Skip to content

bovine_herd.server.authorize

add_authorization() async

Adds the retriever to g.retriever based on the HTTP Signature

Source code in bovine_herd/bovine_herd/server/authorize.py 
33
34
35
36
37
38
39
40
41
42
43
44
45
async def add_authorization():
    """Adds the retriever to g.retriever based on the HTTP Signature"""
    if request.path.startswith("/activitypub"):
        g.retriever = None
        return

    if not g.get("retriever"):
        if "authorization" in request.headers and request.headers[
            "authorization"
        ].startswith("Moo-Auth-1"):
            g.retriever = await compute_moo_auth_result()
        else:
            g.retriever = await current_app.config["validate_http_signature"](request)

add_authorization_with_cattle_grid() async

Adds authorization according to the X-Cattle-Grid-Requester header from cattle_grid.

Source code in bovine_herd/bovine_herd/server/authorize.py 
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
async def add_authorization_with_cattle_grid():
    """Adds authorization according to the `X-Cattle-Grid-Requester`
    header from [cattle_grid](https://codeberg.org/bovine/cattle_grid/).
    """
    requester = request.headers.get("x-cattle-grid-requester")

    if requester:
        if request.method.lower() == "post":
            request_digest = request.headers.get("digest")
            if not request_digest:
                return "unauthorized", 401

            digest = content_digest_sha256(await request.get_data())
            request_digest = request_digest[:4].lower() + request_digest[4:]
            if digest != request_digest:
                return "unauthorized", 401

        g.retriever = requester
    else:
        return await add_authorization()