From 5d0e3d9c354906409a514b437d70f7a9db90703a Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Sun, 2 Mar 2025 13:28:38 +0100 Subject: [PATCH] [chore] github.com/superseriousbusiness/httpsig -> codeberg.org/superseriousbusiness/httpsig (#3854) --- README.md | 2 +- docs/federation/http_signatures.md | 2 +- docs/locales/zh/federation/http_signatures.md | 2 +- docs/locales/zh/repo/README.md | 2 +- go.mod | 2 +- go.sum | 4 ++-- internal/federation/authenticate.go | 2 +- internal/federation/federatingprotocol_test.go | 2 +- internal/gtscontext/context.go | 2 +- internal/middleware/signaturecheck.go | 2 +- internal/transport/signing.go | 2 +- internal/transport/transport.go | 2 +- .../superseriousbusiness/httpsig/LICENSE | 0 .../superseriousbusiness/httpsig/README.md | 4 ++-- .../superseriousbusiness/httpsig/algorithms.go | 0 .../superseriousbusiness/httpsig/digest.go | 0 .../superseriousbusiness/httpsig/httpsig.go | 0 .../superseriousbusiness/httpsig/signing.go | 0 .../superseriousbusiness/httpsig/verifying.go | 0 vendor/modules.txt | 6 +++--- 20 files changed, 18 insertions(+), 18 deletions(-) rename vendor/{github.com => codeberg.org}/superseriousbusiness/httpsig/LICENSE (100%) rename vendor/{github.com => codeberg.org}/superseriousbusiness/httpsig/README.md (96%) rename vendor/{github.com => codeberg.org}/superseriousbusiness/httpsig/algorithms.go (100%) rename vendor/{github.com => codeberg.org}/superseriousbusiness/httpsig/digest.go (100%) rename vendor/{github.com => codeberg.org}/superseriousbusiness/httpsig/httpsig.go (100%) rename vendor/{github.com => codeberg.org}/superseriousbusiness/httpsig/signing.go (100%) rename vendor/{github.com => codeberg.org}/superseriousbusiness/httpsig/verifying.go (100%) diff --git a/README.md b/README.md index 31c67a77d..36b0b291b 100644 --- a/README.md +++ b/README.md @@ -433,7 +433,7 @@ The following open source libraries, frameworks, and tools are used by GoToSocia - superseriousbusiness: - [superseriousbusiness/activity](https://codeberg.org/superseriousbusiness/activity) forked from [go-fed/activity](https://github.com/go-fed/activity); Golang ActivityPub/ActivityStreams library. [BSD-3-Clause License](https://spdx.org/licenses/BSD-3-Clause.html). - [superseriousbusiness/exif-terminator](https://codeberg.org/superseriousbusiness/exif-terminator); EXIF data removal. [GNU AGPL v3 LICENSE](https://spdx.org/licenses/AGPL-3.0-or-later.html). - - [superseriousbusiness/httpsig](https://github.com/superseriousbusiness/httpsig) forked from [go-fed/httpsig](https://github.com/go-fed/httpsig); secure HTTP signature library. [BSD-3-Clause License](https://spdx.org/licenses/BSD-3-Clause.html). + - [superseriousbusiness/httpsig](https://codeberg.org/superseriousbusiness/httpsig) forked from [go-fed/httpsig](https://github.com/go-fed/httpsig); secure HTTP signature library. [BSD-3-Clause License](https://spdx.org/licenses/BSD-3-Clause.html). - [superseriousbusiness/oauth2](https://github.com/superseriousbusiness/oauth2) forked from [go-oauth2/oauth2](https://github.com/go-oauth2/oauth2); OAuth server framework and token handling. [MIT License](https://spdx.org/licenses/MIT.html). - [temoto/robotstxt](https://github.com/temoto/robotstxt); robots.txt parsing. [MIT License](https://spdx.org/licenses/MIT.html). - [tdewolff/minify](https://github.com/tdewolff/minify); HTML minification for Markdown-submitted posts. [MIT License](https://spdx.org/licenses/MIT.html). diff --git a/docs/federation/http_signatures.md b/docs/federation/http_signatures.md index e28e4cb14..cd7aa3c1c 100644 --- a/docs/federation/http_signatures.md +++ b/docs/federation/http_signatures.md @@ -6,7 +6,7 @@ GoToSocial will also sign all outgoing `GET` and `POST` requests that it makes t This behavior is the equivalent of Mastodon's [AUTHORIZED_FETCH / "secure mode"](https://docs.joinmastodon.org/admin/config/#authorized_fetch). -GoToSocial uses the [superseriousbusiness/httpsig](https://github.com/superseriousbusiness/httpsig) library (forked from go-fed) for signing outgoing requests, and for parsing and validating the signatures of incoming requests. This library strictly follows the [Cavage http signature RFC](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12), which is the same RFC used by other implementations like Mastodon, Pixelfed, Akkoma/Pleroma, etc. (This RFC has since been superceded by the [httpbis http signature RFC](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures), but this is not yet widely implemented.) +GoToSocial uses the [superseriousbusiness/httpsig](https://codeberg.org/superseriousbusiness/httpsig) library (forked from go-fed) for signing outgoing requests, and for parsing and validating the signatures of incoming requests. This library strictly follows the [Cavage http signature RFC](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12), which is the same RFC used by other implementations like Mastodon, Pixelfed, Akkoma/Pleroma, etc. (This RFC has since been superceded by the [httpbis http signature RFC](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures), but this is not yet widely implemented.) ## Query Parameters diff --git a/docs/locales/zh/federation/http_signatures.md b/docs/locales/zh/federation/http_signatures.md index b4f2a17e9..a3cac6cbc 100644 --- a/docs/locales/zh/federation/http_signatures.md +++ b/docs/locales/zh/federation/http_signatures.md @@ -6,7 +6,7 @@ GoToSocial 也会为其向其他服务器发送的所有 `GET` 和 `POST` 请求 这种行为与 Mastodon 的 [AUTHORIZED_FETCH / "安全模式"](https://docs.joinmastodon.org/admin/config/#authorized_fetch) 等效。 -GoToSocial 使用 [superseriousbusiness/httpsig](https://github.com/superseriousbusiness/httpsig) 库(从 go-fed 派生)来为发出的请求签名,并解析和验证传入请求的签名。该库严格遵循 [Cavage HTTP Signature RFC](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12),这是其他实现(如 Mastodon、Pixelfed、Akkoma/Pleroma 等)使用的同一份 RFC。(此 RFC 后来被 [httpbis HTTP Signature RFC](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures) 取代,但尚未广泛实施。) +GoToSocial 使用 [superseriousbusiness/httpsig](https://codeberg.org/superseriousbusiness/httpsig) 库(从 go-fed 派生)来为发出的请求签名,并解析和验证传入请求的签名。该库严格遵循 [Cavage HTTP Signature RFC](https://datatracker.ietf.org/doc/html/draft-cavage-http-signatures-12),这是其他实现(如 Mastodon、Pixelfed、Akkoma/Pleroma 等)使用的同一份 RFC。(此 RFC 后来被 [httpbis HTTP Signature RFC](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures) 取代,但尚未广泛实施。) ## 查询参数 diff --git a/docs/locales/zh/repo/README.md b/docs/locales/zh/repo/README.md index d35b0cef2..9cad3df51 100644 --- a/docs/locales/zh/repo/README.md +++ b/docs/locales/zh/repo/README.md @@ -419,7 +419,7 @@ GoToSocial 使用以下开源库、框架和工具,在此声明并致谢 💕 - superseriousbusiness: - [superseriousbusiness/activity](https://codeberg.org/superseriousbusiness/activity) 从 [go-fed/activity](https://github.com/go-fed/activity) 派生; Golang ActivityPub/ActivityStreams 库。 [BSD-3-Clause 许可证](https://spdx.org/licenses/BSD-3-Clause.html)。 - [superseriousbusiness/exif-terminator](https://codeberg.org/superseriousbusiness/exif-terminator); EXIF 数据擦除。 [GNU AGPL v3 许可证](https://spdx.org/licenses/AGPL-3.0-or-later.html)。 - - [superseriousbusiness/httpsig](https://github.com/superseriousbusiness/httpsig) 从 [go-fed/httpsig](https://github.com/go-fed/httpsig) 派生; 安全 HTTP 签名库。 [BSD-3-Clause 许可证](https://spdx.org/licenses/BSD-3-Clause.html)。 + - [superseriousbusiness/httpsig](https://codeberg.org/superseriousbusiness/httpsig) 从 [go-fed/httpsig](https://github.com/go-fed/httpsig) 派生; 安全 HTTP 签名库。 [BSD-3-Clause 许可证](https://spdx.org/licenses/BSD-3-Clause.html)。 - [superseriousbusiness/oauth2](https://github.com/superseriousbusiness/oauth2) 从 [go-oauth2/oauth2](https://github.com/go-oauth2/oauth2) 派生; OAuth 服务器框架和令牌处理。 [MIT 许可证](https://spdx.org/licenses/MIT.html)。 - [tdewolff/minify](https://github.com/tdewolff/minify); Markdown 帖文的 HTML 压缩。 [MIT 许可证](https://spdx.org/licenses/MIT.html)。 - [uber-go/automaxprocs](https://github.com/uber-go/automaxprocs); GOMAXPROCS 自动化。 [MIT 许可证](https://spdx.org/licenses/MIT.html)。 diff --git a/go.mod b/go.mod index f7df4a23f..2a4faac53 100644 --- a/go.mod +++ b/go.mod @@ -30,6 +30,7 @@ require ( codeberg.org/gruf/go-structr v0.8.11 codeberg.org/superseriousbusiness/activity v1.12.0-gts codeberg.org/superseriousbusiness/exif-terminator v0.9.1 + codeberg.org/superseriousbusiness/httpsig v1.3.0-SSB github.com/DmitriyVTitov/size v1.5.0 github.com/KimMachineGun/automemlimit v0.7.1 github.com/SherClockHolmes/webpush-go v1.4.0 @@ -58,7 +59,6 @@ require ( github.com/spf13/cobra v1.9.1 github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.10.0 - github.com/superseriousbusiness/httpsig v1.2.0-SSB github.com/superseriousbusiness/oauth2/v4 v4.3.2-SSB.0.20230227143000-f4900831d6c8 github.com/tdewolff/minify/v2 v2.21.3 github.com/technologize/otel-go-contrib v1.1.1 diff --git a/go.sum b/go.sum index 0af09aaad..18ab295b8 100644 --- a/go.sum +++ b/go.sum @@ -76,6 +76,8 @@ codeberg.org/superseriousbusiness/activity v1.12.0-gts h1:frNGTENLmOIQHKfOw/jj3U codeberg.org/superseriousbusiness/activity v1.12.0-gts/go.mod h1:enxU1Lva4OcK6b/NBXscoHSEgEMsKJvdHrQFifQxp4o= codeberg.org/superseriousbusiness/exif-terminator v0.9.1 h1:8Pss29AVuvljHAYLnZUyoqJp/8IN1cD3Jz30bJbxme8= codeberg.org/superseriousbusiness/exif-terminator v0.9.1/go.mod h1:gCWKduudUWFzsnixoMzu0FYVdxHWG+AbXnZ50DqxsUE= +codeberg.org/superseriousbusiness/httpsig v1.3.0-SSB h1:0a2fQSgMZA3/k+zjb2Ot+kwzpWFHOVEGQR2t49NhglA= +codeberg.org/superseriousbusiness/httpsig v1.3.0-SSB/go.mod h1:mkfkHGdE2SCbNBHySjJZSDr3LHtwZb1Yjgc6GYPwAQM= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= @@ -528,8 +530,6 @@ github.com/superseriousbusiness/go-png-image-structure/v2 v2.0.1-SSB h1:8psprYSK github.com/superseriousbusiness/go-png-image-structure/v2 v2.0.1-SSB/go.mod h1:ymKGfy9kg4dIdraeZRAdobMS/flzLk3VcRPLpEWOAXg= github.com/superseriousbusiness/go-swagger v0.31.0-gts-go1.23-fix h1:CXcjArOyxBPFgsNAu4As+RK9BwOUEG1LL7ja4g7iax0= github.com/superseriousbusiness/go-swagger v0.31.0-gts-go1.23-fix/go.mod h1:WSigRRWEig8zV6t6Sm8Y+EmUjlzA/HoaZJ5edupq7po= -github.com/superseriousbusiness/httpsig v1.2.0-SSB h1:BinBGKbf2LSuVT5+MuH0XynHN9f0XVshx2CTDtkaWj0= -github.com/superseriousbusiness/httpsig v1.2.0-SSB/go.mod h1:+rxfATjFaDoDIVaJOTSP0gj6UrbicaYPEptvCLC9F28= github.com/superseriousbusiness/oauth2/v4 v4.3.2-SSB.0.20230227143000-f4900831d6c8 h1:nTIhuP157oOFcscuoK1kCme1xTeGIzztSw70lX9NrDQ= github.com/superseriousbusiness/oauth2/v4 v4.3.2-SSB.0.20230227143000-f4900831d6c8/go.mod h1:uYC/W92oVRJ49Vh1GcvTqpeFqHi+Ovrl2sMllQWRAEo= github.com/tdewolff/minify/v2 v2.21.3 h1:KmhKNGrN/dGcvb2WDdB5yA49bo37s+hcD8RiF+lioV8= diff --git a/internal/federation/authenticate.go b/internal/federation/authenticate.go index b24519ebc..7d84774fd 100644 --- a/internal/federation/authenticate.go +++ b/internal/federation/authenticate.go @@ -31,6 +31,7 @@ import ( "codeberg.org/gruf/go-kv" "codeberg.org/superseriousbusiness/activity/streams" typepublickey "codeberg.org/superseriousbusiness/activity/streams/impl/w3idsecurityv1/type_publickey" + "codeberg.org/superseriousbusiness/httpsig" "github.com/superseriousbusiness/gotosocial/internal/ap" "github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/db" @@ -38,7 +39,6 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/log" - "github.com/superseriousbusiness/httpsig" ) var ( diff --git a/internal/federation/federatingprotocol_test.go b/internal/federation/federatingprotocol_test.go index 085d6c474..7307ec6cc 100644 --- a/internal/federation/federatingprotocol_test.go +++ b/internal/federation/federatingprotocol_test.go @@ -28,13 +28,13 @@ import ( "testing" errorsv2 "codeberg.org/gruf/go-errors/v2" + "codeberg.org/superseriousbusiness/httpsig" "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/ap" "github.com/superseriousbusiness/gotosocial/internal/gtscontext" "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/testrig" - "github.com/superseriousbusiness/httpsig" ) type FederatingProtocolTestSuite struct { diff --git a/internal/gtscontext/context.go b/internal/gtscontext/context.go index 80ccb6330..b0dd4788c 100644 --- a/internal/gtscontext/context.go +++ b/internal/gtscontext/context.go @@ -22,8 +22,8 @@ import ( "net/http" "net/url" + "codeberg.org/superseriousbusiness/httpsig" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" - "github.com/superseriousbusiness/httpsig" ) // package private context key type. diff --git a/internal/middleware/signaturecheck.go b/internal/middleware/signaturecheck.go index ea63ec4f0..3e1bfef33 100644 --- a/internal/middleware/signaturecheck.go +++ b/internal/middleware/signaturecheck.go @@ -25,8 +25,8 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/gtscontext" "github.com/superseriousbusiness/gotosocial/internal/log" + "codeberg.org/superseriousbusiness/httpsig" "github.com/gin-gonic/gin" - "github.com/superseriousbusiness/httpsig" ) const ( diff --git a/internal/transport/signing.go b/internal/transport/signing.go index da3b6dc46..6fe29a853 100644 --- a/internal/transport/signing.go +++ b/internal/transport/signing.go @@ -18,7 +18,7 @@ package transport import ( - "github.com/superseriousbusiness/httpsig" + "codeberg.org/superseriousbusiness/httpsig" ) var ( diff --git a/internal/transport/transport.go b/internal/transport/transport.go index eb8f0cace..7d605f035 100644 --- a/internal/transport/transport.go +++ b/internal/transport/transport.go @@ -27,11 +27,11 @@ import ( "sync" "time" + "codeberg.org/superseriousbusiness/httpsig" "github.com/superseriousbusiness/gotosocial/internal/gtscontext" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/httpclient" "github.com/superseriousbusiness/gotosocial/internal/transport/delivery" - "github.com/superseriousbusiness/httpsig" ) // Transport implements the pub.Transport interface with some additional functionality for fetching remote media. diff --git a/vendor/github.com/superseriousbusiness/httpsig/LICENSE b/vendor/codeberg.org/superseriousbusiness/httpsig/LICENSE similarity index 100% rename from vendor/github.com/superseriousbusiness/httpsig/LICENSE rename to vendor/codeberg.org/superseriousbusiness/httpsig/LICENSE diff --git a/vendor/github.com/superseriousbusiness/httpsig/README.md b/vendor/codeberg.org/superseriousbusiness/httpsig/README.md similarity index 96% rename from vendor/github.com/superseriousbusiness/httpsig/README.md rename to vendor/codeberg.org/superseriousbusiness/httpsig/README.md index 8e45e8d38..2108ed06c 100644 --- a/vendor/github.com/superseriousbusiness/httpsig/README.md +++ b/vendor/codeberg.org/superseriousbusiness/httpsig/README.md @@ -4,7 +4,7 @@ > HTTP Signatures made simple -`go get github.com/superseriousbusiness/httpsig` +`go get codeberg.org/superseriousbusiness/httpsig` Implementation of [HTTP Signatures](https://tools.ietf.org/html/draft-cavage-http-signatures). @@ -21,7 +21,7 @@ signing of hash schemes. Its goals are: ## How to use -`import "github.com/superseriousbusiness/httpsig"` +`import "codeberg.org/superseriousbusiness/httpsig"` ### Signing diff --git a/vendor/github.com/superseriousbusiness/httpsig/algorithms.go b/vendor/codeberg.org/superseriousbusiness/httpsig/algorithms.go similarity index 100% rename from vendor/github.com/superseriousbusiness/httpsig/algorithms.go rename to vendor/codeberg.org/superseriousbusiness/httpsig/algorithms.go diff --git a/vendor/github.com/superseriousbusiness/httpsig/digest.go b/vendor/codeberg.org/superseriousbusiness/httpsig/digest.go similarity index 100% rename from vendor/github.com/superseriousbusiness/httpsig/digest.go rename to vendor/codeberg.org/superseriousbusiness/httpsig/digest.go diff --git a/vendor/github.com/superseriousbusiness/httpsig/httpsig.go b/vendor/codeberg.org/superseriousbusiness/httpsig/httpsig.go similarity index 100% rename from vendor/github.com/superseriousbusiness/httpsig/httpsig.go rename to vendor/codeberg.org/superseriousbusiness/httpsig/httpsig.go diff --git a/vendor/github.com/superseriousbusiness/httpsig/signing.go b/vendor/codeberg.org/superseriousbusiness/httpsig/signing.go similarity index 100% rename from vendor/github.com/superseriousbusiness/httpsig/signing.go rename to vendor/codeberg.org/superseriousbusiness/httpsig/signing.go diff --git a/vendor/github.com/superseriousbusiness/httpsig/verifying.go b/vendor/codeberg.org/superseriousbusiness/httpsig/verifying.go similarity index 100% rename from vendor/github.com/superseriousbusiness/httpsig/verifying.go rename to vendor/codeberg.org/superseriousbusiness/httpsig/verifying.go diff --git a/vendor/modules.txt b/vendor/modules.txt index fd573e16e..47b49c650 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -248,6 +248,9 @@ codeberg.org/superseriousbusiness/activity/streams/vocab # codeberg.org/superseriousbusiness/exif-terminator v0.9.1 ## explicit; go 1.21 codeberg.org/superseriousbusiness/exif-terminator +# codeberg.org/superseriousbusiness/httpsig v1.3.0-SSB +## explicit; go 1.21 +codeberg.org/superseriousbusiness/httpsig # github.com/DmitriyVTitov/size v1.5.0 ## explicit; go 1.14 github.com/DmitriyVTitov/size @@ -810,9 +813,6 @@ github.com/superseriousbusiness/go-jpeg-image-structure/v2 # github.com/superseriousbusiness/go-png-image-structure/v2 v2.0.1-SSB ## explicit; go 1.12 github.com/superseriousbusiness/go-png-image-structure/v2 -# github.com/superseriousbusiness/httpsig v1.2.0-SSB -## explicit; go 1.21 -github.com/superseriousbusiness/httpsig # github.com/superseriousbusiness/oauth2/v4 v4.3.2-SSB.0.20230227143000-f4900831d6c8 ## explicit; go 1.13 github.com/superseriousbusiness/oauth2/v4