Bovine_herd + cattle_grid
cattle_grid is meant as a layer that deals with authentication of Fediverse requests. Separating this from bovine_herd has the advantage, that one can reuse this layer for different applications.
As with a blocklist, the main modification will be specifying
an authorize
function when invoking BovineHerd
.
Alternatively one can directly use add_authorization_with_cattle_grid.
app example
This means that the simplest such app would look like
from quart import Quart
from bovine_herd import BovineHerd
from bovine_herd.server.authorize import add_authorization_with_cattle_grid
app = Quart(__name__)
BovineHerd(
app,
authorization_adder=add_authorization_with_cattle_grid,
)
See the cattle_grid instructions for how to configure nginx.
The new authorize function
We assume that the x-cattle-grid-requester
header is passed to the bovine_herd
server. If this header is set, we know that the HTTP signature was valid. All
that remains to check is the digest for post requests.
Furthermore, if the header is not set, we proceed with the normal bovine_herd authorization method.
from quart import request, g
from bovine.crypto.helper import content_digest_sha256
from bovine_herd.server.authorize import add_authorization
async def authorize():
requester = request.headers.get("x-cattle-grid-requester")
if requester:
if request.method.lower() == "post":
digest = content_digest_sha256(await request.get_data())
request_digest = request.headers.get("digest")
request_digest = request_digest[:4].lower() + request_digest[4:]
if digest != request_digest:
return "unauthorized", 401
g.retriever = requester
else:
return await add_authorization()