Federation issues between Pleroma and PeerTube #1

New Issue

kuschelyagi · 2018-11-20T02:47:41Z

kuschelyagi commented

2018-11-20 02:47:41 +00:00

I can't follow my PeerTube account (on videos.monarch-pass.net) from my Pleroma account (on social.monarch-pass.net).

The initial issue seems to be that the signatures coming from Pleroma aren't accepted by PeerTube. Pleroma creates the signature here using the host, content-length, digest headers:

  Pleroma.Web.HTTPSignatures.sign(actor, %{
    host: host,
    "content-length": byte_size(json),
    digest: digest
  })

However, the http-signature library used by PeerTube is expecting the date header, and fails if that signature is present.

[video.monarch-pass.net:443] 2018-11-19 10:01:22.743 error: Error in ActivityPub signature checker. {
  "meta": {
    "stack": "MissingHeaderError: date was not a signed header\n    at /app/node_modules/http-signature/lib/parser.js:301:15\n    at Array.forEach (<anonymous>)\n    at Object.parseRequest (/app/node_modules/http-signature/lib/parser.js:297:21)\n    at Object.parseHTTPSignature (/app/dist/server/helpers/peertube-crypto.js:41:26)\n    at /app/dist/server/middlewares/activitypub.js:61:42\n    at Generator.next (<anonymous>)\n    at /app/dist/server/middlewares/activitypub.js:7:71\n    at new Promise (<anonymous>)\n    at __awaiter (/app/dist/server/middlewares/activitypub.js:3:12)\n    at checkHttpSignature (/app/dist/server/middlewares/activitypub.js:57:12)\n    at /app/dist/server/middlewares/activitypub.js:20:48\n    at Generator.next (<anonymous>)\n    at /app/dist/server/middlewares/activitypub.js:7:71\n    at new Promise (<anonymous>)\n    at __awaiter (/app/dist/server/middlewares/activitypub.js:3:12)\n    at checkSignature (/app/dist/server/middlewares/activitypub.js:18:12)\n    at /app/dist/server/middlewares/async.js:13:32\n    at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)\n    at next (/app/node_modules/express/lib/router/route.js:137:13)\n    at signatureValidator (/app/dist/server/middlewares/validators/activitypub/signature.js:25:16)\n    at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)\n    at next (/app/node_modules/express/lib/router/route.js:137:13)\n    at runner.then.errors (/app/node_modules/express-validator/check/check.js:16:7)\n    at <anonymous>\n    at process._tickCallback (internal/process/next_tick.js:189:7)",
    "message": "date was not a signed header",
    "name": "MissingHeaderError"
  }
}

Hacking PeerTube to look for the host header causes this error to go away, but now a "warning" comes up that says Incorrect activity parameters

[video.monarch-pass.net:443] 2018-11-20 02:32:56.868 warn: Incorrect activity parameters. {
  "meta": {
    "activity": {
      "@context": "https://www.w3.org/ns/activitystreams",
      "actor": "https://social.monarch-pass.net/users/malacoda",
      "cc": [
        "https://www.w3.org/ns/activitystreams#Public"
      ],
      "context": "https://social.monarch-pass.net/contexts/290088d9-0637-473e-a5b1-e6f63c73d3b6",
      "context_id": 159011,
      "id": "https://social.monarch-pass.net/activities/0f4f2b7e-c550-4baf-bb27-e72325084745",
      "object": "https://video.monarch-pass.net/accounts/malacoda",
      "published": "2018-11-20T02:32:56.402983Z",
      "to": [
        "https://video.monarch-pass.net/accounts/malacoda"
      ],
      "type": "Follow"
    }
  }
}

The result is still the same, I don't see a subscriber on the PeerTube side and I don't see any updates on the Pleroma side.

Probably also need to verify that Pleroma still federates with other Pleroma/Mastodon instances, although I think OStatus is used here.

I can't follow my PeerTube account (on videos.monarch-pass.net) from my Pleroma account (on social.monarch-pass.net). The initial issue seems to be that the signatures coming from Pleroma aren't accepted by PeerTube. Pleroma creates the signature [here](https://git.pleroma.social/pleroma/pleroma/blob/develop/lib/pleroma/web/activity_pub/activity_pub.ex#L707) using the `host`, `content-length`, `digest` headers: Pleroma.Web.HTTPSignatures.sign(actor, %{ host: host, "content-length": byte_size(json), digest: digest }) However, the `http-signature` library used by PeerTube is expecting the `date` header, and fails if that signature is present. [video.monarch-pass.net:443] 2018-11-19 10:01:22.743 error: Error in ActivityPub signature checker. { "meta": { "stack": "MissingHeaderError: date was not a signed header\n at /app/node_modules/http-signature/lib/parser.js:301:15\n at Array.forEach (<anonymous>)\n at Object.parseRequest (/app/node_modules/http-signature/lib/parser.js:297:21)\n at Object.parseHTTPSignature (/app/dist/server/helpers/peertube-crypto.js:41:26)\n at /app/dist/server/middlewares/activitypub.js:61:42\n at Generator.next (<anonymous>)\n at /app/dist/server/middlewares/activitypub.js:7:71\n at new Promise (<anonymous>)\n at __awaiter (/app/dist/server/middlewares/activitypub.js:3:12)\n at checkHttpSignature (/app/dist/server/middlewares/activitypub.js:57:12)\n at /app/dist/server/middlewares/activitypub.js:20:48\n at Generator.next (<anonymous>)\n at /app/dist/server/middlewares/activitypub.js:7:71\n at new Promise (<anonymous>)\n at __awaiter (/app/dist/server/middlewares/activitypub.js:3:12)\n at checkSignature (/app/dist/server/middlewares/activitypub.js:18:12)\n at /app/dist/server/middlewares/async.js:13:32\n at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)\n at next (/app/node_modules/express/lib/router/route.js:137:13)\n at signatureValidator (/app/dist/server/middlewares/validators/activitypub/signature.js:25:16)\n at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)\n at next (/app/node_modules/express/lib/router/route.js:137:13)\n at runner.then.errors (/app/node_modules/express-validator/check/check.js:16:7)\n at <anonymous>\n at process._tickCallback (internal/process/next_tick.js:189:7)", "message": "date was not a signed header", "name": "MissingHeaderError" } } Hacking PeerTube to look for the `host` header causes this error to go away, but now a "warning" comes up that says `Incorrect activity parameters` [video.monarch-pass.net:443] 2018-11-20 02:32:56.868 warn: Incorrect activity parameters. { "meta": { "activity": { "@context": "https://www.w3.org/ns/activitystreams", "actor": "https://social.monarch-pass.net/users/malacoda", "cc": [ "https://www.w3.org/ns/activitystreams#Public" ], "context": "https://social.monarch-pass.net/contexts/290088d9-0637-473e-a5b1-e6f63c73d3b6", "context_id": 159011, "id": "https://social.monarch-pass.net/activities/0f4f2b7e-c550-4baf-bb27-e72325084745", "object": "https://video.monarch-pass.net/accounts/malacoda", "published": "2018-11-20T02:32:56.402983Z", "to": [ "https://video.monarch-pass.net/accounts/malacoda" ], "type": "Follow" } } } The result is still the same, I don't see a subscriber on the PeerTube side and I don't see any updates on the Pleroma side. Probably also need to verify that Pleroma still federates with other Pleroma/Mastodon instances, although I think OStatus is used here.

kuschelyagi commented

2018-11-20 02:57:43 +00:00

The same thing appeared to happen when I tried to follow Blender's PeerTube account (see https://social.monarch-pass.net/users/79). So I'm thinking at some level there's just an incompatibility there. I might have to build compatibility into this Pleroma instance and perhaps submit a patch.

kuschelyagi commented

2019-01-13 03:29:30 +00:00

Still seems to be an issue on the latest Pleroma as of this comment. Tried to subscribe to my PeerTube channel and got the same error on PeerTube

peertube_1_42941a95eb60 | [video.monarch-pass.net:443] 2019-01-13 03:25:57.856 error: Error in ActivityPub signature checker. {
peertube_1_42941a95eb60 |   "meta": {
peertube_1_42941a95eb60 |     "stack": "MissingHeaderError: date was not a signed header\n    at /app/node_modules/http-signature/lib/parser.js:301:15\n    at Array.forEach (<anonymous>)\n    at Object.parseRequest (/app/node_modules/http-signature/lib/parser.js:297:21)\n    at Object.parseHTTPSignature (/app/dist/server/helpers/peertube-crypto.js:51:26)\n    at /app/dist/server/middlewares/activitypub.js:61:42\n    at Generator.next (<anonymous>)\n    at /app/dist/server/middlewares/activitypub.js:7:71\n    at new Promise (<anonymous>)\n    at __awaiter (/app/dist/server/middlewares/activitypub.js:3:12)\n    at checkHttpSignature (/app/dist/server/middlewares/activitypub.js:57:12)\n    at /app/dist/server/middlewares/activitypub.js:20:48\n    at Generator.next (<anonymous>)\n    at /app/dist/server/middlewares/activitypub.js:7:71\n    at new Promise (<anonymous>)\n    at __awaiter (/app/dist/server/middlewares/activitypub.js:3:12)\n    at checkSignature (/app/dist/server/middlewares/activitypub.js:18:12)\n    at /app/dist/server/middlewares/async.js:13:32\n    at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)\n    at next (/app/node_modules/express/lib/router/route.js:137:13)\n    at signatureValidator (/app/dist/server/middlewares/validators/activitypub/signature.js:25:16)\n    at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)\n    at next (/app/node_modules/express/lib/router/route.js:137:13)\n    at runner.then.errors (/app/node_modules/express-validator/check/check.js:16:7)\n    at <anonymous>\n    at process._tickCallback (internal/process/next_tick.js:189:7)",
peertube_1_42941a95eb60 |     "message": "date was not a signed header",
peertube_1_42941a95eb60 |     "name": "MissingHeaderError"
peertube_1_42941a95eb60 |   }
peertube_1_42941a95eb60 | }

I'll try to build an isolated test case this weekend so I can look into this further.

Still seems to be an issue on the latest Pleroma as of this comment. Tried to subscribe to my PeerTube channel and got the same error on PeerTube peertube_1_42941a95eb60 | [video.monarch-pass.net:443] 2019-01-13 03:25:57.856 error: Error in ActivityPub signature checker. { peertube_1_42941a95eb60 | "meta": { peertube_1_42941a95eb60 | "stack": "MissingHeaderError: date was not a signed header\n at /app/node_modules/http-signature/lib/parser.js:301:15\n at Array.forEach (<anonymous>)\n at Object.parseRequest (/app/node_modules/http-signature/lib/parser.js:297:21)\n at Object.parseHTTPSignature (/app/dist/server/helpers/peertube-crypto.js:51:26)\n at /app/dist/server/middlewares/activitypub.js:61:42\n at Generator.next (<anonymous>)\n at /app/dist/server/middlewares/activitypub.js:7:71\n at new Promise (<anonymous>)\n at __awaiter (/app/dist/server/middlewares/activitypub.js:3:12)\n at checkHttpSignature (/app/dist/server/middlewares/activitypub.js:57:12)\n at /app/dist/server/middlewares/activitypub.js:20:48\n at Generator.next (<anonymous>)\n at /app/dist/server/middlewares/activitypub.js:7:71\n at new Promise (<anonymous>)\n at __awaiter (/app/dist/server/middlewares/activitypub.js:3:12)\n at checkSignature (/app/dist/server/middlewares/activitypub.js:18:12)\n at /app/dist/server/middlewares/async.js:13:32\n at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)\n at next (/app/node_modules/express/lib/router/route.js:137:13)\n at signatureValidator (/app/dist/server/middlewares/validators/activitypub/signature.js:25:16)\n at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)\n at next (/app/node_modules/express/lib/router/route.js:137:13)\n at runner.then.errors (/app/node_modules/express-validator/check/check.js:16:7)\n at <anonymous>\n at process._tickCallback (internal/process/next_tick.js:189:7)", peertube_1_42941a95eb60 | "message": "date was not a signed header", peertube_1_42941a95eb60 | "name": "MissingHeaderError" peertube_1_42941a95eb60 | } peertube_1_42941a95eb60 | } I'll try to build an isolated test case this weekend so I can look into this further.

kuschelyagi commented

2019-02-26 07:47:08 +00:00

As of now, Pleroma is signing the initial requests correctly, so the MissingHeaderError no longer occurs. I am still unable to subscribe to either the blender channel or to my channel, so I presume there is still some sort of issue on Pleroma's end.

When attempting to follow from Pleroma, the "follow" button transitions into "requesting" briefly before returning to "follow."

The request from Pleroma:

07:33:15.992 request_id=2m3dj7j4ksur61okbk0008k1 [info] POST /api/friendships/create.json
07:33:16.122 [info] Relaying https://social.monarch-pass.net/activities/595b5b78-5d1e-4d57-acc1-6c42e138246a out
07:33:16.122 [info] Sending https://social.monarch-pass.net/activities/595b5b78-5d1e-4d57-acc1-6c42e138246a out via AP
07:33:16.125 [info] Federating https://social.monarch-pass.net/activities/595b5b78-5d1e-4d57-acc1-6c42e138246a to https://video.blender.org/inbox

No indication that it received any response back from video.blender.org.

--

A similar error occurs when trying to subscribe to my channel (also on monarch-pass.net) albeit without the "Federating" message.

07:37:40.844 request_id=2m3djn0f2f3bb43mt40002s3 [info] POST /api/friendships/create.json
07:37:40.891 [info] Relaying https://social.monarch-pass.net/activities/76b1a156-0147-4ddb-9560-b14afcbfc0f5 out
07:37:40.891 [info] Sending https://social.monarch-pass.net/activities/76b1a156-0147-4ddb-9560-b14afcbfc0f5 out via AP

There is nothing in PeerTube's logs that corresponds to this request. This may indicate that Pleroma is actually failing to connect to this PeerTube instance. It is however getting requests (mainly nodeinfo-type requests) from other instances.

--

See Pleroma ticket and Peertube ticket

As of now, Pleroma is signing the initial requests correctly, so the `MissingHeaderError` no longer occurs. I am still unable to subscribe to either the blender channel or to my channel, so I presume there is still some sort of issue on Pleroma's end. When attempting to follow from Pleroma, the "follow" button transitions into "requesting" briefly before returning to "follow." The request from Pleroma: 07:33:15.992 request_id=2m3dj7j4ksur61okbk0008k1 [info] POST /api/friendships/create.json 07:33:16.122 [info] Relaying https://social.monarch-pass.net/activities/595b5b78-5d1e-4d57-acc1-6c42e138246a out 07:33:16.122 [info] Sending https://social.monarch-pass.net/activities/595b5b78-5d1e-4d57-acc1-6c42e138246a out via AP 07:33:16.125 [info] Federating https://social.monarch-pass.net/activities/595b5b78-5d1e-4d57-acc1-6c42e138246a to https://video.blender.org/inbox No indication that it received any response back from video.blender.org. -- A similar error occurs when trying to subscribe to my channel (also on monarch-pass.net) albeit without the "Federating" message. 07:37:40.844 request_id=2m3djn0f2f3bb43mt40002s3 [info] POST /api/friendships/create.json 07:37:40.891 [info] Relaying https://social.monarch-pass.net/activities/76b1a156-0147-4ddb-9560-b14afcbfc0f5 out 07:37:40.891 [info] Sending https://social.monarch-pass.net/activities/76b1a156-0147-4ddb-9560-b14afcbfc0f5 out via AP There is nothing in PeerTube's logs that corresponds to this request. This may indicate that Pleroma is actually failing to connect to this PeerTube instance. It is however getting requests (mainly nodeinfo-type requests) from other instances. -- See [Pleroma ticket](https://git.pleroma.social/pleroma/pleroma/issues/364) and [Peertube ticket](https://github.com/Chocobozzz/PeerTube/issues/1383)

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: monarch-pass/services#1