From 673b7d0bae485015a0929ab58f595ed172485f39 Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Fri, 17 May 2024 11:42:42 -1000
Subject: [PATCH] fix(api): :bug: Automatically rewrite http to https in
 federation

---
 index.ts                               |  3 ++-
 packages/config-manager/config.type.ts |  3 +++
 server/api/users/:uuid/inbox/index.ts  | 12 +++++++++++-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/index.ts b/index.ts
index 938af1f5..c84e0049 100644
--- a/index.ts
+++ b/index.ts
@@ -118,7 +118,8 @@ app.use(agentBans);
 app.use(bait);
 app.use(logger);
 app.use(boundaryCheck);
-app.use(urlCheck);
+// Disabled as federation now checks for this
+// app.use(urlCheck);
 
 // Inject own filesystem router
 for (const [route, path] of Object.entries(routes)) {
diff --git a/packages/config-manager/config.type.ts b/packages/config-manager/config.type.ts
index ee7f1718..cef7da8e 100644
--- a/packages/config-manager/config.type.ts
+++ b/packages/config-manager/config.type.ts
@@ -435,11 +435,13 @@ export const configValidator = z.object({
                     enabled: z.boolean().default(false),
                     software: z.enum(["lysand-ap"]).or(z.string()),
                     allowed_ips: z.array(z.string().trim()).default([]),
+                    token: z.string().default(""),
                 })
                 .default({
                     enabled: false,
                     software: "lysand-ap",
                     allowed_ips: [],
+                    token: "",
                 }),
         })
         .default({
@@ -460,6 +462,7 @@ export const configValidator = z.object({
                 enabled: false,
                 software: "lysand-ap",
                 allowed_ips: [],
+                token: "",
             },
         }),
     instance: z
diff --git a/server/api/users/:uuid/inbox/index.ts b/server/api/users/:uuid/inbox/index.ts
index 68a73fe7..a1128e2b 100644
--- a/server/api/users/:uuid/inbox/index.ts
+++ b/server/api/users/:uuid/inbox/index.ts
@@ -110,12 +110,22 @@ export default (app: Hono) =>
                     sender.getUser().publicKey,
                 );
 
+                // If base_url uses https and request uses http, rewrite request to use https
+                // This fixes reverse proxy errors
+                const reqUrl = new URL(context.req.url);
+                if (
+                    new URL(config.http.base_url).protocol === "https:" &&
+                    reqUrl.protocol === "http:"
+                ) {
+                    reqUrl.protocol = "https:";
+                }
+
                 const isValid = await validator
                     .validate(
                         signature,
                         new Date(Date.parse(date)),
                         context.req.method as HttpVerb,
-                        new URL(context.req.url),
+                        reqUrl,
                         await context.req.text(),
                     )
                     .catch((e) => {