try…

qwerty287 · Mar 24, 2024 · 2a55f9f · 2a55f9f
1 parent 268df3d
commit 2a55f9f
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 0 deletions.
diff --git a/docs/docs/91-migrations.md b/docs/docs/91-migrations.md
@@ -11,6 +11,7 @@ Some versions need some changes to the server configuration or the pipeline conf
 - Deprecated uppercasing all secret env vars, instead, the value of the `secrets` property is used. [Read more](./20-usage/40-secrets.md#use-secrets-in-commands)
 - Deprecated alternative names for secrets, use `environment` with `from_secret`
 - Deprecated slice definition for env vars
+- Deprecated `draft-cavage-http-signatures-12` for external config services in favor of RFC9421
 
 ## 2.0.0
 

diff --git a/go.mod b/go.mod
@@ -24,6 +24,7 @@ require (
 	github.com/franela/goblin v0.0.0-20211003143422-0a4f594942bf
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/gin-gonic/gin v1.9.1
+	github.com/go-ap/httpsig v0.0.0-20221203064646-3647b4d88fdf
 	github.com/go-sql-driver/mysql v1.8.0
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/go-github/v60 v60.0.0

diff --git a/go.sum b/go.sum
@@ -126,6 +126,8 @@ github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
+github.com/go-ap/httpsig v0.0.0-20221203064646-3647b4d88fdf h1:Ab5yBsD/dXhFmgf2hX7T/YYr+VK0Df7SrIxyNztT9YE=
+github.com/go-ap/httpsig v0.0.0-20221203064646-3647b4d88fdf/go.mod h1:+4SUDMvPlRMUPW5PlMTbxj3U5a4fWasBIbakUw7Kp6c=
 github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI=
 github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=

diff --git a/server/services/utils/http.go b/server/services/utils/http.go
@@ -24,6 +24,7 @@ import (
 	"net/http"
 	"net/url"
 
+	"github.com/go-ap/httpsig"
 	"github.com/yaronf/httpsign"
 )
 
@@ -59,6 +60,11 @@ func Send(ctx context.Context, method, path string, privateKey ed25519.PrivateKe
 		return 0, err
 	}
 
+	err = signRequest(privateKey, req)
+	if err != nil {
+		return 0, err
+	}
+
 	resp, err := client.Do(req)
 	if err != nil {
 		return 0, err
@@ -90,3 +96,12 @@ func signClient(privateKey ed25519.PrivateKey) (*httpsign.Client, error) {
 	}
 	return httpsign.NewDefaultClient(httpsign.NewClientConfig().SetSignatureName(pubKeyID).SetSigner(signer)), nil // sign requests, don't verify responses
 }
+
+// TODO remove in 3.x
+func signRequest(privateKey ed25519.PrivateKey, req *http.Request) error {
+	pubKeyID := "woodpecker-ci-plugins"
+
+	signer := httpsig.NewEd25519Signer(pubKeyID, privateKey, nil)
+
+	return signer.Sign(req)
+}