161630 - eccd6366d1be
2022-09-28 05:02:41 +03:00
golang . org / x / net v0 . 0.0 - 20220927171203 - f486391704dc
2022-10-01 16:49:30 +03:00
golang . org / x / oauth2 v0 . 0.0 - 20220909003341 - f21342109be1
golang . org / x / sys v0 . 0.0 - 20220928140112 - f11e5e49a4ec
2021-08-24 01:07:40 +03:00
golang . org / x / text v0 . 3.7
2022-09-02 00:13:17 +03:00
golang . org / x / tools v0 . 1.12
2019-03-27 14:15:23 +03:00
gopkg . in / gomail . v2 v2 . 0.0 - 20160411212932 - 81 ebce5c23df
2022-09-02 00:13:17 +03:00
gopkg . in / ini . v1 v1 . 67.0
2021-01-28 19:56:38 +03:00
gopkg . in / yaml . v2 v2 . 4.0
2022-09-13 19:33:37 +03:00
gopkg . in / yaml . v3 v3 . 0.1
2022-03-08 14:15:30 +03:00
mvdan . cc / xurls / v2 v2 . 4.0
2019-10-08 22:48:57 +03:00
strk . kbt . io / projects / go / libravatar v0 . 0.0 - 20191008002943 - 06 d1c002b251
2022-06-04 22:18:50 +03:00
xorm . io / builder v0 . 3.11
2022-07-14 21:40:30 +03:00
xorm . io / xorm v1 . 3.2 - 0.20220714055524 - c3bce556200f
2019-03-27 14:15:23 +03:00
)
2020-09-06 03:44:34 +03:00
2022-03-16 07:08:31 +03:00
require (
2022-09-02 00:13:17 +03:00
cloud . google . com / go / compute v1 . 7.0 / / indirect
git . sr . ht / ~ mariusor / go - xsd - duration v0 . 0.0 - 20220703122237 - 02 e73435a078 / / indirect
github . com / Azure / go - ntlmssp v0 . 0.0 - 20220621081337 - cb9428e4ac1e / / indirect
github . com / Masterminds / goutils v1 . 1.1 / / indirect
github . com / Masterminds / semver / v3 v3 . 1.1 / / indirect
github . com / Masterminds / sprig / v3 v3 . 2.2 / / indirect
2022-10-01 16:49:30 +03:00
github . com / Microsoft / go - winio v0 . 6.0 / / indirect
github . com / ProtonMail / go - crypto v0 . 0.0 - 20220930113650 - c6815a8c17ad / / indirect
github . com / RoaringBitmap / roaring v1 . 2.1 / / indirect
2022-03-16 07:08:31 +03:00
github . com / acomagu / bufpipe v1 . 0.3 / / indirect
github . com / andybalholm / brotli v1 . 0.4 / / indirect
github . com / andybalholm / cascadia v1 . 3.1 / / indirect
github . com / anmitsu / go - shlex v0 . 0.0 - 20200514113438 - 38 f4b401e2be / / indirect
github . com / asaskevich / govalidator v0 . 0.0 - 20210307081110 - f21760c49a8d / / indirect
github . com / aymerick / douceur v0 . 2.0 / / indirect
github . com / beorn7 / perks v1 . 0.1 / / indirect
github . com / bgentry / speakeasy v0 . 1.0 / / indirect
2022-10-01 16:49:30 +03:00
github . com / bits - and - blooms / bitset v1 . 3.3 / / indirect
github . com / blevesearch / bleve_index_api v1 . 0.3 / / indirect
github . com / blevesearch / geo v0 . 1.14 / / indirect
2022-03-16 07:08:31 +03:00
github . com / blevesearch / go - porterstemmer v1 . 0.3 / / indirect
2022-05-10 13:32:42 +03:00
github . com / blevesearch / gtreap v0 . 1.1 / / indirect
2022-10-01 16:49:30 +03:00
github . com / blevesearch / mmap - go v1 . 0.4 / / indirect
github . com / blevesearch / scorch_segment_api / v2 v2 . 1.2 / / indirect
2022-03-16 07:08:31 +03:00
github . com / blevesearch / segment v0 . 9.0 / / indirect
github . com / blevesearch / snowballstem v0 . 9.0 / / indirect
github . com / blevesearch / upsidedown_store_api v1 . 0.1 / / indirect
2022-10-01 16:49:30 +03:00
github . com / blevesearch / vellum v1 . 0.8 / / indirect
github . com / blevesearch / zapx / v11 v11 . 3.5 / / indirect
github . com / blevesearch / zapx / v12 v12 . 3.5 / / indirect
github . com / blevesearch / zapx / v13 v13 . 3.5 / / indirect
github . com / blevesearch / zapx / v14 v14 . 3.5 / / indirect
github . com / blevesearch / zapx / v15 v15 . 3.5 / / indirect
2022-03-16 07:08:31 +03:00
github . com / boombuler / barcode v1 . 0.1 / / indirect
github . com / bradfitz / gomemcache v0 . 0.0 - 20190913173617 - a41fca850d0b / / indirect
github . com / census - instrumentation / opencensus - proto v0 . 3.0 / / indirect
github . com / cespare / xxhash / v2 v2 . 1.2 / / indirect
github . com / cloudflare / cfssl v1 . 6.1 / / indirect
2022-09-02 00:13:17 +03:00
github . com / cloudflare / circl v1 . 2.0 / / indirect
2022-03-16 07:08:31 +03:00
github . com / cncf / udpa / go v0 . 0.0 - 20210930031921 - 04548 b0d99d4 / / indirect
github . com / cncf / xds / go v0 . 0.0 - 20211130200136 - a8f946100490 / / indirect
github . com / coreos / go - semver v0 . 3.0 / / indirect
github . com / coreos / go - systemd / v22 v22 . 3.2 / / indirect
github . com / couchbase / go - couchbase v0 . 0.0 - 20210224140812 - 5740 cd35f448 / / indirect
github . com / couchbase / gomemcached v0 . 1.2 / / indirect
github . com / couchbase / goutils v0 . 0.0 - 20210118111533 - e33d3ffb5401 / / indirect
2022-05-10 13:32:42 +03:00
github . com / cpuguy83 / go - md2man / v2 v2 . 0.2 / / indirect
2022-03-16 07:08:31 +03:00
github . com / davecgh / go - spew v1 . 1.1 / / indirect
github . com / dgryski / go - rendezvous v0 . 0.0 - 20200823014737 - 9 f7001d12a5f / / indirect
2022-09-02 00:13:17 +03:00
github . com / dlclark / regexp2 v1 . 7.0 / / indirect
2022-03-16 07:08:31 +03:00
github . com / dsnet / compress v0 . 0.2 - 0.20210315054119 - f66993602bf5 / / indirect
2022-09-02 00:13:17 +03:00
github . com / envoyproxy / go - control - plane v0 . 10.2 - 0.20220325020618 - 49 ff273808a1 / / indirect
2022-03-16 07:08:31 +03:00
github . com / envoyproxy / protoc - gen - validate v0 . 6.2 / / indirect
2022-09-02 00:13:17 +03:00
github . com / felixge / httpsnoop v1 . 0.3 / / indirect
2022-03-16 07:08:31 +03:00
github . com / form3tech - oss / jwt - go v3 . 2.3 + incompatible / / indirect
github . com / fullstorydev / grpcurl v1 . 8.1 / / indirect
github . com / fxamacker / cbor / v2 v2 . 4.0 / / indirect
2022-10-01 16:49:30 +03:00
github . com / go - ap / errors v0 . 0.0 - 20220917143055 - 4283 ea5dae18 / / indirect
2022-05-10 13:32:42 +03:00
github . com / go - asn1 - ber / asn1 - ber v1 . 5.4 / / indirect
2022-03-16 07:08:31 +03:00
github . com / go - enry / go - oniguruma v1 . 2.1 / / indirect
github . com / go - git / gcfg v1 . 5.0 / / indirect
2022-09-02 00:13:17 +03:00
github . com / go - openapi / analysis v0 . 21.4 / / indirect
github . com / go - openapi / errors v0 . 20.3 / / indirect
2022-03-16 07:08:31 +03:00
github . com / go - openapi / inflect v0 . 19.0 / / indirect
github . com / go - openapi / jsonpointer v0 . 19.5 / / indirect
2022-09-02 00:13:17 +03:00
github . com / go - openapi / jsonreference v0 . 20.0 / / indirect
github . com / go - openapi / loads v0 . 21.2 / / indirect
github . com / go - openapi / runtime v0 . 24.1 / / indirect
github . com / go - openapi / spec v0 . 20.7 / / indirect
github . com / go - openapi / strfmt v0 . 21.3 / / indirect
github . com / go - openapi / swag v0 . 22.3 / / indirect
github . com / go - openapi / validate v0 . 22.0 / / indirect
github . com / goccy / go - json v0 . 9.11 / / indirect
2022-03-16 07:08:31 +03:00
github . com / gogo / protobuf v1 . 3.2 / / indirect
github . com / golang - sql / civil v0 . 0.0 - 20220223132316 - b832511892a9 / / indirect
2022-09-02 00:13:17 +03:00
github . com / golang - sql / sqlexp v0 . 1.0 / / indirect
2022-10-01 16:49:30 +03:00
github . com / golang / geo v0 . 0.0 - 20210211234256 - 740 aa86cb551 / / indirect
2022-03-16 07:08:31 +03:00
github . com / golang / groupcache v0 . 0.0 - 20210331224755 - 41 bb18bfe9da / / indirect
github . com / golang / mock v1 . 6.0 / / indirect
github . com / golang / protobuf v1 . 5.2 / / indirect
github . com / golang / snappy v0 . 0.4 / / indirect
github . com / google / btree v1 . 0.1 / / indirect
github . com / google / certificate - transparency - go v1 . 1.2 - 0.20210511102531 - 373 a877eec92 / / indirect
github . com / google / go - querystring v1 . 1.0 / / indirect
github . com / gorilla / css v1 . 0.0 / / indirect
github . com / gorilla / handlers v1 . 5.1 / / indirect
github . com / gorilla / mux v1 . 8.0 / / indirect
github . com / gorilla / securecookie v1 . 1.1 / / indirect
github . com / gorilla / websocket v1 . 4.2 / / indirect
github . com / grpc - ecosystem / go - grpc - middleware v1 . 3.0 / / indirect
github . com / grpc - ecosystem / go - grpc - prometheus v1 . 2.0 / / indirect
github . com / grpc - ecosystem / grpc - gateway v1 . 16.0 / / indirect
github . com / hashicorp / go - cleanhttp v0 . 5.2 / / indirect
2022-05-10 13:32:42 +03:00
github . com / hashicorp / go - retryablehttp v0 . 7.1 / / indirect
2022-03-16 07:08:31 +03:00
github . com / hashicorp / hcl v1 . 0.0 / / indirect
2022-09-02 00:13:17 +03:00
github . com / imdario / mergo v0 . 3.13 / / indirect
2022-03-16 07:08:31 +03:00
github . com / inconshreveable / mousetrap v1 . 0.0 / / indirect
github . com / jbenet / go - context v0 . 0.0 - 20150711004518 - d14ea06fba99 / / indirect
github . com / jessevdk / go - flags v1 . 5.0 / / indirect
github . com / jhump / protoreflect v1 . 8.2 / / indirect
github . com / jonboulle / clockwork v0 . 2.2 / / indirect
github . com / josharian / intern v1 . 0.0 / / indirect
2022-04-01 01:05:57 +03:00
github . com / kevinburke / ssh_config v1 . 2.0 / / indirect
2022-03-16 07:08:31 +03:00
github . com / klauspost / pgzip v1 . 2.5 / / indirect
github . com / kr / pretty v0 . 3.0 / / indirect
github . com / kr / text v0 . 2.0 / / indirect
github . com / libdns / libdns v0 . 2.1 / / indirect
2022-09-02 00:13:17 +03:00
github . com / magiconair / properties v1 . 8.6 / / indirect
2022-03-16 07:08:31 +03:00
github . com / mailru / easyjson v0 . 7.7 / / indirect
github . com / markbates / going v1 . 0.0 / / indirect
2022-10-01 16:49:30 +03:00
github . com / mattn / go - runewidth v0 . 0.14 / / indirect
2022-03-16 07:08:31 +03:00
github . com / matttproud / golang_protobuf_extensions v1 . 0.1 / / indirect
2022-09-02 00:13:17 +03:00
github . com / mholt / acmez v1 . 0.4 / / indirect
github . com / miekg / dns v1 . 1.50 / / indirect
2022-03-16 07:08:31 +03:00
github . com / minio / md5 - simd v1 . 1.2 / / indirect
github . com / minio / sha256 - simd v1 . 0.0 / / indirect
2022-09-02 00:13:17 +03:00
github . com / mitchellh / copystructure v1 . 2.0 / / indirect
github . com / mitchellh / mapstructure v1 . 5.0 / / indirect
github . com / mitchellh / reflectwalk v1 . 0.2 / / indirect
2022-03-16 07:08:31 +03:00
github . com / modern - go / concurrent v0 . 0.0 - 20180306012644 - bacd9c7ef1dd / / indirect
github . com / modern - go / reflect2 v1 . 0.2 / / indirect
github . com / mrjones / oauth v0 . 0.0 - 20190623134757 - 126 b35219450 / / indirect
github . com / mschoch / smat v0 . 2.0 / / indirect
github . com / nwaples / rardecode v1 . 1.3 / / indirect
github . com / oklog / ulid v1 . 3.1 / / indirect
github . com / olekukonko / tablewriter v0 . 0.5 / / indirect
2022-09-02 00:13:17 +03:00
github . com / pelletier / go - toml v1 . 9.5 / / indirect
github . com / pelletier / go - toml / v2 v2 . 0.1 / / indirect
2022-10-01 16:49:30 +03:00
github . com / pierrec / lz4 / v4 v4 . 1.17 / / indirect
2022-03-16 07:08:31 +03:00
github . com / pmezard / go - difflib v1 . 0.0 / / indirect
github . com / prometheus / client_model v0 . 2.0 / / indirect
2022-09-02 00:13:17 +03:00
github . com / prometheus / common v0 . 37.0 / / indirect
github . com / prometheus / procfs v0 . 8.0 / / indirect
2022-10-01 16:49:30 +03:00
github . com / rivo / uniseg v0 . 4.2 / / indirect
2022-09-02 00:13:17 +03:00
github . com / rogpeppe / go - internal v1 . 9.0 / / indirect
2022-05-10 13:32:42 +03:00
github . com / rs / xid v1 . 4.0 / / indirect
2022-03-16 07:08:31 +03:00
github . com / russross / blackfriday / v2 v2 . 1.0 / / indirect
2022-09-02 00:13:17 +03:00
github . com / shopspring / decimal v1 . 2.0 / / indirect
2022-03-16 07:08:31 +03:00
github . com / shurcooL / httpfs v0 . 0.0 - 20190707220628 - 8 d4bc4ba7749 / / indirect
2022-09-02 00:13:17 +03:00
github . com / sirupsen / logrus v1 . 9.0 / / indirect
2022-03-16 07:08:31 +03:00
github . com / soheilhy / cmux v0 . 1.5 / / indirect
2022-09-02 00:13:17 +03:00
github . com / spf13 / afero v1 . 8.2 / / indirect
github . com / spf13 / cast v1 . 5.0 / / indirect
github . com / spf13 / cobra v1 . 5.0 / / indirect
2022-03-16 07:08:31 +03:00
github . com / spf13 / jwalterweatherman v1 . 1.0 / / indirect
github . com / spf13 / pflag v1 . 0.5 / / indirect
2022-09-02 00:13:17 +03:00
github . com / spf13 / viper v1 . 12.0 / / indirect
2022-03-16 07:08:31 +03:00
github . com / ssor / bom v0 . 0.0 - 20170718123548 - 6386211 fdfcf / / indirect
2022-09-02 00:13:17 +03:00
github . com / subosito / gotenv v1 . 3.0 / / indirect
2022-03-16 07:08:31 +03:00
github . com / tmc / grpc - websocket - proxy v0 . 0.0 - 20201229170055 - e5319fda7802 / / indirect
github . com / toqueteos / webbrowser v1 . 2.0 / / indirect
github . com / ulikunitz / xz v0 . 5.10 / / indirect
2022-04-01 19:34:57 +03:00
github . com / unknwon / com v1 . 0.1 / / indirect
User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
* activitypub: implement /api/v1/activitypub/user/{username} (#14186)
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: add the public key to Person (#14186)
Refs: https://github.com/go-gitea/gitea/issues/14186
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: go-fed conformant Clock instance
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: signing http client
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: implement the ReqSignature middleware
Signed-off-by: Loïc Dachary <loic@dachary.org>
* activitypub: hack_16834
Signed-off-by: Loïc Dachary <loic@dachary.org>
* Fix CI checks-backend errors with go mod tidy
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Change 2021 to 2022, properly format package imports
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt and make generate-swagger
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use Gitea JSON library, add assert for pkp
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Run make fmt again, fix err var redeclaration
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Remove LogSQL from ActivityPub person test
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Assert if json.Unmarshal succeeds
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Cleanup, handle invalid usernames for ActivityPub person GET request
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Rename hack_16834 to user_settings
Signed-off-by: Anthony Wang <ta180m@pm.me>
* Use the httplib module instead of http for GET requests
* Clean up whitespace with make fmt
* Use time.RFC1123 and make the http.Client proxy-aware
* Check if digest algo is supported in setting module
* Clean up some variable declarations
* Remove unneeded copy
* Use system timezone instead of setting.DefaultUILocation
* Use named constant for httpsigExpirationTime
* Make pubKey IRI #main-key instead of /#main-key
* Move /#main-key to #main-key in tests
* Implemented Webfinger endpoint.
* Add visible check.
* Add user profile as alias.
* Add actor IRI and remote interaction URL to WebFinger response
* fmt
* Fix lint errors
* Use go-ap instead of go-fed
* Run go mod tidy to fix missing modules in go.mod and go.sum
* make fmt
* Convert remaining code to go-ap
* Clean up go.sum
* Fix JSON unmarshall error
* Fix CI errors by adding @context to Person() and making sure types match
* Correctly decode JSON in api_activitypub_person_test.go
* Force CI rerun
* Fix TestActivityPubPersonInbox segfault
* Fix lint error
* Use @mariusor's suggestions for idiomatic go-ap usage
* Correctly add inbox/outbox IRIs to person
* Code cleanup
* Remove another LogSQL from ActivityPub person test
* Move httpsig algos slice to an init() function
* Add actor IRI and remote interaction URL to WebFinger response
* Update TestWebFinger to check for ActivityPub IRI in aliases
* make fmt
* Force CI rerun
* WebFinger: Add CORS header and fix Href -> Template for remote interactions
The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues
* make lint-backend
* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon
Setting the correct Content-Type is essential for federating with Mastodon
* Use UTC instead of GMT
* Rename pkey to pubKey
* Make sure HTTP request Date in GMT
* make fmt
* dont drop err
* Make sure API responses always refer to username in original case
Copied from what I wrote on #19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.
* Move httpsig algs constant slice to modules/setting/federation.go
* Add new federation settings to app.example.ini and config-cheat-sheet
* Return if marshalling error
* Make sure Person IRIs are generated correctly
This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.
* If httpsig verification fails, fix Host header and try again
This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.
* Revert "If httpsig verification fails, fix Host header and try again"
This reverts commit f53e46c721a037c55facb9200106a6b491bf834c.
The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.
* Go back to using ap.IRI to generate inbox and outbox IRIs
* use const for key values
* Update routers/web/webfinger.go
* Use ctx.JSON in Person response to make code cleaner
* Revert "Use ctx.JSON in Person response to make code cleaner"
This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.
This reverts commit 95aad988975be3393c76094864ed6ba962157e0c.
* Use activitypub.ActivityStreamsContentType for Person response Content Type
* Limit maximum ActivityPub request and response sizes to a configurable setting
* Move setting key constants to models/user/setting_keys.go
* Fix failing ActivityPubPerson integration test by checking the correct field for username
* Add a warning about changing settings that can break federation
* Add better comments
* Don't multiply Federation.MaxSize by 1<<20 twice
* Add more better comments
* Fix failing ActivityPubMissingPerson test
We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different
* make generate-swagger
For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦
* Move getting the RFC 2616 time to a separate function
* More code cleanup
* Update go-ap to fix empty liked collection and removed unneeded HTTP headers
* go mod tidy
* Add ed25519 to httpsig algorithms
* Use go-ap/jsonld to add @context and marshal JSON
* Change Gitea user agent from the default to Gitea/Version
* Use ctx.ServerError and remove all remote interaction code from webfinger.go
2022-06-19 08:25:12 +03:00
github . com / valyala / fastjson v1 . 6.3 / / indirect
2022-03-16 07:08:31 +03:00
github . com / x448 / float16 v0 . 8.4 / / indirect
2022-09-02 00:13:17 +03:00
github . com / xanzy / ssh - agent v0 . 3.2 / / indirect
2022-03-16 07:08:31 +03:00
github . com / xi2 / xz v0 . 0.0 - 20171230120015 - 48954 b6210f8 / / indirect
github . com / xiang90 / probing v0 . 0.0 - 20190116061207 - 43 a291ad63a2 / / indirect
go . etcd . io / bbolt v1 . 3.6 / / indirect
2022-09-02 00:13:17 +03:00
go . etcd . io / etcd / api / v3 v3 . 5.4 / / indirect
go . etcd . io / etcd / client / pkg / v3 v3 . 5.4 / / indirect
go . etcd . io / etcd / client / v2 v2 . 305.4 / / indirect
go . etcd . io / etcd / client / v3 v3 . 5.4 / / indirect
2022-03-16 07:08:31 +03:00
go . etcd . io / etcd / etcdctl / v3 v3 . 5.0 - alpha . 0 / / indirect
go . etcd . io / etcd / pkg / v3 v3 . 5.0 - alpha . 0 / / indirect
go . etcd . io / etcd / raft / v3 v3 . 5.0 - alpha . 0 / / indirect
go . etcd . io / etcd / server / v3 v3 . 5.0 - alpha . 0 / / indirect
go . etcd . io / etcd / tests / v3 v3 . 5.0 - alpha . 0 / / indirect
go . etcd . io / etcd / v3 v3 . 5.0 - alpha . 0 / / indirect
2022-09-02 00:13:17 +03:00
go . mongodb . org / mongo - driver v1 . 10.1 / / indirect
go . uber . org / atomic v1 . 10.0 / / indirect
2022-03-16 07:08:31 +03:00
go . uber . org / multierr v1 . 8.0 / / indirect
2022-09-02 00:13:17 +03:00
go . uber . org / zap v1 . 23.0 / / indirect
golang . org / x / mod v0 . 6.0 - dev . 0.20220419223038 - 86 c51ed26bb4 / / indirect
2022-10-01 16:49:30 +03:00
golang . org / x / time v0 . 0.0 - 20220922220347 - f3bd1da661af / / indirect
2022-03-16 07:08:31 +03:00
google . golang . org / appengine v1 . 6.7 / / indirect
2022-09-02 00:13:17 +03:00
google . golang . org / genproto v0 . 0.0 - 20220616135557 - 88 e70c0c3a90 / / indirect
google . golang . org / grpc v1 . 47.0 / / indirect
google . golang . org / protobuf v1 . 28.1 / / indirect
2022-03-16 07:08:31 +03:00
gopkg . in / alexcesaro / quotedprintable . v3 v3 . 0.0 - 20150716171945 - 2 caba252f4dc / / indirect
gopkg . in / cheggaaa / pb . v1 v1 . 0.28 / / indirect
gopkg . in / warnings . v0 v0 . 1.2 / / indirect
sigs . k8s . io / yaml v1 . 2.0 / / indirect
)
2021-04-23 03:08:53 +03:00
replace github . com / hashicorp / go - version = > github . com / 6543 / go - version v1 . 3.1
2021-08-03 21:32:01 +03:00
2022-01-07 05:33:17 +03:00
replace github . com / shurcooL / vfsgen = > github . com / lunny / vfsgen v0 . 0.0 - 20220105142115 - 2 c99e1ffdfa0
2022-01-14 18:03:31 +03:00
2022-01-18 14:04:24 +03:00
replace github . com / satori / go . uuid v1 . 2.0 = > github . com / gofrs / uuid v4 . 2.0 + incompatible
exclude github . com / gofrs / uuid v3 . 2.0 + incompatible
exclude github . com / gofrs / uuid v4 . 0.0 + incompatible
exclude github . com / goccy / go - json v0 . 4.11